3e5d20c9fb7fc8ded791218a53c64073

Sharing

Copy URL

Twitter E-mail

General

Target

3e5d20c9fb7fc8ded791218a53c64073
Size

533KB
MD5

3e5d20c9fb7fc8ded791218a53c64073
SHA1

7ea6fcaf49ab6b34bbe4fe8d5d5e30e3e9bd3de1
SHA256

fa2658d94e8a78338d9233da2a569982aaff57aa48969b73a376ee01a757bc54
SHA512

ee47992ba045835c75559e1c6f6cd560520bcdb68f5d24926de62433b8b089808a7ecbb205781ac2e9dd84f6136e9558291105bf62f752e46a4d9e2aed7e8363
SSDEEP

12288:JbFfLjK+nnYHmtW29RRgBIbPbZilhlq9WBK7k7fBOTBnciV0haH:ZFfLjK0YI9JN/UhlqMBKcBO1r0UH

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/943474874/Dbt3.dll
unpack001/943474874/Dbt3MainProj.exe
unpack001/943474874/cooltray4.3/CoolTrayTest.exe

Files

3e5d20c9fb7fc8ded791218a53c64073
.rar
943474874/Dbt3.cfg
943474874/Dbt3.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Decode
Encode
endhook
sethook

Sections

CODE
Size: 522KB - Virtual size: 522KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 119B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
943474874/Dbt3.dof
943474874/Dbt3.dpr
943474874/Dbt3.res
943474874/Dbt3Main.dcu
943474874/Dbt3Main.ddp
943474874/Dbt3Main.dfm
943474874/Dbt3Main.pas
943474874/Dbt3MainProj.cfg
943474874/Dbt3MainProj.dof
943474874/Dbt3MainProj.dpr
943474874/Dbt3MainProj.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 374KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
943474874/Dbt3MainProj.res
943474874/Hook.dcu
943474874/Hook.pas
943474874/PopWin.dcu
943474874/PopWin.ddp
943474874/PopWin.dfm
943474874/PopWin.pas
943474874/cooltray4.3/CoolTrayIcon.chm
.chm
943474874/cooltray4.3/CoolTrayIcon.dcr
943474874/cooltray4.3/CoolTrayIcon.dcu
943474874/cooltray4.3/CoolTrayIcon.pas
943474874/cooltray4.3/CoolTrayIcon_D5.dpk
943474874/cooltray4.3/CoolTrayIcon_D6plus.dcu
943474874/cooltray4.3/CoolTrayIcon_D6plus.dpk
943474874/cooltray4.3/CoolTrayIcon_D6plus.drc
943474874/cooltray4.3/CoolTrayIcon_D6plus.res
943474874/cooltray4.3/CoolTrayIcon_D7plus.cfg
943474874/cooltray4.3/CoolTrayIcon_D7plus.dcu
943474874/cooltray4.3/CoolTrayIcon_D7plus.dof
943474874/cooltray4.3/CoolTrayIcon_D7plus.dpk
943474874/cooltray4.3/CoolTrayIcon_D7plus.drc
943474874/cooltray4.3/CoolTrayIcon_D7plus.res
943474874/cooltray4.3/CoolTrayTest.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
943474874/cooltray4.3/RegisterTrayIcons.dcu
943474874/cooltray4.3/RegisterTrayIcons.pas
943474874/cooltray4.3/SimpleTimer.dcu
943474874/cooltray4.3/SimpleTimer.pas
943474874/cooltray4.3/TextTrayIcon.dcr
943474874/cooltray4.3/TextTrayIcon.dcu
943474874/cooltray4.3/TextTrayIcon.pas
943474874/cooltray4.3/convert_cti_projects.txt
943474874/cooltray4.3/convert_st_projects.txt
943474874/cooltray4.3/demos/CoolService/CoolService.dpr
943474874/cooltray4.3/demos/CoolService/CoolService.res
943474874/cooltray4.3/demos/CoolService/CoolTrayService.bat
.bat .vbs
943474874/cooltray4.3/demos/CoolService/Service.dfm
943474874/cooltray4.3/demos/CoolService/Service.pas
943474874/cooltray4.3/demos/CoolTrayTest/CoolTrayTest.dpr
943474874/cooltray4.3/demos/CoolTrayTest/CoolTrayTest.res
943474874/cooltray4.3/demos/CoolTrayTest/CtMain.dfm
943474874/cooltray4.3/demos/CoolTrayTest/CtMain.pas
943474874/cooltray4.3/demos/CoolTrayTest/TrayIcon.ico
943474874/cooltray4.3/demos/CustomHint1/CustomHint.dpr
943474874/cooltray4.3/demos/CustomHint1/CustomHint.res
943474874/cooltray4.3/demos/CustomHint1/Main.dfm
943474874/cooltray4.3/demos/CustomHint1/Main.pas
943474874/cooltray4.3/demos/CustomHint2/BigHint.dfm
943474874/cooltray4.3/demos/CustomHint2/BigHint.pas
943474874/cooltray4.3/demos/CustomHint2/BigHintDemo.dpr
943474874/cooltray4.3/demos/CustomHint2/BigHintDemo.res
943474874/cooltray4.3/demos/CustomHint2/images.res
943474874/cooltray4.3/demos/MinimizeAnimation/Main.dfm
943474874/cooltray4.3/demos/MinimizeAnimation/Main.pas
943474874/cooltray4.3/demos/MinimizeAnimation/MinimizeAnimation.dpr
943474874/cooltray4.3/demos/MinimizeAnimation/MinimizeAnimation.res
943474874/cooltray4.3/demos/MinimizeAnimation/TrayAnimation.pas
943474874/cooltray4.3/demos/MinimizeAnimation/animation.ico
943474874/cooltray4.3/demos/StartHidden/Main.dfm
943474874/cooltray4.3/demos/StartHidden/Main.pas
943474874/cooltray4.3/demos/StartHidden/StartHidden.dpr
943474874/cooltray4.3/demos/StartHidden/StartHidden.res
943474874/cooltray4.3/demos/TextTrayTest/TextTrayTest.dpr
943474874/cooltray4.3/demos/TextTrayTest/TextTrayTest.res
943474874/cooltray4.3/demos/TextTrayTest/TrayText.ico
943474874/cooltray4.3/demos/TextTrayTest/TtMain.dfm
943474874/cooltray4.3/demos/TextTrayTest/TtMain.pas
943474874/cooltray4.3/demos/TextTrayTest/bubble.ico
943474874/cooltray4.3/demos/TrayDraw/CtDraw.dfm
943474874/cooltray4.3/demos/TrayDraw/CtDraw.pas
943474874/cooltray4.3/demos/TrayDraw/TrayDraw.dpr
943474874/cooltray4.3/demos/TrayDraw/TrayDraw.ico
943474874/cooltray4.3/demos/TrayDraw/TrayDraw.res
943474874/cooltray4.3/doc/CoolTrayIcon.html
.html
943474874/cooltray4.3/doc/History - CoolTrayIcon.txt
943474874/cooltray4.3/doc/History - SimpleTimer.txt
943474874/cooltray4.3/doc/History - TextTrayIcon.txt
943474874/cooltray4.3/doc/SimpleTimer.html
.html
943474874/cooltray4.3/doc/TextTrayIcon.html
.html
943474874/cooltray4.3/doc/demos.txt
943474874/cooltray4.3/doc/install.txt
943474874/下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 522KB - Virtual size: 522KB

DATA Size: 5KB - Virtual size: 5KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 119B

.reloc Size: 38KB - Virtual size: 37KB

.rsrc Size: 52KB - Virtual size: 52KB

Headers

File Characteristics

Sections

CODE Size: 374KB - Virtual size: 374KB

DATA Size: 5KB - Virtual size: 4KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 28KB - Virtual size: 28KB

.rsrc Size: 40KB - Virtual size: 40KB

Headers

File Characteristics

Sections

CODE Size: 392KB - Virtual size: 392KB

DATA Size: 5KB - Virtual size: 4KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 28KB - Virtual size: 28KB

.rsrc Size: 163KB - Virtual size: 163KB

CODE
Size: 522KB - Virtual size: 522KB

DATA
Size: 5KB - Virtual size: 5KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 119B

.reloc
Size: 38KB - Virtual size: 37KB

.rsrc
Size: 52KB - Virtual size: 52KB

CODE
Size: 374KB - Virtual size: 374KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 40KB - Virtual size: 40KB

CODE
Size: 392KB - Virtual size: 392KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 163KB - Virtual size: 163KB