38ddb9c07ec9b793ea447dca87ab0764

Sharing

Copy URL Twitter E-mail

General

Target

38ddb9c07ec9b793ea447dca87ab0764
Size

359KB
MD5

38ddb9c07ec9b793ea447dca87ab0764
SHA1

89cb2d025c5a4cd46adfffb6f06f90fc6dd93374
SHA256

edbc4e04eb73bde19c734cb06147ad8e2f1d0acbcd3bd9c89c307c3185bda90f
SHA512

2840ca7527f98fc1f03de32c3c9ca7e624c992d13d357ac1ad737678306b08dccf5f5e862ec6381e0c9fb7dbb68a297c13c330a31a1491212395a1a58881938e
SSDEEP

6144:x/3Bxv66Evu8bQIU8ugdUb9B7pweJe6AMrOFMGdFXRaNwJzs/IInuUV1:XB6dFbH1uD9ZrAMyhFBaNMJeuUV1

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Recover4all-Professional.exe
unpack001/U.R4P

Files

38ddb9c07ec9b793ea447dca87ab0764
.rar
RECOVER4ALL-PROFESSIONAL.HLP
Recover4all-Professional.cnt
Recover4all-Professional.exe
.exe windows:4 windows x86 arch:x86

f2dc1c7eaddbf6cd290a5c23c8adc3b7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetEnvironmentStrings
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetProfileStringA
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
HeapSize
HeapReAlloc
TerminateProcess
GetACP
ExitThread
HeapFree
HeapAlloc
RaiseException
ExitProcess
GetCommandLineA
GetStartupInfoA
GetLocalTime
GetSystemTime
GetSystemTimeAsFileTime
GetTimeZoneInformation
CreateDirectoryA
RtlUnwind
SetErrorMode
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileSize
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
DeleteFileA
MoveFileA
UnlockFile
LockFile
FlushFileBuffers
WriteFile
GetCurrentProcess
DuplicateHandle
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
SizeofResource
GlobalFlags
GetFileTime
SetFileTime
GetFullPathNameA
GetTempFileNameA
GetFileAttributesA
GlobalAlloc
GetCurrentThread
lstrcpynA
MulDiv
lstrlenW
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateEventA
SetEvent
GetLastError
SetLastError
LocalFree
InterlockedIncrement
InterlockedDecrement
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
SetThreadPriority
lstrlenA
FreeLibrary
LoadLibraryA
GetModuleFileNameA
GetSystemInfo
GetVersionExA
WaitForSingleObject
MultiByteToWideChar
GetModuleHandleA
GetProcAddress
GetDiskFreeSpaceA
ReadFile
lstrcmpA
GetVersion
DeviceIoControl
GetVolumeInformationA
WideCharToMultiByte
CreateThread
TerminateThread
ResumeThread
Sleep
SuspendThread
GetDriveTypeA
CreateFileA
SetFilePointer
SetEndOfFile
CloseHandle
GetCurrentDirectoryA
FindFirstFileA
FindNextFileA
FindClose
GetLogicalDrives

user32

ClientToScreen
ValidateRect
GetCursorPos
GetDC
ReleaseDC
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
EnableMenuItem
ShowWindow
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
GetFocus
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
IsWindowVisible
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
MessageBoxA
IsChild
GetCapture
GetClassInfoA
RegisterClassA
GetMenuItemCount
GetMenuItemID
TrackPopupMenu
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
GetWindowDC
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetMessageA
TranslateMessage
DispatchMessageA
InsertMenuA
GetSysColor
CheckMenuItem
EnableWindow
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
CharNextA
IsWindowUnicode
SetRectEmpty
GetMenu
GetWindowRect
LoadMenuA
GetSubMenu
PostMessageA
WinHelpA
DestroyCursor
LoadCursorA
GetDesktopWindow
OffsetRect
GetParent
LoadImageA
SetRect
GetClientRect
PtInRect
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
CallNextHookEx
ReleaseCapture
SetCursor
SetCapture
InvalidateRect
InflateRect
wsprintfA
OemToCharA
UpdateWindow
CharToOemA
IsWindow
LoadIconA
SendMessageA
SetParent
DestroyIcon
DeleteMenu
LockWindowUpdate
GetDCEx
CharUpperA
GetTabbedTextExtentA
FindWindowA
GetMenuStringA
GetSysColorBrush
GetClassNameA
ShowOwnedPopups
PostQuitMessage
WindowFromPoint
KillTimer
SetTimer
UnionRect
IsRectEmpty
SetCursorPos
RedrawWindow
IsZoomed
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
SetMenu
TranslateAcceleratorA
LoadAcceleratorsA
DestroyMenu
LoadStringA
CallWindowProcA
FillRect
SetWindowTextA

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SetTextAlign
GetCurrentPositionEx
DeleteObject
CreateRectRgn
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
SetMapMode
CreatePatternBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
DPtoLP
GetViewportOrgEx
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
CreateDCA
GetTextExtentPoint32A
GetTextMetricsA
StretchDIBits
CreateCompatibleBitmap
GetCharWidthA
SetRectRgn
CombineRgn
LPtoDP
GetBkColor
GetNearestColor
GetTextColor
GetStretchBltMode
GetPolyFillMode
GetTextAlign
GetBkMode
GetROP2
GetTextFaceA
GetWindowOrgEx
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
StartDocA
DeleteDC
CreateRectRgnIndirect
PatBlt
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
CreateFontIndirectA
GetObjectA
CreateSolidBrush
GetPixel
CreateCompatibleDC
BitBlt
CreatePen
CreateDIBitmap
GetTextExtentPointA
Rectangle

comdlg32

GetFileTitleA
PrintDlgA
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegDeleteKeyA
SetFileSecurityA
GetFileSecurityA
RegCreateKeyA
RegCloseKey
RegSetValueA

shell32

DragQueryFileA
DragFinish
ShellExecuteA
SHGetFileInfoA
ExtractIconA

comctl32

ImageList_ReplaceIcon
ImageList_SetBkColor
ord17
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA

ole32

CoDisconnectObject

oleaut32

VariantChangeType
SysAllocStringByteLen
SysAllocString
VariantCopy
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen
LoadTypeLi

Exports

Exports

?ex_d_d@@3VCString@@A
?ex_k@@3KA
?ex_lP@@3JA
?glob_sector_size@@3KA
?undelete_dir@@YA_KJVCString@@@Z

Sections

pec1
Size: 418KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pec2
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pec3
Size: 49KB - Virtual size: 504KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pec4
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
U.R4P
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

pec1
Size: 1KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pec2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pec3
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pec
Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
下载说明.htm
.html .js polyglot
汉化说明.txt

Sharing

General

Malware Config

Signatures

Files

f2dc1c7eaddbf6cd290a5c23c8adc3b7

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

Exports

Exports

Sections

pec1 Size: 418KB - Virtual size: 420KB

pec2 Size: 62KB - Virtual size: 64KB

pec3 Size: 49KB - Virtual size: 504KB

.rsrc Size: 38KB - Virtual size: 38KB

pec4 Size: 16KB - Virtual size: 20KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Sections

pec1 Size: 1KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 4KB

pec2 Size: 512B - Virtual size: 4KB

pec3 Size: 512B - Virtual size: 4KB

.pec Size: 1KB - Virtual size: 16KB

.rsrc Size: 1KB - Virtual size: 4KB

pec1
Size: 418KB - Virtual size: 420KB

pec2
Size: 62KB - Virtual size: 64KB

pec3
Size: 49KB - Virtual size: 504KB

.rsrc
Size: 38KB - Virtual size: 38KB

pec4
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 1KB - Virtual size: 4KB

pec1
Size: 1KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 4KB

pec2
Size: 512B - Virtual size: 4KB

pec3
Size: 512B - Virtual size: 4KB

.pec
Size: 1KB - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 4KB