38b937916497e96cdf3e24c4414d5bd3

Sharing

Copy URL Twitter E-mail

General

Target

38b937916497e96cdf3e24c4414d5bd3
Size

2.7MB
MD5

38b937916497e96cdf3e24c4414d5bd3
SHA1

311408d4851d95421e40dc0441a26341f632dc17
SHA256

dbeaef1468d0cc72e4a43eb010472170546e242e6a59ab05b96b0ff695f773e4
SHA512

49fdd5e432a7fb0f44de6412d1c15d646e7bae866bac1ac07d3b1cb97d3d6a252a666bc3b1745d16e7cc7a51180f231f3565a12334647bb7649c99af4bde2f43
SSDEEP

49152:YqGS6zOJhE67EaTU21eN/G4IeSKYHb+42lOOq2FdK1YGTMSjEGtjKZ8oS7UFffyE:YXZzOJhEKU2kpG4ItKYHb+k2vA1mGtjs

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Crack/earthview.exe
unpack001/EVSetup.exe

Files

38b937916497e96cdf3e24c4414d5bd3
.rar
Crack/earthview.exe
.exe windows:4 windows x86 arch:x86

eb3a939a3c60a58bcb1a0ffd6f9545dd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

ws2_32

send
gethostbyname
closesocket
socket
recv
ioctlsocket
connect
WSAStartup
select
WSAGetLastError
htons
shutdown

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
VirtualQuery
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetTimeZoneInformation
WideCharToMultiByte
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapReAlloc
VirtualAlloc
GlobalSize
HeapCreate
HeapDestroy
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetStartupInfoA
GetProcessHeap
GetCommandLineA
CreateThread
ResumeThread
ExitThread
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
GetLastError
IsBadReadPtr
lstrlenA
lstrcmpA
GlobalHandle
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
IsBadHugeReadPtr
SetFilePointer
DeleteCriticalSection
WritePrivateProfileStringA
GetPrivateProfileStringA
GetVersionExA
GetProcAddress
GetShortPathNameA
SetThreadPriority
MultiByteToWideChar
GetWindowsDirectoryA
GetCurrentProcess
GetTickCount
CreateDirectoryA
GetFileAttributesA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
ReadFile
SetEnvironmentVariableA
GetFileSize
DeleteFileA
CopyFileA
Sleep
GetModuleHandleA
CloseHandle
WriteFile
CreateFileA
FindNextFileA
FindClose
FindFirstFileA
MulDiv
GetLocaleInfoA
LoadLibraryA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CompareStringA
CompareStringW
VirtualFree

user32

SetForegroundWindow
LoadStringA
LoadMenuA
LoadIconA
FindWindowExA
RegisterWindowMessageA
EnumWindows
IsDialogMessageA
TranslateMessage
TrackPopupMenuEx
MessageBoxA
PeekMessageA
SetRect
DrawTextA
FillRect
GetSubMenu
ReleaseCapture
EnableMenuItem
SetClassLongA
GetDesktopWindow
AppendMenuA
DispatchMessageA
SetMenuDefaultItem
SystemParametersInfoA
IsWindowVisible
LoadImageA
FindWindowA
DialogBoxParamA
GetClassNameA
SetTimer
GetWindowRect
MapDialogRect
IsIconic
PostQuitMessage
GetSystemMenu
GetMessageA
CopyRect
GetCursorPos
DefWindowProcA
GetWindowLongA
InvalidateRect
CreateDialogParamA
SendDlgItemMessageA
KillTimer
GetWindowTextA
EndDialog
EnumChildWindows
ShowWindow
GetActiveWindow
GetSystemMetrics
SetWindowTextA
EnableWindow
GetDlgCtrlID
mouse_event
SetCursor
GetAsyncKeyState
FrameRect
LoadCursorA
SetDlgItemTextA
OffsetRect
CallWindowProcA
GetSysColor
SetWindowPos
PostMessageA
DestroyWindow
GetFocus
CreateCursor
GetClientRect
SetFocus
GetDC
DrawFocusRect
CreateWindowExA
ReleaseDC
GetDlgItem
MapWindowPoints
GetDlgItemTextA
RegisterClassA
MoveWindow
EndPaint
ScreenToClient
SetCapture
GetParent
SendMessageA
SetRectEmpty
BeginPaint
SetWindowLongA
UnionRect
IsWindowEnabled

gdi32

MoveToEx
LineTo
Ellipse
SetTextColor
DeleteDC
CreateDIBSection
CreateFontA
GetDeviceCaps
SetBkColor
DeleteObject
SelectObject
CreateCompatibleDC
GetStockObject
SetBkMode
CreateSolidBrush
CreatePen
GetPixel
Rectangle
CreateCompatibleBitmap
Polygon
CreateRectRgn
CombineRgn
CreateRectRgnIndirect
CreateFontIndirectA
SetDIBitsToDevice
SetDIBColorTable

comdlg32

GetSaveFileNameA
ChooseColorA
GetOpenFileNameA
CommDlgExtendedError

advapi32

RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
CryptHashData
CryptDestroyHash
CryptVerifySignatureA
CryptCreateHash
CryptImportKey
CryptAcquireContextA
CryptReleaseContext
RegCloseKey
GetUserNameA
RegQueryValueExA

shell32

FindExecutableA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteA
Shell_NotifyIconA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

Sections

.text
Size: 236KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Crack/下载说明.htm
.html .js polyglot
Crack/安装说明.txt
EVSetup.exe
.exe windows:4 windows x86 arch:x86

ed82a4a34f20482ed46c0850f4469ce3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsRelativeA
PathIsNetworkPathA
SHDeleteKeyA

kernel32

CreateDirectoryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetCurrentProcess
GetDiskFreeSpaceA
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
OpenProcess
ResumeThread
SetPriorityClass
GetCurrentThread
SetThreadPriority
CreateProcessA
lstrlenA
GetTempPathA
MultiByteToWideChar
GetVersionExA
GetModuleFileNameA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
RaiseException
GetConsoleMode
GetConsoleCP
FindResourceA
CopyFileA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSection
LoadLibraryA
GetStdHandle
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
HeapSize
LoadResource
LockResource
BeginUpdateResourceA
SizeofResource
UpdateResourceA
EndUpdateResourceA
GetLocaleInfoA
SetFilePointer
ReadFile
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
WriteFile
CloseHandle
UnmapViewOfFile
RemoveDirectoryA
FindFirstFileA
DeleteFileA
Sleep
FindNextFileA
FindClose
GetFileAttributesA
FlushFileBuffers
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetSystemTimeAsFileTime
RtlUnwind
GetLastError
HeapFree
HeapAlloc
ExitThread
CreateThread
ExitProcess
GetCommandLineA
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

user32

DialogBoxParamA
SystemParametersInfoA
FindWindowExA
GetWindowThreadProcessId
ExitWindowsEx
PostMessageA
LoadIconA
SetClassLongA
CreateDialogParamA
EnableWindow
SetDlgItemTextA
ShowWindow
EndDialog
SendDlgItemMessageA
LoadStringA
SetForegroundWindow
MessageBoxA
EnumChildWindows
GetWindowTextA
SetWindowTextA
PeekMessageA
DispatchMessageA
TranslateMessage
SendMessageA
GetDlgItemTextA
GetDlgItem
GetClientRect
MapWindowPoints
CreateWindowExA
SetWindowLongA
GetDC
ReleaseDC
MoveWindow
CreateIconFromResource
RegisterClassA
GetWindowLongA
BeginPaint
DrawTextA
GetFocus
DrawFocusRect
EndPaint
InvalidateRect
SetFocus
DefWindowProcA
DestroyWindow

gdi32

CreateFontA
CreateFontIndirectA
GetStockObject
SelectObject
SetBkMode
SetTextColor
DeleteObject

advapi32

RegCreateKeyExA
GetUserNameA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegEnumValueA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

shell32

SHGetMalloc
SHChangeNotify
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHGetSpecialFolderLocation

ole32

CoCreateInstance
CoInitialize
CoUninitialize

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Readme.txt
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

eb3a939a3c60a58bcb1a0ffd6f9545dd

Headers

File Characteristics

Imports

comctl32

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 236KB - Virtual size: 234KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 24KB - Virtual size: 97KB

.rsrc Size: 76KB - Virtual size: 72KB

ed82a4a34f20482ed46c0850f4469ce3

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 88KB - Virtual size: 85KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 32KB - Virtual size: 30KB

.text
Size: 236KB - Virtual size: 234KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 24KB - Virtual size: 97KB

.rsrc
Size: 76KB - Virtual size: 72KB

.text
Size: 88KB - Virtual size: 85KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 32KB - Virtual size: 30KB