09f5551c90c9077b45960c64089d80b9

Sharing

Copy URL Twitter E-mail

General

Target

09f5551c90c9077b45960c64089d80b9
Size

3.9MB
MD5

09f5551c90c9077b45960c64089d80b9
SHA1

2039af64e180ca5c596795da2d8a81557c338782
SHA256

da22c8f52454a738899b8047f60168f9b00a7935712f6a9641f6ff43949245ed
SHA512

42c88181546d2375bf85d12a423a023715c56b3fd708b4eb04a1423e105530949fe85d22deeb8aa2d80f6f5c1c2596a18e88d5c59d2528c26a7f164d8dad8a5c
SSDEEP

98304:e32EXmIY0iijxNGnp/x2nxXU3yKxBmJFPj54Xrl383LCBodl0UBYHSq:NcziWxGp/x2xXAyKLgPj54bl383LCiPy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/wsched.exe

Files

09f5551c90c9077b45960c64089d80b9
.rar
wsched.exe
.exe windows:4 windows x86 arch:x86

c8a795fad6d7f01f458865f5088a1384

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
IsBadWritePtr
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
IsValidLocale
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetUnhandledExceptionFilter
IsBadCodePtr
SetStdHandle
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
GetCurrentDirectoryW
DeleteFileA
WaitForSingleObject
IsValidCodePage
GetExitCodeProcess
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
GetCurrentProcess
TerminateProcess
HeapReAlloc
HeapFree
HeapAlloc
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
RtlUnwind
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetSystemTime
GetOEMCP
GetTickCount
GetLastError
Sleep
GetCurrentDirectoryA
CloseHandle
SetEndOfFile
SetFilePointer
MoveFileA
CompareFileTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
SystemTimeToFileTime
SetFileAttributesA
GetFileAttributesA
GetLocalTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetFileTime
WriteFile
GetACP
ReadFile
GetFileSize
LocalFree
FormatMessageA
GetFullPathNameW
GetFullPathNameA
GetTempPathW
GetTempPathA
GetModuleFileNameW
GetModuleFileNameA
MoveFileW
CopyFileW
CopyFileA
DeleteFileW
GetFileAttributesW
CreateDirectoryW
CreateDirectoryA
SetCurrentDirectoryW
SetCurrentDirectoryA
SetFileAttributesW
GetFileTime
GetTimeZoneInformation
CreateFileA
CreateFileW
IsBadReadPtr
GetVersionExA
WideCharToMultiByte
GetProcAddress
LoadLibraryA
LocalAlloc
FreeLibrary

user32

SetWindowPos
CreateWindowExW
DialogBoxParamW
LoadCursorA
RegisterClassExW
LoadStringW
TranslateMessage
DispatchMessageA
MessageBoxA
GetDlgItem
SendMessageA
GetMessageA
PostMessageA
SetTimer
GetDlgItemTextA
LoadStringA
DefWindowProcA
DestroyWindow
BeginPaint
EndPaint
SetDlgItemTextW
GetDlgItemTextW
SetWindowTextW
EnableWindow
SetDlgItemTextA
EndDialog
PostQuitMessage
MessageBoxW
GetDesktopWindow
GetWindowRect
CopyRect
OffsetRect

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW

crypt32

CertCloseStore
CertNameToStrA
CertFreeCertificateContext
CryptDecodeObject

ws2_32

WSAGetLastError
socket
inet_addr
gethostbyname
connect
htons
WSAStartup
ioctlsocket
select
closesocket
shutdown
send
recv

wininet

InternetCombineUrlA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
GetUserNameA

oleaut32

SysAllocString
SysFreeString
SysStringByteLen

Sections

.text
Size: 428KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

c8a795fad6d7f01f458865f5088a1384

Headers

File Characteristics

Imports

kernel32

user32

shell32

crypt32

ws2_32

wininet

advapi32

oleaut32

Sections

.text Size: 428KB - Virtual size: 424KB

.rdata Size: 60KB - Virtual size: 56KB

.data Size: 96KB - Virtual size: 112KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 428KB - Virtual size: 424KB

.rdata
Size: 60KB - Virtual size: 56KB

.data
Size: 96KB - Virtual size: 112KB

.rsrc
Size: 4KB - Virtual size: 2KB