5bb16294a32af144bddfb86ee4f1726a

Sharing

Copy URL Twitter E-mail

General

Target

5bb16294a32af144bddfb86ee4f1726a
Size

18.9MB
MD5

5bb16294a32af144bddfb86ee4f1726a
SHA1

954008eebdc114c50d48aca4de10e3e26b9b7554
SHA256

7d7946a5c4a9661c80686073403604e5153b0232e6c56b0a81c7a920eab7ef5d
SHA512

e50775b6db4026b2b733c6fdc638157bd138a90cc28d19f5253295965672135eca35e683fb13c61e95d92d44564cbedee0a8475355193ef478e4b9c538f715b1
SSDEEP

393216:g0ux8O9yBwKvbxDeRWvKD640s2R7Rq0o/OI1zdyM672:e93Ktq12+0B/MS2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup.exe

Files

5bb16294a32af144bddfb86ee4f1726a
.rar
Setup.exe
.exe windows:4 windows x86 arch:x86

8dcee093c360128f859c7cd3e13a1ac4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerInstallFileA

kernel32

AddAtomA
HeapDestroy
GetModuleHandleA
GetStartupInfoA
HeapCreate
ExitProcess
lstrcpyA
GetCommandLineA
HeapAlloc
HeapFree
LockResource
LoadResource
FindResourceA
FindResourceExA
RemoveDirectoryA
LocalFree
FormatMessageA
InterlockedDecrement
SetEvent
OpenEventA
CopyFileA
GetTempFileNameA
GetTempPathA
WaitForSingleObject
SetFileAttributesA
GetLastError
GetShortPathNameA
GetWindowsDirectoryA
GetFileAttributesA
CreateDirectoryA
SetLastError
lstrlenA
CompareStringA
GetPrivateProfileStringA
GetVersionExA
GlobalLock
GlobalAlloc
GetUserDefaultLangID
GetModuleFileNameA
RtlUnwind
GetAtomNameA
DeleteFileA
Sleep
CloseHandle
lstrlenW
WideCharToMultiByte
GlobalUnlock
GlobalFree
MultiByteToWideChar
GetPrivateProfileIntA
CreateProcessA
CreateFileA
SetErrorMode
CompareStringW

user32

TranslateMessage
PeekMessageA
GetWindowLongA
EndDialog
GetDlgItem
SendMessageA
SetWindowLongA
DispatchMessageA
IsDialogMessageA
CreateDialogIndirectParamA
SetDlgItemTextA
GetDesktopWindow
GetClientRect
GetWindowRect
MoveWindow
CharNextA
CharUpperA
wsprintfA
ReleaseDC
LoadImageA
GetDC
EndPaint
CreateDialogParamA
BeginPaint
DialogBoxIndirectParamA
MessageBoxA
DestroyWindow
CharLowerA

gdi32

DeleteDC
SelectObject
RealizePalette
SelectPalette
UnrealizeObject
CreateCompatibleDC
GetObjectA
GetDeviceCaps
CreateHalftonePalette
CreatePalette
GetSystemPaletteEntries
GetDIBColorTable
BitBlt

advapi32

RegOpenKeyExA
RegCloseKey
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegQueryValueExA

ole32

CoCreateInstance
CoFreeAllLibraries
CoInitialize
CoUninitialize

oleaut32

SysAllocStringLen
SysStringLen
SysFreeString
SafeArrayGetLBound
VariantClear
SafeArrayGetElement
SysAllocString
SafeArrayGetUBound

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gda
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Setup.ini
Setup.inx
data1.cab
data1.hdr
data2.cab
ikernel.ex_
layout.bin
setup.bmp
vssver.scc
下载说明.htm
.html .js polyglot
安装指南.doc
.doc windows office2003

Sharing

General

Malware Config

Signatures

Files

8dcee093c360128f859c7cd3e13a1ac4

Headers

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 18KB - Virtual size: 18KB

.gda Size: - Virtual size: 4KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 18KB - Virtual size: 18KB

.gda
Size: - Virtual size: 4KB