79d0199637de30e4bf5c0cbd5ecfa125

Sharing

Copy URL Twitter E-mail

General

Target

79d0199637de30e4bf5c0cbd5ecfa125
Size

636KB
MD5

79d0199637de30e4bf5c0cbd5ecfa125
SHA1

d3def3449e3d459e0a26f0a4bf85003f05ea2bb3
SHA256

92cc706d26d8a13165c45659d9a7360387b11ec1c349bab3aff73597f3d9988b
SHA512

4f37acffebacbe80b8efa23719d3a1fa42840a554a4e9dc0220150a5cec1188c9e5ca2dca451eca31a8fe7e5520860d978100cc3b80d0ba36b7088774921940c
SSDEEP

12288:mqC5mxDifQ7aIekk9SlPrSjv/3dOrDml65Tk3KgWl0rM8jwZJm7tPy:zC5qDQI40lcv1OK8AKgWmqHN

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7z.dll
unpack001/7z.exe
unpack001/BOOTICE.EXE
unpack001/WINPE_U.exe

Files

79d0199637de30e4bf5c0cbd5ecfa125
.rar
7z.dll
.dll windows:4 windows x86 arch:x86

4b9b980c8ed2507114fbd72bdc2ec11a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysAllocString
VariantClear
VariantCopy
SysFreeString
SysAllocStringByteLen

user32

CharLowerA
CharNextA
CharUpperW
CharLowerW
CharPrevExA
CharUpperA

msvcrt

_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
strcmp
realloc
memcmp
_purecall
strlen
free
malloc
memmove
_CxxThrowException
memcpy
__CxxFrameHandler

kernel32

DeleteFileW
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreA
ResetEvent
SetEvent
CreateEventA
WaitForSingleObject
VirtualFree
VirtualAlloc
QueryPerformanceCounter
FileTimeToLocalFileTime
DeleteCriticalSection
LocalFileTimeToFileTime
GetVersionExA
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
SystemTimeToFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GetModuleHandleA
GetProcAddress
GetSystemInfo
CompareFileTime
WriteFile
ReadFile
CreateFileA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
CreateFileW
SetLastError
SetFileAttributesW
SetFileAttributesA
CreateDirectoryW
CreateDirectoryA
DeleteFileA
GetTempPathW
GetTempPathA
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileW
FindFirstFileA

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetLargePageMode

Sections

.text
Size: 675KB - Virtual size: 674KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7z.exe
.exe windows:4 windows x86 arch:x86

c15d19d5a6c33a4a9fa6f8c19f5d8f2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysAllocString
SysAllocStringByteLen
VariantClear
VariantCopy
SysStringByteLen
SysFreeString

user32

CharUpperA
CharUpperW
CharNextA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
memcpy
fputc
fflush
fgetc
fclose
_iob
free
malloc
memmove
strlen
memcmp
fputs
_purecall
__CxxFrameHandler
_CxxThrowException
_isatty
_fileno

kernel32

GetProcessTimes
VirtualAlloc
MapViewOfFile
VirtualFree
WaitForSingleObject
SetEvent
InitializeCriticalSection
OpenEventA
OpenFileMappingA
LoadLibraryW
GetSystemTime
SystemTimeToFileTime
FileTimeToDosDateTime
GetModuleHandleA
GlobalMemoryStatus
GetSystemInfo
FileTimeToSystemTime
CompareFileTime
GetProcAddress
GetCurrentProcess
SetEndOfFile
WriteFile
ReadFile
DeviceIoControl
SetFilePointer
GetFileSize
CreateFileA
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
GetTempPathA
GetTempPathW
GetCurrentDirectoryA
GetCurrentDirectoryW
SetCurrentDirectoryA
SetConsoleCtrlHandler
FileTimeToLocalFileTime
GetCommandLineW
SetFileApisToOEM
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
SetConsoleMode
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
GetLastError
FreeLibrary
LoadLibraryExW
LoadLibraryExA
SetCurrentDirectoryW
LoadLibraryA
GetModuleFileNameW
GetModuleFileNameA
LocalFree
FormatMessageW
FormatMessageA
CloseHandle
SetFileTime
CreateFileW
SetLastError
SetFileAttributesW
SetFileAttributesA
RemoveDirectoryW
RemoveDirectoryA
MoveFileW
MoveFileA
CreateDirectoryW
CreateDirectoryA
DeleteFileW
DeleteFileA
GetFullPathNameW
GetFullPathNameA
UnmapViewOfFile

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BOOTICE.EXE
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

ASX0
Size: - Virtual size: 400KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ASX1
Size: 129KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
WINPE_U.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Litc\Documents\Visual Studio 2010\Projects\WindowsFormsApplication2\WindowsFormsApplication2\obj\x86\Debug\Win7pe优盘写入工具.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 253KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

4b9b980c8ed2507114fbd72bdc2ec11a

Headers

File Characteristics

Imports

oleaut32

user32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 675KB - Virtual size: 674KB

.rdata Size: 90KB - Virtual size: 90KB

.data Size: 23KB - Virtual size: 45KB

.sxdata Size: 512B - Virtual size: 4B

.rsrc Size: 95KB - Virtual size: 94KB

.reloc Size: 34KB - Virtual size: 34KB

c15d19d5a6c33a4a9fa6f8c19f5d8f2b

Headers

File Characteristics

Imports

oleaut32

user32

advapi32

msvcrt

kernel32

Sections

.text Size: 127KB - Virtual size: 127KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 1024B - Virtual size: 800B

Headers

File Characteristics

Sections

ASX0 Size: - Virtual size: 400KB

ASX1 Size: 129KB - Virtual size: 132KB

.rsrc Size: 24KB - Virtual size: 28KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 253KB - Virtual size: 253KB

.rsrc Size: 101KB - Virtual size: 100KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 675KB - Virtual size: 674KB

.rdata
Size: 90KB - Virtual size: 90KB

.data
Size: 23KB - Virtual size: 45KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 95KB - Virtual size: 94KB

.reloc
Size: 34KB - Virtual size: 34KB

.text
Size: 127KB - Virtual size: 127KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 1024B - Virtual size: 800B

ASX0
Size: - Virtual size: 400KB

ASX1
Size: 129KB - Virtual size: 132KB

.rsrc
Size: 24KB - Virtual size: 28KB

.text
Size: 253KB - Virtual size: 253KB

.rsrc
Size: 101KB - Virtual size: 100KB

.reloc
Size: 512B - Virtual size: 12B