7e94f468398860088aa9115fa81b5cb4

Sharing

Copy URL Twitter E-mail

General

Target

7e94f468398860088aa9115fa81b5cb4
Size

5.4MB
MD5

7e94f468398860088aa9115fa81b5cb4
SHA1

8d63c3113415df0f91cfe7cd65f9eae8a5af711c
SHA256

58e50b6a8f858c7a2b422b385c445f9b6c35e56559ee6376ddcb136bfd51d66b
SHA512

951be0e878d18be2cd1b8a25da4c77460382d0323768a0c5b4e8b7010746d73da4215b9f814c01fbf277ee4958ffcca0f95f858fcca69d3fc84d4ec971a68ccd
SSDEEP

98304:ydLDj2Gf28JhrS2FYYlkoy3KZcr7L1cF8Cl+w/dSHXBHzzAHXmqST0n5UPhRGgRL:q3jl5/RyFE8CDyHzs4T0OTGOKRHi

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/客户端.exe
unpack001/工具/局域网IP查看器.exe
unpack001/控制台.exe

Files

7e94f468398860088aa9115fa81b5cb4
.rar
如有问题请至QQ：187277719.txt
客户端.exe
.exe windows:4 windows x86 arch:x86

bc5ce990cf54f8d435a68eb97512f73e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DosDateTimeToFileTime
ExitProcess
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FreeLibrary
GetCPInfo
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetDateFormatA
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetNumberFormatA
GetProcAddress
GetProcessHeap
GetStdHandle
GetTempPathA
GetTickCount
GetTimeFormatA
GetVersionExA
GlobalAlloc
HeapAlloc
HeapFree
HeapReAlloc
IsDBCSLeadByte
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MoveFileExA
MultiByteToWideChar
ReadFile
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
Sleep
SystemTimeToFileTime
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrlenA

comctl32

ord17

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

gdi32

DeleteObject

shell32

SHBrowseForFolderA
SHChangeNotify
SHFileOperationA
SHGetFileInfoA
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA

user32

CharToOemA
CharToOemBuffA
CharUpperA
CopyRect
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
FindWindowExA
GetClassNameA
GetClientRect
GetDlgItem
GetDlgItemTextA
GetMessageA
GetParent
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowRect
GetWindowTextA
IsWindow
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadIconA
LoadStringA
MapWindowPoints
MessageBoxA
OemToCharA
OemToCharBuffA
PeekMessageA
PostMessageA
RegisterClassExA
SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetMenu
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
TranslateMessage
UpdateWindow
WaitForInputIdle
wsprintfA
wvsprintfA

ole32

CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize

Sections

.text
Size: 77KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
工具/局域网IP查看器.exe
.exe windows:4 windows x86 arch:x86

c6270e3e58e5783fe73e26d1df186fa5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAGetLastError
sendto
htonl
WSAAsyncGetHostByAddr
WSACancelAsyncRequest
WSAStartup
recv
inet_ntoa
ntohl
send
setsockopt
shutdown
closesocket
socket
WSACleanup
recvfrom
inet_addr
gethostbyname
ntohs
WSAIoctl
htons
connect
bind

mpr

WNetAddConnection2W
WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum
WNetCancelConnection2W

netapi32

NetApiBufferFree
NetWkstaGetInfo
NetServerEnum

kernel32

SetErrorMode
SystemTimeToFileTime
GetStartupInfoW
LocalFileTimeToFileTime
CreateThread
ExitThread
ExitProcess
HeapFree
HeapAlloc
RaiseException
RtlUnwind
GetSystemTime
GetLocalTime
TerminateProcess
HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeExW
GetFileSize
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
GetShortPathNameW
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
MoveFileW
DeleteFileW
GetStringTypeA
GetStringTypeW
SetStdHandle
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
FindClose
GetVolumeInformationW
FindFirstFileW
GetStartupInfoA
GetModuleFileNameA
SetEndOfFile
LocalLock
LocalUnlock
LocalFree
GetTickCount
GetLastError
lstrlenA
MultiByteToWideChar
GetVersionExW
LoadLibraryW
GetProcAddress
FreeLibrary
lstrlenW
WideCharToMultiByte
GlobalAlloc
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
TerminateThread
CloseHandle
GetCurrentThread
GetCurrentThreadId
CreateEventW
ResetEvent
GetProfileStringA
GlobalAddAtomA
FindResourceA
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetCurrentProcess
DuplicateHandle
GetThreadLocale
GetCurrentDirectoryW
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
SizeofResource
GlobalFlags
lstrcmpiW
GetDiskFreeSpaceW
GetFileTime
SetFileTime
GetFullPathNameW
GetTempFileNameW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpiA
lstrcmpW
GlobalGetAtomNameW
lstrcpynW
MulDiv
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpA
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
LoadLibraryA
GetVersion
lstrcatW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrcpyW
GetModuleHandleW
LockResource
FindResourceW
LoadResource
GlobalLock
GlobalUnlock
Sleep
SetFileAttributesW
CopyFileW
GetCurrentProcessId
GetFileAttributesW
GetComputerNameW
GetModuleFileNameW
FormatMessageW
GetTimeZoneInformation
VirtualAlloc

user32

FindWindowW
LockWindowUpdate
InsertMenuW
GetMenuStringW
DestroyIcon
CharNextW
CopyAcceleratorTableW
GetNextDlgGroupItem
MessageBeep
CharUpperW
GetTabbedTextExtentA
RegisterClipboardFormatW
PostThreadMessageW
GetClassNameW
FillRect
SetRect
SetTimer
KillTimer
MapDialogRect
SetWindowContextHelpId
GetMessageW
TranslateMessage
ValidateRect
ShowOwnedPopups
PostQuitMessage
GetSystemMenu
DeleteMenu
AppendMenuW
IsRectEmpty
SetParent
LoadCursorW
DestroyCursor
SetCursorPos
PtInRect
SetCapture
RedrawWindow
IsZoomed
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
SetMenu
GetDesktopWindow
SetCursor
ReleaseCapture
TranslateAcceleratorW
LoadAcceleratorsW
SetRectEmpty
InflateRect
GrayStringW
DrawTextW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
InvalidateRect
DestroyMenu
wvsprintfW
GetMenuCheckMarkDimensions
LoadBitmapW
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
InvertRect
GetDCEx
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
PeekMessageW
DispatchMessageW
GetFocus
SetFocus
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
IsWindowVisible
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
MessageBoxW
GetCapture
WinHelpW
wsprintfW
GetClassInfoW
RegisterClassW
GetMenu
GetMenuItemCount
GetMenuItemID
TrackPopupMenu
GetWindowTextLengthW
GetWindowTextW
GetDlgCtrlID
GetKeyState
DefWindowProcW
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongW
SetWindowPos
RegisterWindowMessageW
OffsetRect
IntersectRect
SystemParametersInfoW
IsIconic
GetWindowPlacement
GetWindowRect
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
GetSystemMetrics
CreateDialogIndirectParamW
DestroyWindow
GetParent
GetWindowLongW
WindowFromPoint
LoadStringW
GetSysColorBrush
AdjustWindowRectEx
GetDlgItem
IsWindowEnabled
UpdateWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetDC
GetSysColor
ReleaseDC
ScreenToClient
EnableMenuItem
LoadIconW
PostMessageW
SendMessageW
GetClientRect
LoadMenuW
GetSubMenu
GetCursorPos
EnableWindow
IsChild
TabbedTextOutW
CallWindowProcA
UnregisterClassW
GetWindowTextLengthA
HideCaret
ShowCaret
ExcludeUpdateRgn
GetWindowTextA
DrawTextA
DrawFocusRect
GetClassInfoA
DefDlgProcA
DefWindowProcA
CharNextA
GetClassNameA
RemovePropA
SetWindowsHookExA
GetWindowLongA
SendMessageA
IsWindowUnicode
SetWindowLongA
SetPropA
GetPropA

gdi32

RestoreDC
SaveDC
SelectObject
StartDocW
DeleteDC
CreateRectRgnIndirect
PatBlt
SetViewportOrgEx
SetWindowOrgEx
SetTextColor
GetClipBox
CreateCompatibleDC
CreateCompatibleBitmap
ExtTextOutA
GetTextExtentPointA
CreateDIBitmap
ScaleViewportExtEx
OffsetViewportOrgEx
SetBkColor
SetROP2
SetMapMode
SetStretchBltMode
SetPolyFillMode
SetBkMode
CreateBitmap
GetStockObject
GetObjectW
SetViewportExtEx
CreateRectRgn
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
CreatePatternBrush
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
GetMapMode
SetRectRgn
CombineRgn
CreateFontIndirectW
DPtoLP
GetTextExtentPoint32W
GetTextMetricsW
StretchDIBits
GetCharWidthW
CreateFontW
Rectangle
GetViewportOrgEx
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
CreateDCW
LPtoDP
BitBlt
GetTextColor
GetBkColor
GetNearestColor
GetStretchBltMode
GetPolyFillMode
GetTextAlign
GetBkMode
GetROP2
GetTextFaceW
GetTextExtentPoint32A
GetWindowOrgEx
GetCurrentPositionEx
SetTextAlign
LineTo
MoveToEx
IntersectClipRect
ExcludeClipRect
ScaleWindowExtEx
SetWindowExtEx
SelectClipRgn
CreatePen
DeleteObject

comdlg32

GetOpenFileNameW
CommDlgExtendedError
PrintDlgW
GetFileTitleW
GetSaveFileNameW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegDeleteValueW
RegSetValueW
RegCreateKeyW
StartServiceW
CreateServiceW
CloseServiceHandle
GetFileSecurityW
SetFileSecurityW
ChangeServiceConfigW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyW
RegEnumKeyW
RegCloseKey
RegQueryValueW
OpenSCManagerW
OpenServiceW

shell32

SHGetFileInfoW
ExtractIconW
DragQueryFileW
DragFinish

comctl32

ImageList_Create
ImageList_Destroy
ImageList_Duplicate
ord17
ImageList_SetBkColor
ImageList_ReplaceIcon

oledlg

OleUIBusyW

ole32

OleFlushClipboard
CoTaskMemFree
CLSIDFromProgID
OleIsCurrentClipboard
CLSIDFromString
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal

olepro32

ord253

oleaut32

SysAllocString
VariantClear
SysAllocStringLen
SysFreeString
VariantChangeType
VariantTimeToSystemTime
VariantCopy
SysStringLen

Sections

.text
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
工具/新云软件.url
.url
控制台.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
效果.jpg
.jpg
软件简介.txt

Sharing

General

Malware Config

Signatures

Files

bc5ce990cf54f8d435a68eb97512f73e

Headers

File Characteristics

Imports

advapi32

kernel32

comctl32

comdlg32

gdi32

shell32

user32

ole32

Sections

.text Size: 77KB - Virtual size: 80KB

.data Size: 2KB - Virtual size: 28KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 96KB - Virtual size: 95KB

c6270e3e58e5783fe73e26d1df186fa5

Headers

File Characteristics

Imports

ws2_32

mpr

netapi32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

Sections

.text Size: 304KB - Virtual size: 303KB

.rdata Size: 72KB - Virtual size: 70KB

.data Size: 24KB - Virtual size: 40KB

.rsrc Size: 32KB - Virtual size: 31KB

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 36KB - Virtual size: 36KB

DATA Size: 1024B - Virtual size: 588B

BSS Size: - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 2KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 77KB - Virtual size: 80KB

.data
Size: 2KB - Virtual size: 28KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 96KB - Virtual size: 95KB

.text
Size: 304KB - Virtual size: 303KB

.rdata
Size: 72KB - Virtual size: 70KB

.data
Size: 24KB - Virtual size: 40KB

.rsrc
Size: 32KB - Virtual size: 31KB

CODE
Size: 36KB - Virtual size: 36KB

DATA
Size: 1024B - Virtual size: 588B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 9KB - Virtual size: 9KB