ec4428483ca86be94140d7d2d8511dffd44d77d2c32e54154992d9448bf48c0c

Sharing

Copy URL

Twitter E-mail

General

Target

ec4428483ca86be94140d7d2d8511dffd44d77d2c32e54154992d9448bf48c0c
Size

8.0MB
MD5

3f0a86e6b9bb3646e34adc9c0de46813
SHA1

c7bcd4912c82e015b49e84fd59537a304e1042de
SHA256

ec4428483ca86be94140d7d2d8511dffd44d77d2c32e54154992d9448bf48c0c
SHA512

c7115516550dd6776ac3de67ee05ea5def7765ee93850c869d4ca64a1d9f642f7b430701849fd13f9b47a575d91f9acf97417e32f35f475101071eb7ae2168d0
SSDEEP

196608:+mr07HgLCRvrJokfVyub1GXZ03dtUvJefToq55m3T9:ro7Hb31yPWLE9

Score

3^/10

qr link

Malware Config

Signatures

One or more HTTP URLs in qr code identified
Detects presence of HTTP links in QR codes.
qr link

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/冰凌五笔输入法_v12.3.6.231222_Setup/冰凌五笔输入法五笔86_v12.2.8.231110_Setup.exe
unpack001/冰凌五笔输入法_v12.3.6.231222_Setup/冰凌五笔输入法五笔98_v12.3.6.231222_Setup.exe
unpack001/冰凌五笔输入法_v12.3.6.231222_Setup/冰凌五笔输入法郑码版_v12.3.6.231222_Setup.exe

Files

ec4428483ca86be94140d7d2d8511dffd44d77d2c32e54154992d9448bf48c0c
.zip
冰凌五笔输入法_v12.3.6.231222_Setup/!关注微信 - 更多福利.png
.png
- http://weixin.qq.com/r/wii4oJjEU8UsrdzD933Q
冰凌五笔输入法_v12.3.6.231222_Setup/!果核剥壳 - 全网更新最快.url
.url
冰凌五笔输入法_v12.3.6.231222_Setup/冰凌五笔输入法五笔86_v12.2.8.231110_Setup.exe
.exe windows:6 windows x86 arch:x86

371d1af900b2a267d407c4b5f2c652cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Icesofts\IIME\Iimwiz\Release\Iimwiz.pdb

Imports

kernel32

DecodePointer
GetSystemInfo
lstrcatW
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
DeleteFileW
LocalFree
SetFileAttributesW
lstrcpyW
CreateMutexW
FindFirstFileW
MapViewOfFile
UnmapViewOfFile
Sleep
ReadFile
WritePrivateProfileStringW
FindClose
CreateFileMappingW
FindNextFileW
ReleaseMutex
GetDriveTypeW
FlushInstructionCache
SetLastError
lstrcmpiA
DeviceIoControl
GlobalReAlloc
CreateThread
GlobalFree
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LoadLibraryExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
lstrcmpW
GetModuleFileNameA
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
GetOEMCP
GetACP
IsValidCodePage
LCMapStringW
GetStartupInfoW
TlsFree
EnterCriticalSection
HeapSize
GetProcAddress
GetLastError
VerifyVersionInfoW
RaiseException
GlobalUnlock
lstrlenW
InitializeCriticalSectionEx
MultiByteToWideChar
CreateFileW
GetModuleFileNameW
MulDiv
LeaveCriticalSection
HeapReAlloc
LoadLibraryW
GlobalAlloc
WriteFile
GetProcessHeap
GetModuleHandleW
GlobalLock
CreateDirectoryW
HeapFree
GetCurrentProcess
MoveFileExW
VerSetConditionMask
HeapAlloc
FreeLibrary
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
EncodePointer
GetStringTypeW
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
SetNamedPipeHandleState
WideCharToMultiByte
WaitNamedPipeW
PeekNamedPipe
QueryPerformanceCounter

user32

ReleaseDC
CreateWindowExW
MessageBoxW
SendMessageW
LoadImageW
DialogBoxIndirectParamW
GetDlgItem
SetWindowLongW
EndDialog
SendDlgItemMessageW
ShowWindow
GetActiveWindow
GetDlgItemTextW
SetDlgItemTextW
EnableWindow
GetDlgCtrlID
SetWindowTextW
ExitWindowsEx
MapDialogRect
UnregisterClassW
wsprintfW
GetDC

gdi32

SetBkColor
DeleteObject
CreateSolidBrush
CreateFontIndirectW
GetDeviceCaps
GetObjectW
SetTextColor

advapi32

RegOpenKeyExW
RegCreateKeyExW
ControlService
RegDeleteTreeW
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyW
RegQueryValueExW

shell32

ord75
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHFileOperationW
SHChangeNotify
SHBrowseForFolderW

ole32

CoInitializeEx
CoCreateInstance
CoInitialize
CoTaskMemFree
CLSIDFromString
CoUninitialize

shlwapi

PathRemoveFileSpecW
PathAppendW
PathFileExistsW
PathFindFileNameW
StrStrW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comctl32

ord17

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
冰凌五笔输入法_v12.3.6.231222_Setup/冰凌五笔输入法五笔98_v12.3.6.231222_Setup.exe
.exe windows:6 windows x86 arch:x86

ebcf063ff33ad33fb75bca1e1cf2296b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Icesofts\IIME\Iimwiz\Release\Iimwiz.pdb

Imports

kernel32

VerSetConditionMask
GetProcessHeap
GetModuleHandleW
FreeLibrary
lstrcpyW
VerifyVersionInfoW
lstrcmpiW
GlobalUnlock
lstrcmpW
MulDiv
ReadFile
FindFirstFileW
WritePrivateProfileStringW
FindNextFileW
CreateMutexW
FindClose
ReleaseMutex
UnmapViewOfFile
GetSystemDefaultLangID
Sleep
CreateFileMappingW
MapViewOfFile
SetLastError
DeviceIoControl
RaiseException
CreateThread
GetDriveTypeW
GlobalReAlloc
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
SetStdHandle
DeleteCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
LCMapStringW
CloseHandle
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
MoveFileExW
LocalFree
GlobalLock
GetProcAddress
DecodePointer
HeapAlloc
LoadLibraryW
GetSystemInfo
HeapReAlloc
GlobalFree
DeleteFileW
GlobalAlloc
lstrcatW
GetLastError
MultiByteToWideChar
SetFileAttributesW
HeapSize
GetCurrentThreadId
CreateDirectoryW
CreateFileW
InitializeCriticalSectionEx
LeaveCriticalSection
GetModuleFileNameW
WriteFile
lstrlenW
GetCurrentProcess
EnterCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
WaitNamedPipeW
WideCharToMultiByte
PeekNamedPipe
HeapFree
GetFileType
SetNamedPipeHandleState
WriteConsoleW

user32

ReleaseDC
wsprintfW
MapDialogRect
EndDialog
SetWindowTextW
GetActiveWindow
ShowWindow
GetDlgCtrlID
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
DialogBoxIndirectParamW
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowLongW
GetDlgItem
LoadImageW
EnableWindow
ExitWindowsEx
GetDC
MessageBoxW
CreateWindowExW
SendMessageW
UnregisterClassW

gdi32

SetTextColor
SetBkColor
DeleteObject
CreateSolidBrush
GetDeviceCaps
GetObjectW
CreateFontIndirectW

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
DeleteService
ControlService
RegDeleteTreeW
StartServiceW
OpenServiceW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW

shell32

ord75
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHChangeNotify
SHFileOperationW
CommandLineToArgvW

ole32

CoInitializeEx
CLSIDFromString
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance

shlwapi

StrChrW
PathFileExistsW
PathFindFileNameW
StrStrW
PathAppendW
PathRemoveFileSpecW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

ord17

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
冰凌五笔输入法_v12.3.6.231222_Setup/冰凌五笔输入法郑码版_v12.3.6.231222_Setup.exe
.exe windows:6 windows x86 arch:x86

ebcf063ff33ad33fb75bca1e1cf2296b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Icesofts\IIME\Iimwiz\Release\Iimwiz.pdb

Imports

kernel32

VerSetConditionMask
GetProcessHeap
GetModuleHandleW
FreeLibrary
lstrcpyW
VerifyVersionInfoW
lstrcmpiW
GlobalUnlock
lstrcmpW
MulDiv
ReadFile
FindFirstFileW
WritePrivateProfileStringW
FindNextFileW
CreateMutexW
FindClose
ReleaseMutex
UnmapViewOfFile
GetSystemDefaultLangID
Sleep
CreateFileMappingW
MapViewOfFile
SetLastError
DeviceIoControl
RaiseException
CreateThread
GetDriveTypeW
GlobalReAlloc
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
SetStdHandle
DeleteCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
LCMapStringW
CloseHandle
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
MoveFileExW
LocalFree
GlobalLock
GetProcAddress
DecodePointer
HeapAlloc
LoadLibraryW
GetSystemInfo
HeapReAlloc
GlobalFree
DeleteFileW
GlobalAlloc
lstrcatW
GetLastError
MultiByteToWideChar
SetFileAttributesW
HeapSize
GetCurrentThreadId
CreateDirectoryW
CreateFileW
InitializeCriticalSectionEx
LeaveCriticalSection
GetModuleFileNameW
WriteFile
lstrlenW
GetCurrentProcess
EnterCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
WaitNamedPipeW
WideCharToMultiByte
PeekNamedPipe
HeapFree
GetFileType
SetNamedPipeHandleState
WriteConsoleW

user32

ReleaseDC
wsprintfW
MapDialogRect
EndDialog
SetWindowTextW
GetActiveWindow
ShowWindow
GetDlgCtrlID
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
DialogBoxIndirectParamW
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowLongW
GetDlgItem
LoadImageW
EnableWindow
ExitWindowsEx
GetDC
MessageBoxW
CreateWindowExW
SendMessageW
UnregisterClassW

gdi32

SetTextColor
SetBkColor
DeleteObject
CreateSolidBrush
GetDeviceCaps
GetObjectW
CreateFontIndirectW

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
DeleteService
ControlService
RegDeleteTreeW
StartServiceW
OpenServiceW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW

shell32

ord75
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHChangeNotify
SHFileOperationW
CommandLineToArgvW

ole32

CoInitializeEx
CLSIDFromString
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance

shlwapi

StrChrW
PathFileExistsW
PathFindFileNameW
StrStrW
PathAppendW
PathRemoveFileSpecW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

ord17

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

371d1af900b2a267d407c4b5f2c652cc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

version

comctl32

Sections

.text Size: 95KB - Virtual size: 94KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 7KB - Virtual size: 6KB

ebcf063ff33ad33fb75bca1e1cf2296b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

version

comctl32

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 3KB - Virtual size: 7KB

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 7KB - Virtual size: 6KB

ebcf063ff33ad33fb75bca1e1cf2296b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

version

comctl32

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 3KB - Virtual size: 7KB

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 95KB - Virtual size: 94KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 7KB - Virtual size: 6KB