c05d489112b0dcd6af92174d50b23a8a

Sharing

Copy URL

Twitter E-mail

General

Target

c05d489112b0dcd6af92174d50b23a8a
Size

73KB
MD5

c05d489112b0dcd6af92174d50b23a8a
SHA1

77108bdae069ee4f291155950d2701c51c624c44
SHA256

052f15250453f9ec90857dfbf70301dcf7030deeac6a3a57ae368fc9764987ec
SHA512

978667e0bcd4135d0a5fa32398492e5e5f47658cb5e0a5068b150d348f44c526716f3c3306e7acb9ec583eda69d51a447ddc3157899f7440c77ef0f01cc0a35d
SSDEEP

768:6YMqEp7FN3mmRFvkYV0IEshi/XU8gVc/2n1qhXzWhTpRzyf4SJsEbfED6nX30a7M:Gt/RR0dUi/Jge/24hXzaNRziJHXzf7o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c05d489112b0dcd6af92174d50b23a8a

Files

c05d489112b0dcd6af92174d50b23a8a
.exe windows:5 windows x86 arch:x86

f355a854bfd674849c8f802c0dbcb9a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Desktop\link(修复版)999\link(修复版)\Release\link.pdb

Imports

kernel32

MultiByteToWideChar
FindFirstFileA
lstrlenA
FindNextFileA
GetModuleFileNameA
GetTempPathA
CopyFileA
GetShortPathNameA
DeleteFileA
Sleep
GetShortPathNameW
LCMapStringW
HeapSize
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
HeapSetInformation
RaiseException
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
IsProcessorFeaturePresent
EncodePointer
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
WriteFile
GetStdHandle
GetModuleFileNameW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
HeapReAlloc

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f355a854bfd674849c8f802c0dbcb9a6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

ole32

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 448B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 448B

.reloc
Size: 5KB - Virtual size: 4KB