13aeee8377702ddc26b48859a64dc723

Sharing

Copy URL Twitter E-mail

General

Target

13aeee8377702ddc26b48859a64dc723
Size

4.2MB
MD5

13aeee8377702ddc26b48859a64dc723
SHA1

e94661cecb40f97ceaeb893fe233a2f0d1daefe0
SHA256

17ccc9bcb86f40ebd47b7c00566cf7337690b4468d3d0d876a279378bdb2622a
SHA512

cdc6bb68b6c14cd117aaadba2673becad0b7e446d68a2d6514b05ab962a7c97bdd204b74d5ed78510c747c49266ac0e2e6d96667d0fbb720b6a6f5bda32c6b67
SSDEEP

98304:pF3kPx6d54TTJlDRb9VkJr8JaOcDVkNq+3dYiQZSmG1wz:TkJ6dqPJNt9Y8JaOcJkntswwz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Update.exe

Files

13aeee8377702ddc26b48859a64dc723
.rar
UPD/KAVUPD.DAT
UPD/下载说明.htm
.html .js polyglot
Update.exe
.exe windows:4 windows x86 arch:x86

ea498e3dabaaac790c74cfde91720fe4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

mfc42

ord3092
ord1199
ord941
ord6334
ord4376
ord2915
ord2614
ord858
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord4424
ord3640
ord384
ord567
ord2302
ord3571
ord3626
ord2414
ord2862
ord2096
ord1641
ord1146
ord2817
ord3663
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5981
ord5714
ord4622
ord3738
ord561
ord815
ord2621
ord1134
ord1168
ord2301
ord2379
ord755
ord470
ord665
ord1979
ord6385
ord5186
ord354
ord3499
ord2515
ord355
ord2652
ord939
ord2764
ord1669
ord6215
ord537
ord926
ord3337
ord1576
ord5442
ord3318
ord922
ord924
ord5773
ord6877
ord3811
ord3507
ord5710
ord4277
ord4129
ord4202
ord6663
ord4853
ord4234
ord2370
ord2289
ord324
ord860
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord4710
ord4998
ord5265
ord2818
ord686
ord693
ord2514
ord641
ord535
ord540
ord4160
ord800
ord823
ord825
ord5289
ord3790

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_setmbcp
_strupr
_strnicmp
_stricmp
__CxxFrameHandler
strrchr
_purecall
strstr
sprintf
strncpy
strchr
time
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_mbscmp
strncat
_mkdir
toupper
_atoi64
atoi
_itoa

kernel32

SetFilePointer
WriteFile
FindNextFileA
FindClose
ReadFile
CloseHandle
CopyFileA
SetFileTime
lstrcpyA
GetPrivateProfileSectionNamesA
Sleep
GetTickCount
GetShortPathNameA
WritePrivateProfileStringA
MoveFileExA
SetFileAttributesA
FindFirstFileA
GetFileAttributesA
GetModuleHandleA
GetStartupInfoA
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetTempPathA
GetCurrentDirectoryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetFileSize
DeleteFileA
CreateProcessA
WaitForSingleObject
GetLastError
OpenProcess
GetVersionExA
CreateFileA
lstrlenA
GetPrivateProfileIntA
GetPrivateProfileStringA

user32

PostMessageA
LoadIconA
DrawIcon
MessageBoxA
GetClientRect
GetSystemMetrics
IsIconic
LoadBitmapA
SendMessageA
EnableWindow

advapi32

GetUserNameA
OpenSCManagerA
OpenServiceA
ControlService
QueryServiceStatus
CloseServiceHandle
RegCreateKeyA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegCloseKey
StartServiceA

shell32

SHGetPathFromIDListA
SHGetDesktopFolder
SHBrowseForFolderA
ShellExecuteA

comctl32

ImageList_AddMasked

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
index.dat
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

ea498e3dabaaac790c74cfde91720fe4

Headers

File Characteristics

Imports

version

mfc42

msvcrt

kernel32

user32

advapi32

shell32

comctl32

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 52KB - Virtual size: 217KB

.rsrc Size: 12KB - Virtual size: 8KB

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 52KB - Virtual size: 217KB

.rsrc
Size: 12KB - Virtual size: 8KB