38942e83d64940129e0b9c970385a8c5

Sharing

Copy URL

Twitter E-mail

General

Target

38942e83d64940129e0b9c970385a8c5
Size

2.1MB
MD5

38942e83d64940129e0b9c970385a8c5
SHA1

6b4e1fe7e5324ae86c297eb28555fe39a6858dac
SHA256

8be410717226b5e873c61a30d92a767c6c6492ce6358cd79b2a41cb23dba05cd
SHA512

a5bbb220be8df199426167bf409f9b37ac0809e19462a70e72197091cc608d99d8c2d391464a65b40724dbfe8af20d1dda24b3caf916602b6c49e4af10c8f780
SSDEEP

49152:vXdq9BbkmdhSi783eRRi+CT1s4E6pdfXHZHoLhdkZ2Ed9Y6RI7:v49B90i4OfFCxumd8/+47

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PersonMgrV108A/AdoRegister.exe
unpack001/PersonMgrV108A/DspJpgDll.dll
unpack001/PersonMgrV108A/GetIDESN.dll
unpack001/PersonMgrV108A/PersonMgr.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/PersonMgrV108A/AdoRegister.exe	nsis_installer_1

Files

38942e83d64940129e0b9c970385a8c5
.rar
PersonMgrV108A/@注意事项@.txt
PersonMgrV108A/AdoRegister.exe
.exe windows:4 windows x86 arch:x86

4f2145f489d9c324280558d2e08c717d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
SetFileTime
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
MulDiv
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
CreateWindowExA
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
GetDlgItem
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
CreateDialogParamA
SetClipboardData
DestroyWindow
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 264KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PersonMgrV108A/DspJpgDll.dll
.dll windows:4 windows x86 arch:x86

c6a36748137604d930c3894932a2f0b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3953
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5199
ord2396
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord5714
ord1089
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord3318
ord5186
ord665
ord800
ord2764
ord4204
ord4274
ord540
ord354
ord6467
ord4486
ord6375
ord3922
ord5731
ord2512
ord2554
ord3831
ord3830
ord860
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord269
ord1116
ord600
ord1578
ord826

msvcrt

_initterm
__CxxFrameHandler
_ftol
_CxxThrowException
_EH_prolog
??2@YAPAXI@Z
__dllonexit
_onexit
??1type_info@@UAE@XZ
free
_adjust_fdiv
malloc

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LocalFree
LocalAlloc

gdi32

GetDeviceCaps

ole32

CreateStreamOnHGlobal

olepro32

ord251

Exports

Exports

DspJPGPicture

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 526B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PersonMgrV108A/GetIDESN.dll
.dll windows:4 windows x86 arch:x86

27dcc902cc72e7b2bfc4c4c50808d8f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord4486
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord2554
ord2512
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord4274
ord6467
ord800
ord535
ord5572
ord2915
ord540
ord6375
ord2985
ord3262
ord2818
ord826
ord600
ord1176
ord1575
ord1116
ord1577
ord1182
ord1168
ord1243
ord1197
ord342
ord1253
ord269
ord1255
ord1578
ord1570

msvcrt

_i64toa
_EH_prolog
__CxxFrameHandler
atoi
_adjust_fdiv
??1type_info@@UAE@XZ
free
malloc
_initterm
??2@YAPAXI@Z
_onexit
__dllonexit

kernel32

GetVolumeInformationA
LocalFree
LocalAlloc

Exports

Exports

?GetIDESerial@@YGHAAVCString@@@Z
?GetRegisterCode@@YG?AVCString@@V1@@Z

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PersonMgrV108A/Person2.mdb
PersonMgrV108A/PersonMgr.exe
.exe windows:4 windows x86 arch:x86

b17c49fc10b9855c7b242d30a2bf7fe6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3573
ord800
ord860
ord540
ord825
ord3597
ord641
ord3663
ord3626
ord2414
ord858
ord2370
ord2302
ord1641
ord6199
ord535
ord3874
ord3092
ord6334
ord6197
ord6380
ord1768
ord2820
ord1175
ord2864
ord3811
ord4710
ord4376
ord3089
ord5875
ord6055
ord1776
ord4396
ord5290
ord4424
ord3574
ord567
ord609
ord4275
ord2859
ord2379
ord2754
ord2380
ord3402
ord823
ord2135
ord818
ord1949
ord4034
ord4243
ord4271
ord2614
ord3571
ord939
ord2818
ord4224
ord2688
ord324
ord4234
ord4299
ord6605
ord2574
ord3572
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord2575
ord3721
ord692
ord795
ord5981
ord913
ord4189
ord4148
ord537
ord3803
ord2642
ord6215
ord4204
ord2764
ord4476
ord3499
ord2515
ord355
ord3610
ord656
ord5572
ord2915
ord4277
ord2763
ord941
ord4129
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord2299
ord3439
ord924
ord1200
ord1842
ord4242
ord4627
ord4425
ord3059
ord5100
ord5103
ord4303
ord2390
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord674
ord398
ord366
ord700
ord1146
ord1168
ord4160
ord2863
ord6067
ord2011
ord6000
ord2117
ord4163
ord6625
ord4457
ord5252
ord5852
ord3481
ord3916
ord2252
ord4413
ord5054
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord4337
ord859
ord6283
ord6282
ord940
ord5442
ord3318
ord665
ord5186
ord5594
ord354
ord812
ord384
ord559
ord686
ord5862
ord3289
ord6615
ord2862
ord4133
ord4297
ord5788
ord472
ord2567
ord926
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord617
ord5301
ord5214
ord296
ord986
ord520
ord4159
ord6117
ord2621
ord1134
ord6241
ord1825
ord4238
ord4696
ord3058
ord3065
ord2723
ord3350
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4953
ord4858
ord3825
ord4080
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord801
ord652
ord541
ord338
ord2393
ord3543
ord3542
ord6883
ord3800
ord3799
ord310
ord304
ord4823
ord4420
ord633
ord628
ord3489
ord1572
ord3488
ord3155
ord3150
ord5175
ord3159
ord3152
ord5179
ord309
ord5265
ord4295
ord4061
ord4293
ord5632
ord4202
ord6072
ord3758
ord3408
ord3227
ord3337
ord835
ord6069
ord2847
ord6143
ord2848
ord6144
ord3693
ord1849
ord4532
ord4723
ord5253
ord3371
ord3641
ord2583
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4349
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord4403
ord5240
ord3748
ord1726
ord4432
ord303
ord813
ord4244
ord6696
ord4464
ord6027
ord3157
ord3783
ord3301
ord2860
ord1841
ord4533
ord4340
ord4347
ord4889
ord4963
ord4960
ord6054
ord5281
ord1725
ord5260
ord2091
ord364
ord784
ord4241
ord4720
ord6120
ord1945
ord560
ord4273
ord3619
ord2243
ord2086
ord4614
ord4613
ord1942
ord4272
ord5259
ord2535
ord2453
ord2097
ord3303
ord4278
ord1979
ord603
ord273
ord275
ord816
ord3908
ord562
ord2298
ord6232
ord6230
ord6148
ord2568
ord6268
ord6271
ord3225
ord3257
ord3912
ord2544
ord2543
ord2511
ord978
ord1731
ord5851
ord2883
ord2398
ord2418
ord6224
ord6226
ord2429
ord2250
ord4732
ord5477
ord2259
ord4836
ord4440
ord3720
ord527
ord794
ord4264
ord283
ord2452
ord4541
ord1930
ord4265
ord2585
ord6154
ord2530
ord4365
ord4056
ord5471
ord4121
ord2389
ord5085
ord1709
ord1714
ord4404
ord5234
ord6369
ord5279
ord5258
ord2444
ord796
ord529
ord4454
ord5683
ord2814
ord2811
ord829
ord551
ord6158
ord5933
ord845
ord5215
ord4284
ord2297
ord2363
ord3295
ord4366
ord5086
ord1710
ord1715
ord5064
ord5248
ord3730
ord807
ord554
ord4268
ord755
ord4873
ord470
ord2922
ord5063
ord5787
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord3079
ord2976
ord3831
ord3830
ord3262
ord3081
ord2985
ord3259
ord3136
ord4465
ord5277
ord3147
ord2982
ord2399
ord2124
ord4387
ord6336
ord2510
ord315
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_setmbcp
_controlfp
atof
__CxxFrameHandler
rand
srand
time
_mbscmp
_mbsicmp
atoi
isdigit
atol
_ftol
_mbsicoll
_adjust_fdiv
strncpy
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr

kernel32

GlobalAlloc
GlobalUnlock
GetPrivateProfileStringA
GlobalLock
GetCurrentDirectoryA
GetCurrentProcess
WritePrivateProfileStringA
GetVersion
GetProcAddress
Beep
GetModuleHandleA
GetStartupInfoA
LoadLibraryA
GetModuleFileNameA

user32

LoadBitmapA
SetClipboardData
EmptyClipboard
GetClientRect
SetRect
UpdateWindow
ClientToScreen
CloseClipboard
ReleaseCapture
GetWindowRect
SetCapture
DrawFocusRect
IsWindow
EnableWindow
GetSubMenu
IsIconic
InflateRect
GetMenuItemCount
AppendMenuA
ExitWindowsEx
GetMenu
LoadIconA
GetParent
PostMessageA
RedrawWindow
LoadCursorA
SetCursor
GetDC
ReleaseDC
PtInRect
SendMessageA
KillTimer
SetTimer
GetMenuStringA
ModifyMenuA
InvalidateRect
GetCursorPos
ScreenToClient
CopyRect
GetSysColor
GetMenuItemID
CreatePopupMenu
GetDesktopWindow
FrameRect
OpenClipboard
FillRect

gdi32

CreatePatternBrush
GetTextMetricsA
GetCurrentObject
GetDeviceCaps
CreatePen
GetTextExtentPoint32A
Rectangle
RoundRect
CreateSolidBrush
GetObjectA
CreateFontIndirectA
GetStockObject

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

Shell_NotifyIconA
ShellExecuteA

comctl32

ImageList_SetBkColor
ImageList_Draw
ImageList_GetImageCount

olepro32

ord251

oleaut32

VariantClear

winmm

sndPlaySoundA

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PersonMgrV108A/PersonMgr.ini
PersonMgrV108A/PersonMgrHelp.chm
.chm
PersonMgrV108A/Title.jpg
.jpg
PersonMgrV108A/board.jpg
.jpg
PersonMgrV108A/login.jpg
.jpg
PersonMgrV108A/phrase.dat
PersonMgrV108A/下载说明.htm
.html .js polyglot
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

4f2145f489d9c324280558d2e08c717d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 305KB

.ndata Size: - Virtual size: 264KB

.rsrc Size: 16KB - Virtual size: 16KB

c6a36748137604d930c3894932a2f0b7

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

gdi32

ole32

olepro32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 856B

.reloc Size: 4KB - Virtual size: 526B

27dcc902cc72e7b2bfc4c4c50808d8f0

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 848B

.reloc Size: 4KB - Virtual size: 484B

b17c49fc10b9855c7b242d30a2bf7fe6

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

olepro32

oleaut32

winmm

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 28KB - Virtual size: 27KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 305KB

.ndata
Size: - Virtual size: 264KB

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 856B

.reloc
Size: 4KB - Virtual size: 526B

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 848B

.reloc
Size: 4KB - Virtual size: 484B

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 28KB - Virtual size: 27KB