8ef0767b67b186c85d6d67de423987d1

General

Target

8ef0767b67b186c85d6d67de423987d1
Size

1.8MB
MD5

8ef0767b67b186c85d6d67de423987d1
SHA1

400f05293a6022beafc07245c7c6693d52284981
SHA256

1dffe05f0c3b18ed07fca2ae7941a0cc9386005a3332a48d6e948c33f0639797
SHA512

bf6306cc477889e22702f26180a8c6c9e27a69cc93874dbfd1aa3c14a2bc2ed5eecbe3237d34ca575bebd14282de1d8abec770898132273c74fbe71da4f13e39
SSDEEP

49152:KlJtlMwfGDmGnaKKrRezozs/mlh3rXpLV8MUWUZ0Jrt:KHfMwfGDvnJmOcBXP8M2y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QQ农场良民v6.1.exe

Files

8ef0767b67b186c85d6d67de423987d1
.rar
QQ农场良民v6.1.exe
.exe windows:4 windows x86 arch:x86

de6185b8cdae1e84cb8f9add0b5f8afc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

lstrcatA
InitializeCriticalSection
GetProcAddress
LocalFree
RaiseException
LocalAlloc
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
GetShortPathNameA
ResumeThread
WriteProcessMemory
GetPrivateProfileSectionA
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

user32

DefWindowProcA
AdjustWindowRectEx

Sections

0
Size: 512B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2
Size: 235KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

4
Size: 45KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6
Size: 7KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
新云软件.url
.url
软件说明.txt

Sharing

General

Malware Config

Signatures

Files

de6185b8cdae1e84cb8f9add0b5f8afc

Headers

File Characteristics

Imports

kernel32

user32

Sections

0 Size: 512B - Virtual size: 556B

1 Size: 512B - Virtual size: 404B

2 Size: 235KB - Virtual size: 393KB

3 Size: 65KB - Virtual size: 64KB

4 Size: 45KB - Virtual size: 70KB

5 Size: 3KB - Virtual size: 3KB

6 Size: 7KB - Virtual size: 28KB

0
Size: 512B - Virtual size: 556B

1
Size: 512B - Virtual size: 404B

2
Size: 235KB - Virtual size: 393KB

3
Size: 65KB - Virtual size: 64KB

4
Size: 45KB - Virtual size: 70KB

5
Size: 3KB - Virtual size: 3KB

6
Size: 7KB - Virtual size: 28KB