7276b9e174661bf569042536243d0797

Sharing

Copy URL Twitter E-mail

General

Target

7276b9e174661bf569042536243d0797
Size

2.5MB
MD5

7276b9e174661bf569042536243d0797
SHA1

3fdeb89eb09e1577f6c12fa649775a7296a459bc
SHA256

55e4d4a9087cbaa2614e1da92b4563b64984e3a53d4d9d7e4afe6bbe9a097053
SHA512

ee9b3009bf3c0cca3df0f51f1241328517d64b1a478b2b0c86af89fe8b289bae8fcfa1f2c67ff59dc08e37138ef4d11b2ddd240bb6795b7e9062718556c010f9
SSDEEP

49152:9Yi8jWknaJT+GkX8z4cXh6Y9yhsAd1CQyzjEenGuAnrQcYC9H09UVy98Kqiu1:6lnaJaG08Dr9yhVdAQy8eGFrTYCU5Ru1

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/msyc-v1.60/mgclib/AcntMgrLib.dll
unpack001/msyc-v1.60/mgclib/ResMgrLib.dll
unpack001/msyc-v1.60/mgclib/ScrMgrLib.dll
unpack001/msyc-v1.60/mgclib/ShlMgrLib.dll
unpack001/msyc-v1.60/mgclib/SysMgrLib.dll
unpack001/msyc-v1.60/mgclib/VdoMonLib.dll

Files

7276b9e174661bf569042536243d0797
.rar
msyc-v1.60/Config.ini
msyc-v1.60/QQWry.Dat
msyc-v1.60/mgclib/AcntMgrLib.dll
.dll windows:4 windows x86 arch:x86

688800289d4b5884fc4756b0c4d3ebce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
CreateThread
lstrlenA
GetPrivateProfileSectionNamesA
GetWindowsDirectoryA
WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileStringA
lstrcpynW
GetModuleFileNameA
VirtualProtect
WriteFile
GetLocalTime
SetFilePointer
SetEndOfFile
OutputDebugStringW
GetVersionExA
OpenProcess
LocalFree
CreateFileA
GetFileSize
ReadFile
GetLastError
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
LoadLibraryA
GetProcAddress
WriteProcessMemory
GetModuleHandleA
CreateRemoteThread
GetCurrentProcess
GetFileAttributesA
CreateProcessA
WaitForSingleObject
TerminateProcess
CloseHandle
GetSystemDirectoryA
Sleep
GlobalAlloc
lstrlenW
OutputDebugStringA

user32

wsprintfA
wsprintfW

advapi32

ConvertSidToStringSidA
LookupAccountSidA
RegDeleteKeyA
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
OpenSCManagerA
OpenServiceA
ChangeServiceConfigA
StartServiceA
IsValidSid
LookupAccountNameA
GetTokenInformation

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ws2_32

send
recv

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

Exports

Exports

AcntMgr
EventLogon
EventStartup

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

MySec
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 902B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msyc-v1.60/mgclib/ResMgrLib.dll
.dll windows:4 windows x86 arch:x86

2c8e85ac2786a22894cd49636cdc3c24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MoveFileA
FindClose
FindFirstFileA
GetLastError
CreateDirectoryA
DeleteFileA
InterlockedDecrement
CloseHandle
ReadFile
GetFileSizeEx
SetFilePointerEx
InterlockedIncrement
CreateFileA
GetTickCount
GetTempPathA
MoveFileExA
GetModuleFileNameA
WriteFile
FindNextFileA
GetProcAddress
LoadLibraryA
CopyFileA
GetFileAttributesA
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
Sleep
GetModuleHandleA
Thread32Next
Thread32First
CreateToolhelp32Snapshot
OpenProcess
GetCurrentProcess
Process32Next
Process32First
TerminateProcess
DeviceIoControl
RemoveDirectoryA
GlobalReAlloc
GlobalAlloc
GlobalFree
CreateThread
OutputDebugStringA

user32

wsprintfA

advapi32

LookupAccountSidA
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken

ws2_32

recv
send
WSAGetLastError

psapi

GetProcessMemoryInfo

Exports

Exports

FileMgr
ProcMgr

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msyc-v1.60/mgclib/ScrMgrLib.dll
.dll windows:4 windows x86 arch:x86

cb030f3bbf5ef18de9ebe209e998bb94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MoveFileExA
GetModuleFileNameA
GetTempPathA
GetLastError
GetVersionExA
GetTickCount
InterlockedIncrement
lstrcmpiA
InterlockedExchange
CloseHandle
InterlockedDecrement
Sleep
GlobalAlloc
GlobalFree
GetCurrentThreadId
CreateThread
OutputDebugStringA

user32

GetThreadDesktop
CloseDesktop
PostMessageA
OpenDesktopA
SendInput
SetProcessWindowStation
OpenInputDesktop
GetUserObjectInformationA
SetThreadDesktop
ReleaseDC
GetDesktopWindow
wsprintfA
GetDC
OpenWindowStationA

gdi32

DeleteDC
CreateCompatibleDC
SelectObject
DeleteObject
GetDIBits
RealizePalette
SelectPalette
GetStockObject
BitBlt
GetDeviceCaps
CreateCompatibleBitmap

ws2_32

send
WSAGetLastError
recv

msvcrt

free
calloc

Exports

Exports

ScrMgr

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 321B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

MySec
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msyc-v1.60/mgclib/ShlMgrLib.dll
.dll windows:4 windows x86 arch:x86

f63229d6e8613a5d0ae5b9441ed7af7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
OutputDebugStringA
InterlockedDecrement
TerminateProcess
GlobalFree
GetLastError
ReadFile
GlobalAlloc
Sleep
PeekNamedPipe
InterlockedIncrement
GetTickCount
GetTempPathA
MoveFileExA
GetModuleFileNameA
CreateThread
CreateProcessA
GetSystemDirectoryA
CreatePipe
WriteFile

user32

wsprintfA

ws2_32

send
recv
WSAGetLastError

Exports

Exports

ShlMgr

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 903B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 226B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msyc-v1.60/mgclib/SysMgrLib.dll
.dll windows:4 windows x86 arch:x86

74691433969cd9e49f614b655e30ec1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
GetLastError
LoadLibraryA
GetProcAddress
GetModuleFileNameA
MoveFileExA
GetTempPathA
GetTickCount
GlobalAlloc
GlobalFree
OutputDebugStringA

user32

wsprintfA

advapi32

RegEnumValueA
ChangeServiceConfigA
EnumServicesStatusA
CloseServiceHandle
StartServiceA
ControlService
DeleteService
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA
OpenSCManagerA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
OpenServiceA

ws2_32

recv
send

Exports

Exports

SysMgr

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msyc-v1.60/mgclib/VdoMonLib.dll
.dll windows:4 windows x86 arch:x86

5ec9528b63cb31618e7d8e38a7702e52

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
GlobalAlloc
CloseHandle
CreateThread
GetLastError
Sleep
GetModuleHandleA
GlobalFree

user32

SetProcessWindowStation
OpenWindowStationA
GetDesktopWindow
OpenDesktopA
CloseWindow
GetMessageA
PostThreadMessageA
SendMessageA
IsWindow
CloseDesktop
SetThreadDesktop
DestroyWindow

ws2_32

send
recv

avicap32

capCreateCaptureWindowA

winmm

waveInUnprepareHeader
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInClose
waveInReset
waveInStart

msvcrt

free
calloc

Exports

Exports

VdoMgr

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 429B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msyc-v1.60/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

688800289d4b5884fc4756b0c4d3ebce

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

wtsapi32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 36B

MySec Size: 512B - Virtual size: 272B

.reloc Size: 1024B - Virtual size: 902B

2c8e85ac2786a22894cd49636cdc3c24

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

psapi

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 32B

.reloc Size: 1024B - Virtual size: 556B

cb030f3bbf5ef18de9ebe209e998bb94

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ws2_32

msvcrt

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 321B

MySec Size: 512B - Virtual size: 280B

.reloc Size: 1024B - Virtual size: 796B

f63229d6e8613a5d0ae5b9441ed7af7c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 903B

.data Size: - Virtual size: 32B

.reloc Size: 512B - Virtual size: 226B

74691433969cd9e49f614b655e30ec1a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 36B

MySec
Size: 512B - Virtual size: 272B

.reloc
Size: 1024B - Virtual size: 902B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 32B

.reloc
Size: 1024B - Virtual size: 556B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 321B

MySec
Size: 512B - Virtual size: 280B

.reloc
Size: 1024B - Virtual size: 796B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 903B

.data
Size: - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 226B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 8B

.reloc
Size: 512B - Virtual size: 308B

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 429B

.reloc
Size: 1024B - Virtual size: 692B