025834151981eba12275f66f93bd57af

Sharing

Copy URL Twitter E-mail

General

Target

025834151981eba12275f66f93bd57af
Size

98KB
MD5

025834151981eba12275f66f93bd57af
SHA1

6ce147aeb61d21d6c43825d2ad9260fa089fa228
SHA256

be11e35eeaa0c9b97c0166aa4d7182ee4d163e1064f76ed02d3c55d68226dada
SHA512

2c475a58722fc46896ec7ac0766f92346863b843243d8d1d3c1818d29952747b6e3436fd93a9f062c8b90c2bbe7702ab47b619c403626fbda128709890a170f3
SSDEEP

3072:QbJKjU0CvP+dh0KmSE5xk6pERBE/r8HQa4MlvB:QdKA06P+YTjnczHQcvB

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/840234833/clock/clock.exe
unpack001/840234833/俄罗斯方块对战版/rose.exe

Files

025834151981eba12275f66f93bd57af
.rar
840234833/clock/Resource.h
840234833/clock/StdAfx.cpp
840234833/clock/StdAfx.h
840234833/clock/clock.aps
840234833/clock/clock.clw
840234833/clock/clock.cpp
840234833/clock/clock.dsp
840234833/clock/clock.dsw
840234833/clock/clock.exe
.exe windows:4 windows x86 arch:x86

ff1c4746ce39c8c3a637d797754e83d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3626
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord2725
ord4079
ord3663
ord641
ord800
ord640
ord2414
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord815
ord5065
ord2648
ord2055
ord6376
ord3749
ord5302
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord3571
ord1146
ord1168
ord323
ord540
ord665
ord4673
ord1175
ord1979
ord5442
ord6385
ord3318
ord353
ord5785
ord1641
ord1640
ord4160
ord2863
ord2379
ord755
ord470
ord3573
ord3693
ord613
ord5788
ord5787
ord289
ord858
ord2820
ord3811
ord2818
ord6453
ord3706
ord2405
ord2864
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4837
ord4441
ord4299
ord1576

msvcrt

_setmbcp
__p__fmode
__set_app_type
_except_handler3
_controlfp
__setusermatherr
_initterm
__getmainargs
__CxxFrameHandler
atoi
atof
_mbscmp
_CIasin
_ftol
__dllonexit
_onexit
_exit
_XcptFilter
exit
__p__commode
_adjust_fdiv
_acmdln

kernel32

GetStartupInfoA
GetModuleHandleA

user32

ReleaseDC
ClientToScreen
ReleaseCapture
EnableWindow
KillTimer
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuA
SendMessageA
SetWindowPos
SetWindowLongA
LoadIconA
SetWindowRgn
SetCapture
GetCursorPos
SetTimer

gdi32

CreatePen
CreateBitmap
CreateCompatibleDC
BitBlt
Ellipse
CreateSolidBrush
CreateEllipticRgn
CreatePolygonRgn
CombineRgn
FillRgn
CreateRectRgn

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
840234833/clock/clock.h
840234833/clock/clock.ncb
840234833/clock/clock.opt
840234833/clock/clock.plg
.html
840234833/clock/clock.rc
840234833/clock/clockDlg.cpp
840234833/clock/clockDlg.h
840234833/clock/clockcfg
840234833/clock/icon1.ico
840234833/clock/res/clock.ico
840234833/clock/res/clock.rc2
840234833/clock/res/未命名.bmp
840234833/clock/说明.txt
840234833/下载说明.htm
.html .js polyglot
840234833/俄罗斯方块对战版/MainFrm.cpp
840234833/俄罗斯方块对战版/MainFrm.h
840234833/俄罗斯方块对战版/On.wav
840234833/俄罗斯方块对战版/Resource.h
840234833/俄罗斯方块对战版/Rose.aps
840234833/俄罗斯方块对战版/Rose.clw
840234833/俄罗斯方块对战版/Rose.cpp
840234833/俄罗斯方块对战版/Rose.dsp
840234833/俄罗斯方块对战版/Rose.dsw
840234833/俄罗斯方块对战版/Rose.h
840234833/俄罗斯方块对战版/Rose.ncb
840234833/俄罗斯方块对战版/Rose.opt
.js
840234833/俄罗斯方块对战版/Rose.plg
.html
840234833/俄罗斯方块对战版/Rose.rc
840234833/俄罗斯方块对战版/StdAfx.cpp
840234833/俄罗斯方块对战版/StdAfx.h
840234833/俄罗斯方块对战版/fail.WAV
840234833/俄罗斯方块对战版/kaishi.WAV
840234833/俄罗斯方块对战版/res/1.bmp
840234833/俄罗斯方块对战版/res/2.bmp
840234833/俄罗斯方块对战版/res/3.bmp
840234833/俄罗斯方块对战版/res/4.bmp
840234833/俄罗斯方块对战版/res/5.bmp
840234833/俄罗斯方块对战版/res/6.bmp
840234833/俄罗斯方块对战版/res/7.bmp
840234833/俄罗斯方块对战版/res/Toolbar.bmp
840234833/俄罗斯方块对战版/res/bitmap1.bmp
840234833/俄罗斯方块对战版/res/bitmap2.bmp
840234833/俄罗斯方块对战版/res/bitmap3.bmp
840234833/俄罗斯方块对战版/res/bitmap4.bmp
840234833/俄罗斯方块对战版/res/bitmap5.bmp
840234833/俄罗斯方块对战版/res/bitmap6.bmp
840234833/俄罗斯方块对战版/res/bitmap7.bmp
840234833/俄罗斯方块对战版/res/bitmap8.bmp
840234833/俄罗斯方块对战版/res/blok.bmp
840234833/俄罗斯方块对战版/res/bmp00001.bmp
840234833/俄罗斯方块对战版/res/bmp00002.bmp
840234833/俄罗斯方块对战版/res/icon1.ico
840234833/俄罗斯方块对战版/res/nex.bmp
840234833/俄罗斯方块对战版/res/rose.ico
840234833/俄罗斯方块对战版/res/rose.rc2
840234833/俄罗斯方块对战版/res/roseDoc.ico
840234833/俄罗斯方块对战版/rose.exe
.exe windows:4 windows x86 arch:x86

4d84e86ffa007c69e64f02e17fe14bca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4151
ord5472
ord3403
ord2879
ord5012
ord975
ord6055
ord4077
ord1776
ord4407
ord2878
ord5237
ord5163
ord6374
ord4353
ord5282
ord2649
ord1665
ord3798
ord4837
ord4436
ord2648
ord2055
ord2385
ord6376
ord5065
ord1727
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4427
ord796
ord674
ord554
ord3749
ord366
ord529
ord807
ord2494
ord2627
ord2626
ord6000
ord2117
ord4163
ord6625
ord4457
ord5252
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord6215
ord617
ord5301
ord5214
ord296
ord986
ord520
ord4159
ord6117
ord5265
ord4376
ord825
ord4998
ord4710
ord2514
ord6052
ord3350
ord1775
ord5241
ord5280
ord4441
ord5261
ord4425
ord3597
ord324
ord641
ord4234
ord1825
ord4238
ord4696
ord823
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord4614
ord4613
ord640
ord2405
ord5785
ord1640
ord323
ord1945
ord4273
ord4589
ord4899
ord5076
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord5240
ord5290
ord3748
ord1726
ord4432
ord3571
ord813
ord1168
ord560
ord3626
ord3663
ord2414
ord5260
ord3573
ord5787
ord1641
ord2535
ord1146
ord4464
ord4508
ord2379
ord2859
ord3337
ord3811
ord3619
ord3693
ord4133
ord4297
ord800
ord537
ord5875
ord5788
ord4303
ord4467
ord5103
ord5100
ord3059
ord2390
ord2723
ord4242
ord1842
ord4078
ord4853
ord3058
ord1576

msvcrt

__CxxFrameHandler
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__getmainargs
_acmdln
exit
rand
__dllonexit
_ftol
_except_handler3
?terminate@@YAXXZ
__setusermatherr
_setmbcp
_initterm
_XcptFilter
_onexit
_exit

kernel32

GetModuleHandleA
GetStartupInfoA

user32

wsprintfA
LoadBitmapA
ReleaseDC
EnableWindow
GetClientRect
LoadCursorA
GetDC
UpdateWindow
InvalidateRect
SetTimer
KillTimer
SetCursor

gdi32

Rectangle
StretchBlt
GetObjectA
CreateCompatibleDC
CreateSolidBrush
SelectObject
CreateFontA
CreatePen

winmm

sndPlaySoundA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
840234833/俄罗斯方块对战版/roseDoc.cpp
840234833/俄罗斯方块对战版/roseDoc.h
840234833/俄罗斯方块对战版/roseView.cpp
840234833/俄罗斯方块对战版/roseView.h
840234833/俄罗斯方块对战版/xuankong.wav
840234833/俄罗斯方块对战版/zhang.WAV
840234833/俄罗斯方块对战版/zhuandong.wav
840234833/俄罗斯方块对战版/说明.txt

Sharing

General

Malware Config

Signatures

Files

ff1c4746ce39c8c3a637d797754e83d4

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 340B

.rsrc Size: 4KB - Virtual size: 2KB

4d84e86ffa007c69e64f02e17fe14bca

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

winmm

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 40KB - Virtual size: 38KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 340B

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 40KB - Virtual size: 38KB