657ce87ad5bbf9eb3e1703f08f9bd709

Sharing

Copy URL Twitter E-mail

General

Target

657ce87ad5bbf9eb3e1703f08f9bd709
Size

587KB
MD5

657ce87ad5bbf9eb3e1703f08f9bd709
SHA1

f5957304e92f5bca0f54adb71be3faeeeeaddbea
SHA256

4236e4e5cf193bd0fe655f03c02a4262bc5b82ad62fa5e288d3b73ca6767e34a
SHA512

b4621d57e6806015943a84eaa5810edc9631f81cdd25b4668fab04595ab922c2f22cdb5e4f989774c84db1c77ab2533b5986d55679cf476d8609db98b1dea65d
SSDEEP

12288:CyeS2JWKWJHZpAP06lF0LPvnNfAScjo4Iyj8392FUfJR8ktuJYyiTk:uS9bNnAILnNf0joEUQkmyTk

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RightMenuMgr1.21/Plugin/BYBLOS.dll
unpack001/RightMenuMgr1.21/Plugin/CONTEXTBG.dll
unpack001/RightMenuMgr1.21/Plugin/HashCheck.dll
unpack001/RightMenuMgr1.21/RightMenuMgr.exe

Files

657ce87ad5bbf9eb3e1703f08f9bd709
.rar
RightMenuMgr1.21/Plugin/BYBLOS.dll
.dll regsvr32 windows:4 windows x86 arch:x86

91b84849738393edd0f0abf9fe6db8d1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3571
ord1641
ord823
ord3626
ord2414
ord3663
ord640
ord2859
ord323
ord2725
ord6467
ord1131
ord561
ord3953
ord825
ord4622
ord3738
ord4424
ord3825
ord4080
ord3079
ord2976
ord3831
ord3830
ord3262
ord3081
ord2985
ord3259
ord3136
ord4465
ord5785
ord5714
ord4274
ord3147
ord2982
ord1640
ord2754
ord5307
ord2512
ord4698
ord5289
ord2554
ord4486
ord1243
ord4079
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord342
ord5731
ord815
ord1089
ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord5199
ord3922
ord6375
ord5302
ord5300
ord3346
ord2396

msvcrt

__CxxFrameHandler
memcpy
_purecall
_EH_prolog
??1type_info@@UAE@XZ
_initterm
free
malloc
realloc
memset
memcmp
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_adjust_fdiv

kernel32

lstrlenW
SizeofResource
LoadResource
GetModuleFileNameA
GetShortPathNameA
WideCharToMultiByte
InterlockedDecrement
EnterCriticalSection
MultiByteToWideChar
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
FreeLibrary
FindResourceA
InitializeCriticalSection
LoadLibraryExA
lstrcmpiA
GetLastError
IsDBCSLeadByte
HeapDestroy
lstrcpynA
LoadLibraryA
lstrcpyA
GetProcAddress
GetModuleHandleA
lstrcpynW
lstrcatA
LocalAlloc
LocalFree
lstrlenA

user32

CharNextA
InflateRect
InsertMenuItemA
InsertMenuA
CopyRect
GetSysColor
LoadBitmapA

gdi32

CreateCompatibleDC
StretchBlt
GetObjectA

advapi32

RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA

shell32

SHGetPathFromIDListA

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RightMenuMgr1.21/Plugin/CONTEXTBG.dll
.dll regsvr32 windows:4 windows x86 arch:x86

9f233623b870c4d02353b6a890e81024

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
OutputDebugStringW
lstrcpyA
LCMapStringW
LCMapStringA
MultiByteToWideChar
lstrlenA
GetStringTypeA
OutputDebugStringA
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetStringTypeW

user32

wsprintfA
LoadBitmapA
SetMenuInfo

gdi32

CreatePatternBrush
DeleteObject

ole32

StringFromIID
CoGetMalloc

shlwapi

SHDeleteKeyA
SHDeleteValueA
SHSetValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RightMenuMgr1.21/Plugin/HashCheck.dll
.dll regsvr32 windows:5 windows x86 arch:x86

44f70158c3bf087b74ef2386fc857c23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
WideCharToMultiByte
GetLongPathNameW
FindClose
FindNextFileW
FindFirstFileW
DeactivateActCtx
LocalUnlock
ActivateActCtx
GetTickCount
MulDiv
GetProcAddress
MultiByteToWideChar
GetSystemInfo
GetCurrentProcess
CreateActCtxW
Sleep
GetFileSizeEx
ReadFile
VirtualAlloc
VirtualFree
WaitForSingleObject
TerminateThread
SuspendThread
ResumeThread
CreateFileW
CloseHandle
GetModuleHandleA
GlobalLock
ReleaseActCtx
GlobalUnlock
GetSystemDirectoryW
GetFileAttributesW
CreateDirectoryW
CopyFileW
MoveFileExW
GetModuleFileNameW
GetVersion
DisableThreadLibraryCalls
LocalLock

user32

LoadIconW
MessageBoxW
GetWindowLongW
SetWindowLongW
EndDialog
GetDC
ReleaseDC
MapDialogRect
SendMessageW
SetTimer
DialogBoxParamW
SetWindowPos
ScreenToClient
GetWindowRect
GetClientRect
InvalidateRect
SendDlgItemMessageW
CallWindowProcW
PostMessageW
GetDlgItem
ShowWindow
EnableWindow
SetDlgItemTextW
LoadStringA
InsertMenuW
MessageBeep
LoadStringW
KillTimer

gdi32

GetDeviceCaps
CreateFontIndirectW
EnumFontsW
DeleteObject

comdlg32

GetSaveFileNameW
ChooseFontW

advapi32

A_SHAUpdate
A_SHAFinal
MD5Init
MD4Init
MD5Update
MD4Final
MD5Final
RegCloseKey
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
IsTextUnicode
MD4Update
A_SHAInit

shell32

DragQueryFileW
SHGetInstanceExplorer

ole32

ReleaseStgMedium

shlwapi

SHDeleteKeyW
StrCmpLogicalW
StrTrimW
StrStrIW
StrCmpNIW
StrRChrW
StrFormatKBSizeW
StrCmpIW
wnsprintfW

comctl32

CreatePropertySheetPageW
DestroyPropertySheetPage

uxtheme

IsAppThemed
SetWindowTheme

ntdll

RtlComputeCrc32

msvcrt

free
realloc
??3@YAXPAX@Z
??2@YAPAXI@Z
malloc
_beginthreadex

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
HashVerify_RunDLLW
ShowOptions_RunDLLW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RightMenuMgr1.21/RightMenuMgr.exe
.exe windows:5 windows x86 arch:x86

a61fc350e6651d1760bed5a22398e877

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExW

user32

LoadStringW

msimg32

AlphaBlend

gdi32

UnrealizeObject

version

VerQueryValueW

ole32

OleUninitialize

comctl32

InitializeFlatSB

shell32

SHFileOperationW

comdlg32

GetSaveFileNameW

winspool.drv

OpenPrinterW

Sections

.text
Size: 418KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RightMenuMgr1.21/RightMenuMgr.ini
RightMenuMgr1.21/新云软件.url
.url
RightMenuMgr1.21/说明.txt

Sharing

General

Malware Config

Signatures

Files

91b84849738393edd0f0abf9fe6db8d1

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 56KB - Virtual size: 55KB

.reloc Size: 4KB - Virtual size: 1KB

9f233623b870c4d02353b6a890e81024

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 216KB - Virtual size: 214KB

.reloc Size: 4KB - Virtual size: 1KB

44f70158c3bf087b74ef2386fc857c23

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

uxtheme

ntdll

msvcrt

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: - Virtual size: 20B

.rsrc Size: 62KB - Virtual size: 61KB

.reloc Size: 2KB - Virtual size: 1KB

a61fc350e6651d1760bed5a22398e877

Headers

File Characteristics

Imports

kernel32

oleaut32

advapi32

user32

msimg32

gdi32

version

ole32

comctl32

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 56KB - Virtual size: 55KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 216KB - Virtual size: 214KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: - Virtual size: 20B

.rsrc
Size: 62KB - Virtual size: 61KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 418KB - Virtual size: 1.5MB

.rsrc
Size: 42KB - Virtual size: 44KB