26fd33ae77b2c6f19055a635a0882cc14effcbe35c0a69ce6e18cb36f6996dab

Sharing

Copy URL Twitter E-mail

General

Target

26fd33ae77b2c6f19055a635a0882cc14effcbe35c0a69ce6e18cb36f6996dab
Size

1.4MB
MD5

baac5031293f9b7f10ef356a29db1906
SHA1

81fae073f0ed6d30de94b503044b591231dee28f
SHA256

26fd33ae77b2c6f19055a635a0882cc14effcbe35c0a69ce6e18cb36f6996dab
SHA512

403eb77af71433a750c2411ff88c3b3455f8487118b2fcc6d984a25c920d6212ec6361cad834e74f0c5892937d1de9e4c678cc1a883a79ba440fd754f5043bd7
SSDEEP

24576:Aez+Beygttxs4B1nWPc2l7WsehnblTONg7k3LAnWfMwaVQFRXyIPN:l+Beygttl1Wko5ehblTOACLM5wzPN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/【网络中心】广西号百智慧管理系统操作手册/__MACOSX/.PDF/._广西号百智慧管理系统操作手册.pdf

Files

26fd33ae77b2c6f19055a635a0882cc14effcbe35c0a69ce6e18cb36f6996dab
.zip
systemInstructions/ġŰǻ۹ϵͳֲ.rar
.rar
【网络中心】广西号百智慧管理系统操作手册/__MACOSX/.PDF/._广西号百智慧管理系统操作手册.pdf
.exe windows:4 windows x64 arch:x64

e59dd728323261f0004c3728ecd83df8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

GetTokenInformation
OpenProcessToken

kernel32

AddVectoredExceptionHandler
CloseHandle
CopyFileA
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileMappingA
CreateProcessA
CreateSemaphoreA
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteProcThreadAttributeList
DuplicateHandle
EnterCriticalSection
ExpandEnvironmentStringsA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileAttributesA
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetProcessAffinityMask
GetProcessHeap
GetStartupInfoA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
GlobalMemoryStatusEx
HeapAlloc
InitializeCriticalSection
InitializeProcThreadAttributeList
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LocalFree
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
Process32First
Process32Next
ProcessIdToSessionId
QueryPerformanceCounter
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetCurrentDirectoryA
SetEvent
SetFileAttributesA
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
UpdateProcThreadAttribute
VirtualAlloc
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_exit
_fdopen
_filelengthi64
_fileno
_findclose
_findfirst64
_fileno
_findnext64
_fmode
_fstat64
_fullpath
_initterm
_lock
_lseeki64
_onexit
_read
_setjmp
_snwprintf
_stat64
_strdup
_stricmp
_strnicmp
_ultoa
_unlock
_utime
_time64
_write
_write
abort
atoi
calloc
exit
fclose
fflush
fgetpos
fopen
fopen_s
fprintf
fputc
fputs
fread
free
freopen_s
fsetpos
fwprintf
fwrite
getc
getwc
isspace
iswctype
localeconv
localtime
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
mktime
printf
putc
putwc
raise
realloc
remove
setlocale
setvbuf
signal
sprintf
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strrchr
strtok
strtoul
strxfrm
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcscpy
wcsftime
wcslen
wcsxfrm

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

user32

MessageBoxW

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetTimeouts

Sections

.text
Size: 975KB - Virtual size: 975KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
【网络中心】广西号百智慧管理系统操作手册/__MACOSX/.PDF/DS_Store.bat
【网络中心】广西号百智慧管理系统操作手册/广西号百智慧管理系统操作手册.pdf
.pdf
【网络中心】广西号百智慧管理系统操作手册/广西号百智慧管理系统操作手册.pdf.lnk
.lnk

Sharing

General

Malware Config

Signatures

Files

e59dd728323261f0004c3728ecd83df8

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

ole32

oleaut32

user32

winhttp

Sections

.text Size: 975KB - Virtual size: 975KB

.data Size: 12KB - Virtual size: 12KB

.rdata Size: 64KB - Virtual size: 63KB

.pdata Size: 47KB - Virtual size: 46KB

.xdata Size: 54KB - Virtual size: 54KB

.bss Size: - Virtual size: 6KB

.idata Size: 8KB - Virtual size: 7KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

/4 Size: 512B - Virtual size: 176B

/19 Size: 32KB - Virtual size: 32KB

/31 Size: 3KB - Virtual size: 2KB

/45 Size: 5KB - Virtual size: 4KB

/57 Size: 1KB - Virtual size: 1KB

/70 Size: 512B - Virtual size: 452B

/81 Size: 9KB - Virtual size: 8KB

/92 Size: 2KB - Virtual size: 2KB

.text
Size: 975KB - Virtual size: 975KB

.data
Size: 12KB - Virtual size: 12KB

.rdata
Size: 64KB - Virtual size: 63KB

.pdata
Size: 47KB - Virtual size: 46KB

.xdata
Size: 54KB - Virtual size: 54KB

.bss
Size: - Virtual size: 6KB

.idata
Size: 8KB - Virtual size: 7KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

/4
Size: 512B - Virtual size: 176B

/19
Size: 32KB - Virtual size: 32KB

/31
Size: 3KB - Virtual size: 2KB

/45
Size: 5KB - Virtual size: 4KB

/57
Size: 1KB - Virtual size: 1KB

/70
Size: 512B - Virtual size: 452B

/81
Size: 9KB - Virtual size: 8KB

/92
Size: 2KB - Virtual size: 2KB