6a9f59b3066f584bcc7f8957daa39bc961f5f1e66819725d82e32203f6823f4b

Sharing

Copy URL

Twitter E-mail

General

Target

6a9f59b3066f584bcc7f8957daa39bc961f5f1e66819725d82e32203f6823f4b
Size

1.4MB
MD5

deaba29ffb5a8ff4af861bb433a9f0cc
SHA1

a91ee84bdec7d8b7ddf2b7e31da86d2b0b86657d
SHA256

6a9f59b3066f584bcc7f8957daa39bc961f5f1e66819725d82e32203f6823f4b
SHA512

e9a758afb082bc1b619750c288cd90fb3d6362de838b4ac2db617c7da900f769fd1547bfcb00d912464d8e4e3c0868bc12bcd1f03167a21cf994cb74b68e2e9d
SSDEEP

24576:QhNmLuYqQjTlHrrnO6nr0cUu8LnZC+modg+XPRfcgWrvAMWoAoIjjXK/IDn2:Qh8Nri6nrTm7I+BdRXP+gcA/jj6QDn2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/11月新政财会人员薪资补贴调整新政策所需材料.exe

Files

6a9f59b3066f584bcc7f8957daa39bc961f5f1e66819725d82e32203f6823f4b
.zip
11月新政财会人员薪资补贴调整新政策所需材料.exe
.exe windows:4 windows x86

11c40f95cd23b9775957a1a77041db83

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strncpy
_isnan
sprintf
memmove
_strnicmp
strncmp
_strdup
free
strlen
strcpy
strcat
memcmp
_stricmp
atoi
memcpy
strcmp
fabs
ceil
malloc
floor
fclose
fmod
sin
cos
abs

kernel32

GetModuleHandleA
HeapCreate
CreateMutexA
GetLastError
ReleaseMutex
CloseHandle
HeapDestroy
ExitProcess
GetLogicalDriveStringsA
GetDriveTypeA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetModuleFileNameA
CreateFileA
DeviceIoControl
GetCurrentThreadId
GetCurrentProcessId
InitializeCriticalSection
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
HeapAlloc
CreateProcessA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
HeapFree
SetFilePointer
SetEndOfFile
WriteFile
GetFileSize
ReadFile
GetVersionExA
Sleep
GetTickCount
FreeLibrary
LoadLibraryA
GetProcAddress
HeapReAlloc
SetLastError
MulDiv
DeleteFileA
FindFirstFileA
FindClose
GetFileAttributesA
GetCurrentDirectoryA
TlsAlloc
TlsSetValue
GlobalAlloc
GlobalFree
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange

user32

GetSystemMetrics
mouse_event
SendMessageA
SetWindowPos
SetWindowLongA
GetWindowLongA
KillTimer
SetTimer
GetWindowRect
MonitorFromWindow
GetMonitorInfoA
DestroyIcon
CreateIconIndirect
CharLowerA
CharUpperA
MessageBoxA
GetWindowThreadProcessId
IsWindowVisible
IsWindowEnabled
GetForegroundWindow
EnableWindow
EnumWindows
SetMenu
DestroyMenu
CreatePopupMenu
AppendMenuA
GetMenuItemInfoA
SetMenuItemInfoA
GetCursorPos
SetForegroundWindow
TrackPopupMenu
DestroyWindow
ScreenToClient
RedrawWindow
GetIconInfo
InvalidateRect
UpdateWindow
ReleaseCapture
BeginPaint
DrawStateA
EndPaint
SetCapture
CallWindowProcA
CreateWindowExA
ShowWindow
GetParent
GetWindow
MapWindowPoints
MoveWindow
SetWindowTextA
GetSysColor
GetSysColorBrush
GetPropA
SetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
DefWindowProcA
GetClientRect
FillRect
DrawFrameControl
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
LoadIconA
LoadCursorA
RegisterClassA
AdjustWindowRectEx
GetActiveWindow
CreateAcceleratorTableA
GetMenu
PeekMessageA
MsgWaitForMultipleObjects
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
IsZoomed
IsIconic
SetCursorPos
LoadImageA
SetCursor
SystemParametersInfoA
GetKeyState
PostMessageA
SetFocus
GetFocus
EnumChildWindows
DefFrameProcA
IsChild
GetClassNameA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx

gdi32

GetObjectType
DeleteObject
GetStockObject
GetObjectA
SetBkColor
SetTextColor
CreatePen
SelectObject
MoveToEx
LineTo
CreateCompatibleBitmap
CreateDCA
CreateCompatibleDC
DeleteDC
StretchBlt
CreateDIBSection
CreateSolidBrush
GetDeviceCaps
CreateFontA
SetDIBits
BitBlt
GdiSetBatchLimit
GdiGetBatchLimit
GetDIBits
CreateBitmap
SetPixel
GetTextExtentPoint32A
SetBkMode
SetTextAlign
TextOutA
SetStretchBltMode
SetBrushOrgEx
GetPixel
CreateFontIndirectA
GetTextMetricsA

comdlg32

ChooseColorA

comctl32

InitCommonControlsEx
ImageList_Destroy
ImageList_Remove
ImageList_AddMasked
ImageList_Create
ImageList_Add
ImageList_ReplaceIcon
ImageList_GetIconSize

shell32

SHAppBarMessage
Shell_NotifyIconA
ShellExecuteExA

ole32

CoInitialize
RevokeDragDrop

winmm

timeBeginPeriod
timeEndPeriod

Exports

Exports

_LibMain@12

Sections

.code
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 843B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11c40f95cd23b9775957a1a77041db83

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

comdlg32

comctl32

shell32

ole32

winmm

Exports

Exports

Sections

.code Size: 43KB - Virtual size: 42KB

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 1024B - Virtual size: 843B

.data Size: 22KB - Virtual size: 27KB

.rsrc Size: 4KB - Virtual size: 4KB

.code
Size: 43KB - Virtual size: 42KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 1024B - Virtual size: 843B

.data
Size: 22KB - Virtual size: 27KB

.rsrc
Size: 4KB - Virtual size: 4KB