25a20d53fd2781fae5416f8e09263cf996b884b8ddce7fd94b537422b19a35b3

Sharing

Copy URL Twitter E-mail

General

Target

25a20d53fd2781fae5416f8e09263cf996b884b8ddce7fd94b537422b19a35b3
Size

3.8MB
MD5

a3c2f2883be69009ad114d023f71cdb0
SHA1

907be71898fa81a7d5409e172f3c5912395f34e4
SHA256

25a20d53fd2781fae5416f8e09263cf996b884b8ddce7fd94b537422b19a35b3
SHA512

b2919852b4e08e56de69aae2ec5ba9bbc05a7df47580812110fd6d1bc41e846c3a8c9c442c8e8ae3b1ace37c9d28bdf42e4319a90e637a57b9fb25c061a34301
SSDEEP

98304:nRBj3KZkrAZFG0x/q+d5Lo87MdWQTyKMWsj6LWFBV3e:nRkZ1ZFG0bd1oPdWQTy72LWXVO

Score

3^/10

qr link

Malware Config

Signatures

One or more HTTP URLs in qr code identified
Detects presence of HTTP links in QR codes.
qr link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WinRAR_v7.0beta2_64Bit_Setup/WinRAR_v7.0beta2_64Bit_Setup.exe

Files

25a20d53fd2781fae5416f8e09263cf996b884b8ddce7fd94b537422b19a35b3
.zip
WinRAR_v7.0beta2_64Bit_Setup/!关注微信 - 更多福利.png
.png
- http://weixin.qq.com/r/wii4oJjEU8UsrdzD933Q
WinRAR_v7.0beta2_64Bit_Setup/!果核剥壳 - 全网更新最快.url
.url
WinRAR_v7.0beta2_64Bit_Setup/WinRAR_v7.0beta2_64Bit_Setup.exe
.exe windows:6 windows x64 arch:x64

39da3cace27ab9503fa46001ce968ea6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLastError
FormatMessageW
LocalFree
SetLastError
CreateHardLinkW
SetFileTime
GetCurrentProcess
CloseHandle
CreateFileW
DeviceIoControl
RemoveDirectoryW
DeleteFileW
GetLongPathNameW
GetShortPathNameW
MoveFileW
GetStdHandle
WriteFile
ReadFile
SetFilePointer
SetEndOfFile
FlushFileBuffers
GetFileType
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
GetCurrentProcessId
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
ExpandEnvironmentStringsW
SetThreadExecutionState
CompareStringW
AllocConsole
AttachConsole
WriteConsoleW
Sleep
FreeConsole
ExitProcess
GetSystemDirectoryW
LoadLibraryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
WaitForSingleObject
GetProcessAffinityMask
CreateSemaphoreW
CreateEventW
ReleaseSemaphore
SetThreadPriority
SetEvent
ResetEvent
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
LocalFileTimeToFileTime
TzSpecificLocalTimeToSystemTime
GetSystemTime
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
IsDBCSLeadByte
GlobalAlloc
SizeofResource
LoadResource
LockResource
GlobalLock
GlobalUnlock
GlobalFree
GetDateFormatW
GetTimeFormatW
GlobalMemoryStatusEx
GetLocaleInfoW
GetNumberFormatW
GetCommandLineW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
SetEnvironmentVariableW
GetLocalTime
GetTickCount
CreateFileMappingW
MoveFileExW
GetTempPathW
GetExitCodeProcess
GetConsoleMode
GetConsoleOutputCP
HeapSize
SetFilePointerEx
GetStringTypeW
SetStdHandle
GetProcessHeap
LCMapStringW
FlsFree
FlsSetValue
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
HeapFree
HeapAlloc
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue

oleaut32

SysAllocString
SysFreeString
VariantClear

gdiplus

GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39da3cace27ab9503fa46001ce968ea6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

gdiplus

Sections

.text Size: 264KB - Virtual size: 263KB

.rdata Size: 72KB - Virtual size: 72KB

.data Size: 4KB - Virtual size: 49KB

.pdata Size: 16KB - Virtual size: 15KB

.didat Size: 1024B - Virtual size: 824B

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 154KB - Virtual size: 153KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 264KB - Virtual size: 263KB

.rdata
Size: 72KB - Virtual size: 72KB

.data
Size: 4KB - Virtual size: 49KB

.pdata
Size: 16KB - Virtual size: 15KB

.didat
Size: 1024B - Virtual size: 824B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 154KB - Virtual size: 153KB

.reloc
Size: 2KB - Virtual size: 2KB