0d5bbb8b971817ebf807cc8b887ab7a5

Sharing

Copy URL Twitter E-mail

General

Target

0d5bbb8b971817ebf807cc8b887ab7a5
Size

94KB
MD5

0d5bbb8b971817ebf807cc8b887ab7a5
SHA1

924925a67afb6066fa17007ceed300774b77e551
SHA256

6709923a6a66c52f895803c002a422015d24b50ecf7773d6326f3e92201fa5cd
SHA512

77d7d0ebedcf7d6453cb10b4a955a7411a720290c6f942a8f28c37f6f37ec150edc40a862718adac369fbe50cb6fd68b9c1edda736f7fb5457c2ca23afaff053
SSDEEP

1536:4vNlidz09dWbNxSb1UJ1QlbTLpVcUMAcRi3B8MFTWimUfZzT41:4lcdzVbPSK3Qlrfct83iMhf7fhTg

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/U盘病毒防火墙/protect.exe
unpack001/U盘病毒防火墙/protect.sys

Files

0d5bbb8b971817ebf807cc8b887ab7a5
.rar
U盘病毒防火墙/protect.exe
.exe windows:4 windows x86 arch:x86

7e05ba041a1fcc78be95d31250f63723

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2379
ord6055
ord1776
ord4396
ord4424
ord3574
ord809
ord609
ord556
ord4275
ord4284
ord5290
ord2405
ord5053
ord5981
ord800
ord3874
ord540
ord5875
ord2859
ord613
ord6880
ord289
ord2122
ord4160
ord6358
ord1088
ord6197
ord283
ord4133
ord4297
ord5788
ord472
ord2567
ord3693
ord3573
ord2864
ord2575
ord3402
ord567
ord656
ord2302
ord6215
ord3610
ord535
ord2818
ord924
ord693
ord6907
ord3996
ord6199
ord2582
ord4402
ord3370
ord3640
ord3998
ord3081
ord3721
ord795
ord755
ord6170
ord2764
ord2763
ord3797
ord2452
ord470
ord3089
ord858
ord926
ord4287
ord2243
ord5787
ord3619
ord5785
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord2621
ord1134
ord938
ord3810
ord5933
ord1168
ord6453
ord2086
ord1795
ord860
ord6172
ord4023
ord5794
ord5789
ord2985
ord1576
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4710
ord4998
ord1640
ord1641
ord2414
ord3663
ord3626
ord3571
ord4299
ord1146
ord823
ord825
ord323
ord2754
ord640
ord4234
ord325
ord324
ord326
ord641
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2860
ord2976
ord4853
ord4376
ord537
ord5265

msvcrt

_setmbcp
__set_app_type
_strcmpi
__CxxFrameHandler
strlen
wcslen
_ftol
_mbsnbcpy
strcpy
strrchr
fclose
fputs
fopen
strtok
fgets
strcat
sprintf
memcpy
exit
vsprintf
_beginthreadex
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
memset
_except_handler3
_controlfp

kernel32

GetModuleHandleA
GetCurrentProcessId
OpenProcess
WaitForSingleObject
ResetEvent
FindFirstFileA
FindClose
GetPrivateProfileSectionA
GetDriveTypeA
GetCurrentProcess
CloseHandle
OutputDebugStringA
CreateMutexA
GetLastError
GetVersionExA
LoadLibraryA
GetProcAddress
CreateFileA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetLocalTime
GetModuleFileNameA
DeviceIoControl
SetEvent
CreateEventA
MultiByteToWideChar
GetStartupInfoA

user32

SetWindowRgn
RegisterWindowMessageA
FindWindowA
MessageBoxA
PostQuitMessage
KillTimer
RedrawWindow
UpdateWindow
IsWindow
SetTimer
IsWindowVisible
SystemParametersInfoA
GetWindowLongA
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
ClientToScreen
DrawFocusRect
DrawStateA
ReleaseDC
OffsetRect
InflateRect
CopyRect
LoadMenuA
GetIconInfo
CreateIconIndirect
GetDC
GetSysColor
DrawTextW
FillRect
GetSubMenu
GetWindowDC
LoadImageA
SetForegroundWindow
GetDesktopWindow
SendMessageA
TrackPopupMenuEx
GetWindowRect
GetClientRect
IsIconic
DrawIcon
SetCursor
DestroyIcon
DestroyCursor
DestroyMenu
EnableWindow
InvalidateRect
GetCursorPos
TrackPopupMenu
FrameRect
GetSystemMetrics
PostMessageA

gdi32

GetStockObject
DeleteDC
SetTextColor
SetBkColor
CreateBitmap
SetPixel
GetPixel
StretchBlt
SetViewportOrgEx
GetViewportOrgEx
CreateFontIndirectA
Rectangle
CreatePen
RoundRect
GetTextExtentPoint32A
BitBlt
GetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
CreateSolidBrush
DeleteObject
SelectObject

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegDeleteKeyA
RegCreateKeyA
RegSetValueExA

shell32

ShellExecuteA
SHGetFileInfoA
Shell_NotifyIconA
ShellExecuteExA

comctl32

_TrackMouseEvent

ole32

CoInitialize

winmm

PlaySoundA

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

shlwapi

PathFileExistsA
SHGetValueA
SHDeleteValueA
StrStrIA
SHSetValueA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
U盘病毒防火墙/protect.sys
.sys windows:5 windows x86 arch:x86

6818a217e85a58c333ce63112f9556e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlCompareString
RtlInitString
ZwMapViewOfSection
ZwClose
ZwCreateSection
ZwOpenFile
RtlInitUnicodeString
ExFreePool
ZwQuerySymbolicLinkObject
ExAllocatePoolWithTag
ZwOpenSymbolicLinkObject
RtlCopyUnicodeString
wcscat
wcscpy
wcsncmp
wcslen
RtlFreeAnsiString
RtlFreeUnicodeString
RtlUnicodeStringToAnsiString
ObQueryNameString
ObfDereferenceObject
ObReferenceObjectByPointer
ObReferenceObjectByHandle
KeResetEvent
KeWaitForMultipleObjects
KeSetEvent
PsGetCurrentProcessId
DbgPrint
KeWaitForSingleObject
KeServiceDescriptorTable
IoDeleteDevice
IoDeleteSymbolicLink
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 640B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 910B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
U盘病毒防火墙/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

7e05ba041a1fcc78be95d31250f63723

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

winmm

msvcp60

shlwapi

version

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 168KB - Virtual size: 165KB

6818a217e85a58c333ce63112f9556e1

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 640B - Virtual size: 584B

INIT Size: 1024B - Virtual size: 910B

.rsrc Size: 896B - Virtual size: 832B

.reloc Size: 384B - Virtual size: 350B

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 168KB - Virtual size: 165KB

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 640B - Virtual size: 584B

INIT
Size: 1024B - Virtual size: 910B

.rsrc
Size: 896B - Virtual size: 832B

.reloc
Size: 384B - Virtual size: 350B