526384426bcc583dd1faab75dc814dd1f67dbd5006a9ea3644aab4e93aa492f4

Sharing

Copy URL Twitter E-mail

General

Target

526384426bcc583dd1faab75dc814dd1f67dbd5006a9ea3644aab4e93aa492f4
Size

5.1MB
MD5

6331aba9cae9a850b95472f09d0903c5
SHA1

2c9dbc12283579cc63f7b427f3c0c10166b709bc
SHA256

526384426bcc583dd1faab75dc814dd1f67dbd5006a9ea3644aab4e93aa492f4
SHA512

ca3bc3851752b49129b6e2e4200f8769e406e84db45a68af3fdd221504708968eae145ddc3ee390378e7e0fbdd5d9259fce8dc411b36b0c106d6748ab3acbd5f
SSDEEP

49152:tbR5yQtDKb+6vhl6OJXZxVhlOqGpOqkfZ63gDSRC4165Hxe6cL2WDOoMJxtAnyt/:tV5G0M7cqVBM3CvRgPSooxPa+99gfR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
526384426bcc583dd1faab75dc814dd1f67dbd5006a9ea3644aab4e93aa492f4

Files

526384426bcc583dd1faab75dc814dd1f67dbd5006a9ea3644aab4e93aa492f4
.exe windows:6 windows x86 arch:x86

8fd0a6be2f0a98b557763cb991afceee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\测试环境\生成目录\MirBt_D.pdb

Imports

user32

ExitWindowsEx
UnregisterClassA

advapi32

RegCreateKeyExA
LookupPrivilegeValueA
AdjustTokenPrivileges
CloseServiceHandle
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
StartServiceA
RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
OpenProcessToken

ole32

IIDFromString
OleRun
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
SysAllocString
VariantCopy
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreate
SafeArrayPutElement
VariantInit
VariantClear

ws2_32

closesocket
ioctlsocket
htons
inet_addr
recv
select
send
socket
WSAStartup
WSACleanup
WSAGetLastError
inet_ntoa
setsockopt
gethostbyname
connect
__WSAFDIsSet

kernel32

SetStdHandle
GetCurrentProcess
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
MoveFileExW
GetTimeZoneInformation
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
WriteConsoleW
GetFileType
HeapQueryInformation
GetCommandLineW
GetCommandLineA
GetStdHandle
VirtualProtect
VirtualAlloc
GetModuleHandleExW
GetSystemInfo
HeapValidate
LoadLibraryExW
GetModuleFileNameW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
ReadFile
CloseHandle
GetLastError
CreatePipe
CreateProcessA
GetLocalTime
Sleep
GetModuleFileNameA
CreateFileA
CreateFileW
GetFileAttributesA
DecodePointer
RaiseException
SetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
DeviceIoControl
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetSystemDirectoryA
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
lstrcpyW
MultiByteToWideChar
WideCharToMultiByte
LocalFree
GetEnvironmentVariableA
CreateDirectoryA
WriteFile
GetVolumeInformationA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateMutexA
SetEndOfFile
ExitProcess
TerminateProcess
CreateThread
GetCurrentThread
SetThreadPriority
SetPriorityClass
OpenProcess
GetVersionExA
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
GetShortPathNameA
lstrcpyA
lstrcatA
FindResourceA
AllocConsole
CreateToolhelp32Snapshot
Process32First
Process32Next
FormatMessageW
EncodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
VirtualQuery
FreeLibrary
OutputDebugStringW

shell32

SHChangeNotify
ShellExecuteExA

shlwapi

SHSetValueA

urlmon

URLDownloadToFileA

Sections

.textbss
Size: - Virtual size: 781KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 321KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8fd0a6be2f0a98b557763cb991afceee

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

advapi32

ole32

oleaut32

ws2_32

kernel32

shell32

shlwapi

urlmon

Sections

.textbss Size: - Virtual size: 781KB

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 321KB - Virtual size: 320KB

.data Size: 17KB - Virtual size: 63KB

.idata Size: 6KB - Virtual size: 6KB

.msvcjmc Size: 1KB - Virtual size: 1KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 3.1MB - Virtual size: 3.1MB

.reloc Size: 70KB - Virtual size: 69KB

.textbss
Size: - Virtual size: 781KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 321KB - Virtual size: 320KB

.data
Size: 17KB - Virtual size: 63KB

.idata
Size: 6KB - Virtual size: 6KB

.msvcjmc
Size: 1KB - Virtual size: 1KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

.reloc
Size: 70KB - Virtual size: 69KB