66a288dfdff14491a5a560ff59d09d35

Sharing

Copy URL Twitter E-mail

General

Target

66a288dfdff14491a5a560ff59d09d35
Size

557KB
MD5

66a288dfdff14491a5a560ff59d09d35
SHA1

c29cd87cd73297c114fe71a7c0dbbc1d2894b26d
SHA256

d7b57a8bb5839282ab0b867401376096c41c9df8daacbab0a683b40a263ec022
SHA512

c8cb8fd6ff3f223a87f6ad467c85ba9f2c6ca329b2e1ebedc545d1ec8d22ec81a47d0967339c3a15c4b2ea34403aaafb1d9ff4ed452b9158277953d028b1e0b5
SSDEEP

12288:13iwi32Y+u7fL0U1946saS2OwfPlZ34lQcHefn/wLYCSox5m5AIDkgu:u9L0U1WYSSnlZIlQ4Kn/lCQ5tY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/改名专家2006/改名专家2.06.exe

Files

66a288dfdff14491a5a560ff59d09d35
.rar
下载说明.htm
.html .js polyglot
改名专家2006/htm/01青春.htm
.html
改名专家2006/htm/01青春_标题.htm
.html
改名专家2006/htm/02蓝玉.htm
.html
改名专家2006/htm/02蓝玉_标题.htm
.html
改名专家2006/htm/3d-蓝珠.gif
.gif
改名专家2006/htm/3角-蓝.gif
.gif
改名专家2006/htm/images/10.PNG
.png
改名专家2006/htm/images/BD00085_.GIF
.gif
改名专家2006/htm/images/BD00085_2.GIF
.gif
改名专家2006/htm/images/BIRDLINE.GIF
.gif
改名专家2006/htm/images/FOREST.GIF
.gif
改名专家2006/htm/images/GRNSAND.JPG
.jpg
改名专家2006/htm/images/LSTPATT.GIF
.gif
改名专家2006/htm/images/MTNLINE.GIF
.gif
改名专家2006/htm/images/N01.GIF
.gif
改名专家2006/htm/images/N02.GIF
.gif
改名专家2006/htm/images/N14.GIF
.gif
改名专家2006/htm/images/N18.GIF
.gif
改名专家2006/htm/images/NA00760_.gif
.gif
改名专家2006/htm/images/NA00760_2.gif
.gif
改名专家2006/htm/images/PAPER10.JPG
.jpg
改名专家2006/htm/images/QUESTJET.GIF
.gif
改名专家2006/htm/images/SHIP_BAR.GIF
.gif
改名专家2006/htm/images/SILK.JPG
.jpg
改名专家2006/htm/images/Thumbs.db
改名专家2006/htm/images/back1.jpg
.jpg
改名专家2006/htm/images/bg.JPG
.jpg
改名专家2006/htm/images/greenback2.jpg
.jpg
改名专家2006/htm/my_蓝灵.htm
.html
改名专家2006/htm/厚书-4页.gif
.gif
改名专家2006/htm/平书-2页.gif
.gif
改名专家2006/readme.doc
.doc windows office2003
改名专家2006/readme.txt
改名专家2006/下载说明.htm
.html .js polyglot
改名专家2006/改名专家2.06.exe
.exe windows:4 windows x86 arch:x86

82cf486fc7b24d18d9b67a8a92b65915

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

mpr

WNetGetConnectionA

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal

comctl32

ImageList_SetIconSize

winspool.drv

OpenPrinterA

shell32

ShellExecuteA

wininet

InternetOpenUrlA

comdlg32

ChooseColorA

Sections

CODE
Size: 312KB - Virtual size: 968KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

82cf486fc7b24d18d9b67a8a92b65915

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

mpr

version

gdi32

ole32

comctl32

winspool.drv

shell32

wininet

comdlg32

Sections

CODE Size: 312KB - Virtual size: 968KB

.rsrc Size: 12KB - Virtual size: 12KB

CODE
Size: 312KB - Virtual size: 968KB

.rsrc
Size: 12KB - Virtual size: 12KB