7045b8a99587d53b479d23793be219cd

Sharing

Copy URL

Twitter E-mail

General

Target

7045b8a99587d53b479d23793be219cd
Size

176KB
MD5

7045b8a99587d53b479d23793be219cd
SHA1

737cd438e141bd40aa72cc638a43be972afba2a9
SHA256

8793c8ea9db12582702c5ad2091243ab9190b0c9c688b691cfe01086306183cc
SHA512

58137da3d12f11df18d46070e2ce14187996f68e92f95b2c46ade9838f0954e08004a9d98eb7f3d140186913623cffc3723d9ba5d31970336a2b652b907441a6
SSDEEP

3072:DR4Rwu/IU+H1ezJNTvvMC5bo5AWYU0s2chufCQRevLq24fs6I1trXMelWsOxBY0A:Owu/IQHDo5R0sRlQyq24fs6utIAWbYwI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WebsiteResourcesDownload.exe

Files

7045b8a99587d53b479d23793be219cd
.rar
Config.ini
TaskDatabase.mdb
WebsiteResourcesDownload.exe
.exe windows:4 windows x86 arch:x86

d306df62ffea5730bf92dbbab14bea8b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
_wcsnicmp
wcsncmp
wcsncpy
_wcsdup
free
wcslen
wcscpy
wcscat
strstr
strncpy
malloc
strncmp
memmove
memcpy
wcscmp
_wcsicmp
strlen
strcpy
tolower
_stricmp
strcmp
fread
_setjmp3
_strnicmp
sprintf
atoi
floor
memcmp
localtime
mktime
_itow
gmtime
fmod
fabs
ceil
fclose
_snprintf
abort
_CIpow
__p__iob
fprintf
longjmp
strtod
_vsnwprintf

kernel32

GetModuleHandleW
HeapCreate
HeapDestroy
ExitProcess
Sleep
GetPrivateProfileStringW
WritePrivateProfileStringW
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
CreateThread
TerminateThread
GetVersionExW
LoadLibraryW
GetProcAddress
DeleteCriticalSection
GetCurrentThreadId
HeapAlloc
HeapFree
HeapReAlloc
FreeLibrary
GetCurrentProcessId
GetModuleFileNameW
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessW
SetUnhandledExceptionFilter
MultiByteToWideChar
GetTickCount
TlsAlloc
TlsSetValue
TlsGetValue
GlobalLock
GlobalSize
GlobalUnlock
GlobalAlloc
WideCharToMultiByte
GlobalFree
SetLastError
MulDiv
GetCurrentDirectoryW
GetDriveTypeW
FindFirstFileW
FindClose
GetFileAttributesW
CreateDirectoryW
MoveFileW
DeleteFileW
WriteFile
CreateFileW
SetFilePointer
GetLocalTime
WaitForMultipleObjects
GetCurrentThread
CreateSemaphoreA
ReleaseSemaphore

comctl32

InitCommonControls
ImageList_Create
ImageList_Add
ImageList_SetIconSize
CreateToolbarEx
ImageList_ReplaceIcon
CreateStatusWindowW
InitCommonControlsEx
ImageList_Destroy
ImageList_Remove
ImageList_AddMasked

user32

SendMessageW
KillTimer
SetTimer
SetFocus
DispatchMessageW
GetDC
PeekMessageW
ReleaseDC
TranslateMessage
IsWindow
DestroyWindow
GetParent
SetPropW
GetWindowRect
GetPropW
GetCapture
ReleaseCapture
PostMessageW
CallWindowProcW
CreateWindowExW
SetWindowPos
LoadIconW
SetWindowLongW
CharLowerW
RemovePropW
FillRect
GetIconInfo
DrawStateW
GetClientRect
InvalidateRect
IsZoomed
GetWindowLongA
SendMessageA
MoveWindow
ShowWindow
MessageBoxW
GetWindowThreadProcessId
IsWindowVisible
IsWindowEnabled
GetForegroundWindow
EnableWindow
EnumWindows
SetMenu
DestroyMenu
CreatePopupMenu
AppendMenuW
GetSystemMetrics
GetCursorPos
GetPropA
GetMenu
CallWindowProcA
CreateMenu
SetWindowLongA
SetPropA
EnableMenuItem
GetMenuItemInfoW
ModifyMenuW
SetMenuItemInfoW
SetForegroundWindow
TrackPopupMenu
GetWindowLongW
GetSysColor
RedrawWindow
GetClassNameW
DefWindowProcW
ScreenToClient
GetUpdateRect
MapWindowPoints
GetWindow
IntersectRect
ValidateRect
SetParent
LoadCursorW
SetCursor
BeginPaint
DrawFrameControl
EndPaint
SetCapture
RegisterClassExW
SetClassLongW
GetSysColorBrush
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
InflateRect
GetWindowDC
SetActiveWindow
UnregisterClassW
DestroyAcceleratorTable
RegisterClassW
AdjustWindowRectEx
GetActiveWindow
CreateAcceleratorTableW
MsgWaitForMultipleObjects
GetMessageW
TranslateAcceleratorW
GetFocus
EnumChildWindows
DefFrameProcW
SetCursorPos
LoadImageW
SystemParametersInfoW
GetKeyState
IsChild
DrawIconEx
DestroyIcon
CreateIconFromResourceEx
CreateIconFromResource

gdi32

GetTextExtentPoint32W
SelectObject
GetObjectType
DeleteObject
GetObjectW
IntersectClipRect
GetStockObject
SetBkMode
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
DeleteDC
SetBkColor
SetTextColor
ExcludeClipRect
CreatePen
MoveToEx
LineTo
CreateDCW
StretchBlt
CreateSolidBrush
GetDeviceCaps
CreateRectRgnIndirect
GetClipRgn
ExtSelectClipRgn
SelectClipRgn
CreateFontW
SetTextAlign
SetPixelV
Rectangle
RoundRect
Ellipse
SetROP2
SelectPalette
RealizePalette
GetDIBits
SetStretchBltMode
StretchDIBits
BitBlt
TextOutW
CreateFontIndirectW
GetPixel
ExtFloodFill
GetTextMetricsW
SetDIBits
CreateDIBSection
GetObjectA
CreateBitmap
SetPixel

advapi32

GetCurrentHwProfileW

oleaut32

SysFreeString
VariantInit
DispGetParam
SysAllocString
VariantClear
SysStringLen

ole32

CoInitialize
CoTaskMemFree
CreateStreamOnHGlobal
GetHGlobalFromStream
OleInitialize
RevokeDragDrop

shell32

ShellExecuteExW

wsock32

closesocket
WSACleanup
WSAStartup
socket
inet_addr
gethostbyname
htons
connect
ioctlsocket
send
sendto
recvfrom
recv
WSAGetLastError

odbc32

SQLGetDiagFieldW
SQLDescribeColW
SQLSetStmtAttrW
SQLExecDirectW
SQLAllocHandle
SQLPrepareW
SQLBindParameter
SQLExecute
SQLFreeHandle
SQLGetData
SQLConnectW
SQLDisconnect
SQLDriverConnectW
SQLSetEnvAttr
SQLNumResultCols
SQLFetchScroll
SQLFetch

odbccp32

SQLConfigDataSourceW

wininet

InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle

Sections

.code
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 231KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

d306df62ffea5730bf92dbbab14bea8b

Headers

File Characteristics

Imports

msvcrt

kernel32

comctl32

user32

gdi32

advapi32

oleaut32

ole32

shell32

wsock32

odbc32

odbccp32

wininet

Sections

.code Size: 49KB - Virtual size: 48KB

.text Size: 200KB - Virtual size: 200KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 231KB - Virtual size: 250KB

.rsrc Size: 19KB - Virtual size: 18KB

.code
Size: 49KB - Virtual size: 48KB

.text
Size: 200KB - Virtual size: 200KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 231KB - Virtual size: 250KB

.rsrc
Size: 19KB - Virtual size: 18KB