a62f00f6189c644f09764a3da65507f7bbd816fa71095ba8d6401e54f434c627

Sharing

Copy URL

Twitter E-mail

General

Target

a62f00f6189c644f09764a3da65507f7bbd816fa71095ba8d6401e54f434c627
Size

98KB
MD5

8a43371efad8b3e491a9c2432b90132a
SHA1

2f14d41d5048a34fdfc90575b6dcb53196f61c35
SHA256

a62f00f6189c644f09764a3da65507f7bbd816fa71095ba8d6401e54f434c627
SHA512

1077cc3d961a0c6884f98b9921bea8388b8e83a53616926312eede444c0ca511df98a5a0de8b6266cc65d7dd0513f6c7d65f83e8393700e29fecf638fc8ae4a1
SSDEEP

3072:N1O41MlztkskEEPy1rvX//MGr7s/CAvXLsvAM6IG:/O8MptKc//MwQ/Z7v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/杨颖疯马秀.exe

Files

a62f00f6189c644f09764a3da65507f7bbd816fa71095ba8d6401e54f434c627
.zip
杨颖疯马秀.exe
.exe windows:5 windows x86 arch:x86

27332499b5c45c26aabd060957e517ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

setupapi

SetupDiClassGuidsFromNameA
SetupDiGetClassDevsExA
SetupDiGetDeviceRegistryPropertyA
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiDestroyDriverInfoList
SetupDiEnumDeviceInfo

kernel32

TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
InterlockedIncrement
CopyFileW
DeleteFileW
CreateDirectoryW
FindResourceExW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
LockResource
GetLocaleInfoEx
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
GetPrivateProfileStringW
GetCommandLineW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
SetEvent
GetCurrentThreadId
CreateEventW
CreateThread
Sleep
GetCurrentThread
GetCurrentProcess
GetModuleFileNameW
lstrcmpiW
GetModuleHandleW
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WaitForSingleObject
CreateFileW
CloseHandle
LoadLibraryW
GetStringTypeW
FlushFileBuffers
SetStdHandle
WriteConsoleW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
WideCharToMultiByte
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapCreate
GetStdHandle
WriteFile
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
DecodePointer
EncodePointer
RtlUnwind
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap

user32

DispatchMessageW
CharNextW
TranslateMessage
LoadStringW
PostThreadMessageW
GetMessageW
MessageBoxW
CharUpperW

advapi32

OpenProcessToken
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumValueA
RegDeleteKeyA
RegQueryValueExA
ChangeServiceConfigW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
AllocateAndInitializeSid
FreeSid
OpenThreadToken
SetSecurityDescriptorDacl
RegEnumKeyExW
ControlService
DeleteService
CreateServiceW
InitializeAcl
AddAccessAllowedAce
GetAclInformation
AddAce
GetAce
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
OpenSCManagerW
OpenServiceW
CloseServiceHandle

shell32

SHGetFolderPathA
SHGetFolderPathAndSubDirA

ole32

CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoInitializeSecurity
CoResumeClassObjects
CoAddRefServerProcess
CoReleaseServerProcess
CoInitializeEx

oleaut32

LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27332499b5c45c26aabd060957e517ad

Headers

DLL Characteristics

File Characteristics

Imports

version

setupapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 17KB - Virtual size: 28KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 17KB - Virtual size: 28KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 12KB - Virtual size: 11KB