bab893863b2a1764b52050bd62d3e8cc

Sharing

Copy URL Twitter E-mail

General

Target

bab893863b2a1764b52050bd62d3e8cc
Size

2.2MB
MD5

bab893863b2a1764b52050bd62d3e8cc
SHA1

19c805c7e2996751446cc47fbb3a0e813e2947c7
SHA256

e3475ff54d1396310058cf435243c6428559e60c4deb61d381b94844066943f6
SHA512

ec9954677d7dcfc78472fe14b3dbaa146e07e5b6a59cf83fc8875131c600a480df0127b8c3a2e98bb834ba690564bd04fea154e6c734abdfc46e3daee9f02928
SSDEEP

49152:ysfwPbIviKnS98d5FtKRYCK9y2f3DxtCoQR7o2e39JUDC:p3S9W7wgy2PtczG7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bab893863b2a1764b52050bd62d3e8cc

Files

bab893863b2a1764b52050bd62d3e8cc
.exe windows:4 windows x86 arch:x86

685f51ceb4b13c8ed4698fa1373d37d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

i:\自动编译_1.65\HummerPack\QQ1.65_2237\AutoProject\HummerSetup.pdb

Imports

shell32

SHFileOperationW
CommandLineToArgvW
SHGetPathFromIDListW
ShellExecuteW
Shell_NotifyIconW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetSpecialFolderLocation

msi

ord141
ord70
ord169
ord32
ord160
ord159
ord92
ord137
ord88
ord8
ord195
ord118

netapi32

Netbios

advapi32

QueryServiceStatusEx
RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
StartServiceW
OpenServiceW
ChangeServiceConfigW
RegDeleteValueW
RegSetValueExW
RegCreateKeyW
CloseServiceHandle
RegCloseKey
OpenSCManagerW
QueryServiceStatus
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
QueryServiceConfigW

shlwapi

PathStripToRootW
PathAppendW
PathFileExistsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

EnumProcessModules
GetModuleFileNameExW

ws2_32

htonl
htons
WSACleanup
send
inet_addr
closesocket
gethostbyname
WSAStartup
connect
socket
inet_ntoa
recv

kernel32

FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
HeapDestroy
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
GetCPInfo
GetStringTypeW
GetStringTypeA
ExitProcess
RtlUnwind
GetStartupInfoW
FormatMessageW
LocalFree
GetLastError
GetSystemDirectoryW
GetVersionExW
SetFileAttributesW
LeaveCriticalSection
CreateProcessW
GetModuleFileNameW
EnterCriticalSection
FindFirstFileW
CloseHandle
CreateMutexW
GetCurrentDirectoryW
GetFileAttributesW
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
VirtualFree
VirtualAlloc
FreeResource
GetDriveTypeW
FindResourceW
LoadResource
CreateDirectoryW
SizeofResource
ReadFile
CreateFileW
MultiByteToWideChar
LockResource
GlobalLock
GlobalUnlock
GlobalAlloc
Sleep
CopyFileW
CreateThread
SuspendThread
GetPrivateProfileStringW
LoadLibraryW
MoveFileExW
GetProcAddress
RemoveDirectoryW
FindClose
GetPrivateProfileIntW
WideCharToMultiByte
GetDiskFreeSpaceExW
FreeLibrary
FindNextFileW
DeleteFileW
ResumeThread
GetTickCount
GetWindowsDirectoryW
WritePrivateProfileStringW
QueryPerformanceFrequency
QueryPerformanceCounter
MoveFileW
IsBadWritePtr
IsBadReadPtr
DeleteFileA
lstrcatA
GetACP
lstrcmpW
Process32FirstW
RemoveDirectoryA
CreateToolhelp32Snapshot
Process32NextW
WaitForSingleObject
lstrcmpiW
TerminateProcess
OpenProcess
SetFilePointer
LoadLibraryA
VirtualQuery
GetCurrentProcess
GetModuleFileNameA
GetModuleHandleA
GetCommandLineW
GetModuleHandleW
GetSystemTimeAsFileTime
GetProcessTimes
GetCurrentProcessId
GetProcessAffinityMask
SetProcessAffinityMask
RaiseException
InterlockedIncrement
InterlockedDecrement
GetVersion
DeviceIoControl
CreatePipe
DuplicateHandle
GetStdHandle
GetProcessHeap
GetVersionExA
HeapSize
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapAlloc
HeapFree
InterlockedExchange
InterlockedCompareExchange
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CreateFileA
SetEndOfFile
GetThreadLocale
WriteFile
LocalAlloc

user32

GetActiveWindow
LoadBitmapW
GetDC
CallNextHookEx
EndPaint
ExitWindowsEx
RegisterClassExW
GetClassInfoExW
GetDesktopWindow
CharLowerA
SetCursor
EnumWindows
SetDlgItemTextW
GetWindowThreadProcessId
PtInRect
CharNextW
GetWindowRect
CreateDialogParamW
GetDlgCtrlID
OffsetRect
DestroyWindow
SetWindowPos
GetClientRect
PostMessageW
DrawTextW
GetWindowTextW
SetTimer
ShowWindow
DefWindowProcW
DialogBoxParamW
GetClassNameW
GetKeyState
DrawIconEx
MapVirtualKeyW
GetWindow
SetWindowRgn
SetWindowsHookExW
UnhookWindowsHookEx
BeginPaint
GetParent
TrackMouseEvent
GetDlgItem
SetWindowTextW
EnableWindow
TranslateMessage
LoadAcceleratorsW
DispatchMessageW
EndDialog
MessageBoxW
TranslateAcceleratorW
GetMessageW
SendMessageW
ReleaseCapture
DestroyIcon
LoadImageW
InvalidateRect
KillTimer
UpdateWindow
CreateWindowExW
IsWindow
GetFocus
GetDlgItemTextW
SetFocus
SetClassLongW
PostQuitMessage
ScreenToClient
GetWindowDC
GetCursorPos
ReleaseDC
LoadCursorW
IsWindowVisible
SetWindowLongW
GetWindowLongW
BringWindowToTop

gdi32

CreateFontW
CreateCompatibleDC
CombineRgn
SetBkColor
OffsetRgn
CreateRectRgn
BitBlt
CreateCompatibleBitmap
GetStockObject
DeleteObject
SelectObject
DeleteDC
GetTextExtentExPointW
GetTextExtentPointW
SetTextColor
SetBkMode

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
StringFromCLSID

oleaut32

SysStringLen
SysFreeString
SysAllocString

Sections

.text
Size: 424KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41.5MB - Virtual size: 41.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

685f51ceb4b13c8ed4698fa1373d37d4

Headers

File Characteristics

PDB Paths

Imports

shell32

msi

netapi32

advapi32

shlwapi

version

psapi

ws2_32

kernel32

user32

gdi32

ole32

oleaut32

Sections

.text Size: 424KB - Virtual size: 421KB

.rdata Size: 84KB - Virtual size: 80KB

.data Size: 12KB - Virtual size: 437KB

.rsrc Size: 41.5MB - Virtual size: 41.5MB

.text
Size: 424KB - Virtual size: 421KB

.rdata
Size: 84KB - Virtual size: 80KB

.data
Size: 12KB - Virtual size: 437KB

.rsrc
Size: 41.5MB - Virtual size: 41.5MB