87ab7500aea94375f6a68c8f4da9cb92

Sharing

Copy URL Twitter E-mail

General

Target

87ab7500aea94375f6a68c8f4da9cb92
Size

559KB
MD5

87ab7500aea94375f6a68c8f4da9cb92
SHA1

e63ed1c8e58b486677dcae6447c41ba935493833
SHA256

2b99f62314a195bb860db47d7069b049f65a103dfc1d74aa4e98bfa8a720d56b
SHA512

03828939b19f7a272ed6313852422b605108b9e5363531e861dcdda22d75952a95dfd30ec31a365de4f213319d91861ba4861ac31b0ac1eaa22f4e9a8acbab30
SSDEEP

12288:3GD0oLp6Eqd+MrRRUMz/EXDM28d+fMjpAlwnPpz+3HWwZ:3GYK/mBQXiXlAlwnU3JZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WB86/WUBI.EXE
unpack001/WB86/winwb86.IME

Files

87ab7500aea94375f6a68c8f4da9cb92
.rar
WB86/WINWB86.CNT
WB86/WINWB86.GID
WB86/WINWB86.HLP
WB86/WUBI.EXE
.exe windows:4 windows x86 arch:x86

feb670a065283bcd7fb635b1d7eddf3d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmInstallIMEW
ImmInstallIMEA

kernel32

lstrcmpiA
GetProcessHeap
CopyFileA
DeleteFileA
HeapFree
HeapAlloc
CreateDirectoryA
GetVersion
ExitProcess
GetProcAddress
GetStringTypeW
LoadLibraryA
VirtualAlloc
WriteFile
GetStringTypeA
VirtualFree
HeapCreate
RtlUnwind
GetFileType
GetStdHandle
HeapDestroy
GetOEMCP
GetACP
lstrlenW
lstrcpyA
MultiByteToWideChar
SetHandleCount
lstrcatA
GetSystemDirectoryA
GetCurrentDirectoryA
GetWindowsDirectoryA
lstrlenA
GetCommandLineA
GetVersionExA
GetModuleHandleA
GetStartupInfoA
TerminateProcess
GetEnvironmentStringsW
GetCPInfo
WideCharToMultiByte
LCMapStringA
LCMapStringW
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings

user32

DialogBoxParamA
MessageBoxA
wsprintfA
LoadKeyboardLayoutA
UnloadKeyboardLayout
GetDlgItem
LoadStringW
EndDialog
LoadStringA
IsWindowEnabled
IsDlgButtonChecked
UpdateWindow
SetDlgItemTextA
EnableWindow
CheckDlgButton
SetFocus
SetWindowTextA

advapi32

RegCreateKeyExA
RegSetValueExA
RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 831B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WB86/winwb86.IME
.dll windows:4 windows x86 arch:x86

308550880fd9dcc2e4877a507d06b256

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imm32

ImmSetOpenStatus
ImmReleaseContext
ImmCreateSoftKeyboard
ImmShowSoftKeyboard
ImmDestroySoftKeyboard
ImmGetConversionStatus
ImmGenerateMessage
ImmSetConversionStatus
ImmReSizeIMCC
ImmCreateIMCC
ImmDestroyIMCC
ImmGetConversionListA
ImmEscapeA
ImmGetContext
ImmSetStatusWindowPos
ImmLockIMCC
ImmLockIMC
ImmUnlockIMCC
ImmGetStatusWindowPos
ImmUnlockIMC

kernel32

OpenFileMappingA
GetSystemDirectoryA
DuplicateHandle
OpenProcess
GetCurrentProcess
SetEndOfFile
GetModuleFileNameA
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
LockResource
LoadResource
FindResourceA
GetVersionExA
FlushViewOfFile
lstrcmpiA
lstrlenA
lstrcpyA
GlobalLock
lstrcatA
ReadFile
GlobalFree
GlobalAlloc
CloseHandle
SetFilePointer
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
UnmapViewOfFile
GetFileSize
lstrcmpA
CreateFileMappingA
GetTempFileNameA
MapViewOfFile
GetTempPathA
WriteFile
GetTickCount
GetLastError
GetWindowsDirectoryA
GlobalUnlock

user32

SetFocus
EnumChildWindows
EnableWindow
SendMessageA
DrawTextA
CheckDlgButton
EndDialog
GetDlgItem
GetKeyboardLayoutList
BeginPaint
IsWindowVisible
DialogBoxParamA
MessageBoxA
GetKeyboardState
SystemParametersInfoA
GetSystemMetrics
RegisterClassExA
GetClassInfoExA
LoadImageA
DestroyIcon
UnregisterClassA
LoadStringA
GetClientRect
keybd_event
LoadMenuA
CharLowerBuffA
GetParent
SetDlgItemTextA
GetDlgItemTextA
GetTabbedTextExtentA
SendDlgItemMessageA
CheckRadioButton
IsCharUpperA
ToAscii
DestroyWindow
CheckMenuItem
RedrawWindow
UpdateWindow
InvalidateRect
CopyRect
WinHelpA
GetKeyboardLayout
GetMenu
TrackPopupMenu
GetSubMenu
EndPaint
DefWindowProcA
PtInRect
ReleaseCapture
GetWindowLongA
SetCapture
IntersectRect
SetWindowPos
LoadBitmapA
GetWindowRect
GetDC
GetCaretPos
ReleaseDC
MessageBeep
SetWindowLongA
ScreenToClient
CreateWindowExA
GetWindow
PostMessageA
ShowWindow
CallWindowProcA
ClientToScreen
wsprintfA
DestroyMenu
SetCursor
LoadCursorA
GetCursorPos

gdi32

DeleteObject
DeleteDC
SelectObject
CreateCompatibleDC
GetTextExtentPointA
ExtTextOutA
SetBkColor
SetTextColor
CreateFontIndirectA
GetObjectA
GetCurrentObject
GetStockObject
GetDeviceCaps
MoveToEx
BitBlt
CreatePen
PatBlt
CreateDCA
LineTo

comdlg32

GetOpenFileNameA
GetFileTitleA

advapi32

RegCreateKeyExA
RegSetValueExA
RegCreateKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

CandWndProc
CompWndProc
ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME
StatusWndProc
UIWndProc

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ShareDa
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sgroup
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WB86/winwb86.MB
WB86/下载说明.htm
.html .js polyglot
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

feb670a065283bcd7fb635b1d7eddf3d

Headers

File Characteristics

Imports

imm32

kernel32

user32

advapi32

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 1024B - Virtual size: 831B

.data Size: 9KB - Virtual size: 10KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 3KB

308550880fd9dcc2e4877a507d06b256

Headers

File Characteristics

Imports

imm32

kernel32

user32

gdi32

comdlg32

advapi32

Exports

Exports

Sections

.text Size: 95KB - Virtual size: 95KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 25KB

.ShareDa Size: 17KB - Virtual size: 17KB

.sgroup Size: 5KB - Virtual size: 5KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 1024B - Virtual size: 831B

.data
Size: 9KB - Virtual size: 10KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 25KB

.ShareDa
Size: 17KB - Virtual size: 17KB

.sgroup
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 8KB - Virtual size: 8KB