7f108b34e2924ef1e3132eac746ef027

Sharing

Copy URL Twitter E-mail

General

Target

7f108b34e2924ef1e3132eac746ef027
Size

253KB
MD5

7f108b34e2924ef1e3132eac746ef027
SHA1

4618a6d5948dbd24897e35f673b179bf5babd81a
SHA256

56cb5ad818ae00cc1e865f75e82777da71ec6470e904454d8db0a7459651d8b8
SHA512

56fc76e215d0f58ebfdc06d0c0b4576261adca9a38883df3b42664b58105d2f548e9baec24b0b412111b0a1fc34aa097a2dbdb3a6f5c7e716dbaaa406afba195
SSDEEP

6144:sap9wyWwoul2TILyzuclj78x+lv5bBrF2rC9tgz0xeniSK:hsyWOl2T0Cj78clvVBrEym3bK

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ManagedZLib.dll
unpack001/Microsoft.DirectX.AudioVideoPlayback.dll
unpack001/WzLib.dll
unpack001/WzRepacker.exe
unpack001/WzRepacker2.exe

Files

7f108b34e2924ef1e3132eac746ef027
.rar
ManagedZLib.dll
.dll windows:5 windows x86 arch:x86

f33bf4a787561e790b9d5e38900938c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Users\TAL\Documents\Visual Studio 2008\Projects\SomeC++Stuffs\Release\SomeC++Stuffs.pdb

Imports

msvcr90

_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
malloc
memcpy_s
??2@YAPAXI@Z
??3@YAXPAX@Z
_wassert
free
memset
memcpy
_CxxThrowException

kernel32

Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedExchange

Exports

Exports

Compress
Decrypt

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Microsoft.DirectX.AudioVideoPlayback.dll
.dll windows:5 windows x86 arch:x86

c1f83ebb18f3fb1f64e049cc66ecf65d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Microsoft.DirectX.AudioVideoPlayback.pdb

Imports

kernel32

DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedIncrement
GetModuleHandleA
SetLastError
InterlockedDecrement

mscoree

_CorDllMain

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
memcmp

user32

SetForegroundWindow
DestroyWindow
DefWindowProcW
CreateWindowExW
RegisterClassExW
SetFocus

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 358B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Settings.ini
WzLib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\新建文件夹\HaRepackerEX3\WzRepacker\source\WzLib\obj\Debug\WzLib.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WzRepacker.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\新建文件夹\HaRepackerEX3\WzRepacker\source\Decrypt\obj\Debug\WzRepacker.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WzRepacker2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\新建文件夹\HaRepackerEX3\WzRepacker2\source\Decrypt\obj\Debug\WzRepacker2.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f33bf4a787561e790b9d5e38900938c0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 37KB - Virtual size: 37KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 17KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 3KB - Virtual size: 3KB

c1f83ebb18f3fb1f64e049cc66ecf65d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

mscoree

msvcrt

user32

ole32

Sections

.text Size: 48KB - Virtual size: 48KB

.data Size: 512B - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 358B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 56KB - Virtual size: 55KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 177KB - Virtual size: 176KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 202KB - Virtual size: 202KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 17KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 48KB - Virtual size: 48KB

.data
Size: 512B - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 358B

.text
Size: 56KB - Virtual size: 55KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 177KB - Virtual size: 176KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 202KB - Virtual size: 202KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 12B