38e359eaae2ef1c022cd5ce4366f51f0

Sharing

Copy URL Twitter E-mail

General

Target

38e359eaae2ef1c022cd5ce4366f51f0
Size

220KB
MD5

38e359eaae2ef1c022cd5ce4366f51f0
SHA1

0c01fa044b0f568b3878f0ca06452fddf1f85daa
SHA256

3d81603554e513bd297f986e7139384852327b87ddc084c347c567a118a72543
SHA512

d2c9bc2c133d2a904608035d5980fcc8b19ebf0053a12f305ef79ecb8d5c16e7fe82472bed0b9d8fe0c3f23f247d5e3c91fd3c183d8136a1749805ae5391c0a2
SSDEEP

3072:EOagGJo2rw8kfD9/nzIRtNeBmutwWkJugWi7xB5FYMWY3aEVdp92fZWSzbnNFXv9:EOaggJEd8NeZesgVtBTqgWfZWMnNl5H

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/zsCNGRzsbscl/卓氏变速齿轮/GEARSHIFTEXE.exe
unpack001/zsCNGRzsbscl/卓氏变速齿轮/gearshift.dll

Files

38e359eaae2ef1c022cd5ce4366f51f0
.rar
zsCNGRzsbscl/卓氏变速齿轮/GEARSHIFTEXE.exe
.exe windows:4 windows x86 arch:x86

f88d54478c4f87914a75ada5958b1180

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
CloseHandle
GetTimeZoneInformation
GetACP
HeapReAlloc
HeapSize
TerminateProcess
ExitProcess
GetCommandLineA
GetStartupInfoA
RaiseException
HeapAlloc
HeapFree
RtlUnwind
GetFileTime
GetFileSize
GetFileAttributesA
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
SetErrorMode
FindResourceExA
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalFlags
GetLastError
FormatMessageA
LocalFree
GetThreadLocale
VirtualProtect
GlobalFree
GetModuleFileNameA
GlobalAlloc
lstrcmpA
GetCurrentThread
lstrcpynA
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
GlobalLock
GlobalUnlock
MulDiv
SetLastError
FindResourceA
LoadResource
LockResource
GetVersion
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetShortPathNameA
GetCurrentDirectoryA
WritePrivateProfileStringA
lstrcatA
lstrlenA
WinExec
lstrcpyA
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
GetModuleHandleA
GetProcAddress
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
GetStringTypeA

user32

CharUpperA
RegisterClipboardFormatA
PostThreadMessageA
GetSysColorBrush
GetDesktopWindow
GetClassNameA
CharNextA
SetWindowContextHelpId
MapDialogRect
GetAsyncKeyState
EndDialog
CreateDialogIndirectParamA
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
LoadStringA
GrayStringA
TabbedTextOutA
EndPaint
BeginPaint
GetMenuCheckMarkDimensions
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
DispatchMessageA
GetFocus
SetActiveWindow
SetFocus
AdjustWindowRectEx
ScreenToClient
GetScrollPos
GetTopWindow
MessageBoxA
IsChild
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
FillRect
LoadBitmapA
GetClientRect
UnregisterClassA
SendMessageA
GetSystemMetrics
GetParent
EnableWindow
GetForegroundWindow
GetWindow
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
GetWindowPlacement
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
SetRect
DrawEdge
GetMenuState
GetNextDlgGroupItem
CopyAcceleratorTableA
AppendMenuA
TrackMouseEvent
LoadCursorA
CopyIcon
SetWindowLongA
ReleaseCapture
RedrawWindow
SetCapture
MessageBeep
IsWindowVisible
GetCursorPos
SetForegroundWindow
DrawIconEx
GetWindowDC
IsIconic
DrawIcon
SetWindowRgn
CreatePopupMenu
ReleaseDC
GetDC
IsWindow
OffsetRect
InflateRect
DrawTextA
GetSysColor
CopyRect
UpdateWindow
InvalidateRect
PtInRect
GetWindowRect
DestroyMenu
DestroyCursor
DestroyIcon
GetWindowLongA
GetNextDlgTabItem
SetCursor
GetActiveWindow
WindowFromPoint
ClientToScreen
PostMessageA
TrackPopupMenuEx
GetSubMenu
DrawFocusRect
DrawStateA
CreateIconIndirect
GetIconInfo
LoadImageA
LoadMenuA
FrameRect
LoadIconA
GetKeyState

gdi32

GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
DPtoLP
GetTextColor
GetBkColor
EnumFontFamiliesExA
LPtoDP
LineTo
MoveToEx
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
GetMapMode
BitBlt
SetViewportOrgEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetClipBox
StretchBlt
CreatePen
RoundRect
CreateFontA
Rectangle
CreateSolidBrush
FillRgn
CreateRoundRectRgn
CreateRectRgn
GetPixel
SetPixel
CreateBitmap
SelectObject
SetBkColor
SetTextColor
DeleteDC
GetStockObject
DeleteObject
GetObjectA
CreateFontIndirectA
CreateRectRgnIndirect
GetTextExtentPoint32A
CreateCompatibleBitmap
CreateCompatibleDC
CreatePatternBrush
OffsetViewportOrgEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueA

shell32

Shell_NotifyIconA
SHGetFileInfoA
ShellExecuteA
ShellExecuteExA

comctl32

ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_Draw
ImageList_Destroy
ImageList_Create
ord17
PropertySheetA
DestroyPropertySheetPage
_TrackMouseEvent
CreatePropertySheetPageA

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemAlloc
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoTaskMemFree

olepro32

ord253

oleaut32

VariantClear
SysFreeString
SysAllocStringLen
VariantTimeToSystemTime
VariantChangeType
SysAllocString
VariantCopy
SysAllocStringByteLen
SysStringLen

winmm

PlaySoundA

gearshift

?s_st_sPd$@@YAXI@Z

Sections

.text
Size: 184KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
zsCNGRzsbscl/卓氏变速齿轮/gearshift.dll
.dll windows:4 windows x86 arch:x86

a7189d09255983a2b46b7fd08face941

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
WriteProcessMemory
ReadProcessMemory
TerminateProcess
GetCurrentProcess
GetProcAddress
LoadLibraryA
InitializeCriticalSection
GetCommandLineA
GetVersion
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InterlockedDecrement
InterlockedIncrement
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
RtlUnwind

user32

MessageBoxA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

?doD_p$@@YA_NXZ
?doS@@YAXXZ
?do_pdiD_p$@@YA_NXZ
?s_st_sPd$@@YAXI@Z
?stiD_p$@@YA_NXZ
?x_p_d$@@YA_NXZ

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
zsCNGRzsbscl/卓氏变速齿轮/help.chm
.chm
zsCNGRzsbscl/卓氏变速齿轮/上网不会中毒的超强浏览器！.URL
.url
zsCNGRzsbscl/卓氏变速齿轮/必看说明.htm
zsCNGRzsbscl/卓氏变速齿轮/比ACDSEE还强的图像软件！.URL
.url
zsCNGRzsbscl/卓氏变速齿轮/河源下载站.url
.url

Sharing

General

Malware Config

Signatures

Files

f88d54478c4f87914a75ada5958b1180

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

winmm

gearshift

Sections

.text Size: 184KB - Virtual size: 180KB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 20KB - Virtual size: 32KB

.rsrc Size: 60KB - Virtual size: 59KB

a7189d09255983a2b46b7fd08face941

Headers

File Characteristics

Imports

kernel32

user32

version

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 14KB

Shared Size: 4KB - Virtual size: 4B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 184KB - Virtual size: 180KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 20KB - Virtual size: 32KB

.rsrc
Size: 60KB - Virtual size: 59KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 14KB

Shared
Size: 4KB - Virtual size: 4B

.reloc
Size: 4KB - Virtual size: 3KB