2bf77c417693d650b71c45f872dad3f8

Sharing

Copy URL Twitter E-mail

General

Target

2bf77c417693d650b71c45f872dad3f8
Size

106KB
MD5

2bf77c417693d650b71c45f872dad3f8
SHA1

1057a10ae4cab3c3566ce5b419466b19b35e5f51
SHA256

a349a540db357d6831b5e1c9664757ec65099460047c947849d37904b46bc174
SHA512

acfcfe224ffa2695362cb41509f2d4fb9c75b323c00816a6b30d265ad034535d0381f6eae3ff2796f3eaad6ebc170a5f7c316c086f70da93f4985643fdfdea22
SSDEEP

3072:gQ5T4qAxan6skLohcIpKSXCc0oiwVOzkhD:go4q6s/hc4KSyctVMkhD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/将数据窗口的内容保存成PDF格式的文档/pdf.exe

Files

2bf77c417693d650b71c45f872dad3f8
.rar
将数据窗口的内容保存成PDF格式的文档/custom.PDF
.pdf
将数据窗口的内容保存成PDF格式的文档/pdf.exe
.exe windows:1 windows x86 arch:x86

8178aa941817438e23e83f5da28b2302

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperBuffA

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExitProcess
ExitThread
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetCurrentThreadId
GetCurrentThread
GetEnvironmentStrings
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetStdHandle
GetVersion
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
SetConsoleCtrlHandler
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEvent
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

pbvm90

ord5237
ord2426
ord2632
ord2624
ord2488
ord2486
ord2469
ord2057
ord2497
ord2473
ord2495
ord2474
ord2496
ord2416
ord2582
ord5236
ord2384
ord2454
ord2646
ord5245
ord2644
ord2645
ord2484
ord2455
ord2492
ord2639
ord2638
ord2479
ord2050
ord2458
ord2578
ord2539
ord2412
ord2461
ord2462
ord2404
ord2453
ord2456
ord5151
ord2012
ord2468
ord2448
ord2459
ord2183
ord2865
ord2043
ord2864
ord137

Exports

Exports

__fn_1_32770_0@8
__fn_1_32770_1@8
__fn_1_32770_21@8
__fn_2_32770_0@8
__fn_2_32770_1@8
__fn_2_32770_54@8
__fn_2_32789_50@8
__fn_2_32793_50@8
__fn_2_32798_50@8
_getVtableInfo_pdf@12
_getVtableInfo_w_test@12

Sections

AUTO
Size: 30KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
将数据窗口的内容保存成PDF格式的文档/pdf.pbl
将数据窗口的内容保存成PDF格式的文档/pdf.pbt
将数据窗口的内容保存成PDF格式的文档/pdf.pbw
将数据窗口的内容保存成PDF格式的文档/printed.PDF
.pdf
将数据窗口的内容保存成PDF格式的文档/下载说明.htm
.html .js polyglot
将数据窗口的内容保存成PDF格式的文档/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

8178aa941817438e23e83f5da28b2302

Headers

File Characteristics

Imports

user32

kernel32

pbvm90

Exports

Exports

Sections

AUTO Size: 30KB - Virtual size:

.idata Size: 2KB - Virtual size:

DGROUP Size: 4KB - Virtual size:

.bss Size: 4KB - Virtual size:

.edata Size: 512B - Virtual size:

.reloc Size: 2KB - Virtual size:

.rsrc Size: 1024B - Virtual size:

AUTO
Size: 30KB - Virtual size:

.idata
Size: 2KB - Virtual size:

DGROUP
Size: 4KB - Virtual size:

.bss
Size: 4KB - Virtual size:

.edata
Size: 512B - Virtual size:

.reloc
Size: 2KB - Virtual size:

.rsrc
Size: 1024B - Virtual size: