40d261b568801187ceb28f721fad898a

Sharing

Copy URL Twitter E-mail

General

Target

40d261b568801187ceb28f721fad898a
Size

1.0MB
MD5

40d261b568801187ceb28f721fad898a
SHA1

98d1a15e5f275fe1dbfafabea4a612467f79d784
SHA256

41a52b8479ebbb4af5ce98616237e7861f5563b390fbbaa60306440aa78791e7
SHA512

78f2b9bc941844ff95b9479c68f84f04db01b44c9ee995cfe4441a6f3547f2542b1325b4048ba0670ba2223aa7f74eadb554eab869c66a10916c982fe6002ba7
SSDEEP

24576:2+Ds4irsqkPagyW+4rmHy1/G4o1tZMBz9nZFaX9oRCjmcq:2D4iYqEaTWjyS1/GL1tuz9nZFaX9oRCI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/eTongTelBook/易通电话本.exe

Files

40d261b568801187ceb28f721fad898a
.rar
eTongTelBook/Database/MyInfoDB.mdb
eTongTelBook/Readme.txt
eTongTelBook/eTongTelBook.JPG
.jpg
eTongTelBook/新云软件.url
.url
eTongTelBook/易通电话本.exe
.exe windows:4 windows x86 arch:x86

14496bbc8e4192904971bbc7cc0378ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3663
ord3626
ord2414
ord3693
ord3573
ord3619
ord816
ord562
ord858
ord4129
ord2763
ord5710
ord860
ord535
ord922
ord283
ord2754
ord2863
ord2107
ord823
ord537
ord1858
ord1842
ord4216
ord4083
ord1859
ord1175
ord2448
ord1816
ord4204
ord1168
ord2841
ord2859
ord2044
ord5450
ord5834
ord5440
ord6383
ord6394
ord6000
ord4265
ord1930
ord3294
ord1126
ord3295
ord6154
ord2530
ord4366
ord4056
ord5471
ord4121
ord2389
ord5086
ord1715
ord5234
ord6369
ord5279
ord5064
ord5248
ord2444
ord554
ord807
ord4163
ord6605
ord2012
ord6215
ord3092
ord1710
ord4268
ord1938
ord755
ord470
ord6794
ord1803
ord1949
ord1654
ord1266
ord5271
ord5821
ord3662
ord812
ord818
ord1200
ord1176
ord414
ord559
ord713
ord1270
ord1232
ord2393
ord6144
ord6194
ord5785
ord5053
ord6458
ord5768
ord5788
ord1706
ord430
ord786
ord2461
ord3318
ord5572
ord6389
ord2915
ord939
ord941
ord2614
ord519
ord6311
ord6283
ord6282
ord4277
ord2764
ord4171
ord5445
ord703
ord404
ord3216
ord4042
ord2504
ord5903
ord5510
ord1652
ord429
ord3754
ord3752
ord6128
ord6130
ord6141
ord801
ord541
ord641
ord2450
ord4160
ord4333
ord2820
ord3811
ord2818
ord3127
ord3616
ord5651
ord350
ord2096
ord384
ord2652
ord1669
ord472
ord2065
ord6143
ord4544
ord3274
ord4622
ord3579
ord439
ord736
ord5495
ord5685
ord4226
ord2582
ord4402
ord3640
ord693
ord4243
ord3301
ord4299
ord3293
ord2567
ord4694
ord5148
ord3721
ord795
ord6199
ord2116
ord5787
ord6880
ord2089
ord6241
ord3797
ord3742
ord2152
ord6379
ord686
ord1099
ord1574
ord772
ord3701
ord500
ord1862
ord4220
ord2584
ord3654
ord2438
ord6142
ord5606
ord5683
ord2405
ord2408
ord5860
ord3986
ord3730
ord2920
ord2120
ord1644
ord1146
ord940
ord5856
ord536
ord2452
ord2753
ord1195
ord6146
ord5883
ord6157
ord6883
ord5265
ord4376
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord324
ord2302
ord4234
ord2578
ord4853
ord1768
ord3499
ord2515
ord355
ord2642
ord924
ord6741
ord6508
ord5861
ord2639
ord6921
ord551
ord4278
ord323
ord6767
ord2884
ord2862
ord2097
ord6008
ord4000
ord5608
ord3287
ord4125
ord4224
ord3303
ord4644
ord1771
ord6366
ord2413
ord2024
ord4217
ord2576
ord4397
ord3352
ord3577
ord692
ord5890
ord2937
ord3803
ord4219
ord2581
ord4401
ord3639
ord434
ord5575
ord2141
ord465
ord1656
ord1622
ord850
ord3733
ord810
ord4271
ord6270
ord3914
ord4724
ord4538
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord796
ord674
ord6876
ord529
ord366
ord2494
ord2627
ord2626
ord2117
ord6625
ord4457
ord4151
ord5252
ord2086
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3738
ord561
ord815
ord617
ord5301
ord5214
ord296
ord986
ord520
ord4159
ord6117
ord2621
ord1134
ord2725
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord2587
ord4406
ord3394
ord3729
ord4589
ord4588
ord4899
ord4370
ord4892
ord4533
ord5076
ord4340
ord4347
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord5281
ord3748
ord1725
ord2091
ord4432
ord804
ord5260
ord6785
ord5677
ord6696
ord1979
ord6385
ord5186
ord665
ord926
ord354
ord4400
ord3630
ord682
ord3706
ord5786
ord3370
ord6907
ord3998
ord6007
ord3286
ord5216
ord936
ord932
ord6453
ord3996
ord6905
ord501
ord773
ord1083
ord2919
ord3753
ord6403
ord3870
ord1841
ord364
ord784
ord4241
ord5037
ord4720
ord5782
ord3873
ord3876
ord2380
ord6119
ord5885
ord5882
ord398
ord700
ord955
ord4189
ord3021
ord913
ord5594
ord5632
ord3525
ord6093
ord4033
ord1640
ord1641
ord2713
ord640
ord3571
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord4218
ord2023
ord2411
ord3610
ord4407
ord2379
ord4275
ord6172
ord3089
ord5875
ord540
ord3874
ord800
ord4284
ord825
ord567
ord609

msvcrt

_mbstok
div
isdigit
strtod
free
_setmbcp
_CxxThrowException
_mbscmp
toupper
_mbsicmp
_ftol
__CxxFrameHandler
malloc
wcscpy
wcslen
memmove
_purecall
_access
atoi
atof
_CIpow
sprintf
rand
_mbsset
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
strtoul

kernel32

GetModuleHandleA
lstrcpynA
CreateFileA
CloseHandle
DeleteFileA
GetModuleFileNameA
CopyFileA
GetLastError
LocalFree
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetCPInfo
lstrlenW
lstrlenA
GetVersion
MulDiv
GlobalSize
GlobalLock
GlobalUnlock
GlobalReAlloc
GetVersionExA
GetCurrentThreadId
WideCharToMultiByte
GetModuleHandleW
GetProcAddress
LocalUnlock
LocalLock
LocalAlloc
LoadLibraryA
MoveFileExA
GetFileSize
FreeLibrary
GetSystemDirectoryA
GetStartupInfoA

user32

GetSubMenu
LoadImageA
FrameRect
CopyImage
MessageBoxA
LoadIconA
GetDlgItem
IsZoomed
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetWindowRgn
GetCapture
SetCapture
SetTimer
PtInRect
ClientToScreen
LoadCursorA
ReleaseCapture
KillTimer
DrawFrameControl
IsRectEmpty
GetDC
ReleaseDC
InvalidateRect
GetClientRect
ValidateRect
GetSysColorBrush
GetKeyState
GetSystemMetrics
GetWindowRect
GetWindow
EnableWindow
CopyRect
GetParent
SendMessageA
InflateRect
SetCursor
IsClipboardFormatAvailable
FillRect
IsWindow
GetClassInfoA
DefWindowProcA
SetWindowPos
TrackMouseEvent
IntersectRect
UpdateWindow
CallWindowProcA
GetForegroundWindow
GetWindowLongA
CallNextHookEx
EqualRect
IsWindowVisible
SetWindowLongA
UnhookWindowsHookEx
SetWindowsHookExA
GetMenuItemRect
OffsetRect
GetMenuStringA
CreateMenu
CreatePopupMenu
GetFocus
IsMenu
GetMenuItemCount
GetSystemMenu
SetRectEmpty
SetMenuItemInfoA
GetClassNameA
GetMenu
GetPropA
SetPropA
ModifyMenuA
AppendMenuA
wsprintfA
RemovePropA
SystemParametersInfoA
DrawStateA
DestroyIcon
LoadBitmapA
GetDesktopWindow
DrawIconEx
ShowScrollBar
GetCaretPos
TranslateMessage
DrawEdge
SetRect
ClipCursor
GetSysColor
InvertRect
GetMenuItemInfoA
GrayStringA
DrawTextA
TabbedTextOutA
GetCursorPos
WindowFromPoint
ScreenToClient
DispatchMessageA
PostMessageA

gdi32

GetPixel
SetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextExtentPoint32A
GetTextMetricsA
Ellipse
GetTextColor
CreateFontA
GetBkMode
GetTextExtentPoint32W
CreateDIBSection
PatBlt
StretchBlt
CreateRectRgnIndirect
SetRectRgn
OffsetRgn
CreateRectRgn
DPtoLP
GetCurrentObject
CreateFontIndirectA
DeleteObject
SetTextColor
CreateSolidBrush
GetObjectA
CreatePen
GetClipBox
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
SelectObject
GetDeviceCaps
Rectangle
GetStockObject

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegQueryValueExA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA

comctl32

ImageList_Draw
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_AddMasked

ole32

CLSIDFromString
CLSIDFromProgID
CoUninitialize
CoInitialize
CoCreateInstance
OleRun
OleUninitialize
OleInitialize

oleaut32

VariantChangeType
SysAllocString
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
SysFreeString
OleLoadPicturePath
GetErrorInfo
GetActiveObject

Sections

.text
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 932KB - Virtual size: 930KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
eTongTelBook/电话本相片/Thumbs.db
eTongTelBook/电话本相片/在线客服.jpg
.jpg

Sharing

General

Malware Config

Signatures

Files

14496bbc8e4192904971bbc7cc0378ac

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

Sections

.text Size: 252KB - Virtual size: 251KB

.rdata Size: 56KB - Virtual size: 53KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 932KB - Virtual size: 930KB

.text
Size: 252KB - Virtual size: 251KB

.rdata
Size: 56KB - Virtual size: 53KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 932KB - Virtual size: 930KB