Avc[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Avc.exe
Size

7.8MB
MD5

9f6000733ad51ff5a95be62811855e5f
SHA1

7ff7d76aa4f0984b65c06f942530efd0160c9a0e
SHA256

34df26560bc85bd15133870be420b25782c037e5fdaba57d7c35080203ed251c
SHA512

32addd254dee4af155fe96d5e918c54f20798d0d23590a861cef0c2db1ac2569230846d8d9473855422b8dc2be2960905cf0198ba9a740b8bf38581ad0873460
SSDEEP

196608:NuBUad84j8rER0TAQGC3Lzec+OFy8fR0Vt22F9Q:NgUK8LTAEDPp+Vt22o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Avc.exe

Files

Avc.exe
.exe windows:5 windows x86 arch:x86

0aa8b7d3ae2fc23c21bb9a56a3bf53f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\4.0\T_综合脚本开发工具\Release\exebak.pdb

Imports

kernel32

GetConsoleCP
GetConsoleMode
LCMapStringW
WriteConsoleW
SetEnvironmentVariableA
GetOEMCP
GetACP
GetTimeZoneInformation
IsProcessorFeaturePresent
IsValidCodePage
GetStringTypeW
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
HeapSize
HeapQueryInformation
CreateThread
ExitThread
FindResourceW
GetFileType
SetStdHandle
RaiseException
RtlUnwind
HeapReAlloc
CreateDirectoryW
GetDateFormatW
GetTimeFormatW
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapAlloc
HeapFree
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
FindResourceExW
SetErrorMode
SearchPathW
GetNumberFormatW
GetWindowsDirectoryW
GetFileSizeEx
LocalFileTimeToFileTime
GetFileAttributesExW
FileTimeToLocalFileTime
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
MoveFileW
lstrcmpiW
InitializeCriticalSectionAndSpinCount
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
TlsGetValue
LocalAlloc
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
CreateEventW
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
lstrcmpA
GetProfileIntW
lstrlenA
GetDiskFreeSpaceW
GetFullPathNameW
GetTempFileNameW
GetFileTime
SetFileTime
ReplaceFileW
GetFileAttributesW
ReleaseActCtx
CreateActCtxW
SystemTimeToFileTime
FileTimeToSystemTime
GetThreadLocale
GlobalGetAtomNameW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetCurrentThreadId
FreeResource
GlobalFree
CopyFileW
GlobalAlloc
lstrcpyW
GetShortPathNameW
lstrcpynW
ExitProcess
SetCurrentDirectoryW
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
DeleteFileW
MulDiv
GlobalUnlock
GlobalLock
GlobalSize
GlobalReAlloc
ActivateActCtx
GetModuleHandleW
LoadLibraryW
DeactivateActCtx
SetLastError
InterlockedExchange
LocalFree
FreeLibrary
LoadLibraryExW
FormatMessageW
Sleep
MultiByteToWideChar
GetTickCount
GetTempPathW
GetTempPathA
WriteProcessMemory
GetCurrentProcess
ReadProcessMemory
VirtualProtect
GetProcAddress
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
CloseHandle
CreateFileW
ReadFile
WriteFile
SetFilePointer
GetFileSize
CreateFileA
AreFileApisANSI
LockResource
SetFileAttributesA
GetLastError
CreateDirectoryA
SizeofResource
WideCharToMultiByte
LoadResource

user32

LockWindowUpdate
GetKeyboardLayout
MapVirtualKeyExW
IsCharLowerW
GetNextDlgGroupItem
PostThreadMessageW
UnregisterClassW
CharNextW
InvalidateRgn
CopyAcceleratorTableW
SetParent
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetMenuDefaultItem
SetMenuDefaultItem
IsMenu
MonitorFromPoint
UpdateLayeredWindow
EnableScrollBar
UnionRect
CharUpperW
IsZoomed
NotifyWinEvent
MessageBeep
DeleteMenu
RealChildWindowFromPoint
SetLayeredWindowAttributes
EnumDisplayMonitors
GetMenuItemInfoW
DrawIconEx
GetSysColorBrush
DrawFocusRect
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
GetMessageW
ValidateRect
MapVirtualKeyW
GetKeyNameTextW
RegisterClipboardFormatW
SetWindowRgn
DrawIcon
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
CheckMenuItem
UnpackDDElParam
ReuseDDElParam
DestroyMenu
LoadAcceleratorsW
IsIconic
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
LoadImageW
CopyImage
GetIconInfo
DestroyIcon
SetRectEmpty
LoadMenuW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
SetCursorPos
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
CallWindowProcW
GetMenu
UnhookWindowsHookEx
EndPaint
BeginPaint
GetWindowDC
GetWindowThreadProcessId
GetLastActivePopup
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
EndDialog
DrawStateW
GetWindowTextLengthW
GetWindowTextW
SetFocus
SetWindowPos
IsWindowEnabled
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
CheckDlgButton
GetWindow
SendMessageW
GetWindowLongW
InvalidateRect
GetSysColor
GetWindowRect
GetMenuState
GetMenuStringW
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
CreateWindowExW
SetForegroundWindow
AppendMenuW
CreatePopupMenu
MessageBoxA
EnableMenuItem
GetMenuItemID
GetSystemMenu
LoadIconW
MessageBoxW
CopyIcon
SetClassLongW
DestroyAcceleratorTable
GetUpdateRect
GetKeyboardState
CreateAcceleratorTableW
HideCaret
CharUpperBuffW
WaitMessage
GetWindowRgn
DestroyCursor
CreateMenu
LoadBitmapW
UnregisterHotKey
RegisterHotKey
UpdateWindow
RedrawWindow
FindWindowExW
GetAsyncKeyState
SetWindowsHookExW
CallNextHookEx
WindowFromPoint
ClientToScreen
CopyRect
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
TrackPopupMenu
SubtractRect
GetClientRect
IsWindowVisible
GetSystemMetrics
ShowScrollBar
SetWindowLongW
EnableWindow
wsprintfA
wsprintfW
GetClassNameW
EnumChildWindows
SystemParametersInfoW
GetDC
ReleaseDC
FillRect
FrameRect
DrawEdge
InflateRect
DrawTextW
SetCursor
LoadCursorW
SetRect
IsWindow
GetClassInfoW
DefWindowProcW
GetParent
IntersectRect
GetKeyState
KillTimer
GetCursorPos
ScreenToClient
IsClipboardFormatAvailable
GetMessagePos
GetFocus
PostMessageW
PtInRect
InvertRect
SetCapture
ClipCursor
SetTimer
GetCapture
ReleaseCapture
TabbedTextOutW
DrawTextExW
GrayStringW
DrawFrameControl
IsRectEmpty
OffsetRect
TranslateMessage
DispatchMessageW
GetDoubleClickTime
ToUnicodeEx

gdi32

ExtSelectClipRgn
CreatePatternBrush
CreateBitmap
SelectPalette
GetObjectType
CreateHatchBrush
CreateEllipticRgn
DPtoLP
LPtoDP
Ellipse
SetRectRgn
GetMapMode
CreatePolygonRgn
GetTextColor
Polyline
Polygon
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CreateRoundRectRgn
RealizePalette
GetRgnBox
OffsetRgn
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
GetViewportOrgEx
PtInRegion
FrameRgn
GetBoundsRect
SetPixelV
GetTextFaceW
ExcludeClipRect
GetClipBox
SetMapMode
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
SetPixel
DeleteObject
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
Rectangle
RoundRect
PatBlt
GetTextMetricsW
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateFontW
CreatePen
BitBlt
GetBkColor
CreateCompatibleBitmap
GetDeviceCaps
GetCurrentObject
GetDIBColorTable
StretchBlt
CreateDIBSection
CreateCompatibleDC
SetDIBColorTable
SelectObject
DeleteDC
GetTextExtentPoint32W
CreateFontIndirectW
GetObjectW
GetStockObject
FillRgn
GetWindowOrgEx
CreateSolidBrush
CombineRgn
CreateRectRgnIndirect
IntersectClipRect

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegEnumValueW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
SetFileSecurityW
GetFileSecurityW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueW
RegEnumKeyW

shell32

SHFileOperationW
DragFinish
DragQueryFileW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteW
SHAppBarMessage
Shell_NotifyIconW
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW

comctl32

_TrackMouseEvent
InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathStripToRootW
PathFileExistsW
PathIsUNCW

ole32

CoFreeUnusedLibraries
OleUninitialize
CLSIDFromProgID
CreateStreamOnHGlobal
OleDraw
CLSIDFromString
OleDuplicateData
OleInitialize
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
DoDragDrop
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoCreateGuid
CoInitializeEx
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
CoRegisterMessageFilter
OleLockRunning
CoTaskMemAlloc
IsAccelerator
OleTranslateAccelerator
CoTaskMemFree
CoInitialize
CoUninitialize
OleRun
CoCreateInstance
OleDestroyMenuDescriptor
ReleaseStgMedium
OleCreateMenuDescriptor

oleaut32

VariantCopy
SysStringLen
SysAllocString
SafeArrayCreate
SafeArrayPutElement
VariantChangeType
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VarUdateFromDate
SafeArrayAccessData
SafeArrayUnaccessData
VarDateFromStr
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
VariantInit
SafeArrayCopy
SafeArrayGetElement
VarBstrFromDate
OleCreateFontIndirect
SysAllocStringLen
VariantClear
SysFreeString
GetErrorInfo

oledlg

OleUIBusyW

urlmon

UrlMkSetSessionOption

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromStream
GdiplusStartup
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown
GdipDrawImageRectI

wininet

InternetGetCookieExW

uxtheme

CloseThemeData
DrawThemeBackground
OpenThemeData

ws2_32

WSAGetLastError
htons
inet_addr
socket
WSACleanup
WSAStartup
getsockopt
select
connect
ioctlsocket
closesocket

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

mciSendStringW
PlaySoundW
mciGetErrorStringW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0aa8b7d3ae2fc23c21bb9a56a3bf53f1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

urlmon

gdiplus

wininet

uxtheme

ws2_32

oleacc

imm32

winmm

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 336KB - Virtual size: 336KB

.data Size: 27KB - Virtual size: 151KB

.rsrc Size: 5.8MB - Virtual size: 5.8MB

.reloc Size: 191KB - Virtual size: 191KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 336KB - Virtual size: 336KB

.data
Size: 27KB - Virtual size: 151KB

.rsrc
Size: 5.8MB - Virtual size: 5.8MB

.reloc
Size: 191KB - Virtual size: 191KB