35a2f8a4ee14898b7cbc56d81b44aa03e22f64caa1648f9a9b2f559f3a96b7d8

Sharing

Copy URL

Twitter E-mail

General

Target

35a2f8a4ee14898b7cbc56d81b44aa03e22f64caa1648f9a9b2f559f3a96b7d8
Size

7.4MB
MD5

0a9fc7465362fb9b4af956458f0bbd0c
SHA1

6fda112665a2e6226268c4b5bfbcf9a5f898a423
SHA256

35a2f8a4ee14898b7cbc56d81b44aa03e22f64caa1648f9a9b2f559f3a96b7d8
SHA512

0bfef85092b5aeeca7b33b8a736ace26bc02f13a87ec98c3e842dba33de0d90fae6c91e568cd9a0630036844890282bed00088dcb93fae1fb5e019a95412e559
SSDEEP

196608:OSnJkJVTf1uhuvfE5JYY3b5PP5MzAujDTs391dEBThq69Gd:OIGR1GifEIY31efjkcBThv9Gd

Score

3^/10

qr link

Malware Config

Signatures

One or more HTTP URLs in qr code identified
Detects presence of HTTP links in QR codes.
qr link

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/winrar-x32-700b2.exe
unpack001/winrar-x64-700b2.exe

Files

35a2f8a4ee14898b7cbc56d81b44aa03e22f64caa1648f9a9b2f559f3a96b7d8
.zip
Read me!!!.txt
winrar-x32-700b2.exe
.exe windows:6 windows x86 arch:x86

082d9eac0e630d0d5aee6a677ef22e52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
FormatMessageW
LocalFree
SetLastError
CreateHardLinkW
SetFileTime
GetCurrentProcess
CloseHandle
CreateFileW
DeviceIoControl
RemoveDirectoryW
DeleteFileW
GetLongPathNameW
GetShortPathNameW
MoveFileW
GetStdHandle
WriteFile
ReadFile
SetFilePointer
SetEndOfFile
FlushFileBuffers
GetFileType
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
GetCurrentProcessId
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
ExpandEnvironmentStringsW
SetThreadExecutionState
CompareStringW
AllocConsole
AttachConsole
WriteConsoleW
Sleep
FreeConsole
ExitProcess
GetSystemDirectoryW
LoadLibraryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
WaitForSingleObject
GetProcessAffinityMask
CreateSemaphoreW
CreateEventW
ReleaseSemaphore
SetThreadPriority
SetEvent
ResetEvent
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
LocalFileTimeToFileTime
TzSpecificLocalTimeToSystemTime
GetSystemTime
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
IsDBCSLeadByte
GlobalAlloc
SizeofResource
LoadResource
LockResource
GlobalLock
GlobalUnlock
GlobalFree
GetDateFormatW
GetTimeFormatW
GlobalMemoryStatusEx
GetLocaleInfoW
GetNumberFormatW
GetCommandLineW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
SetEnvironmentVariableW
GetLocalTime
GetTickCount
CreateFileMappingW
MoveFileExW
GetTempPathW
GetExitCodeProcess
DecodePointer
GetConsoleMode
GetConsoleOutputCP
HeapSize
SetFilePointerEx
GetStringTypeW
SetStdHandle
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
HeapFree
HeapAlloc
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW

oleaut32

SysAllocString
SysFreeString
VariantClear

gdiplus

GdipCreateBitmapFromStream
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winrar-x64-700b2.exe
.exe windows:6 windows x64 arch:x64

39da3cace27ab9503fa46001ce968ea6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLastError
FormatMessageW
LocalFree
SetLastError
CreateHardLinkW
SetFileTime
GetCurrentProcess
CloseHandle
CreateFileW
DeviceIoControl
RemoveDirectoryW
DeleteFileW
GetLongPathNameW
GetShortPathNameW
MoveFileW
GetStdHandle
WriteFile
ReadFile
SetFilePointer
SetEndOfFile
FlushFileBuffers
GetFileType
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
GetCurrentProcessId
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
ExpandEnvironmentStringsW
SetThreadExecutionState
CompareStringW
AllocConsole
AttachConsole
WriteConsoleW
Sleep
FreeConsole
ExitProcess
GetSystemDirectoryW
LoadLibraryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
WaitForSingleObject
GetProcessAffinityMask
CreateSemaphoreW
CreateEventW
ReleaseSemaphore
SetThreadPriority
SetEvent
ResetEvent
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
LocalFileTimeToFileTime
TzSpecificLocalTimeToSystemTime
GetSystemTime
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
IsDBCSLeadByte
GlobalAlloc
SizeofResource
LoadResource
LockResource
GlobalLock
GlobalUnlock
GlobalFree
GetDateFormatW
GetTimeFormatW
GlobalMemoryStatusEx
GetLocaleInfoW
GetNumberFormatW
GetCommandLineW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
SetEnvironmentVariableW
GetLocalTime
GetTickCount
CreateFileMappingW
MoveFileExW
GetTempPathW
GetExitCodeProcess
GetConsoleMode
GetConsoleOutputCP
HeapSize
SetFilePointerEx
GetStringTypeW
SetStdHandle
GetProcessHeap
LCMapStringW
FlsFree
FlsSetValue
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
HeapFree
HeapAlloc
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue

oleaut32

SysAllocString
SysFreeString
VariantClear

gdiplus

GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
关注大眼仔生活圈公众号获取更多信息.png
.png
- http://weixin.qq.com/r/j0i3r0zEfhEBrQjM9x2d
大眼仔旭.url
.url

Sharing

General

Malware Config

Signatures

Files

082d9eac0e630d0d5aee6a677ef22e52

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

gdiplus

Sections

.text Size: 232KB - Virtual size: 232KB

.rdata Size: 50KB - Virtual size: 49KB

.data Size: 3KB - Virtual size: 45KB

.didat Size: 512B - Virtual size: 404B

.rsrc Size: 156KB - Virtual size: 155KB

.reloc Size: 11KB - Virtual size: 10KB

39da3cace27ab9503fa46001ce968ea6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

gdiplus

Sections

.text Size: 264KB - Virtual size: 263KB

.rdata Size: 72KB - Virtual size: 72KB

.data Size: 4KB - Virtual size: 49KB

.pdata Size: 16KB - Virtual size: 15KB

.didat Size: 1024B - Virtual size: 824B

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 156KB - Virtual size: 155KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 232KB - Virtual size: 232KB

.rdata
Size: 50KB - Virtual size: 49KB

.data
Size: 3KB - Virtual size: 45KB

.didat
Size: 512B - Virtual size: 404B

.rsrc
Size: 156KB - Virtual size: 155KB

.reloc
Size: 11KB - Virtual size: 10KB

.text
Size: 264KB - Virtual size: 263KB

.rdata
Size: 72KB - Virtual size: 72KB

.data
Size: 4KB - Virtual size: 49KB

.pdata
Size: 16KB - Virtual size: 15KB

.didat
Size: 1024B - Virtual size: 824B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 156KB - Virtual size: 155KB

.reloc
Size: 2KB - Virtual size: 2KB