大漠综合工具[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

大漠综合工具.exe
Size

1.7MB
MD5

d112a56f129a70b4dd2f66c7dbcebe62
SHA1

19d33f127d61e85791359ef2ab86bcd70547a44c
SHA256

add6e6adf0f0f0b3484ac8a06405f49842cb30ed00fc1cd17715e6fd386c8be4
SHA512

0895e57d15727b7f12a1ba1e22cb2929900d6db712a9f914e9601e7c39d2a57b30566a0cb7ec91ca67fd76ff286f0e82689a291bf52acf9d62211fb1e8f957c3
SSDEEP

49152:Xo53Mpn3hDMTQqChDIPCqqdELEQpH+xHSgiXh6uPBO7TGJBDxIWG0RjM:Y53MpRoUTDIjXLEkHySdhtPygG01

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
大漠综合工具.exe

Files

大漠综合工具.exe
.exe windows:4 windows x86 arch:x86

f2c42794e5f6fcd5b9c09073b0c7bdfc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CopyFileW
GetLastError
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetProfileIntW
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
LocalFree
FormatMessageA
SetLastError
IsBadReadPtr
GlobalFree
CreateFileA
InterlockedExchange
GetStartupInfoW
LoadLibraryExW
GetModuleHandleA
WriteFile
IsBadWritePtr
VirtualQuery
FormatMessageW
CreateFileW
SetFilePointer
CloseHandle
SetUnhandledExceptionFilter
GetModuleFileNameW
lstrcatW
lstrlenW
WinExec
lstrcpyW
FindResourceW
SizeofResource
LoadResource
LockResource
GetTickCount
GetModuleHandleW
GetProcAddress
lstrcpynW
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
MultiByteToWideChar
WideCharToMultiByte
MulDiv
GetVersionExW
GetModuleFileNameA

user32

ShowCursor
KillTimer
GetCursorPos
SetCursorPos
RedrawWindow
IsRectEmpty
SetCursor
IsWindow
ScreenToClient
GetAsyncKeyState
InvalidateRect
GetWindowRect
ClientToScreen
PtInRect
IsIconic
GetClientRect
DrawIcon
GetDesktopWindow
GetWindowDC
ReleaseDC
SendMessageW
SetForegroundWindow
EnableWindow
SetRectEmpty
LoadCursorW
GetSystemMetrics
GetDC
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
PostMessageW
GetParent
SetWindowPos
LoadStringW
GetDlgCtrlID
CreateWindowExW
RegisterClassExW
DefWindowProcW
IsWindowVisible
SetTimer
EndPaint
BeginPaint
DrawTextW
GetSysColor
MessageBeep
SetCapture
ReleaseCapture
SetWindowLongW
InflateRect
HideCaret
wvsprintfW
DrawFocusRect
DrawFrameControl
GetFocus
FillRect
OffsetRect
IsChild
GetSubMenu
LoadMenuW
GetClassNameW
GetWindow
WindowFromPoint
EqualRect
GetForegroundWindow
LoadImageW
ShowWindow
GetWindowLongW
RegisterHotKey
UnregisterHotKey
GetNextDlgGroupItem
DispatchMessageW
GetMessageW
GetDCEx
UpdateWindow
GetCapture
GetWindowTextW
GetIconInfo
GetKeyState
MessageBoxW
SetScrollRange
SetScrollPos
PostQuitMessage
LoadIconW
GetScrollPos
SetRect

gdi32

GetObjectW
DeleteDC
SelectObject
CreateCompatibleBitmap
GetDIBits
SetDIBits
LineDDA
SetPixelV
CreatePen
Rectangle
EnumFontFamiliesExW
CreateFontIndirectW
GetStockObject
CreateCompatibleDC
SetTextColor
SetBkMode
DeleteObject
CreateSolidBrush
GetBkColor
SetROP2
CreatePatternBrush
CreateBitmap
PatBlt
UnrealizeObject
RealizePalette
SelectPalette
BitBlt
GetPixel
GetTextExtentPoint32W
GetDeviceCaps

advapi32

RegQueryValueW
RegCloseKey
RegOpenKeyExW

shell32

DragFinish
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
DragQueryFileW

mfc42u

ord3389
ord4400
ord2579
ord3634
ord4395
ord2573
ord4214
ord2016
ord2405
ord6362
ord1764
ord2717
ord5296
ord1131
ord1202
ord804
ord692
ord790
ord815
ord561
ord3733
ord4616
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord472
ord2372
ord4282
ord3084
ord609
ord3569
ord4390
ord2567
ord2745
ord2235
ord4474
ord927
ord1197
ord3724
ord3711
ord6777
ord4215
ord2576
ord3649
ord2430
ord6266
ord2858
ord1637
ord925
ord6770
ord2755
ord6868
ord3785
ord5706
ord5436
ord6379
ord5446
ord6390
ord1263
ord1562
ord1193
ord6115
ord4312
ord6190
ord1563
ord1194
ord1808
ord5857
ord4124
ord6874
ord6139
ord6107
ord3871
ord795
ord3716
ord5261
ord4992
ord2506
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4419
ord3592
ord641
ord1143
ord1165
ord324
ord825
ord2855
ord2406
ord2294
ord4229
ord535
ord800
ord940
ord537
ord860
ord540
ord4294
ord4279
ord6193
ord6376
ord4704
ord2371
ord755
ord470
ord4370
ord613
ord2637
ord289
ord6597
ord4470
ord640
ord2397
ord5781
ord1633
ord323
ord5276
ord6051
ord1768
ord4418
ord3605
ord567
ord656
ord4270
ord6195
ord5286
ord4847
ord861
ord2362
ord538
ord6237
ord3397
ord3706
ord783
ord807
ord6871
ord3087
ord6211
ord2078
ord4219
ord5977
ord3566
ord3621
ord3658
ord2746
ord1634
ord2634
ord4688
ord3747
ord5142
ord2810
ord6330
ord823
ord2854
ord3688
ord4128
ord4292
ord5784
ord942
ord2281
ord2293
ord858
ord5568
ord2910
ord801
ord541
ord4273
ord6654
ord6279
ord6278
ord2756
ord6865
ord4197
ord2350
ord2290
ord3870
ord6451
ord3447
ord2507
ord355
ord3798
ord668
ord1972
ord3173
ord3176
ord4053
ord2773
ord2762
ord356
ord2859
ord554
ord5880
ord2004
ord5651
ord4158
ord6617
ord956
ord3559
ord2916
ord3284
ord2286
ord2354
ord1172
ord941
ord5871
ord6168
ord5783
ord283
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord616
ord3614
ord5785
ord3494
ord1569

msvcrt

_strupr
swprintf
_controlfp
_onexit
__dllonexit
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
memmove
_mbsstr
time
vsprintf
fopen
_itoa
strrchr
_wtoi
floor
atof
fprintf
strncpy
atol
fseek
ftell
fread
wcscat
strncmp
sscanf
_wsplitpath
_except_handler3
_wcsdup
wcsrchr
wcsstr
fwrite
_wfopen
wcscpy
wcslen
fclose
srand
rand
sprintf
wcscmp
_ftol
swscanf
malloc
free
strstr
__CxxFrameHandler

msvcp60

?_Xran@std@@YAXXZ
?_Xlen@std@@YAXXZ

Sections

L"mOBu\Z
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

G'\0&?#f
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

D@qAN,e(
Size: 4KB - Virtual size: 122.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lGe`d8bd
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

#I't^Vuc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2c42794e5f6fcd5b9c09073b0c7bdfc

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

mfc42u

msvcrt

msvcp60

Sections

L"mOBu\Z Size: 260KB - Virtual size: 257KB

G'\0&?#f Size: 52KB - Virtual size: 49KB

D@qAN,e( Size: 4KB - Virtual size: 122.6MB

lGe`d8bd Size: 1.3MB - Virtual size: 1.3MB

#I't^Vuc Size: 100KB - Virtual size: 99KB

L"mOBu\Z
Size: 260KB - Virtual size: 257KB

G'\0&?#f
Size: 52KB - Virtual size: 49KB

D@qAN,e(
Size: 4KB - Virtual size: 122.6MB

lGe`d8bd
Size: 1.3MB - Virtual size: 1.3MB

#I't^Vuc
Size: 100KB - Virtual size: 99KB