6b67e930ada0446e96fe724fc8891cd1c370c40f5cc0779e6fe4fdc0d8b92b1f

Sharing

Copy URL Twitter E-mail

General

Target

6b67e930ada0446e96fe724fc8891cd1c370c40f5cc0779e6fe4fdc0d8b92b1f
Size

434KB
MD5

c68cba782fcd009b2a3a26dea5a9efc6
SHA1

ead098ebca84b7a915ce36abb8507f832091aa96
SHA256

6b67e930ada0446e96fe724fc8891cd1c370c40f5cc0779e6fe4fdc0d8b92b1f
SHA512

94e51508ec2a0f640f32497bde0b81395b8cc48a6409ae107b112997ad3ac60076ee1b91e29df10455e3c0ac58da72cb6c669a0a9965ceab8fdc3a8aa043d516
SSDEEP

12288:CUdbuleD8u2dXOdQH1BZ8dmPwmRoKQXiG6JFM9:CUdbuleDWw+16mPwmRoKFGoW9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b67e930ada0446e96fe724fc8891cd1c370c40f5cc0779e6fe4fdc0d8b92b1f

Files

6b67e930ada0446e96fe724fc8891cd1c370c40f5cc0779e6fe4fdc0d8b92b1f
.dll regsvr32 windows:5 windows x86 arch:x86

6ef48272d36bb140382a4a829b7e2c6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\zhanlue\haozip\bin\Win32\release\pdb\HaoZipExt32.pdb

Imports

kernel32

LoadLibraryExW
WaitForSingleObject
GetPrivateProfileStringW
CreateProcessW
GetExitCodeProcess
HeapFree
LoadLibraryW
HeapAlloc
GetProcessHeap
GetCurrentProcess
GetVersionExW
GetSystemDefaultLangID
GetFileAttributesW
FindFirstFileW
GetLongPathNameW
CreateFileW
GetFileAttributesExW
FindNextFileW
FindClose
CreateMutexW
ReleaseMutex
OpenMutexW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetACP
InitializeCriticalSection
ReadFile
SetFilePointer
GetCurrentThreadId
OpenProcess
LocalFree
GetEnvironmentVariableW
WriteFile
SetEndOfFile
GetFileSize
CreateDirectoryW
GetFullPathNameW
lstrlenW
GetTempPathW
DeleteFileW
lstrcmpiW
InterlockedExchangeAdd
GetFileSizeEx
GetCurrentProcessId
FormatMessageW
CreateEventW
SetEvent
ResetEvent
SetFilePointerEx
GetConsoleCP
FlushFileBuffers
GetConsoleMode
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
LCMapStringW
WriteConsoleW
HeapReAlloc
HeapSize
GetFileType
GetStdHandle
GetStringTypeW
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
InterlockedFlushSList
FreeLibrary
GetModuleHandleW
GetProcAddress
FindResourceW
LoadResource
DisableThreadLibraryCalls
MultiByteToWideChar
GetVersion
LeaveCriticalSection
EncodePointer
GetModuleFileNameW
EnterCriticalSection
SizeofResource
GlobalUnlock
WideCharToMultiByte
InterlockedIncrement
lstrcpynA
DeleteCriticalSection
GlobalLock
DecodePointer
RaiseException
CloseHandle
GetLastError
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
lstrcpynW
RtlUnwind
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx

user32

GetIconInfo
LoadStringW
GetDesktopWindow
wsprintfW
SetRect
GetDC
ReleaseDC
LoadImageW
CharNextW
GetMenuItemInfoW
InsertMenuItemW
GetMenuItemCount
CreatePopupMenu
DestroyIcon
IsMenu
SetMenuItemInfoW
DestroyMenu
GetMenuInfo
AppendMenuW
DrawIconEx

gdi32

CreateCompatibleBitmap
SelectObject
CreateDIBSection
CreateCompatibleDC
GetDIBits
DeleteDC
SetBkColor
ExtTextOutW
DeleteObject

advapi32

GetUserNameW
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetPathFromIDListW
DragQueryFileW
ShellExecuteW
SHGetSpecialFolderLocation
ShellExecuteExW

ole32

CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
ReleaseStgMedium
CoCreateInstance

oleaut32

VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ef48272d36bb140382a4a829b7e2c6f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 316KB - Virtual size: 316KB

.rdata Size: 78KB - Virtual size: 77KB

.data Size: 5KB - Virtual size: 9KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 316KB - Virtual size: 316KB

.rdata
Size: 78KB - Virtual size: 77KB

.data
Size: 5KB - Virtual size: 9KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 17KB - Virtual size: 17KB