437780326a82ce71bfddbae4a4ada555

Sharing

Copy URL Twitter E-mail

General

Target

437780326a82ce71bfddbae4a4ada555
Size

1.5MB
MD5

437780326a82ce71bfddbae4a4ada555
SHA1

0ef4eedf696d487dc7fe8f076d8221fdd0d1c46a
SHA256

7b0378ed3a910668c240f197b51dda74ca7aa8b21a1104e0bb67d3dd487934a8
SHA512

1415e86f18f290fc18fb60ff0a3f8be8e2eeef67c784837512fd267e5063b451e277340e4ec96f46a019aad9a003ff17ac25a906b54d493ae004fcf908d30217
SSDEEP

24576:juCbShLsYUFFyUnLawFyNyDdwUZpZH3Z6AIkL/+6tOl/iNM5ZbY9IZIIp9CvZq13:jfbULBWvyM1HZDII/UMGd9Nt

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/xplorer2_UC/x2SettingsEditor.exe
unpack001/xplorer2_UC/xplorer2_UC.exe

Files

437780326a82ce71bfddbae4a4ada555
.rar
xplorer2_UC/changes.txt
xplorer2_UC/licence.txt
xplorer2_UC/registry.txt
xplorer2_UC/snap/accel.png
.png
xplorer2_UC/snap/altK.png
.png
xplorer2_UC/snap/args.png
.png
xplorer2_UC/snap/attrib.png
.png
xplorer2_UC/snap/axpre.png
.png
xplorer2_UC/snap/batch.png
.png
xplorer2_UC/snap/ccf.png
.png
xplorer2_UC/snap/ckat.png
.png
xplorer2_UC/snap/consol.png
.png
xplorer2_UC/snap/copyto.png
.png
xplorer2_UC/snap/drivebar.gif
.gif
xplorer2_UC/snap/dupe.png
.png
xplorer2_UC/snap/epud.png
.png
xplorer2_UC/snap/find.png
.png
xplorer2_UC/snap/grep.png
.png
xplorer2_UC/snap/hiera.gif
.gif
xplorer2_UC/snap/katx.png
.png
xplorer2_UC/snap/licer.png
.png
xplorer2_UC/snap/maex.png
.png
xplorer2_UC/snap/mainfr.png
.png
xplorer2_UC/snap/make.png
.png
xplorer2_UC/snap/next.gif
.gif
xplorer2_UC/snap/ordef.png
.png
xplorer2_UC/snap/org.png
.png
xplorer2_UC/snap/play.gif
.gif
xplorer2_UC/snap/prev.gif
.gif
xplorer2_UC/snap/rdel.png
.png
xplorer2_UC/snap/regi.png
.png
xplorer2_UC/snap/rule.png
.png
xplorer2_UC/snap/skrap.png
.png
xplorer2_UC/snap/split.png
.png
xplorer2_UC/snap/sync.png
.png
xplorer2_UC/snap/syncres.png
.png
xplorer2_UC/snap/titlebar.gif
.gif
xplorer2_UC/snap/tno.gif
.gif
xplorer2_UC/snap/trops.png
.png
xplorer2_UC/snap/tyep.gif
.gif
xplorer2_UC/snap/uncas.png
.png
xplorer2_UC/snap/up.gif
.gif
xplorer2_UC/x2SettingsEditor.exe
.exe windows:4 windows x86 arch:x86

31670b89af95ef0f708d0239df305f18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

mfc42

ord6374
ord4353
ord5287
ord3798
ord4835
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord768
ord489
ord2302
ord4258
ord4710
ord1929
ord5290
ord3402
ord3721
ord6055
ord1776
ord4837
ord4424
ord3619
ord809
ord795
ord556
ord567
ord3626
ord2414
ord1641
ord4275
ord6358
ord1146
ord1088
ord2122
ord3573
ord3693
ord4133
ord4297
ord5788
ord4299
ord6880
ord2864
ord3873
ord3876
ord5787
ord5875
ord3089
ord3797
ord6605
ord2379
ord4284
ord4123
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord537
ord535
ord2513
ord293
ord4277
ord4129
ord2763
ord4376
ord4853
ord5280
ord3597
ord324
ord2370
ord4234
ord6282
ord3742
ord6028
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord6383
ord3738
ord815
ord561
ord2825
ord924
ord923
ord941
ord3953
ord2621
ord771
ord5953
ord3874
ord6241
ord5572
ord2915
ord1690
ord5288
ord4439
ord5163
ord4431
ord3700
ord496
ord1168
ord1008
ord4259
ord6199
ord5849
ord3475
ord2863
ord4715
ord5056
ord1742
ord2882
ord3092
ord1231
ord2528
ord2860
ord3571
ord818
ord6442
ord1233
ord1270
ord1232
ord640
ord5785
ord1640
ord323
ord5981
ord2566
ord2754
ord1871
ord3706
ord5781
ord4083
ord940
ord939
ord3701
ord500
ord772
ord6142
ord5860
ord922
ord2567
ord2380
ord472
ord2089
ord2859
ord6197
ord2094
ord6919
ord6613
ord2452
ord2450
ord816
ord1576
ord6215
ord1175
ord3754
ord3752
ord6128
ord6129
ord1816
ord5148
ord3610
ord656
ord6453
ord6379
ord3810
ord6672
ord2113
ord3546
ord4694
ord3596
ord6194
ord3631
ord683
ord3226
ord4287
ord6741
ord6508
ord6766
ord3019
ord2516
ord361
ord3719
ord793
ord2114
ord3920
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord2152
ord3803
ord3732
ord4270
ord3716
ord790
ord4124
ord5440
ord2107
ord2841
ord6394
ord5450
ord355
ord2515
ord3499
ord641
ord2818
ord540
ord4160
ord538
ord858
ord800
ord860
ord3663
ord5678
ord755
ord470
ord5864
ord6061
ord5571
ord5579
ord5736
ord5794
ord5789
ord5873
ord6172
ord6021
ord6189
ord4330
ord6186
ord5756
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4854
ord4377
ord5265
ord4358
ord4948
ord4976
ord4742
ord4905
ord5160
ord5162
ord5161
ord2054
ord1907
ord6192
ord5759
ord2971
ord1899
ord823
ord825
ord4622
ord562

msvcrt

isdigit
_setmbcp
__CxxFrameHandler
__set_app_type
memset
strlen
_mbsnbcpy
_purecall
memcpy
_mbsicmp
__p___argc
_mbscmp
sscanf
malloc
free
memmove
_ftol
_controlfp
atoi
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode

kernel32

GetModuleHandleA
GetCurrentThreadId
GetTimeFormatA
GetDateFormatA
EnumTimeFormatsA
EnumDateFormatsA
GetProcAddress
FreeLibrary
LoadLibraryA
FindResourceA
FindFirstFileA
GetVersionExA
lstrcpynA
GetModuleFileNameA
lstrcpyA
Sleep
GlobalAlloc
GlobalFree
GetStartupInfoA

user32

mouse_event
ClientToScreen
GetMonitorInfoA
MonitorFromPoint
keybd_event
GetWindowLongA
FrameRect
DrawFrameControl
GetKeyNameTextA
MapVirtualKeyA
CloseClipboard
GetClipboardData
OpenClipboard
PeekMessageA
DrawFocusRect
GetDesktopWindow
TranslateMessage
SetCaretPos
SetParent
SetWindowsHookExA
CallNextHookEx
GetScrollInfo
UnhookWindowsHookEx
DestroyIcon
EnableWindow
GetFocus
MessageBoxA
GrayStringA
DrawTextA
TabbedTextOutA
GetClientRect
SystemParametersInfoA
PostMessageA
UpdateWindow
GetKeyState
ShowScrollBar
EnableScrollBar
IsWindowVisible
RedrawWindow
RegisterWindowMessageA
OffsetRect
CopyRect
IsChild
ScreenToClient
GetClassInfoA
DefWindowProcA
LoadBitmapA
SetWindowPos
BeginDeferWindowPos
DeferWindowPos
GetWindow
EndDeferWindowPos
IsWindowEnabled
IsIconic
GetSystemMetrics
DrawIcon
GetSystemMenu
AppendMenuA
LoadIconA
FindWindowA
SetCapture
ReleaseCapture
KillTimer
MapWindowPoints
GetCursorPos
PtInRect
WindowFromPoint
SetTimer
SetCursor
ShowCursor
TrackMouseEvent
InvalidateRect
GetDC
CreateIconIndirect
ReleaseDC
GetIconInfo
GetSysColorBrush
FillRect
GetWindowRect
GetParent
InflateRect
DrawIconEx
IsWindow
SendMessageA
LoadImageA
GetSysColor
DispatchMessageA
LoadCursorA

gdi32

Rectangle
CreatePen
GetTextExtentPoint32A
CreateSolidBrush
SetDIBits
CreateFontIndirectA
GetObjectA
GetBkColor
CreateBitmap
CreateRectRgnIndirect
GetTextMetricsA
GetTextColor
GetDeviceCaps
GetStockObject
CreateFontA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetBoundsRect
BitBlt
DeleteObject
DeleteDC
CreateCompatibleDC
GetDIBits
SelectObject
CreateCompatibleBitmap

advapi32

RegEnumValueA
RegCreateKeyExA
RegCloseKey
RegQueryInfoKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA

shell32

ShellExecuteA

comctl32

ImageList_Draw
InitCommonControlsEx
ord17

msvcp60

?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Xlen@std@@YAXXZ

Sections

.text
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xplorer2_UC/x2help.css
xplorer2_UC/x2help.htm
.html
xplorer2_UC/x2tips.txt
xplorer2_UC/xplorer2_UC.exe
.exe windows:4 windows x86 arch:x86

e80a1a2ab5e5ea4f556e0f9b9c2ea4ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

advapi32

RegCloseKey

comctl32

_TrackMouseEvent

gdi32

Polygon

mpr

WNetGetUniversalNameW

msvcrt

_wtoi64

oleaut32

VariantTimeToDosDateTime

shell32

SHAppBarMessage

user32

PostQuitMessage

version

GetFileVersionInfoW

comdlg32

ChooseColorW

ole32

RegisterDragDrop

Sections

.text
Size: 1.0MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
xplorer2_UC/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

31670b89af95ef0f708d0239df305f18

Headers

File Characteristics

Imports

version

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

msvcp60

Sections

.text Size: 190KB - Virtual size: 190KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 2KB - Virtual size: 11KB

.rsrc Size: 22KB - Virtual size: 22KB

e80a1a2ab5e5ea4f556e0f9b9c2ea4ef

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

gdi32

mpr

msvcrt

oleaut32

shell32

user32

version

comdlg32

ole32

Sections

.text Size: 1.0MB - Virtual size: 2.4MB

.rsrc Size: 22KB - Virtual size: 24KB

.text
Size: 190KB - Virtual size: 190KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 2KB - Virtual size: 11KB

.rsrc
Size: 22KB - Virtual size: 22KB

.text
Size: 1.0MB - Virtual size: 2.4MB

.rsrc
Size: 22KB - Virtual size: 24KB