1c09ad9e99a3822253e48fced147be093975499c37b43098018cf0654cc38e21

Sharing

Copy URL Twitter E-mail

General

Target

1c09ad9e99a3822253e48fced147be093975499c37b43098018cf0654cc38e21
Size

3.3MB
MD5

d84057a327eacc8fa6f825150fa77d68
SHA1

08d2e2d0e1d571479b073635869b0d81064cdcb6
SHA256

1c09ad9e99a3822253e48fced147be093975499c37b43098018cf0654cc38e21
SHA512

f7be7c2a2e6703844bf5289fb5d2aab02ec90901d4cdf3f66fa1e750d976c381be95acc71067b460dde1fe2592028a0a4085497f74be336b5fc71c01dce9002b
SSDEEP

98304:tACZpo6Ea6I4K2vIT2WAl21JeOJhwaaeoVp:O6CIT2WPJpOH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/注册表清理--win[全平台：一个不正经的建筑师]/注册表清理.exe

Files

1c09ad9e99a3822253e48fced147be093975499c37b43098018cf0654cc38e21
.zip
注册表清理--win[全平台：一个不正经的建筑师]/B站号，目前开直播在B站每晚七点半.png
.png
注册表清理--win[全平台：一个不正经的建筑师]/关注微信公众号，获取更多实用软件，持续更新.jpg
.jpg
注册表清理--win[全平台：一个不正经的建筑师]/安装前必读.txt
注册表清理--win[全平台：一个不正经的建筑师]/微信号及QQ号，QQ留言你需要的软件我会帮你找.jpg
.jpg
注册表清理--win[全平台：一个不正经的建筑师]/抖音号.jpg
.jpg
注册表清理--win[全平台：一个不正经的建筑师]/注册表清理.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

madTraceProcess

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 155KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 580B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.enigma1
Size: 136KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
注册表清理--win[全平台：一个不正经的建筑师]/视频号.jpg
.jpg

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.itext Size: 9KB - Virtual size: 8KB

.data Size: 84KB - Virtual size: 84KB

.bss Size: - Virtual size: 155KB

.idata Size: 20KB - Virtual size: 20KB

.edata Size: 512B - Virtual size: 85B

.tls Size: - Virtual size: 580B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 146KB - Virtual size: 145KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.enigma1 Size: 136KB - Virtual size: 4KB

.enigma2 Size: 256KB - Virtual size: 256KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.itext
Size: 9KB - Virtual size: 8KB

.data
Size: 84KB - Virtual size: 84KB

.bss
Size: - Virtual size: 155KB

.idata
Size: 20KB - Virtual size: 20KB

.edata
Size: 512B - Virtual size: 85B

.tls
Size: - Virtual size: 580B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 146KB - Virtual size: 145KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.enigma1
Size: 136KB - Virtual size: 4KB

.enigma2
Size: 256KB - Virtual size: 256KB