b0f755881e52c3135c12b67ad43d226a7b2df5f15dccdf642aecbedbee14e8aa

Sharing

Copy URL Twitter E-mail

General

Target

b0f755881e52c3135c12b67ad43d226a7b2df5f15dccdf642aecbedbee14e8aa
Size

6.4MB
MD5

ed359df9d2498df354fdbbe7512a684b
SHA1

b265320a8935e54752d37bd4ae5c014fc686098e
SHA256

b0f755881e52c3135c12b67ad43d226a7b2df5f15dccdf642aecbedbee14e8aa
SHA512

b0c0891243b70ac0edc5180d6fd81474b064443677ef8564cb0d7a33b8d7ff4c1ae0cb113ecbab42526ddc032c4c0853c306c98e8b18391aff8f4ad515b9e858
SSDEEP

98304:w9hj/AfbfbDd5i+Q95qubSrg06nN/1C6la4ZeAeaR5i817I7oAuj5uoaR5n8:eV/Azl5id4w06N/1dLZnea/i81x6R5n8

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/resources/clash-verge-service.exe
unpack001/resources/install-service.exe

Files

b0f755881e52c3135c12b67ad43d226a7b2df5f15dccdf642aecbedbee14e8aa
.zip
resources/Country.mmdb
resources/clash-verge-service.exe
.exe windows:6 windows x64

47b59f58ebc44d6f8d90a28cbea0211b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FormatMessageW
CreateFileW
GetFullPathNameW
WriteConsoleW
WaitForSingleObject
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleHandleW
GetModuleFileNameW
GetConsoleMode
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
RtlLookupFunctionEntry
GetEnvironmentVariableW
GetCurrentProcessId
CompareStringOrdinal
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
GetStdHandle
GetCurrentProcess
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentDirectoryW
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
PostQueuedCompletionStatus
GetCurrentThread
GetProcAddress
GetModuleHandleA
Sleep
GetQueuedCompletionStatusEx
SetFileCompletionNotificationModes
CreateMutexA
CreateIoCompletionPort
LoadLibraryA
ReleaseMutex
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
GetFinalPathNameByHandleW
SetLastError
SwitchToThread
GetProcessHeap
HeapAlloc
SetThreadStackGuarantee
AddVectoredExceptionHandler
HeapReAlloc
GetSystemInfo
TerminateProcess
ExitProcess
GetCurrentThreadId
InitializeSListHead
RtlVirtualUnwind
IsDebuggerPresent
SetHandleInformation
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
WaitForSingleObjectEx
CloseHandle
AcquireSRWLockExclusive
GetSystemDirectoryW
HeapFree
IsProcessorFeaturePresent

ws2_32

WSACleanup
WSAStartup
shutdown
closesocket
recv
send
WSAIoctl
setsockopt
accept
getsockname
ioctlsocket
listen
bind
WSAGetLastError
WSASocketW
WSASend

advapi32

SetServiceStatus
SystemFunction036
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

ntdll

NtDeviceIoControlFile
RtlNtStatusToDosError
NtCreateFile
NtCancelIoFileEx

bcrypt

BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider

vcruntime140

__current_exception
__current_exception_context
memcpy
memcmp
memset
__CxxFrameHandler3
memmove
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
exit
_get_initial_narrow_environment
_exit
__p___argc
__p___argv
_initialize_narrow_environment
_initterm
_seh_filter_exe
_set_app_type
_initterm_e
_cexit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_register_thread_local_exe_atexit_callback
_c_exit
terminate

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 599KB - Virtual size: 599KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resources/clash.pid
resources/geoip.dat
resources/geosite.dat
resources/install-service.exe
.exe windows:6 windows x64

f4de7888b138cd01c2137acbef7c3639

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AddVectoredExceptionHandler
HeapFree
CloseHandle
FindClose
FindFirstFileW
SetThreadStackGuarantee
GetFileInformationByHandle
CreateFileW
GetModuleFileNameW
GetCurrentThread
GetEnvironmentVariableW
GetProcessHeap
AcquireSRWLockShared
RtlCaptureContext
GetCurrentDirectoryW
ExitProcess
AcquireSRWLockExclusive
GetFullPathNameW
FormatMessageW
GetModuleHandleW
RtlLookupFunctionEntry
ReleaseMutex
GetCurrentProcess
CreateMutexA
LoadLibraryA
SetLastError
WaitForSingleObjectEx
WriteConsoleW
WaitForSingleObject
GetConsoleMode
GetStdHandle
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
GetProcAddress
GetLastError
GetModuleHandleA
HeapReAlloc
GetFileInformationByHandleEx
HeapAlloc
ReleaseSRWLockShared
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent

advapi32

CloseServiceHandle
StartServiceW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CreateServiceW
ChangeServiceConfig2W

vcruntime140

__CxxFrameHandler3
memcpy
memset
memcmp
memmove
__C_specific_handler
__current_exception
__current_exception_context

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
terminate
_register_onexit_function
_initialize_onexit_table
_set_app_type
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_configure_narrow_argv
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_seh_filter_exe

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47b59f58ebc44d6f8d90a28cbea0211b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

advapi32

ntdll

bcrypt

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 599KB - Virtual size: 599KB

.rdata Size: 195KB - Virtual size: 195KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 17KB - Virtual size: 16KB

.reloc Size: 5KB - Virtual size: 5KB

f4de7888b138cd01c2137acbef7c3639

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 512B - Virtual size: 632B

.pdata Size: 4KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 852B

.text
Size: 599KB - Virtual size: 599KB

.rdata
Size: 195KB - Virtual size: 195KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 17KB - Virtual size: 16KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 632B

.pdata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 852B