78aa3d97d6368321104ec37a0ae61820

Sharing

Copy URL Twitter E-mail

General

Target

78aa3d97d6368321104ec37a0ae61820
Size

4.6MB
MD5

78aa3d97d6368321104ec37a0ae61820
SHA1

199a07e0f6f286994eab7eaa4ff48e084f165933
SHA256

ac0259bc2d75d9e8b69ae4eeabb8ce3ed68d995c8584d526529ce2a9256bde65
SHA512

655c53320d465e6d64bb650e6a36a3139a3b694ad7d53aa74551277dfa98c5a21b0aec4ebb67755a0bd5f7846cb0b1da5824fe5b78d2831ea6fc1d699ef8a93e
SSDEEP

98304:V32EXsdO0EKx3yMSYNlu/j47QRvVOaGp631ojPVaoYuvbtvRpmFmJn:wDdVE8ywfK1vVOTC1ojfYYbtvLmFmB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/tworks.exe

Files

78aa3d97d6368321104ec37a0ae61820
.rar
tworks.exe
.exe windows:4 windows x86 arch:x86

c8a795fad6d7f01f458865f5088a1384

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
IsBadWritePtr
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
IsValidLocale
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetUnhandledExceptionFilter
IsBadCodePtr
SetStdHandle
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
GetCurrentDirectoryW
DeleteFileA
WaitForSingleObject
IsValidCodePage
GetExitCodeProcess
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
GetCurrentProcess
TerminateProcess
HeapReAlloc
HeapFree
HeapAlloc
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
RtlUnwind
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetSystemTime
GetOEMCP
GetTickCount
GetLastError
Sleep
GetCurrentDirectoryA
CloseHandle
SetEndOfFile
SetFilePointer
MoveFileA
CompareFileTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
SystemTimeToFileTime
SetFileAttributesA
GetFileAttributesA
GetLocalTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetFileTime
WriteFile
GetACP
ReadFile
GetFileSize
LocalFree
FormatMessageA
GetFullPathNameW
GetFullPathNameA
GetTempPathW
GetTempPathA
GetModuleFileNameW
GetModuleFileNameA
MoveFileW
CopyFileW
CopyFileA
DeleteFileW
GetFileAttributesW
CreateDirectoryW
CreateDirectoryA
SetCurrentDirectoryW
SetCurrentDirectoryA
SetFileAttributesW
GetFileTime
GetTimeZoneInformation
CreateFileA
CreateFileW
IsBadReadPtr
GetVersionExA
WideCharToMultiByte
GetProcAddress
LoadLibraryA
LocalAlloc
FreeLibrary

user32

SetWindowPos
CreateWindowExW
DialogBoxParamW
LoadCursorA
RegisterClassExW
LoadStringW
TranslateMessage
DispatchMessageA
MessageBoxA
GetDlgItem
SendMessageA
GetMessageA
PostMessageA
SetTimer
GetDlgItemTextA
LoadStringA
DefWindowProcA
DestroyWindow
BeginPaint
EndPaint
SetDlgItemTextW
GetDlgItemTextW
SetWindowTextW
EnableWindow
SetDlgItemTextA
EndDialog
PostQuitMessage
MessageBoxW
GetDesktopWindow
GetWindowRect
CopyRect
OffsetRect

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW

crypt32

CertCloseStore
CertNameToStrA
CertFreeCertificateContext
CryptDecodeObject

ws2_32

WSAGetLastError
socket
inet_addr
gethostbyname
connect
htons
WSAStartup
ioctlsocket
select
closesocket
shutdown
send
recv

wininet

InternetCombineUrlA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
GetUserNameA

oleaut32

SysAllocString
SysFreeString
SysStringByteLen

Sections

.text
Size: 428KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

c8a795fad6d7f01f458865f5088a1384

Headers

File Characteristics

Imports

kernel32

user32

shell32

crypt32

ws2_32

wininet

advapi32

oleaut32

Sections

.text Size: 428KB - Virtual size: 424KB

.rdata Size: 60KB - Virtual size: 56KB

.data Size: 96KB - Virtual size: 112KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 428KB - Virtual size: 424KB

.rdata
Size: 60KB - Virtual size: 56KB

.data
Size: 96KB - Virtual size: 112KB

.rsrc
Size: 4KB - Virtual size: 2KB