a9b2b75c3d56c2ce7135707dfafa8151

Sharing

Copy URL Twitter E-mail

General

Target

a9b2b75c3d56c2ce7135707dfafa8151
Size

3.9MB
MD5

a9b2b75c3d56c2ce7135707dfafa8151
SHA1

8f80d73f1fd2d3fcb645d8239aebe8f8f6471b8a
SHA256

e4c9f1d6ccffc7229f981f94057948bcaf5b32f4fdf344a7cb8a50b3f265e15b
SHA512

e46f642224ac21e44938d0296cfd1f3495bd32a02acee5389b9bb00d6e1639fa1fc5a310bb3f40eec4924c89dcdd62b2b683b3485815d86d04e36981b108fa70
SSDEEP

49152:ysfwPbIviKnS98d5FtKRYCK9y2f3DxtCoQR7o2e39JUDoQrvYrjpk8PltSZbFFp7:p3S9W7wgy2PtczGDPpk8tYDe/VUAo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9b2b75c3d56c2ce7135707dfafa8151

Files

a9b2b75c3d56c2ce7135707dfafa8151
.exe windows:4 windows x86 arch:x86

685f51ceb4b13c8ed4698fa1373d37d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

i:\自动编译_1.65\HummerPack\QQ1.65_2237\AutoProject\HummerSetup.pdb

Imports

shell32

SHFileOperationW
CommandLineToArgvW
SHGetPathFromIDListW
ShellExecuteW
Shell_NotifyIconW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetSpecialFolderLocation

msi

ord141
ord70
ord169
ord32
ord160
ord159
ord92
ord137
ord88
ord8
ord195
ord118

netapi32

Netbios

advapi32

QueryServiceStatusEx
RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
StartServiceW
OpenServiceW
ChangeServiceConfigW
RegDeleteValueW
RegSetValueExW
RegCreateKeyW
CloseServiceHandle
RegCloseKey
OpenSCManagerW
QueryServiceStatus
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
QueryServiceConfigW

shlwapi

PathStripToRootW
PathAppendW
PathFileExistsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

EnumProcessModules
GetModuleFileNameExW

ws2_32

htonl
htons
WSACleanup
send
inet_addr
closesocket
gethostbyname
WSAStartup
connect
socket
inet_ntoa
recv

kernel32

FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
HeapDestroy
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
GetCPInfo
GetStringTypeW
GetStringTypeA
ExitProcess
RtlUnwind
GetStartupInfoW
FormatMessageW
LocalFree
GetLastError
GetSystemDirectoryW
GetVersionExW
SetFileAttributesW
LeaveCriticalSection
CreateProcessW
GetModuleFileNameW
EnterCriticalSection
FindFirstFileW
CloseHandle
CreateMutexW
GetCurrentDirectoryW
GetFileAttributesW
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
VirtualFree
VirtualAlloc
FreeResource
GetDriveTypeW
FindResourceW
LoadResource
CreateDirectoryW
SizeofResource
ReadFile
CreateFileW
MultiByteToWideChar
LockResource
GlobalLock
GlobalUnlock
GlobalAlloc
Sleep
CopyFileW
CreateThread
SuspendThread
GetPrivateProfileStringW
LoadLibraryW
MoveFileExW
GetProcAddress
RemoveDirectoryW
FindClose
GetPrivateProfileIntW
WideCharToMultiByte
GetDiskFreeSpaceExW
FreeLibrary
FindNextFileW
DeleteFileW
ResumeThread
GetTickCount
GetWindowsDirectoryW
WritePrivateProfileStringW
QueryPerformanceFrequency
QueryPerformanceCounter
MoveFileW
IsBadWritePtr
IsBadReadPtr
DeleteFileA
lstrcatA
GetACP
lstrcmpW
Process32FirstW
RemoveDirectoryA
CreateToolhelp32Snapshot
Process32NextW
WaitForSingleObject
lstrcmpiW
TerminateProcess
OpenProcess
SetFilePointer
LoadLibraryA
VirtualQuery
GetCurrentProcess
GetModuleFileNameA
GetModuleHandleA
GetCommandLineW
GetModuleHandleW
GetSystemTimeAsFileTime
GetProcessTimes
GetCurrentProcessId
GetProcessAffinityMask
SetProcessAffinityMask
RaiseException
InterlockedIncrement
InterlockedDecrement
GetVersion
DeviceIoControl
CreatePipe
DuplicateHandle
GetStdHandle
GetProcessHeap
GetVersionExA
HeapSize
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapAlloc
HeapFree
InterlockedExchange
InterlockedCompareExchange
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CreateFileA
SetEndOfFile
GetThreadLocale
WriteFile
LocalAlloc

user32

GetActiveWindow
LoadBitmapW
GetDC
CallNextHookEx
EndPaint
ExitWindowsEx
RegisterClassExW
GetClassInfoExW
GetDesktopWindow
CharLowerA
SetCursor
EnumWindows
SetDlgItemTextW
GetWindowThreadProcessId
PtInRect
CharNextW
GetWindowRect
CreateDialogParamW
GetDlgCtrlID
OffsetRect
DestroyWindow
SetWindowPos
GetClientRect
PostMessageW
DrawTextW
GetWindowTextW
SetTimer
ShowWindow
DefWindowProcW
DialogBoxParamW
GetClassNameW
GetKeyState
DrawIconEx
MapVirtualKeyW
GetWindow
SetWindowRgn
SetWindowsHookExW
UnhookWindowsHookEx
BeginPaint
GetParent
TrackMouseEvent
GetDlgItem
SetWindowTextW
EnableWindow
TranslateMessage
LoadAcceleratorsW
DispatchMessageW
EndDialog
MessageBoxW
TranslateAcceleratorW
GetMessageW
SendMessageW
ReleaseCapture
DestroyIcon
LoadImageW
InvalidateRect
KillTimer
UpdateWindow
CreateWindowExW
IsWindow
GetFocus
GetDlgItemTextW
SetFocus
SetClassLongW
PostQuitMessage
ScreenToClient
GetWindowDC
GetCursorPos
ReleaseDC
LoadCursorW
IsWindowVisible
SetWindowLongW
GetWindowLongW
BringWindowToTop

gdi32

CreateFontW
CreateCompatibleDC
CombineRgn
SetBkColor
OffsetRgn
CreateRectRgn
BitBlt
CreateCompatibleBitmap
GetStockObject
DeleteObject
SelectObject
DeleteDC
GetTextExtentExPointW
GetTextExtentPointW
SetTextColor
SetBkMode

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
StringFromCLSID

oleaut32

SysStringLen
SysFreeString
SysAllocString

Sections

.text
Size: 424KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41.5MB - Virtual size: 41.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

685f51ceb4b13c8ed4698fa1373d37d4

Headers

File Characteristics

PDB Paths

Imports

shell32

msi

netapi32

advapi32

shlwapi

version

psapi

ws2_32

kernel32

user32

gdi32

ole32

oleaut32

Sections

.text Size: 424KB - Virtual size: 421KB

.rdata Size: 84KB - Virtual size: 80KB

.data Size: 12KB - Virtual size: 437KB

.rsrc Size: 41.5MB - Virtual size: 41.5MB

.text
Size: 424KB - Virtual size: 421KB

.rdata
Size: 84KB - Virtual size: 80KB

.data
Size: 12KB - Virtual size: 437KB

.rsrc
Size: 41.5MB - Virtual size: 41.5MB