694a9e9fdbdbcf2f728ef3b9814fd2a8

Sharing

Copy URL

Twitter E-mail

General

Target

694a9e9fdbdbcf2f728ef3b9814fd2a8
Size

177KB
MD5

694a9e9fdbdbcf2f728ef3b9814fd2a8
SHA1

0bb8ddeca355567d39f0a8fb20a3450222d68e96
SHA256

dd84895c6e3b30b6252dc87f202f9641a7daf554844e4f5d0f91cb6d580db4dd
SHA512

c252c0f6621af854eabb48ec734eec089503b33cad235c9dc6f586dcb853857dcfff923366b582a6a85710f473779ef7cb61b5648e411a39bedd091c516f36a1
SSDEEP

3072:kTR8bFEXLH9eG5kKwoz80fXnWaxoezwk0n1LIqZEx23+NsywFOcl1ZZ/MRwt/b+/:OXjwypnv/t0n1LnE83+3bG1wRYbNk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SnipeSword/SnipeSword.exe

Files

694a9e9fdbdbcf2f728ef3b9814fd2a8
.rar
SnipeSword/Help.htm
.html
SnipeSword/Readme.txt
SnipeSword/SnipeSword.exe
.exe windows:4 windows x86 arch:x86

a019922dd74df1859dd677bcd13491a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

DragFinish
DragQueryFileA
SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

ole32

CoCreateInstance
CoInitialize
CoGetMalloc
CoUninitialize
CoTaskMemFree

psapi

EnumProcessModules
GetModuleFileNameExA

setupapi

SetupDiGetClassDescriptionA
SetupDiGetClassImageIndex
SetupDiDestroyDeviceInfoList
SetupDiDestroyClassImageList
SetupDiGetClassImageList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA

wintrust

WinVerifyTrust
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash

wininet

InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetOpenA
InternetOpenUrlA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

comctl32

CreateStatusWindowA
ImageList_Create
ImageList_Destroy
InitCommonControls
ImageList_Add

comdlg32

GetOpenFileNameA
GetSaveFileNameA
FindTextA

user32

SetWindowLongA
SetTimer
SetMenuItemBitmaps
SetLayeredWindowAttributes
SetForegroundWindow
SetDlgItemTextA
SetCursor
SetClassLongA
SetCapture
SendMessageA
SendDlgItemMessageA
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterHotKey
RegisterClassExA
PtInRect
PostQuitMessage
PostMessageA
OffsetRect
MoveWindow
MessageBoxA
LoadStringA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsWindowVisible
IsDlgButtonChecked
InvalidateRect
GetWindowThreadProcessId
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
GetWindowLongA
GetWindowDC
SetWindowTextA
GetSysColor
GetMessageA
GetMenuState
GetDlgItemTextA
GetDlgItem
GetDesktopWindow
GetDC
GetCursorPos
GetClientRect
GetClassNameA
GetClassInfoExA
GetCapture
FindWindowA
ExitWindowsEx
EnumWindows
EnumChildWindows
EndDialog
EnableWindow
EnableMenuItem
DispatchMessageA
DialogBoxParamA
DestroyWindow
DestroyIcon
DefWindowProcA
CreateWindowExA
CreatePopupMenu
CreateDialogParamA
ClipCursor
ClientToScreen
CheckMenuItem
CheckDlgButton
CharLowerBuffA
CallWindowProcA
BringWindowToTop
AppendMenuA
AnimateWindow
wsprintfA
ShowWindow
TrackPopupMenu
TranslateMessage
UpdateWindow
keybd_event
BeginPaint
DialogBoxIndirectParamA
DrawEdge
EndPaint
SetFocus
GetSystemMetrics

kernel32

GetFileTime
GetFileAttributesA
GetDriveTypeA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCommandLineA
GetBinaryTypeA
GetACP
FreeLibrary
FormatMessageA
FlushFileBuffers
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsA
ExitThread
ExitProcess
DuplicateHandle
DosDateTimeToFileTime
DeviceIoControl
DeleteFileA
CreateToolhelp32Snapshot
CreateThread
CreateRemoteThread
CreateProcessA
CreateMutexA
CreateFileMappingA
CreateFileA
CreateEventW
CreateEventA
CreateDirectoryA
CopyFileA
CompareFileTime
CloseHandle
GetLastError
GetLocalTime
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetStartupInfoA
GetSystemDirectoryA
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockResource
MapViewOfFile
MoveFileExA
MultiByteToWideChar
OpenEventA
OpenProcess
OutputDebugStringA
Process32Next
ReadDirectoryChangesW
ReadFile
ReadProcessMemory
ResetEvent
RtlMoveMemory
RtlZeroMemory
SearchPathA
SetEndOfFile
SetEvent
SetFileAttributesA
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
SizeofResource
Sleep
SystemTimeToFileTime
TerminateThread
UnmapViewOfFile
VirtualAllocEx
VirtualFreeEx
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
lstrlenW
GetFileSize

gdi32

CreatePatternBrush
BitBlt
DeleteDC
DeleteObject
CreateBitmap
CreateFontIndirectA
PatBlt
SelectObject
SetTextColor
CreateCompatibleDC

advapi32

AdjustTokenPrivileges
SetSecurityDescriptorDacl
SetKernelObjectSecurity
RevertToSelf
RegSetValueExA
RegSaveKeyA
RegReplaceKeyA
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA
RegCloseKey
OpenServiceA
OpenSCManagerA
OpenProcessToken
MakeAbsoluteSD
LookupPrivilegeValueA
LookupPrivilegeNameA
ImpersonateLoggedOnUser
GetUserNameA
GetSecurityDescriptorDacl
DeleteService
ControlService
CloseServiceHandle
BuildExplicitAccessWithNameA

ws2_32

htons
ntohs
inet_ntoa

imagehlp

MapFileAndCheckSumA

Sections

.text
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SnipeSword/说明.txt

Sharing

General

Malware Config

Signatures

Files

a019922dd74df1859dd677bcd13491a8

Headers

File Characteristics

Imports

shell32

ole32

psapi

setupapi

wintrust

wininet

version

comctl32

comdlg32

user32

kernel32

gdi32

advapi32

ws2_32

imagehlp

Sections

.text Size: 271KB - Virtual size: 271KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 2KB - Virtual size: 102KB

.rsrc Size: 455KB - Virtual size: 455KB

.text
Size: 271KB - Virtual size: 271KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 2KB - Virtual size: 102KB

.rsrc
Size: 455KB - Virtual size: 455KB