1dc09481b639998ad67ff89c88089c7b

Sharing

Copy URL Twitter E-mail

General

Target

1dc09481b639998ad67ff89c88089c7b
Size

342KB
MD5

1dc09481b639998ad67ff89c88089c7b
SHA1

c7df4241efed04f6e59421be00ff9b0857ea6efa
SHA256

8b1e6f1a88b48953d3dd593eed6f69c0233be024701c918214bfd21c1cb55d10
SHA512

774fe7d7183c4300e74628427cb63f88eb6da34a0dbd995828677b4b495ce9e7f3a518e512f665d9b7584ef0c3698ea69e85b82f6adf845e2c376d52da5ae31f
SSDEEP

6144:RvDUS6mBSA+VkTo8/mqeK0D8fjEUpJFC7IOHXtNzsQQokvbR:Rvd6mN0Amqe1wjnxEN9N7QnvbR

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ArpTool.exe
unpack001/安装程序/网关智能绑定精灵Setup.exe

Files

1dc09481b639998ad67ff89c88089c7b
.rar
ArpTool.exe
.exe windows:4 windows x86 arch:x86

441298cfe97eb07b22f3a9abc1b35357

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

ioctlsocket
inet_addr

iphlpapi

GetIpNetTable
GetIpAddrTable
GetAdaptersInfo
SendARP
SetIpNetEntry

kernel32

GetFileSize
GetTickCount
RtlUnwind
ExitProcess
TerminateProcess
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
RaiseException
GetTimeZoneInformation
HeapSize
HeapReAlloc
GetACP
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetModuleFileNameA
GetLastError
CreateMutexA
GetPrivateProfileStringA
WritePrivateProfileStringA
GlobalFree
GlobalAlloc
lstrlenA
WideCharToMultiByte
lstrlenW
GetProcAddress
GetModuleHandleA
lstrcpyA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetCurrentThreadId
lstrcatA
GetVersion
LockResource
LoadResource
FindResourceA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
SetErrorMode
FreeLibrary
LoadLibraryA
SetLastError
MulDiv
GlobalUnlock
GlobalLock
GetCurrentThread
GetProfileStringA
SizeofResource
GetFileTime
GetFullPathNameA
GetFileAttributesA
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
lstrcpynA
FileTimeToLocalFileTime
lstrcmpA
FileTimeToSystemTime
GetThreadLocale
FormatMessageA
LocalFree
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
CloseHandle
IsBadReadPtr

user32

GetClassNameA
PtInRect
LoadCursorA
GetSysColorBrush
CopyAcceleratorTableA
SetRect
GetNextDlgGroupItem
CharUpperA
InflateRect
RegisterClipboardFormatA
PostThreadMessageA
EndDialog
CreateDialogIndirectParamA
FindWindowA
InvalidateRect
GetMessageA
TranslateMessage
GetActiveWindow
ValidateRect
SetCursor
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
CharNextA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
GetFocus
SetActiveWindow
SetFocus
ScreenToClient
CopyRect
IsWindowVisible
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
MessageBoxA
IsChild
GetParent
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetMenuItemID
TrackPopupMenu
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
DestroyMenu
LoadStringA
MapDialogRect
SetWindowContextHelpId
IntersectRect
SystemParametersInfoA
GetWindowPlacement
IsWindow
AdjustWindowRectEx
DestroyIcon
PostMessageA
UnregisterHotKey
LoadMenuA
GetSubMenu
GetCursorPos
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
PostQuitMessage
GetSystemMenu
AppendMenuA
SendMessageA
GetDesktopWindow
RegisterHotKey
MessageBeep
SetTimer
LoadIconA
EnableWindow
GetWindowRect
IsWindowUnicode
DefDlgProcA
DrawFocusRect
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
LPtoDP
DPtoLP
GetTextColor
GetBkColor
GetMapMode
PatBlt
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateDIBitmap

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA
Shell_NotifyIconA

comctl32

ord17

oledlg

ord8

ole32

CoTaskMemAlloc
CoTaskMemFree
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CLSIDFromString
CLSIDFromProgID
CoRevokeClassObject
OleFlushClipboard
OleInitialize
OleUninitialize
CoGetClassObject
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
OleIsCurrentClipboard

olepro32

ord253

oleaut32

SysStringLen
VariantTimeToSystemTime
VariantChangeType
SysAllocStringByteLen
SysAllocString
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
SysFreeString
VariantClear

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
安装程序/volansSetup.msi
.msi
安装程序/网关智能绑定精灵Setup.exe
.exe windows:4 windows x86 arch:x86

bf143d24e01511867bea53d8e22ab3f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

RaiseException
DeleteCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapFree
lstrlenA
FindClose
CreateDirectoryA
RemoveDirectoryA
FormatMessageA
FindFirstFileA
ReadFile
GetSystemDirectoryA
GetWindowsDirectoryA
GetTempPathA
GetEnvironmentVariableA
GetLogicalDriveStringsA
GetDriveTypeA
GetTempFileNameA
FindNextFileA
CreateProcessA
GetExitCodeProcess
GetVersion
lstrcmpA
MulDiv
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
GetDiskFreeSpaceA
GetModuleFileNameA
FlushFileBuffers
lstrcmpiA
GetPrivateProfileStringA
GlobalMemoryStatus
GetSystemDefaultLangID
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
lstrcpynA
LoadLibraryExA
MultiByteToWideChar
lstrlenW
CreateMutexA
GetFileAttributesA
SetFileAttributesA
CopyFileA
DebugBreak
HeapSize
HeapReAlloc
HeapDestroy
LocalAlloc
GetStartupInfoA
GetCommandLineA
GetProcAddress
LoadLibraryA
Sleep
ExitProcess
ResetEvent
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcatA
lstrcpyA
VirtualProtect
WriteFile
MoveFileA
DeleteFileA
GetFileSize
SetFilePointer
CreateFileA
FindResourceExA
LoadResource
LockResource
SizeofResource
FindResourceA
WideCharToMultiByte
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateEventA
SetEvent
GetExitCodeThread
WaitForSingleObject
GetLastError
CreateThread
CloseHandle
FreeLibrary
VirtualAlloc
GetSystemInfo
VirtualQuery
GetModuleHandleA
RtlUnwind

user32

GetSubMenu
LoadMenuA
TrackPopupMenu
EnableMenuItem
IsDialogMessageA
ExitWindowsEx
GetDC
SetFocus
LoadIconA
DefWindowProcA
CallWindowProcA
GetSystemMetrics
LoadImageA
DestroyMenu
ModifyMenuA
CloseClipboard
InvalidateRect
RedrawWindow
ShowWindow
CreateWindowExA
DestroyWindow
RemovePropA
SetPropA
IsWindow
PostMessageA
MessageBoxA
KillTimer
EnableWindow
SetTimer
GetPropA
PostQuitMessage
CreateDialogParamA
SetClipboardData
DialogBoxParamA
EmptyClipboard
GetActiveWindow
LoadStringA
SetWindowLongA
SendMessageA
EndDialog
GetWindowLongA
GetWindow
OpenClipboard
GetSystemMenu
ScreenToClient
SystemParametersInfoA
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
SetWindowTextA
GetDlgItem
UnregisterClassA
CharNextA
GetDesktopWindow
IsWindowVisible
wvsprintfA
GetWindowRect

gdi32

GetDeviceCaps

advapi32

RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegOpenKeyA
RegQueryInfoKeyA
RegEnumKeyExA
OpenSCManagerA
LockServiceDatabase
UnlockServiceDatabase
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyA

shell32

ShellExecuteA
ShellExecuteExA
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA

ole32

CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

oleaut32

VarUI4FromStr

comctl32

DestroyPropertySheetPage
PropertySheetA
CreatePropertySheetPageA

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
安装说明V2.0.txt
最终用户许可协议.txt

Sharing

General

Malware Config

Signatures

Files

441298cfe97eb07b22f3a9abc1b35357

Headers

File Characteristics

Imports

wsock32

iphlpapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

Sections

.text Size: 160KB - Virtual size: 158KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 20KB - Virtual size: 34KB

.rsrc Size: 16KB - Virtual size: 13KB

bf143d24e01511867bea53d8e22ab3f4

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 98KB - Virtual size: 98KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 160KB - Virtual size: 158KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 20KB - Virtual size: 34KB

.rsrc
Size: 16KB - Virtual size: 13KB

.text
Size: 98KB - Virtual size: 98KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 18KB - Virtual size: 18KB