4ff69eab837bdfe5064b44f7a2d255bd

Sharing

Copy URL Twitter E-mail

General

Target

4ff69eab837bdfe5064b44f7a2d255bd
Size

1.6MB
MD5

4ff69eab837bdfe5064b44f7a2d255bd
SHA1

561ee9d313745d975d1ee9cd3f10317aaf7c3508
SHA256

3321bae57817a848cb01851bfba3020813188e3c6173151d88ef415b3e3507aa
SHA512

40b66642a005935e373fc1be5a46070854e40b51968656c8c936c5969c1291f281192206c7122b27cb796a3b2df3a3c13998d2036764526c418ced57d09fa557
SSDEEP

49152:9Zl1H9Q28dG8/V6n54IjFK9n5tgIF9agV:Ddz8RV65RkVEi0gV

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/家庭帐本/CUpdateTool.exe
unpack001/家庭帐本/家庭帐本.exe

Files

4ff69eab837bdfe5064b44f7a2d255bd
.rar
家庭帐本/AccountBookx.accx
家庭帐本/CUpdateTool.exe
.exe windows:4 windows x86 arch:x86

df017dd74706a2b5764cb54b22565341

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord5651
ord3127
ord3616
ord3663
ord798
ord641
ord609
ord765
ord2514
ord1997
ord1200
ord5194
ord350
ord533
ord924
ord800
ord858
ord4129
ord2764
ord860
ord540
ord2621
ord1134
ord5265
ord4376
ord3922
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord3698
ord2575
ord6055
ord1776
ord4396
ord5290
ord3402
ord3574
ord1146
ord1168
ord567
ord2302
ord2642
ord4160
ord2863
ord2379
ord755
ord470
ord1105
ord3511
ord3318
ord922
ord5710
ord5683
ord5465
ord3089
ord4476
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4853
ord4673
ord1576

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
_setmbcp
exit
_initterm
__CxxFrameHandler

kernel32

GetStartupInfoA
GetModuleHandleA
WinExec
GetModuleFileNameA
Sleep

user32

GetSystemMenu
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
InvalidateRect
KillTimer
EnableWindow
AppendMenuA
SetTimer
LoadIconA
SendMessageA

gdi32

CreateSolidBrush

urlmon

URLDownloadToFileA

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
家庭帐本/Data.bak
家庭帐本/NewBookx.newa
家庭帐本/budget.ini
家庭帐本/set.ini
家庭帐本/user/168.ini
家庭帐本/user/169.ini
家庭帐本/家庭帐本.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
家庭帐本/家庭帐本帮助.CHM
.chm
家庭帐本/破解版使用说明.txt

Sharing

General

Malware Config

Signatures

Files

df017dd74706a2b5764cb54b22565341

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

urlmon

Sections

.text Size: 8KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 476B

.rsrc Size: 56KB - Virtual size: 53KB

Headers

File Characteristics

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.aspack Size: 108KB - Virtual size: 108KB

.adata Size: 4KB - Virtual size: 4KB

.mackt Size: 4KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 476B

.rsrc
Size: 56KB - Virtual size: 53KB

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.aspack
Size: 108KB - Virtual size: 108KB

.adata
Size: 4KB - Virtual size: 4KB

.mackt
Size: 4KB - Virtual size: 4KB