367b41ebe460a9809660396a6c265822

Sharing

Copy URL Twitter E-mail

General

Target

367b41ebe460a9809660396a6c265822
Size

204KB
MD5

367b41ebe460a9809660396a6c265822
SHA1

9a6b81f10a78c18f261d5330bbdcf69b8d5f1130
SHA256

990b1d9b6bc350756bb313e97235db284165eb260b65148b85cb7dac877bbc44
SHA512

f6910e2ad5917610f5959b7a56adb5d1cd0c3722179f2f895d394aca644b68748a5d16e19ac0af8f3f1b474fb001995da0121dca8e4c394eec371154798cca78
SSDEEP

6144:oAFB8RAqO2dPbo1md+2vcX7tg5VIZ1pk6ngfKy:ZB86ru8kcqA1pk4m

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GraphEdit/DirectSpy.ax
unpack001/GraphEdit/GraphEdit.exe
unpack001/GraphEdit/PropPage.dll
unpack001/GraphEdit/Quartz.dll

Files

367b41ebe460a9809660396a6c265822
.rar
GraphEdit/DirectSpy.ax
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

divx
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DX50
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GraphEdit/GraphEdit.exe
.exe .vbs windows:5 windows x86 arch:x86 polyglot

ea33fcdb4c0b8ab90387eb3474f81c5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetThreadLocale
GetModuleFileNameA
LocalAlloc
LocalLock
LocalUnlock
LocalFree
GetCurrentProcessId
SetFilePointer
CreateThread
LoadLibraryA
GetProcAddress
WaitForMultipleObjects
SetEvent
CreateEventA
GetLastError
WaitForSingleObject
lstrcmpiA
CreateFileA
CloseHandle
WideCharToMultiByte
WriteFile
MultiByteToWideChar
lstrlenA
UnhandledExceptionFilter
GetStartupInfoA
lstrcpynW
lstrlenW
InterlockedIncrement
InterlockedDecrement
FreeLibrary

mfc42

ord4387
ord3454
ord3198
ord6080
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4623
ord4426
ord652
ord338
ord4614
ord4613
ord1920
ord4589
ord4899
ord4341
ord4349
ord4889
ord4531
ord4545
ord4543
ord4526
ord4963
ord4960
ord4108
ord6055
ord4078
ord1776
ord4407
ord5240
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3748
ord5065
ord1725
ord5260
ord2446
ord2124
ord5277
ord4627
ord4432
ord784
ord736
ord2535
ord4262
ord5495
ord4464
ord4524
ord3626
ord2414
ord3573
ord4220
ord2584
ord3654
ord2438
ord1644
ord1146
ord2864
ord2379
ord439
ord517
ord4723
ord6131
ord6216
ord3075
ord613
ord289
ord4042
ord4508
ord6454
ord5787
ord283
ord4330
ord6270
ord2817
ord3755
ord2846
ord6648
ord5856
ord2763
ord4203
ord861
ord2859
ord3693
ord1641
ord3619
ord3571
ord1640
ord5785
ord4297
ord4133
ord1270
ord640
ord323
ord5788
ord6119
ord2714
ord4234
ord5265
ord4376
ord4998
ord6052
ord1775
ord5241
ord5280
ord3749
ord1727
ord5261
ord4425
ord3597
ord692
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3402
ord4424
ord3639
ord567
ord2302
ord324
ord4853
ord5981
ord4710
ord5681
ord6199
ord5653
ord3092
ord4224
ord4299
ord3138
ord2086
ord6215
ord326
ord4615
ord4612
ord4610
ord815
ord3361
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord4274
ord3337
ord4695
ord5940
ord2003
ord5730
ord3948
ord2185
ord2184
ord4214
ord3107
ord5617
ord989
ord3445
ord3194
ord4161
ord3353
ord6451
ord3715
ord520
ord788
ord2725
ord1219
ord5953
ord3790
ord5503
ord2635
ord986
ord1205
ord4159
ord5943
ord1842
ord3403
ord4242
ord4235
ord6154
ord2530
ord4364
ord4056
ord5471
ord4121
ord2389
ord5082
ord1709
ord1712
ord6053
ord5234
ord6369
ord5279
ord5248
ord2444
ord3598
ord327
ord642
ord4147
ord2087
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord2879
ord2878
ord4151
ord4077
ord5237
ord2649
ord1665
ord4436
ord5252
ord4427
ord674
ord796
ord807
ord6069
ord1087
ord2122
ord556
ord5282
ord4413
ord2626
ord4055
ord4724
ord554
ord529
ord366
ord2558
ord6000
ord2117
ord5883
ord2120
ord4457
ord2627
ord1871
ord4259
ord2575
ord4396
ord3574
ord609
ord2882
ord5637
ord3475
ord4715
ord1690
ord5288
ord4439
ord2054
ord4431
ord3700
ord771
ord1008
ord2078
ord2109
ord497
ord4258
ord4742
ord6453
ord5287
ord2919
ord5161
ord5162
ord5160
ord4905
ord4948
ord4358
ord4835
ord3699
ord768
ord4976
ord491
ord922
ord926
ord2825
ord616
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord3873
ord2645
ord4275
ord1576
ord3172
ord5577
ord1746
ord5243
ord2542
ord2510
ord6336
ord3065
ord3058
ord4696
ord4823
ord539
ord860
ord5740
ord4420
ord535
ord4238
ord1825
ord355
ord2515
ord3499
ord858
ord641
ord1200
ord537
ord540
ord4160
ord939
ord800
ord6175
ord1669
ord2652
ord6383
ord5440
ord6394
ord5450
ord3870
ord6197
ord2863
ord1175
ord1168
ord2107
ord2841
ord6329
ord2393
ord2514
ord1199
ord823
ord825
ord3663
ord2642

msvcrt

__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
?terminate@@YAXXZ
__dllonexit
_setmbcp
towupper
strncpy
wcscpy
_onexit
_controlfp
_CxxThrowException
__CxxFrameHandler
_purecall
exit
_cexit
_XcptFilter
_exit
_c_exit
_snwprintf
_itoa
qsort
rand
strrchr
_stricmp
strstr
printf
sscanf
_strnicmp
_ltow
wcslen

advapi32

RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA
RegOpenKeyA
RegEnumValueA
RegNotifyChangeKeyValue
RegDeleteValueA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey

gdi32

StretchBlt
BitBlt
GetObjectA
CreatePen
CreateSolidBrush
CreateFontA
CreateCompatibleDC
GetTextExtentPoint32A
Pie
SetStretchBltMode
GetDeviceCaps
PatBlt
DPtoLP

user32

CheckMenuItem
GetSubMenu
GetMenu
SystemParametersInfoA
MessageBoxA
wvsprintfA
KillTimer
SetTimer
SetRectEmpty
OffsetRect
SetRect
PeekMessageA
wsprintfA
PostMessageA
IsWindow
SendMessageA
GetWindowLongA
EnableWindow
GetDlgItem
SetWindowLongA
RegisterClipboardFormatA
PtInRect
IntersectRect
UnionRect
EnableMenuItem
LoadMenuA
GetWindowRect
ScreenToClient
InvalidateRect
GetCapture
SetCapture
ReleaseCapture
GetDoubleClickTime
GetSystemMetrics
GetCursorPos
GetClientRect
GetDC
ReleaseDC
InflateRect
LoadBitmapA
GetDesktopWindow
SetDlgItemTextA
CallWindowProcA
LoadIconA
IsDlgButtonChecked
AppendMenuA
GetMenuItemCount
RemoveMenu
SetForegroundWindow
MapDialogRect
WinHelpA
MessageBeep
DrawFocusRect

ole32

CLSIDFromString
CoMarshalInterThreadInterfaceInStream
CoInitialize
CoGetInterfaceAndReleaseStream
CoUninitialize
StgOpenStorage
StgCreateDocfile
CoCreateInstance
CoTaskMemFree
CreateBindCtx
MkParseDisplayName
GetRunningObjectTable
StringFromGUID2

oleaut32

SysFreeString
SysStringLen
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
VariantInit
SysAllocString

comdlg32

CommDlgExtendedError
GetOpenFileNameA

comctl32

ImageList_Create
ImageList_ReplaceIcon
ord17

shell32

ShellExecuteA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

quartz

AMGetErrorTextA

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GraphEdit/PropPage.dll
.dll regsvr32 windows:5 windows x86 arch:x86

ca550d948a90c841fcfe3fcf51528cbe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadResource
FindResourceA
LoadLibraryExA
GetShortPathNameA
GlobalUnlock
GlobalLock
LockResource
MulDiv
HeapAlloc
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
CloseHandle
InterlockedExchange
GetVersionExA
DisableThreadLibraryCalls
SizeofResource
VirtualFree
GetModuleHandleA
GetACP
GetTickCount
VirtualAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
LocalFree
lstrcpynA
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
lstrcatA
lstrcpyA
LeaveCriticalSection
IsDBCSLeadByte
HeapDestroy
EnterCriticalSection
GetSystemInfo
CreateFileA
FlushFileBuffers
VirtualQuery
VirtualProtect
SetStdHandle
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetFilePointer
IsBadCodePtr
IsBadReadPtr
RaiseException
SetUnhandledExceptionFilter
GetCPInfo
GetOEMCP
HeapSize
IsBadWritePtr
WriteFile
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
ReadFile
lstrcmpiA
lstrlenA
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapFree
lstrlenW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
GetFileType
GetStdHandle
SetHandleCount
TlsAlloc
TlsGetValue
SetLastError
TlsFree
ExitProcess
HeapReAlloc
GetCommandLineA
TlsSetValue
Sleep

ntdll

RtlUnwind

gdi32

SetTextColor
CreateBrushIndirect
GetDeviceCaps
CreateFontIndirectA
SelectObject
GetTextMetricsA
GetTextExtentPointA
DeleteObject
SetBkColor

user32

CreateWindowExA
GetWindowTextLengthA
IsDlgButtonChecked
GetSysColor
SetFocus
UpdateWindow
GetDlgItemTextA
GetFocus
RegisterWindowMessageA
wvsprintfA
GetDesktopWindow
GetWindowRect
LoadStringW
SetDlgItemInt
GetDlgItemInt
WinHelpA
GetDC
ReleaseDC
GetDialogBaseUnits
IsWindow
SetDlgItemTextA
IsDialogMessageA
CallWindowProcA
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
wsprintfA
CloseClipboard
GetKeyState
DefWindowProcA
CharNextA
CreateDialogParamA
CheckDlgButton
EnableWindow
SendMessageA
GetWindowTextA
MessageBoxA
GetDlgItem
SetWindowTextA
GetWindowLongA
SetWindowLongA
LoadStringA
MoveWindow
DestroyWindow
ShowWindow
InvalidateRect
GetClientRect
SetWindowPos

advapi32

RegCreateKeyA
RegSetValueA
RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

ole32

StgCreateDocfile
StgOpenStorage
CoTaskMemRealloc
StringFromGUID2
CoUninitialize
OleSaveToStream
CoFreeUnusedLibraries
StringFromCLSID
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoCreateInstance
OleLoadFromStream

oleaut32

SysAllocString
SysFreeString
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
SysAllocStringLen
SysStringLen
VariantClear
VariantInit

winmm

timeGetTime

shell32

SHGetSpecialFolderPathA

comctl32

InitCommonControlsEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GraphEdit/Quartz.dll
.dll regsvr32 windows:4 windows x86 arch:x86

e58d60cf5d1d12b8363bc2c8d23e7dd3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetProcessHeap
WriteFile
RtlUnwind
InterlockedExchange
VirtualQuery
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo
HeapAlloc
HeapFree
lstrcmpiA
GetCurrentThreadId
DisableThreadLibraryCalls
GetProcAddress
ExitProcess
FreeLibrary
GetSystemDirectoryA
lstrcatA
UnhandledExceptionFilter
LoadLibraryA

user32

EnumChildWindows
GetSysColor
CallWindowProcA
DefWindowProcA
GetClientRect
ReleaseCapture
ReleaseDC
FillRect
InflateRect
FrameRect
SetRect
GetWindowRect
GetWindowDC
GetSystemMetrics
DrawTextA
OffsetRect
GetWindowTextA
DrawFocusRect
SetPropA
SetWindowLongA
RemovePropA
RedrawWindow
GetFocus
SendMessageA
GetWindowLongA
GetPropA
GetClassNameA
EnumThreadWindows
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA
MessageBoxA
CallNextHookEx

gdi32

SelectObject
LineTo
DeleteDC
SetDIBitsToDevice
CreateSolidBrush
CreatePen
MoveToEx
SetTextColor
BitBlt
CreateCompatibleBitmap
SetBkMode
CreateCompatibleDC
DeleteObject

comctl32

_TrackMouseEvent

Exports

Exports

AMGetErrorTextA
AMGetErrorTextW
AmpFactorToDB
DBToAmpFactor
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GraphEdit/下载说明.htm
.html .js polyglot
下载说明.htm
.html .js polyglot
汉化说明.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

divx Size: 32KB - Virtual size: 36KB

DX50 Size: 13KB - Virtual size: 16KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 4KB

ea33fcdb4c0b8ab90387eb3474f81c5c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mfc42

msvcrt

advapi32

gdi32

user32

ole32

oleaut32

comdlg32

comctl32

shell32

version

quartz

Sections

.text Size: 140KB - Virtual size: 139KB

.data Size: 4KB - Virtual size: 24KB

.rsrc Size: 31KB - Virtual size: 30KB

ca550d948a90c841fcfe3fcf51528cbe

Headers

File Characteristics

Imports

kernel32

ntdll

gdi32

user32

advapi32

comdlg32

ole32

oleaut32

winmm

shell32

comctl32

Exports

Exports

Sections

.text Size: 213KB - Virtual size: 213KB

.data Size: 14KB - Virtual size: 21KB

.rsrc Size: 37KB - Virtual size: 36KB

.reloc Size: 17KB - Virtual size: 16KB

e58d60cf5d1d12b8363bc2c8d23e7dd3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 4KB - Virtual size: 4KB

.tls Size: 4KB - Virtual size: 9B

.reloc Size: 8KB - Virtual size: 4KB

divx
Size: 32KB - Virtual size: 36KB

DX50
Size: 13KB - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 4KB

.text
Size: 140KB - Virtual size: 139KB

.data
Size: 4KB - Virtual size: 24KB

.rsrc
Size: 31KB - Virtual size: 30KB

.text
Size: 213KB - Virtual size: 213KB

.data
Size: 14KB - Virtual size: 21KB

.rsrc
Size: 37KB - Virtual size: 36KB

.reloc
Size: 17KB - Virtual size: 16KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 4KB - Virtual size: 4KB

.tls
Size: 4KB - Virtual size: 9B

.reloc
Size: 8KB - Virtual size: 4KB