3c86f76ce408dc781e966905fb32039be1648469db8239311b55c0e47db92684

Sharing

Copy URL Twitter E-mail

General

Target

3c86f76ce408dc781e966905fb32039be1648469db8239311b55c0e47db92684
Size

5.3MB
MD5

c1b45670110b2425f0753921af2bc30e
SHA1

57e38bde9575804d70f26ae28a3a615b7d85f7a5
SHA256

3c86f76ce408dc781e966905fb32039be1648469db8239311b55c0e47db92684
SHA512

7c7fbff7c1f026da2f9155249d87f3d00aa7abfbac3dd401e2047dbf48f904fdc61ec521558b59687e8bc0b772ef73be3aa0bec9274387cb29c82a3ce6f2beef
SSDEEP

98304:m3/uoEuu43zEaQ2c7SPYpROQAJGIPKJ62qMv5k/SwVQCL2b:m32oEuu4Ql79z5AoIPM/qPbQCL2b

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ACE-Trace.dll
unpack001/资料详情.PDF 2190.com

Files

3c86f76ce408dc781e966905fb32039be1648469db8239311b55c0e47db92684
.zip
ACE-Trace.dll
.dll windows:5 windows x64 arch:x64

b20183c14d6dd66ff7f55a64cacdb99f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

SetEndOfFile
CreateFileW
VirtualAlloc
Sleep
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapSize
GetProcAddress
GetModuleHandleW
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
GetCurrentProcess
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
ReadFile
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameW
GetLocaleInfoW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
LoadLibraryW
SetStdHandle
WriteConsoleW
CreateFileA
GetProcessHeap

user32

GetDC

gdi32

EnumFontFamiliesW

Exports

Exports

init_bugtrace
init_bugtrace_with_path_type
init_bugtrace_with_userinfo
init_bugtrace_with_userinfo_new
set_bugtrace_addr
set_user_stream

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
资料详情.PDF 2190.com
.exe windows:5 windows x64 arch:x64

d2180032be79f897fd12e1dfd634e58d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

psapi

GetModuleInformation
GetMappedFileNameW
GetModuleFileNameExW

userenv

ExpandEnvironmentStringsForUserW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathRemoveFileSpecW
PathFindFileNameA
PathFileExistsW
StrStrIW
PathFindFileNameW
PathAppendW

wtsapi32

WTSQueryUserToken

ws2_32

WSAStartup
htonl
htons
freeaddrinfo
inet_addr
getaddrinfo
select
__WSAFDIsSet
WSACleanup
getsockname
getsockopt
WSAGetLastError
accept
bind
listen
setsockopt
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
ioctlsocket
sendto
recv
recvfrom
connect
socket
send
WSAAddressToStringA
closesocket
gethostname
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
getpeername
WSAIoctl
ntohs
WSAStringToAddressA
WSASetLastError

wldap32

ord301
ord79
ord30
ord200
ord22
ord41
ord143
ord217
ord46
ord26
ord27
ord32
ord35
ord33
ord60
ord50
ord211

kernel32

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetStringTypeW
DuplicateHandle
EncodePointer
GetCPInfo
OutputDebugStringW
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
ExitThread
FreeLibraryAndExitThread
GetFileAttributesExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
WriteConsoleW
SetConsoleCtrlHandler
GetACP
GetConsoleCP
IsValidLocale
FlushFileBuffers
GetCurrentDirectoryW
GetFullPathNameW
GetFullPathNameA
SetStdHandle
SetEndOfFile
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
ChangeTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
CreateFileW
GetFileAttributesW
AreFileApisANSI
CloseHandle
RaiseException
GetLastError
SetLastError
HeapAlloc
HeapReAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
WaitForSingleObjectEx
CreateMutexA
CreateMutexW
CreateEventW
Sleep
GetProcessTimes
TerminateProcess
GetThreadTimes
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
GetVersionExW
GetLogicalProcessorInformation
VirtualAlloc
VirtualProtect
VirtualFree
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
MapViewOfFileEx
UnmapViewOfFile
CreateTimerQueueTimer
DeleteTimerQueueTimer
InterlockedPopEntrySList
GetModuleFileNameW
GetProcAddress
LoadLibraryW
LocalAlloc
LocalFree
SetThreadAffinityMask
CreateFileMappingA
RegisterWaitForSingleObject
UnregisterWait
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
GetLocaleInfoW
GetSystemDefaultLangID
GetUserDefaultLCID
EnumSystemLocalesW
GetEnvironmentVariableW
GetEnvironmentVariableA
ResumeThread
OpenProcess
ExitProcess
GetCurrentProcess
GetCurrentThreadId
SuspendThread
GetCurrentThread
GetThreadContext
FlushInstructionCache
SetThreadContext
VirtualQuery
WriteFile
SetFilePointer
GetFileSize
GetModuleHandleW
HeapSize
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
SwitchToThread
GetCurrentProcessId
SizeofResource
FindFirstFileW
FindNextFileW
FindClose
SetFileAttributesW
LockResource
LoadResource
FindResourceW
GetWindowsDirectoryA
GetLogicalDriveStringsA
GetTempPathW
GetTempFileNameW
CreateThread
OpenEventW
SetCurrentDirectoryW
SystemTimeToFileTime
GetSystemTime
TryEnterCriticalSection
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetUserDefaultUILanguage
Thread32Next
InitializeCriticalSection
OpenThread
CreateDirectoryW
GetModuleHandleExW
ExpandEnvironmentStringsW
DeleteFileW
GetNativeSystemInfo
VerSetConditionMask
VerifyVersionInfoW
ReadFile
GetFileSizeEx
EnumResourceNamesW
SetFilePointerEx
GetFileTime
TerminateThread
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
GetProcessId
GlobalAlloc
GlobalFree
GetModuleFileNameA
Module32FirstW
Module32NextW
SetUnhandledExceptionFilter
GetCommandLineA
UnhandledExceptionFilter
OpenMutexW
GetModuleHandleA
LoadLibraryA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetFileType
GetStdHandle
OutputDebugStringA
DeleteFiber
FindFirstFileA
FindNextFileA
FormatMessageA
ConvertFiberToThread
QueryPerformanceCounter
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
IsBadCodePtr
GetExitCodeThread
GetVersionExA
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FormatMessageW
MoveFileExA
PeekNamedPipe
WaitForMultipleObjects
QueryDepthSList
UnregisterWaitEx
HeapCreate
GetDiskFreeSpaceW
LockFile
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
CreateFileA
DeleteFileA
HeapCompact
UnlockFile
LockFileEx
FreeLibrary
Thread32First

user32

GetClassNameW
EnumChildWindows
IsWindowEnabled
GetAncestor
GetWindowThreadProcessId
GetWindowInfo
SendMessageTimeoutW
GetWindow
GetWindowLongW
LookupIconIdFromDirectory
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
UpdateWindow
TranslateMessage
DispatchMessageW
GetMessageW
DefWindowProcW
SetWindowLongPtrW
CreateWindowExW
GetWindowLongPtrW
GetDesktopWindow
GetLayeredWindowAttributes
IsWindow
IsWindowVisible
RegisterClassExW

advapi32

DeleteService
RegCloseKey
ImpersonateLoggedOnUser
RevertToSelf
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetTokenInformation
FreeSid
CryptEncrypt
OpenProcessToken
SetEntriesInAclW
AllocateAndInitializeSid
SetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenServiceW
ChangeServiceConfigW
ControlService
OpenSCManagerW
CloseServiceHandle
OpenEventLogW
ReadEventLogW
CloseEventLog
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey

shell32

CommandLineToArgvW

pdh

PdhCloseQuery
PdhAddCounterW
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhCollectQueryData
PdhOpenQueryW

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b20183c14d6dd66ff7f55a64cacdb99f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 7KB - Virtual size: 16KB

.pdata Size: 5KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 1KB

d2180032be79f897fd12e1dfd634e58d

Headers

DLL Characteristics

File Characteristics

Imports

psapi

userenv

version

shlwapi

wtsapi32

ws2_32

wldap32

kernel32

user32

advapi32

shell32

pdh

dbghelp

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 156KB - Virtual size: 182KB

.pdata Size: 172KB - Virtual size: 172KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 3KB - Virtual size: 2KB

.vmp0 Size: 3.3MB - Virtual size: 3.3MB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 7KB - Virtual size: 16KB

.pdata
Size: 5KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 156KB - Virtual size: 182KB

.pdata
Size: 172KB - Virtual size: 172KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 3KB - Virtual size: 2KB

.vmp0
Size: 3.3MB - Virtual size: 3.3MB

.rsrc
Size: 2KB - Virtual size: 2KB