26eb967a74b5337f05459f9ab94cb72d

Sharing

Copy URL Twitter E-mail

General

Target

26eb967a74b5337f05459f9ab94cb72d
Size

1.2MB
MD5

26eb967a74b5337f05459f9ab94cb72d
SHA1

c6914657f7ec4080d639a59e19abc721f9b3d0a0
SHA256

30ebcb9fdcede3aefba2479a96c209201e953fa934818d85d8b3adaf1a921ac9
SHA512

621d8435f3f2077e7065f9de8e444cbc6cf5fa6b7cbc2b82e8d4a4a5c081b9ade486d1f26ae7e0efccbcc37a0907e0df8702ba2659966c12c485379173ef566a
SSDEEP

24576:gW1Z+h/v/9m/2vp+zFIPikKOPBEtZ61Sq4GXJ5HzmCq3YDMzgaWHQ:gk+5dozCCOJrAqPzmb3YDMzpaQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Skin.dll
unpack001/help/help.exe
unpack001/美图爽存.exe

Files

26eb967a74b5337f05459f9ab94cb72d
.rar
10.skn
Skin.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

LoadSkin

Sections

CODE
Size: 535KB - Virtual size: 535KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
help/help.exe
.exe windows:4 windows x86 arch:x86

7780c5788d39f3ea877ba702f4c09d97

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord818
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord5300
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord6055
ord1776
ord5290
ord3402
ord1146
ord1168
ord567
ord2135
ord2302
ord924
ord6648
ord5683
ord537
ord800
ord4160
ord540
ord2863
ord2379
ord755
ord470
ord4299
ord6215
ord2688
ord3663
ord823
ord1949
ord4034
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4837
ord4673
ord1576

msvcrt

_except_handler3
_controlfp
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_setmbcp
__CxxFrameHandler
__dllonexit
_onexit
_exit
_XcptFilter
__set_app_type
exit
_acmdln
__getmainargs
_initterm

kernel32

GetStartupInfoA
GetModuleFileNameA
GetModuleHandleA

user32

EnableWindow
IsIconic
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuA
SendMessageA
LoadIconA
GetSystemMetrics

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyA
RegSetValueExA
RegQueryValueExA

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
help/images/1.jpg
.jpg
help/images/2.JPG
.jpg
help/images/3.JPG
.jpg
help/images/Block-h.png
.png
help/images/Block-s.png
.png
help/images/Block-v.png
.png
help/images/BlockContentBullets.png
.png
help/images/BlockHeader.png
.png
help/images/BlockHeaderIcon.png
.png
help/images/Button.png
.png
help/images/Footer.png
.png
help/images/Header.jpg
.jpg
help/images/Header.png
.png
help/images/MenuItem.png
.png
help/images/Page-BgGlare.png
.png
help/images/Page-BgTexture.jpg
.jpg
help/images/PostBullets.png
.png
help/images/PostQuote.png
.png
help/images/Sheet-c.png
.png
help/images/Sheet-h.png
.png
help/images/Sheet-s.png
.png
help/images/Sheet-v.png
.png
help/images/nav.png
.png
help/images/rssIcon.png
.png
help/images/spacer.gif
.gif
help/images/网址过滤.JPG
.jpg
help/index.html
help/script.js
.js
help/style.css
help/style.ie6.css
help/style.ie7.css
help/保存图片.html
help/保存目录.html
help/快乐淘宝.html
help/新云软件.url
.url
help/过滤设置.html
set.txt
不能启动看这里.txt
使用统计.html
.html
复件 set.txt
美人.jpg
.jpg
美图爽存.exe
.exe windows:5 windows x86 arch:x86

e49cad577a02ff1a1f0b9043dbbb0f92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc90

ord6584
ord300
ord5963
ord310
ord265
ord2691
ord3178
ord5924
ord2481
ord4477
ord817
ord5997
ord316
ord1611
ord305
ord3213
ord6613
ord1603
ord1137
ord2591
ord2592
ord2069
ord3643
ord4646
ord1720
ord2283
ord3480
ord4638
ord1668
ord2274
ord3553
ord4643
ord1698
ord2279
ord4497
ord1605
ord2105
ord6771
ord1492
ord3487
ord4640
ord1670
ord2277
ord4496
ord4159
ord2103
ord1108
ord266
ord2057
ord2045
ord1938
ord5167
ord744
ord524
ord780
ord6740
ord1568
ord941
ord5776
ord820
ord5528
ord579
ord3175
ord4529
ord3738
ord2082
ord4392
ord6815
ord4502
ord2539
ord945
ord2084
ord690
ord5544
ord441
ord665
ord2490
ord406
ord1062
ord4516
ord4311
ord4431
ord3388
ord306
ord1252
ord6559
ord2360
ord2899
ord6781
ord4733
ord2251
ord2206
ord6018
ord3987
ord1046
ord5533
ord6721
ord5813
ord4199
ord2087
ord3209
ord5657
ord5659
ord2447
ord4333
ord4981
ord5663
ord5646
ord6001
ord3110
ord4890
ord3659
ord589
ord4952
ord4029
ord798
ord3940
ord796
ord1746
ord3346
ord6391
ord1755
ord1752
ord4331
ord1497
ord4650
ord5585
ord2074
ord5497
ord6780
ord4589
ord5647
ord3732
ord5139
ord4688
ord1729
ord6446
ord5668
ord5666
ord958
ord963
ord967
ord965
ord969
ord2610
ord2630
ord2614
ord2620
ord2618
ord2616
ord2633
ord2628
ord2612
ord2635
ord2623
ord2605
ord2607
ord2625
ord2375
ord2368
ord1644
ord6784
ord4160
ord6782
ord3671
ord5389
ord6356
ord3218
ord1446
ord5608
ord2139
ord1792
ord1791
ord5633
ord2766
ord2978
ord3107
ord5615
ord4617
ord5152
ord5309
ord4993
ord1810
ord1809
ord1678
ord3344
ord6388
ord1496
ord5636
ord1728
ord4668
ord3506
ord374
ord910
ord1254
ord1258
ord4281
ord3949
ord1098
ord2208
ord601
ord777
ord611
ord692
ord615
ord4714
ord2961
ord3135
ord2769
ord2888
ord2759
ord3277
ord4066
ord4067
ord639
ord793
ord4434
ord4409
ord4057
ord2886
ord4165
ord6783
ord4334
ord4895
ord4667
ord595
ord1604
ord800
ord1276

msvcr90

_resetstkoflw
memcpy
free
malloc
_setmbcp
__CxxFrameHandler3
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
memset
_recalloc
memcpy_s
_mbsstr
_mbsnbcpy_s
strcpy_s
atoi

kernel32

GlobalUnlock
Sleep
DeleteCriticalSection
InitializeCriticalSection
RaiseException
CreateFileA
GlobalLock
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
LoadLibraryExA
FreeLibrary
CopyFileA
GlobalFree
IsDBCSLeadByte
lstrcmpiA
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
lstrlenW
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
CreateDirectoryA
lstrlenA
FindResourceA
LoadResource
SizeofResource
LoadLibraryA
GetProcAddress
GetLastError
GlobalAlloc
WriteFile
CloseHandle
GlobalSize
MultiByteToWideChar

user32

SetWindowPos
SetCursorPos
EmptyClipboard
CloseClipboard
IsClipboardFormatAvailable
GetClipboardData
GetClassNameA
CharNextA
RegisterWindowMessageA
SendMessageTimeoutA
GetCursorPos
EnableWindow
GetSystemMetrics
LoadIconA
OpenClipboard
WindowFromPoint
GetWindow
FindWindowA
KillTimer
SetTimer
GetClientRect
GetWindowRect
IsIconic
GetSystemMenu
SendMessageA
AppendMenuA
DrawIcon

advapi32

RegEnumKeyExA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegDeleteKeyA

shell32

SHGetSpecialFolderPathA
ShellExecuteA
Shell_NotifyIconA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

VarUI4FromStr
SysAllocString
SysFreeString
VariantClear
VariantInit

wininet

GetUrlCacheEntryInfoA

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
首页.htm
.html

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 535KB - Virtual size: 535KB

DATA Size: 5KB - Virtual size: 5KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 68B

.reloc Size: 31KB - Virtual size: 31KB

.rsrc Size: 26KB - Virtual size: 26KB

7780c5788d39f3ea877ba702f4c09d97

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 584B

.rsrc Size: 12KB - Virtual size: 11KB

e49cad577a02ff1a1f0b9043dbbb0f92

Headers

DLL Characteristics

File Characteristics

Imports

mfc90

msvcr90

kernel32

user32

advapi32

shell32

ole32

oleaut32

wininet

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 36KB - Virtual size: 36KB

CODE
Size: 535KB - Virtual size: 535KB

DATA
Size: 5KB - Virtual size: 5KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 68B

.reloc
Size: 31KB - Virtual size: 31KB

.rsrc
Size: 26KB - Virtual size: 26KB

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 584B

.rsrc
Size: 12KB - Virtual size: 11KB

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 36KB - Virtual size: 36KB