13ffa241f62e846e4f9fa03c6d3b049e

Sharing

Copy URL Twitter E-mail

General

Target

13ffa241f62e846e4f9fa03c6d3b049e
Size

3.8MB
MD5

13ffa241f62e846e4f9fa03c6d3b049e
SHA1

b32c2d436359afaa70a7cad0229f778f52c05f6c
SHA256

65ebfe1ea93e3ee23e5e6785c6b7f91b3a12de8bd7693047b2915c43f05c38b3
SHA512

836486ab1e33e586a3c8b3401552ade1f6739fcb1cfac4c8abcbcb8d21bd9a22a728ea9bfd31f06b1bc2b720de2a533c1378eab8773193165b634a9b01130fd8
SSDEEP

98304:UPmD9HAqgQiGlArAppXvSIBMgKbNDAvePqu1MPj+GoZB6:QuHtgN0pla9eGCue7+ZM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/tangshi4.0/tangshi.exe

Files

13ffa241f62e846e4f9fa03c6d3b049e
.rar
tangshi4.0/data.mdb
tangshi4.0/tangshi.exe
.exe windows:5 windows x86 arch:x86

1febca9cb45b38da10ad90aa20506e6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mciSendCommandW
PlaySoundW

kernel32

lstrcpyW
WinExec
lstrlenW
lstrcatW
FreeLibrary
LoadLibraryW
GetWindowsDirectoryW
MultiByteToWideChar
GetVolumeInformationW
InterlockedIncrement
LocalFree
InterlockedDecrement
GetLastError
lstrlenA
GetModuleHandleW
GetProcAddress
SetLastError
DeactivateActCtx
ActivateActCtx
GetPrivateProfileIntW
WritePrivateProfileStringW
GetModuleFileNameW
GetPrivateProfileStringW
MulDiv
FormatMessageW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
CopyFileW
GlobalFree
CreateActCtxW
ReleaseActCtx
GetStringTypeExW
GetThreadLocale
lstrcmpiW
CreateFileW
FindResourceW
MoveFileW
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
CloseHandle
SetEnvironmentVariableA
WriteConsoleW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
LCMapStringW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
LoadResource
LockResource
DeleteFileW
GetProfileIntW
DuplicateHandle
HeapQueryInformation
HeapSize
GetCurrentProcess
FindClose
FindFirstFileW
ExitProcess
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
CreateThread
ExitThread
HeapReAlloc
GetSystemTimeAsFileTime
RaiseException
DecodePointer
EncodePointer
HeapAlloc
HeapFree
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
FindResourceExW
GetNumberFormatW
VirtualProtect
GetTempPathW
SearchPathW
Sleep
GetFullPathNameW
GetFileSizeEx
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesExW
SetErrorMode
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
TlsGetValue
LocalAlloc
GetDiskFreeSpaceW
GetTempFileNameW
GetFileTime
SetFileTime
ReplaceFileW
SystemTimeToFileTime
GetUserDefaultLCID
lstrcmpA
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringA
GetTickCount
GetFileAttributesW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GlobalReAlloc
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
GlobalGetAtomNameW
GetCurrentDirectoryW
GetShortPathNameW
WaitForSingleObject
ResumeThread
SetThreadPriority
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
lstrcmpW
GetCurrentProcessId
WideCharToMultiByte
SizeofResource

user32

CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
FrameRect
SetClassLongW
SetLayeredWindowAttributes
EnumDisplayMonitors
CopyAcceleratorTableW
IsClipboardFormatAvailable
RealChildWindowFromPoint
UnregisterClassW
DrawIcon
SetWindowContextHelpId
MapDialogRect
WaitMessage
PostThreadMessageW
ShowOwnedPopups
PostQuitMessage
RegisterClipboardFormatW
DrawFocusRect
DrawEdge
GetSysColorBrush
DrawFrameControl
GetIconInfo
EmptyClipboard
CloseClipboard
SetClipboardData
CopyImage
OpenClipboard
DrawStateW
CharUpperBuffW
SetMenuDefaultItem
DrawIconEx
GetMenuDefaultItem
UnpackDDElParam
ReuseDDElParam
DestroyIcon
LoadAcceleratorsW
InsertMenuItemW
TranslateAcceleratorW
DestroyCursor
SetCursorPos
SetParent
LockWindowUpdate
BringWindowToTop
CreatePopupMenu
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
IsRectEmpty
IsZoomed
GetAsyncKeyState
MessageBeep
GetSystemMenu
DeleteMenu
IntersectRect
OffsetRect
SetRectEmpty
DestroyAcceleratorTable
NotifyWinEvent
SetWindowRgn
IsIconic
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
GetMessageW
TranslateMessage
ValidateRect
MapVirtualKeyW
GetKeyNameTextW
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
GetUpdateRect
WindowFromPoint
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
SubtractRect
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
GetNextDlgGroupItem
EnumChildWindows
GetDoubleClickTime
CharNextW
InvalidateRgn
InvertRect
HideCaret
CreateMenu
GetWindowRgn
DefWindowProcW
CallWindowProcW
GetMenu
LoadBitmapW
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
MessageBoxW
CharUpperW
EndPaint
IsCharLowerW
MapVirtualKeyExW
EndDialog
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
UnhookWindowsHookEx
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
RemoveMenu
KillTimer
GetWindow
SetTimer
UpdateWindow
PostMessageW
GetSystemMetrics
GetFocus
SetWindowPos
GetKeyState
GetCursorPos
LoadIconW
SetForegroundWindow
LoadMenuW
GetSubMenu
EnableMenuItem
AppendMenuW
SetWindowLongW
LoadCursorW
CopyIcon
IsWindow
ReleaseCapture
GetParent
SetCapture
RedrawWindow
GetClientRect
GetWindowRect
SendMessageW
InflateRect
PtInRect
SetCursor
GetSysColor
EnableWindow
InvalidateRect
LoadImageW
GetDC
ReleaseDC
FillRect
SetRect
UnionRect

gdi32

RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
CreateBitmap
SelectPalette
GetObjectType
SaveDC
CreatePen
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
CreateRoundRectRgn
CreateCompatibleBitmap
GetTextColor
CombineRgn
StretchBlt
SetPixel
GetTextMetricsW
CreatePolygonRgn
GetBkColor
RoundRect
Polyline
Polygon
Rectangle
CreateEllipticRgn
Ellipse
DPtoLP
LPtoDP
SetRectRgn
GetMapMode
OffsetRgn
GetRgnBox
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
ExtFloodFill
SetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
GetWindowOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
EnumFontFamiliesExW
GetTextFaceW
SetPixelV
CopyMetaFileW
CreateDCW
ResetDCW
EndDoc
EndPage
StartPage
StartDocW
CreateFontW
GetTextExtentPoint32W
CreateFontIndirectW
GetStockObject
GetDIBits
CreateDIBSection
GdiFlush
SetDIBitsToDevice
SetDIBColorTable
SelectObject
GetDIBColorTable
DeleteObject
GetPixel
BitBlt
RealizePalette
GetDeviceCaps
CreateCompatibleDC
GetObjectW
GetPaletteEntries
CreatePalette
CreateSolidBrush
CreateDiscardableBitmap

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

GetFileSecurityW
RegQueryValueW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
RegCreateKeyW
RegSetValueW
RegCreateKeyExW
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
RegCloseKey
SetFileSecurityW
RegEnumKeyW
RegDeleteKeyW

shell32

SHBrowseForFolderW
SHGetFileInfoW
SHAppBarMessage
DragFinish
DragQueryFileW
SHGetDesktopFolder
ExtractIconW
SHAddToRecentDocs
ShellExecuteW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Create
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Destroy
ImageList_DrawEx

shlwapi

PathIsUNCW
PathRemoveFileSpecW
PathFindExtensionW
PathStripToRootW
PathFindFileNameW

ole32

CoRegisterMessageFilter
CoRevokeClassObject
CoGetClassObject
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
OleLockRunning
StgCreateDocfileOnILockBytes
CoCreateGuid
OleInitialize
OleTranslateAccelerator
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
OleDuplicateData
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
OleGetClipboard
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
CoTaskMemFree
CoInitialize
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun
OleUninitialize
CoFreeUnusedLibraries

oleaut32

SysAllocStringByteLen
GetErrorInfo
OleCreateFontIndirect
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysAllocStringLen
OleCreatePictureIndirect
VariantChangeType
VariantCopy
VariantInit
VariantClear
SysFreeString
SysStringLen
SysStringByteLen
SysAllocString

oledlg

OleUIBusyW

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageRectI

msvfw32

DrawDibDraw
DrawDibRealize
DrawDibSetPalette
DrawDibClose

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tangshi4.0/tangshi.mid
tangshi4.0/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

1febca9cb45b38da10ad90aa20506e6e

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

msvfw32

oleacc

imm32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 365KB - Virtual size: 365KB

.data Size: 27KB - Virtual size: 57KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 184KB - Virtual size: 183KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 365KB - Virtual size: 365KB

.data
Size: 27KB - Virtual size: 57KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 184KB - Virtual size: 183KB