37d97dff2b650c907d13050579dbb857c6b004ccf0ffa2d659360e8d33a571a2

Sharing

Copy URL Twitter E-mail

General

Target

37d97dff2b650c907d13050579dbb857c6b004ccf0ffa2d659360e8d33a571a2
Size

113KB
MD5

30aef3545604057c08d11e73789b482a
SHA1

1e331a5fa70aa5f94d9f802caf18e185a776ad1b
SHA256

37d97dff2b650c907d13050579dbb857c6b004ccf0ffa2d659360e8d33a571a2
SHA512

fef073baef937319853d08941a2996c4b9a3ddd51d2dff1e4eb17a1a1bb88aa0e88d106f89b5562e196bee658547acd260664506ec1f40fd8cc3fa6c68b95da2
SSDEEP

3072:sze8OcRcWELYwQtjtUSL8Lt0hWr7SZ6vT:Dc5kXQtjtvszPea

Score

3^/10

qr link

Malware Config

Signatures

One or more HTTP URLs in qr code identified
Detects presence of HTTP links in QR codes.
qr link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Memory Cleaner_22.10.1_Single/Memory Cleaner_22.10.1_Single.exe

Files

37d97dff2b650c907d13050579dbb857c6b004ccf0ffa2d659360e8d33a571a2
.zip
Memory Cleaner_22.10.1_Single/!关注微信 - 更多福利.png
.png
- http://weixin.qq.com/r/wii4oJjEU8UsrdzD933Q
Memory Cleaner_22.10.1_Single/!果核剥壳 - 全网更新最快.url
.url
Memory Cleaner_22.10.1_Single/Memory Cleaner_22.10.1_Single.exe
.exe windows:6 windows x64

ea11ff57e0046bb0c6c4383b37836d26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateToolhelp32Snapshot
Sleep
GetLastError
GetFileAttributesA
LoadLibraryA
Process32Next
CloseHandle
WritePrivateProfileStringA
GetProcAddress
LocalFree
GlobalMemoryStatusEx
FreeLibrary
CreateDirectoryA
FormatMessageA
GetPrivateProfileIntA
GetPrivateProfileStringA
OpenProcess
InitializeSListHead
GetSystemTimeAsFileTime
GetModuleHandleA
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
ReleaseMutex
K32EmptyWorkingSet
CreateMutexA
ExpandEnvironmentStringsA
GetCurrentProcess
Process32First
GetCurrentThreadId
GetModuleFileNameA

user32

SetWindowPos
DestroyWindow
GetWindowRect
IsDlgButtonChecked
PostMessageA
GetSystemMetrics
CreatePopupMenu
TrackPopupMenu
RegisterWindowMessageA
SetDlgItemTextW
DefWindowProcA
DestroyMenu
SetDlgItemTextA
SendMessageA
AppendMenuA
GetDlgItem
CheckDlgButton
PostQuitMessage
SetForegroundWindow
GetCursorPos
GetClassLongPtrA
DialogBoxParamA
SetProcessDPIAware
LoadIconA
TranslateMessage
CreateWindowExA
RegisterClassA
MessageBoxA
ShowWindow
EndDialog
DispatchMessageA
GetMessageA

advapi32

RegDeleteValueA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueA
PrivilegeCheck
AdjustTokenPrivileges

shell32

Shell_NotifyIconA
ShellExecuteA
ord680

msvcp140

_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Xlength_error@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z

vcruntime140

_CxxThrowException
memset
__current_exception_context
__current_exception
__C_specific_handler
__std_terminate
__std_exception_copy
__std_exception_destroy
memmove
memcpy
strstr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_c_exit
terminate
_exit
_get_narrow_winmain_command_line
_beginthreadex
_register_thread_local_exe_atexit_callback
_set_app_type
exit
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
_seh_filter_exe

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vswprintf
__stdio_common_vsprintf
_set_fmode

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
free
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea11ff57e0046bb0c6c4383b37836d26

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 57KB - Virtual size: 56KB

.reloc Size: 512B - Virtual size: 108B

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 57KB - Virtual size: 56KB

.reloc
Size: 512B - Virtual size: 108B