bb81a85ea5c783d310d9501a332806dc

Sharing

Copy URL Twitter E-mail

General

Target

bb81a85ea5c783d310d9501a332806dc
Size

15.7MB
MD5

bb81a85ea5c783d310d9501a332806dc
SHA1

9d600eece26fdcda6da6676acdfa758b9841ab9e
SHA256

2d450efbd66e5421ed7435114323aaf5786e454d88bd3bb6c195c6531b366bd0
SHA512

eb3a156570490237fcccc0bb93be1bc4485940fdb8c351376532d8b4cf8cb15968f858a7946d3e3bc0da2f0e40ce190a867dc22955c6cb8ebb8b07389ccc7286
SSDEEP

393216:xUfymN40QcElyjnLj3AtjPVpsYQ/Q2YYYlX1Ov/R8:xU5zvQtxeclXwnu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/vck.exe

Files

bb81a85ea5c783d310d9501a332806dc
.rar
vck.exe
.exe windows:4 windows x86 arch:x86

91b8ee29821ffb7676f75075b60fc7e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord472
ord2414
ord283
ord5875
ord613
ord1640
ord6880
ord289
ord1146
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5579
ord5571
ord6061
ord5864
ord3596
ord3571
ord3693
ord5785
ord5678
ord2380
ord5794
ord5736
ord1641
ord6194
ord3619
ord860
ord755
ord2754
ord4023
ord5787
ord858
ord924
ord926
ord470
ord2860
ord2243
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord4407
ord5280
ord4425
ord3597
ord641
ord324
ord2302
ord4234
ord4710
ord1779
ord5953
ord535
ord2818
ord2614
ord922
ord5710
ord4055
ord1168
ord3081
ord3698
ord765
ord4673
ord537
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord5788
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord795
ord686
ord693
ord1134
ord3721
ord2582
ord4402
ord3370
ord3640
ord384
ord2862
ord2096
ord3996
ord2558
ord6453
ord4220
ord2584
ord3654
ord6215
ord2438
ord2455
ord6270
ord2863
ord1644
ord6907
ord3998
ord3317
ord2919
ord5683
ord3301
ord5572
ord6905
ord4278
ord2764
ord2915
ord6334
ord3452
ord2515
ord355
ord668
ord2781
ord2770
ord356
ord2452
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord4297
ord4133
ord3626
ord3663
ord2864
ord5981
ord2405
ord4284
ord323
ord609
ord640
ord3574
ord3402
ord4396
ord2575
ord1795
ord823
ord5053
ord540
ord3874
ord6199
ord800
ord5290
ord2859
ord2567
ord4123
ord4287
ord2379
ord4275
ord1802
ord616
ord825
ord567
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3922
ord2976
ord6374
ord5163
ord2385
ord5241
ord4398
ord1776
ord4078
ord6055
ord2578
ord4218
ord2023
ord3097
ord2411
ord1576

msvcrt

__CxxFrameHandler
_ftol
_mbscmp
exit
atoi
strtok
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_setmbcp

kernel32

GetSystemInfo
GetProcessAffinityMask
SetProcessAffinityMask
CreateToolhelp32Snapshot
Thread32First
OpenThread
ResumeThread
SuspendThread
Thread32Next
SetProcessWorkingSetSize
CreateDirectoryA
FindResourceA
SizeofResource
LoadResource
CreateFileA
LockResource
WriteFile
TerminateThread
OpenProcess
TerminateProcess
CreateThread
WinExec
WaitForSingleObject
DeleteFileA
CreatePipe
GetStartupInfoA
CreateProcessA
CloseHandle
ReadFile
Sleep
GetSystemDirectoryA
GetCurrentProcess
GetDiskFreeSpaceExA
lstrlenA
GetLocalTime
SetCurrentDirectoryA
GetDriveTypeA
GetProcAddress
GetModuleHandleA

user32

LoadBitmapA
GetClientRect
GetDC
InflateRect
OffsetRect
ReleaseDC
SetWindowPos
GetWindowRect
KillTimer
PtInRect
InvalidateRect
SetTimer
GetSysColor
GetSystemMetrics
MessageBoxIndirectA
IsWindow
RegisterWindowMessageA
UpdateWindow
GrayStringA
DrawTextA
TabbedTextOutA
FillRect
LoadImageA
GetIconInfo
CreateIconIndirect
DrawStateA
CopyRect
FrameRect
DrawFocusRect
ClientToScreen
WindowFromPoint
GetActiveWindow
LoadMenuA
GetSubMenu
IsWindowVisible
SetPropA
LoadIconA
EnumWindows
ShowWindow
SetForegroundWindow
GetPropA
GetParent
GetNextDlgTabItem
GetWindowLongA
RedrawWindow
ExitWindowsEx
DestroyIcon
EnableWindow
GetCursorPos
SendMessageA

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
CreateCompatibleBitmap
Rectangle
GetTextExtentPoint32A
CreateFontIndirectA
CreatePen
RoundRect
GetObjectA
CreateBitmap
GetPixel
SetPixel
DeleteObject
DeleteDC
BitBlt
CreateCompatibleDC
Escape
GetStockObject
SelectObject

advapi32

AdjustTokenPrivileges
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

shell32

SHCreateDirectoryExA
DragQueryFileA
ShellExecuteExA
Shell_NotifyIconA
ShellExecuteA
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA

comctl32

_TrackMouseEvent
ImageList_ReplaceIcon

shlwapi

PathFileExistsA

msimg32

GradientFill

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17.4MB - Virtual size: 17.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

91b8ee29821ffb7676f75075b60fc7e6

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

msimg32

Sections

.text Size: 68KB - Virtual size: 65KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 17.4MB - Virtual size: 17.4MB

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 17.4MB - Virtual size: 17.4MB