8f033d4e3e31f5d07d84b22387306678

Sharing

Copy URL Twitter E-mail

General

Target

8f033d4e3e31f5d07d84b22387306678
Size

214KB
MD5

8f033d4e3e31f5d07d84b22387306678
SHA1

6439992206fe5eaa1781dc8b273c9e2e2cafb950
SHA256

d64ba909e45baca65d48c229db540b0e79afc8af105416d0e8f3e7eb0bf0449f
SHA512

5a768b7d51c65aa4870bc8dcee525174943d2162f673f6495d98635ca7f2f7a24e387433eec1331ecc4dc56489a3cf3984b2d46a2605aafc6764cf5d38ffbfdb
SSDEEP

6144:vhlBJBaXbsoyJdE9K8pRE8Qi75o2kbNMhjE/XMHQ5rUBuhLY:5lD0goylaVlG6m/XMHQ5rUBuhLY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DPSetup.exe

Files

8f033d4e3e31f5d07d84b22387306678
.rar
DPSetup.exe
.exe windows:4 windows x86 arch:x86

39d0f6475f631fafd532dc41c56c128b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\DeskSoft\Internal\Components\Setup\Release\Setup.pdb

Imports

shlwapi

PathStripToRootA
SHDeleteKeyA

kernel32

GetSystemDirectoryA
GetWindowsDirectoryA
GetCurrentProcess
GetDiskFreeSpaceA
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
OpenProcess
ResumeThread
SetPriorityClass
GetCurrentThread
SetThreadPriority
CreateProcessA
lstrlenA
GetTempPathA
MultiByteToWideChar
GetVersionExA
GetModuleFileNameA
FlushFileBuffers
LCMapStringW
LCMapStringA
SetStdHandle
InitializeCriticalSection
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetSystemInfo
VirtualProtect
CreateDirectoryA
GetACP
GetLocaleInfoA
GetCPInfo
GetStringTypeW
GetStringTypeA
VirtualQuery
InterlockedExchange
LoadLibraryA
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
FindResourceA
LoadResource
LockResource
BeginUpdateResourceA
SizeofResource
UpdateResourceA
SetFilePointer
EndUpdateResourceA
CopyFileA
ReadFile
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
WriteFile
CloseHandle
UnmapViewOfFile
RemoveDirectoryA
FindFirstFileA
DeleteFileA
Sleep
FindNextFileA
FindClose
GetFileAttributesA
GetOEMCP
HeapSize
HeapReAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
GetSystemTimeAsFileTime
RtlUnwind
HeapFree
HeapAlloc
ExitThread
GetLastError
CreateThread
TerminateProcess
GetStartupInfoA
GetCommandLineA

user32

DestroyWindow
DialogBoxParamA
SystemParametersInfoA
FindWindowExA
GetWindowThreadProcessId
ExitWindowsEx
PostMessageA
LoadIconA
SetClassLongA
CreateDialogParamA
EnableWindow
SendDlgItemMessageA
SetDlgItemTextA
ShowWindow
EndDialog
LoadStringA
SetForegroundWindow
MessageBoxA
EnumChildWindows
GetWindowTextA
SetWindowTextA
PeekMessageA
DispatchMessageA
TranslateMessage
SendMessageA
GetDlgItemTextA
GetDlgItem
GetClientRect
MapWindowPoints
CreateWindowExA
SetWindowLongA
GetDC
ReleaseDC
MoveWindow
CreateIconFromResource
RegisterClassA
GetWindowLongA
BeginPaint
DrawTextA
GetFocus
DrawFocusRect
EndPaint
InvalidateRect
SetFocus
DefWindowProcA

gdi32

CreateFontA
CreateFontIndirectA
GetStockObject
SelectObject
SetBkMode
SetTextColor
DeleteObject

advapi32

RegCloseKey
GetUserNameA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegEnumValueA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

shell32

SHGetMalloc
SHChangeNotify
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHGetSpecialFolderLocation

ole32

CoCreateInstance
CoInitialize
CoUninitialize

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Readme.txt
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

39d0f6475f631fafd532dc41c56c128b

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 68KB - Virtual size: 66KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 32KB - Virtual size: 30KB

.text
Size: 68KB - Virtual size: 66KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 32KB - Virtual size: 30KB