6375ed9790a16e92a1daa6a428954f56e165aa30530d0bf5fa7c626504d12f5c

Sharing

Copy URL Twitter E-mail

General

Target

6375ed9790a16e92a1daa6a428954f56e165aa30530d0bf5fa7c626504d12f5c
Size

6.2MB
MD5

e25d42ddb17fb29b2bd65bcc48ee4f58
SHA1

46cf4bd38567c3e6456e93d68e4cc45e7d1bc592
SHA256

6375ed9790a16e92a1daa6a428954f56e165aa30530d0bf5fa7c626504d12f5c
SHA512

97ca1f2b74d9f48f8fa23bedad3628a2ae83b7856bfeda2fd5426be5547970e854e5ac1c9b495e5c1fd8ea770922e3d8fca2dcf3301c77893c5c442a2aff12f1
SSDEEP

196608:t7HNUqtoL0ttYVk/lEAg2ySE6v3uCxSk9:FsctYVk9EKyQuUSk9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/稻壳阅读器 2.12.61 单文件.exe

Files

6375ed9790a16e92a1daa6a428954f56e165aa30530d0bf5fa7c626504d12f5c
.zip
404Le.com.url
.url
稻壳阅读器 2.12.61 单文件.exe
.exe windows:4 windows x86 arch:x86

60affa2c1c2a995a256c370e06e92714

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpNA
StrPBrkW
StrCmpIW
wnsprintfW
StrStrA
PathMatchSpecW
StrToIntExW
StrCpyNW
StrStrW
StrStrIW
StrRChrW
StrChrW
StrCmpNW
StrCmpNIA
StrCmpNIW

kernel32

SetNamedPipeHandleState
CreateNamedPipeA
SetFilePointer
DuplicateHandle
CreatePipe
CreateThread
GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiA
lstrcmpA
LocalFree
GetVersionExW
CreateMutexA
WideCharToMultiByte
CreateFileA
GetFileSizeEx
DeleteFileW
VirtualFree
TlsSetValue
WriteConsoleW
TlsGetValue
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
QueryPerformanceFrequency
GlobalFree
GlobalAlloc
SetCurrentDirectoryW
WinExec
WriteProcessMemory
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetEnvironmentVariableW
ExpandEnvironmentStringsW
HeapReAlloc
GlobalMemoryStatusEx
LockResource
LoadResource
SizeofResource
FindResourceW
GetExitCodeThread
WaitForMultipleObjects
GetCurrentThreadId
RemoveDirectoryW
GetProcessTimes
SetEndOfFile
GetLogicalDrives
FormatMessageW
QueryPerformanceCounter
SetConsoleWindowInfo
GetLargestConsoleWindowSize
GetVolumeNameForVolumeMountPointW
SetFilePointerEx
GetSystemTimeAsFileTime
DefineDosDeviceW
VirtualAlloc
QueryDosDeviceW
SetThreadPriority
GetCurrentThread
CopyFileW
WaitNamedPipeW
GlobalMemoryStatus
SleepEx
MoveFileW
MoveFileExW
OpenThread
TerminateThread
SetSystemPowerState
InterlockedExchange
GetACP
GetLocaleInfoA
LoadLibraryExW
RaiseException
FileTimeToSystemTime
SystemTimeToFileTime
ReleaseSemaphore
ResetEvent
DisconnectNamedPipe
GetVolumeInformationW
GetDiskFreeSpaceW
lstrcpyA
lstrcpynA
GetHandleInformation
SetLocalTime
SetEnvironmentVariableA
GlobalAddAtomA
GetFileAttributesExW
DeleteVolumeMountPointW
GlobalUnlock
GlobalLock
CreateHardLinkW
VirtualProtect
GetConsoleWindow
SetConsoleScreenBufferSize
AllocConsole
GetFullPathNameW
FileTimeToLocalFileTime
LCMapStringA
GetSystemInfo
GetFileSize
EnumResourceNamesW
GetTempPathW
LCMapStringW
SetVolumeMountPointW
SetVolumeLabelW
GetLongPathNameW
GetTimeZoneInformation
LocalFileTimeToFileTime
GlobalDeleteAtom
Beep
GetFileInformationByHandle
SetFileAttributesW
SetFileTime
OpenEventW
FindFirstFileW
CreateNamedPipeW
CreateMailslotW
OpenMutexW
CreateSemaphoreW
OpenSemaphoreW
VirtualQueryEx
VirtualProtectEx
SetThreadContext
GetThreadContext
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
GetStartupInfoA
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
IsBadWritePtr
HeapCreate
HeapDestroy
MultiByteToWideChar
VirtualQuery
TlsFree
GetFileType
SetStdHandle
HeapSize
GetVersionExA
RtlUnwind
WriteFile
GetShortPathNameW
ConnectNamedPipe
GetOverlappedResult
CreateJobObjectW
AssignProcessToJobObject
ResumeThread
GetExitCodeProcess
TerminateJobObject
GetCommandLineW
GetVersion
ReadProcessMemory
LoadLibraryW
WaitForSingleObject
ExitProcess
lstrcatA
CreateDirectoryW
CreateProcessW
FindNextFileW
FlushFileBuffers
FindFirstVolumeW
CreateFileW
DeviceIoControl
FindNextVolumeW
FindVolumeClose
GetProcessAffinityMask
GetModuleHandleA
HeapFree
GetModuleFileNameW
IsBadCodePtr
CompareStringA
CompareStringW
SearchPathW
CreateFileMappingA
OpenFileMappingA
TerminateProcess
UnmapViewOfFile
GetEnvironmentVariableA
SetErrorMode
GetStdHandle
GetProcessHeap
TlsAlloc
LoadLibraryA
GetProcAddress
CreateFiber
ConvertThreadToFiber
DeleteFiber
SwitchToFiber
GetLocaleInfoW
GetCurrentProcess
SetProcessWorkingSetSize
Sleep
GetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentProcessId
OpenFileMappingW
GetLastError
SetLastError
CreateMutexW
CreateEventW
CreateFileMappingW
MapViewOfFile
GetCurrentDirectoryW
SetEvent
FreeEnvironmentStringsW
OpenProcess
ReleaseMutex
HeapAlloc
lstrlenA
lstrcpynW
lstrcatW
lstrcpyW
lstrcmpW
lstrcmpiW
FindClose
ReadFile
CloseHandle
EnterCriticalSection
LeaveCriticalSection
MulDiv
GetTickCount
GetStartupInfoW
FreeLibrary
lstrlenW
IsBadReadPtr

user32

GetScrollRange
SubtractRect
GetIconInfo
DrawEdge
DrawFrameControl
DrawFocusRect
DrawIconEx
GetFocus
GetScrollPos
GetActiveWindow
CreateDialogParamW
SetMenuItemBitmaps
EnumWindows
UpdateWindow
SetCapture
ReleaseCapture
ShowCursor
GetWindowInfo
ChildWindowFromPointEx
GetScrollInfo
WindowFromPoint
IsChild
FindWindowExW
DrawIcon
ScrollWindow
SetMenu
CreateMenu
SetWindowRgn
CreateIconFromResource
FindWindowW
LoadStringA
CharUpperA
IsWindowVisible
CopyImage
DestroyCursor
GetClipboardData
IsWindowEnabled
CreateIconFromResourceEx
SwitchToThisWindow
GetClassNameW
MessageBoxW
IsRectEmpty
EnumChildWindows
PtInRect
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetCursorPos
FindWindowExA
GetForegroundWindow
AttachThreadInput
IsDialogMessageW
GetSysColor
LoadCursorW
SetCursor
GetWindowThreadProcessId
SetScrollInfo
SetScrollPos
SetScrollRange
SetFocus
GetWindowDC
IsIconic
GetMessageW
DialogBoxParamW
RegisterClassExW
LockWorkStation
mouse_event
EnumDisplayDevicesW
ChangeDisplaySettingsExW
DialogBoxIndirectParamW
SetParent
BeginPaint
EndPaint
SetLayeredWindowAttributes
GetMenu
GetMenuItemCount
DefWindowProcW
LoadMenuW
RemoveMenu
InsertMenuW
InvalidateRect
GetDlgItemTextW
EndDialog
FillRect
RedrawWindow
CallWindowProcW
GetKeyState
EnumDisplaySettingsW
GetSubMenu
GetMenuItemID
GetMenuStringW
ModifyMenuW
UnregisterHotKey
RegisterHotKey
LoadBitmapW
LoadImageW
DestroyIcon
MsgWaitForMultipleObjects
UnhookWindowsHookEx
SetWindowsHookExW
GetAsyncKeyState
PostQuitMessage
CallNextHookEx
GetKeyboardState
keybd_event
RegisterDeviceNotificationW
ExitWindowsEx
IsWindow
ScreenToClient
GetWindowTextLengthW
OffsetRect
CharUpperW
OpenDesktopW
SetThreadDesktop
SwitchDesktop
CloseDesktop
GetCursorPos
CreatePopupMenu
TrackPopupMenu
DestroyMenu
wsprintfA
LoadStringW
AppendMenuW
RegisterWindowMessageW
FindWindowA
GetLastInputInfo
PeekMessageW
TranslateMessage
DispatchMessageW
SystemParametersInfoW
WaitForInputIdle
GetSystemMenu
EnableMenuItem
GetWindowLongW
GetClientRect
wsprintfW
DrawTextW
GetSystemMetrics
ShowScrollBar
EnableWindow
GetDesktopWindow
SetActiveWindow
SetForegroundWindow
BringWindowToTop
GetWindowTextW
SetWindowTextW
ClientToScreen
MoveWindow
CreateWindowExW
SetWindowLongW
GetDlgCtrlID
GetParent
LoadIconW
ReleaseDC
GetDC
SetDlgItemTextW
DestroyWindow
GetDlgItem
SetWindowPos
ShowWindow
GetWindowRect
KillTimer
SetTimer
SendMessageW
PostMessageW
SendMessageTimeoutW

gdi32

GetBkColor
StretchBlt
GetObjectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateSolidBrush
RemoveFontResourceW
AddFontResourceW
GetStockObject
SetBkMode
DeleteObject
SelectObject
DeleteDC
GetDeviceCaps
Rectangle
MoveToEx
LineTo
GetTextMetricsW
Polyline
CreateBitmap
CreateEllipticRgn
CreatePen
Ellipse
SetDIBits
SetPixel
SetBkColor
ExtTextOutW
GetPixel
CreateFontW
CreateRectRgn
CombineRgn
SelectPalette
RealizePalette
GetDIBits
CreateDCW
SetTextColor

advapi32

AbortSystemShutdownW
CreateRestrictedToken
AllocateAndInitializeSid
OpenProcessToken
CreateProcessWithLogonW
CreateProcessAsUserW
AdjustTokenPrivileges
SetTokenInformation
LookupPrivilegeValueW
DuplicateTokenEx
GetTokenInformation
StartServiceW
OpenServiceW
CreateServiceW
CloseServiceHandle
OpenSCManagerW
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
SetSecurityInfo
SetEntriesInAclW
GetSecurityInfo
LookupAccountSidW
RegCloseKey
RegCreateKeyExW
ChangeServiceConfig2W
ChangeServiceConfigW
InitiateSystemShutdownW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteKeyW
RegQueryValueExA
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExA
RegOpenKeyExA
SetNamedSecurityInfoW
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoW
RegUnLoadKeyW
RegLoadKeyW
CryptDestroyHash
CryptReleaseContext
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptGetProvParam
CryptEnumProviderTypesW
CheckTokenMembership
SetServiceStatus
ControlService
DeleteService
FreeSid

shell32

SHGetSpecialFolderPathW
SHChangeNotify
SHAppBarMessage
SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIconW
SHFileOperationW
DragAcceptFiles
ShellExecuteExW
SHGetSpecialFolderPathA
DragQueryFileW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

setupapi

CM_Get_Device_IDW
SetupDiClassNameFromGuidA
CM_Get_DevNode_Status
CM_Request_Device_EjectW
CM_Query_And_Remove_SubTreeW
CM_Get_Parent
SetupDiOpenClassRegKey
SetupDiGetDeviceInfoListDetailW
CM_Get_DevNode_Status_Ex
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiClassGuidsFromNameW
CM_Reenumerate_DevNode
CM_Locate_DevNodeW
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiClassNameFromGuidW
SetupDiGetDriverInfoDetailW
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceInstanceIdW
SetupDiChangeState
SetupDiSetClassInstallParamsW
SetupDiDestroyDeviceInfoList

Exports

Exports

LoadEnvi
MemoryCompare
MemoryCopy
MemorySet
WndProc1
WndProc1_
WndProc2
WndProc2_
WndProc3
WndProc3_
_dllMain_Name@12
_mainB_@8
_mainW@16
_main_@4
main
main1
main5
mainB

Sections

.text
Size: 747KB - Virtual size: 746KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

flag_dat
Size: 512B - Virtual size: 26B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 557KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60affa2c1c2a995a256c370e06e92714

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

advapi32

shell32

version

setupapi

Exports

Exports

Sections

.text Size: 747KB - Virtual size: 746KB

.rdata Size: 103KB - Virtual size: 102KB

.data Size: 7KB - Virtual size: 18KB

flag_dat Size: 512B - Virtual size: 26B

.rsrc Size: 557KB - Virtual size: 556KB

.reloc Size: 38KB - Virtual size: 37KB

.text
Size: 747KB - Virtual size: 746KB

.rdata
Size: 103KB - Virtual size: 102KB

.data
Size: 7KB - Virtual size: 18KB

flag_dat
Size: 512B - Virtual size: 26B

.rsrc
Size: 557KB - Virtual size: 556KB

.reloc
Size: 38KB - Virtual size: 37KB