4970c19915c1104ad969176e786c6e68

General

Target

4970c19915c1104ad969176e786c6e68
Size

4.7MB
MD5

4970c19915c1104ad969176e786c6e68
SHA1

cf6c8c33518695a5124a672c9e72a53377035fc3
SHA256

06e0fd732f1c2ef20decd79b017aae6db4ba42386e8886a65ef848fa393fb815
SHA512

b344c98e72d345c685df00012f1ed6c21404ae6bfeb355041f879c21471e88bad37ef5d74ac31628e5aaafda139b31a5ab835825a09739ad26205cbbd5113ba3
SSDEEP

98304:PxweY9Em144uV+5A6M7lCPuudGdGsgDbB4DUv7b2STzVzERY2BO4:PxBYywBuU5hM8GoB4DUzb2STzVzaO4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/keymaker.exe

Files

4970c19915c1104ad969176e786c6e68
.rar
155绿色软件站.url
.url
3DGugleProENG.msi
.msi
keymaker.exe
.exe windows:5 windows x86 arch:x86

720f62ecaae027b5c3ec6686644322e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
GetLastError
IsBadReadPtr
VirtualProtect
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrlenW
GetModuleFileNameW
GetModuleFileNameA
LoadLibraryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
Module32Next
CloseHandle
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
CreateFileA
CreateFileW
GetModuleHandleW
VirtualAlloc
VirtualFree
HeapFree
GetProcessHeap
FreeLibrary
HeapAlloc
HeapReAlloc
GetCommandLineA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapCreate
Sleep
ExitProcess
WriteFile
GetStdHandle
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
FlushFileBuffers
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetEndOfFile

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

720f62ecaae027b5c3ec6686644322e9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 102KB - Virtual size: 101KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 4KB - Virtual size: 13KB

.rsrc Size: 145KB - Virtual size: 144KB

.text
Size: 102KB - Virtual size: 101KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 145KB - Virtual size: 144KB