39a139ec7a63f39a0f8178e648aa2afb

Sharing

Copy URL Twitter E-mail

General

Target

39a139ec7a63f39a0f8178e648aa2afb
Size

936KB
MD5

39a139ec7a63f39a0f8178e648aa2afb
SHA1

94f462f3a74b121fb65959e92d41633130b3efc0
SHA256

617a974c3655613b3d382a0309d77e3ce3cd58805fcf00ff0242187832f6a11d
SHA512

5c7dce84f407e3d8c837efb305cd0df613c748e9b0abba4c6794e1e916d50971a694ec5542d6897d728a945d4b36fe62deaae182ba8ef23df027b2d664f302d0
SSDEEP

24576:UaEKUbEkECILHTTqW+vn6fqDruLVMekFaA0J0:GKUbmLHTTw//rMVMzFaA0J0

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fwqzhaqgj/Interop.WUApiLib.dll
unpack001/fwqzhaqgj/SkinH_CS.dll
unpack001/fwqzhaqgj/SkinH_Net.dll
unpack001/fwqzhaqgj/服务器综合安全工具1.0.exe

Files

39a139ec7a63f39a0f8178e648aa2afb
.zip
fwqzhaqgj/Interop.WUApiLib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fwqzhaqgj/SkinH_CS.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fwqzhaqgj/SkinH_Net.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

.Hmily
Size: - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.52PoJie
Size: 100KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fwqzhaqgj/sigcheck.exe
.exe windows:5 windows x86 arch:x86

451980ac60bb68035f963ec11e5106e3

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f9:33:c8:af:e5:6c:c7:1b:6e:cb:65:79:68:f2:1a:83:b3:4e:8d:3b
Signer

Actual PE Digest

f9:33:c8:af:e5:6c:c7:1b:6e:cb:65:79:68:f2:1a:83:b3:4e:8d:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

FreeLibrary
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceW
LoadLibraryExW
GetFileInformationByHandle
CreateFileW
ReadFile
FindClose
FindNextFileW
FindFirstFileW
GetFileAttributesW
GetModuleFileNameW
InterlockedDecrement
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetLastError
GetFullPathNameW
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
CompareStringA
CreateFileA
GetTimeZoneInformation
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapSize
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GetCurrentProcess
CreateFileMappingW
MapViewOfFile
GetFileSize
CloseHandle
UnmapViewOfFile
GetProcAddress
GetCommandLineW
LocalAlloc
LoadLibraryW
LocalFree
GetModuleHandleW
SetEnvironmentVariableA
GetProcessHeap
lstrlenW
FormatMessageW
EnterCriticalSection
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
HeapAlloc
HeapFree
GetModuleHandleA
LeaveCriticalSection
RtlUnwind
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
RaiseException
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
InterlockedExchange
LoadLibraryA
SetFilePointer
LCMapStringA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID

user32

SetWindowTextW
SetCursor
InflateRect
SendMessageW
EndDialog
GetSysColorBrush
GetDlgItem
DialogBoxIndirectParamW
LoadCursorW

gdi32

SetMapMode
StartDocW
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgW

advapi32

CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
CryptAcquireContextW

oleaut32

SysFreeString
SysAllocString
VariantChangeType
GetErrorInfo
VariantInit
SetErrorInfo
CreateErrorInfo
VariantClear

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fwqzhaqgj/skinh.she
fwqzhaqgj/服务器综合安全工具1.0.exe
.exe windows:5 windows x86 arch:x86

609bbf00aace1b46d0e550f57d1ec7ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

kernel32

GetModuleFileNameW

user32

IsWindow

advapi32

RegQueryValueExA

Sections

.text
Size: 67KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp
Size: 888KB - Virtual size: 888KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xp600ע.txt
ϵͳ֮.url

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 72KB - Virtual size: 69KB

.rsrc Size: 4KB - Virtual size: 832B

.reloc Size: 4KB - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 24KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 880B

.reloc Size: 4KB - Virtual size: 12B

Headers

File Characteristics

Exports

Exports

Sections

.Hmily Size: - Virtual size: 236KB

.52PoJie Size: 100KB - Virtual size: 116KB

451980ac60bb68035f963ec11e5106e3

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

f9:33:c8:af:e5:6c:c7:1b:6e:cb:65:79:68:f2:1a:83:b3:4e:8d:3bSigner

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

gdi32

comdlg32

advapi32

oleaut32

Sections

.text Size: 170KB - Virtual size: 170KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

609bbf00aace1b46d0e550f57d1ec7ad

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

msvcrt

iphlpapi

psapi

kernel32

user32

advapi32

Sections

.text Size: 67KB - Virtual size: 288KB

.vmp Size: 888KB - Virtual size: 888KB

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 99KB - Virtual size: 104KB

.text
Size: 72KB - Virtual size: 69KB

.rsrc
Size: 4KB - Virtual size: 832B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 24KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 880B

.reloc
Size: 4KB - Virtual size: 12B

.Hmily
Size: - Virtual size: 236KB

.52PoJie
Size: 100KB - Virtual size: 116KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

f9:33:c8:af:e5:6c:c7:1b:6e:cb:65:79:68:f2:1a:83:b3:4e:8d:3b
Signer

.text
Size: 170KB - Virtual size: 170KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 67KB - Virtual size: 288KB

.vmp
Size: 888KB - Virtual size: 888KB

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 99KB - Virtual size: 104KB

.vmp
Size: 8KB - Virtual size: 8KB