0ea8b5f712654c5619002ef49b746f3b

Sharing

Copy URL

Twitter E-mail

General

Target

0ea8b5f712654c5619002ef49b746f3b
Size

56KB
MD5

0ea8b5f712654c5619002ef49b746f3b
SHA1

d667419f3373fda57cd2779b09e98eb9bdd2abbf
SHA256

27e33c2df4e8b60ad867f0d7a7005fcee4bb75792fae6bcfc1384e7bdd23ce8e
SHA512

4d3cd98808790f827b48d52f8fe4e7aca0c154c9fd8ed29cb609f0d2cc814cd84ab51854f4978a7a838cff7a3562324c890bc3f6f288ffbbb610fd3bade4f642
SSDEEP

1536:NW9Q9boZ/TfkW78AC7YSUhrcNN/L9cK6f1:Q62kpdYSUNcj/L9cK6f1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CF隐身+透视[防非法].exe

Files

0ea8b5f712654c5619002ef49b746f3b
.rar
CF隐身+透视[防非法].exe
.exe windows:4 windows x86 arch:x86

9b423edefc85f213c29a7383d9dc928b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WinExec
CopyFileA
CreateThread
GetCurrentThreadId
CreateDirectoryA
GetFileAttributesA
ExitProcess
GetWindowsDirectoryA
ReleaseMutex
CreateMutexA
GetCommandLineA
GetStartupInfoA
lstrcpyA
SetLastError
GetLastError
GetProcessHeap
HeapAlloc
GetModuleHandleA
HeapFree
GetTempPathA
FindResourceA
LoadResource
GetSystemDirectoryA
lstrcatA
LocalFileTimeToFileTime
SetFileTime
WriteFile
FreeResource
MoveFileA
DeleteFileA
GetModuleFileNameA
CreateFileA
SetFilePointer
ReadFile
OutputDebugStringA
MultiByteToWideChar
GetProcAddress
WideCharToMultiByte
GetCurrentProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
Sleep
lstrlenA
lstrcmpiA
LoadLibraryA
SetUnhandledExceptionFilter

user32

IsWindow
GetCursorPos
CreateWindowExA
WindowFromPoint
GetTopWindow
GetDesktopWindow
SendMessageA
wsprintfA
PostQuitMessage
SetForegroundWindow
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
RegisterClassExA
LoadCursorA
LoadIconA
PostThreadMessageA
GetClassNameA
DefWindowProcA
SetCursorPos
mouse_event
GetInputState

advapi32

AdjustTokenPrivileges
GetAce
EqualSid
AddAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityA
GetUserNameA
OpenProcessToken
LookupPrivilegeValueA
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetFileSecurityA
LookupAccountNameA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
StartServiceA
OpenServiceA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
InitializeAcl

msvcrt

__CxxFrameHandler
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
strstr
strchr
rand
??2@YAPAXI@Z
memset
strlen
??3@YAXPAX@Z
_except_handler3
memcpy
realloc
malloc

netapi32

NetApiBufferFree
NetUserGetLocalGroups

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b423edefc85f213c29a7383d9dc928b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

netapi32

Sections

.text Size: 12KB - Virtual size: 11KB

.rsrc Size: 111KB - Virtual size: 110KB

.text
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 111KB - Virtual size: 110KB