bde846e11a6c8755ee2757a923903c06

Sharing

Copy URL Twitter E-mail

General

Target

bde846e11a6c8755ee2757a923903c06
Size

1.4MB
MD5

bde846e11a6c8755ee2757a923903c06
SHA1

c261168dccc5ce97011d2b731ea9518e483db669
SHA256

11fe3d0f3b6ea6a1d1b4b242daa40a46178bde51497b89cb7e610edd92cbcc98
SHA512

1dd510f7fa194bcf2c9bb7c25bc1a90dc6b1c72bd8fdf3617284d8a58c589c9abdd5fb1792d8369b95196cf3ec2edc2fa08ef0174a9c428a1523c5c635a911a3
SSDEEP

24576:FjEJwREqlm9vck6r422AlHzbuYrftuE7/I6YwDb15yBshCLirV2C0lOm:FreqlYva12AlH/uefMk/IIjPCdOm

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/NetDiskDown/NetDiskDown.exe
unpack001/NetDiskDown/plugin/NetDiskDown.dll

Files

bde846e11a6c8755ee2757a923903c06
.rar
NetDiskDown/NetDiskDown.exe
.exe windows:4 windows x86 arch:x86

4ededdfb9cfdb06614cd34256cf3b2bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetModuleFileNameA
GetCurrentDirectoryA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetThreadPriority
GetCurrentThread
SetEvent
Sleep
WaitForSingleObject
CreateEventA
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
ExitProcess
HeapFree
RtlUnwind
HeapReAlloc
HeapAlloc
RaiseException
GetLastError
FindFirstFileA
FindNextFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
ResumeThread
CreateThread
TlsSetValue
TlsGetValue
ExitThread
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
WideCharToMultiByte
GetFileType
GetStartupInfoA
GetCurrentThreadId
TlsAlloc
SetLastError
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
HeapSize
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
SetFilePointer
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetACP
GetOEMCP
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
SetEndOfFile
SetCurrentDirectoryA
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetLocalTime
GetSystemTime
MoveFileA
DeleteFileA
SetVolumeLabelA
GetDriveTypeA
GetFileAttributesA
SetFileAttributesA
GetDiskFreeSpaceA
MultiByteToWideChar
EnterCriticalSection
GetModuleHandleA
FindResourceA
SizeofResource
LoadResource
LockResource
LeaveCriticalSection
DeleteCriticalSection
GetStdHandle
InitializeCriticalSection

user32

KillTimer
SetTimer
GetClassInfoA
LoadCursorA
RegisterClassA
GetSystemMetrics
CreateWindowExA
ShowWindow
UpdateWindow
GetClientRect
BeginPaint
EndPaint
PostQuitMessage
PostMessageA
DefWindowProcA
GetMessageA
TranslateMessage
DispatchMessageA
LoadBitmapA
MessageBoxA

gdi32

SelectObject
DeleteObject
CreateCompatibleDC
GetObjectA
DeleteDC
BitBlt

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

Exports

Exports

_Java_com_regexlab_j2e_Handler_loadResourceData@12
_Java_com_regexlab_j2e_Jar2ExeClassLoader_findClass@12
_Java_com_regexlab_j2e_Jar2ExeClassLoader_findResource@12
_Java_com_regexlab_j2e_Jar2ExeClassLoader_findResources@12
_Java_com_regexlab_j2e_SplashScreen_nativeAutoClose@12
_Java_com_regexlab_j2e_SplashScreen_nativeClose@8
_Java_com_regexlab_j2e_SplashScreen_nativeGetSplashScreen@8

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
NetDiskDown/plugin/JNDGetAllUrl.html
.html .vbs polyglot
NetDiskDown/plugin/JNDGetUrl.html
.html .vbs polyglot
NetDiskDown/plugin/NDGetAllUrl.html
.html .vbs polyglot
NetDiskDown/plugin/NDGetUrl.html
.html .vbs polyglot
NetDiskDown/plugin/NetDiskDown.dll
.dll regsvr32 windows:4 windows x86 arch:x86

bac569dad7e8a55e5660e7ecec25db5b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaWriteFile
__vbaLsetFixstr
__vbaSetSystemError
_adj_fdiv_m32
__vbaAryDestruct
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
ord520
_CIsin
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaAryConstruct2
DllFunctionCall
_adj_fpatan
__vbaFixstrConstruct
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
ord712
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
ord717
__vbaInStrVar
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaStrToAnsi
ord617
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NetDiskDown/plugin/删除IE右键.bat
NetDiskDown/plugin/添加IE右键.bat
NetDiskDown/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

4ededdfb9cfdb06614cd34256cf3b2bd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 158KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 1.4MB - Virtual size: 1.3MB

bac569dad7e8a55e5660e7ecec25db5b

Headers

File Characteristics

Imports

msvbvm60

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 856B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 684B

.text
Size: 160KB - Virtual size: 158KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 1.4MB - Virtual size: 1.3MB

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 856B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 684B