26d41c07dcb8a5d650238eabd0700066

Sharing

Copy URL Twitter E-mail

General

Target

26d41c07dcb8a5d650238eabd0700066
Size

442KB
MD5

26d41c07dcb8a5d650238eabd0700066
SHA1

2151725f62c0d84a5f82f4dbb750c33d9a032d0b
SHA256

9bd19c70d62ad7bdf8b403b88b83983614cde3bc1a02b777757f69b27edce743
SHA512

a4a2d852e03aab5933c151c893f254fc1ab261c49f75c60095e0db6591fcb7cd660730dd967312c4300cf9cff0f479e7899aeaab9d23f984fcb35a55207397e4
SSDEEP

12288:Q5RpqU+JGwlzJCOPJbtw0XxdZehN81ny2/8p6NPZrUWl7c:QNtt4QIxdIIy2/oIPx5lA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cleansetup.exe

Files

26d41c07dcb8a5d650238eabd0700066
.rar
cleansetup.exe
.exe windows:4 windows x86 arch:x86

8fa7806ef2356fad0cc61edad7a108e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
PropertySheetA

lz32

LZOpenFileA
LZClose
LZCopy

kernel32

lstrcpyA
FindResourceA
LoadResource
VirtualFree
WriteFile
Sleep
SizeofResource
MulDiv
ReadFile
GetShortPathNameA
VirtualAlloc
CopyFileA
GetTempFileNameA
MoveFileA
LockResource
GetModuleFileNameA
GetVersionExA
GetTempPathA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
InitializeCriticalSection
HeapSize
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
DeleteFileA
LocalFree
CloseHandle
WritePrivateProfileStringA
LocalAlloc
CreateFileMappingA
LoadLibraryA
GetProcAddress
lstrcmpiA
GetLastError
CreateDirectoryA
MultiByteToWideChar
lstrcatA
GetFileAttributesA
GetWindowsDirectoryA
GetCurrentThread
GetCurrentProcess
FreeLibrary
SetEndOfFile
lstrcpynA
MoveFileExA
UnmapViewOfFile
MapViewOfFile
lstrlenA
SetFilePointer
GetFileSize
CreateFileA
GetTickCount
QueryPerformanceCounter
HeapCreate
HeapDestroy
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
DeleteCriticalSection
GetFileType
SetHandleCount
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetModuleHandleA
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW

user32

MessageBoxA
ExitWindowsEx
wsprintfA
EndPaint
SendDlgItemMessageA
SetForegroundWindow
GetParent
SendMessageA
BeginPaint
GetUpdateRect
GetDC
TranslateMessage
SetWindowLongA
InvalidateRect
PeekMessageA
ReleaseDC
GetDlgItem
CheckDlgButton
ShowWindow
IsDlgButtonChecked
PostMessageA
DispatchMessageA
LoadImageA
UpdateWindow
FindWindowA
GetDlgItemTextA
SetDlgItemTextA
LoadStringA

gdi32

BitBlt
DeleteDC
GetDeviceCaps
CreateFontIndirectA
CreatePalette
DeleteObject
SelectObject
CreateCompatibleDC
RealizePalette
SelectPalette
GetObjectA
UpdateColors

advapi32

InitializeAcl
OpenThreadToken
SetSecurityDescriptorGroup
RegCloseKey
AdjustTokenPrivileges
GetLengthSid
IsValidSecurityDescriptor
FreeSid
AddAccessAllowedAce
SetSecurityDescriptorOwner
AllocateAndInitializeSid
RegDeleteValueA
OpenProcessToken
RegOpenKeyExA
RegCreateKeyExA
LookupPrivilegeValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DuplicateToken
RegQueryValueExA
RegSetValueExA
AccessCheck

shell32

SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHBrowseForFolderA
SHChangeNotify
SHGetSpecialFolderLocation

ole32

CoUninitialize
CoInitialize
CoCreateInstance

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 492KB - Virtual size: 489KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

8fa7806ef2356fad0cc61edad7a108e2

Headers

File Characteristics

Imports

comctl32

lz32

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 492KB - Virtual size: 489KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 492KB - Virtual size: 489KB