c170787c0ebf2585e3c788276e50f0e0

Sharing

Copy URL Twitter E-mail

General

Target

c170787c0ebf2585e3c788276e50f0e0
Size

1.6MB
MD5

c170787c0ebf2585e3c788276e50f0e0
SHA1

bba4002ecd88f1f778af40a83fd2793a77c77ac7
SHA256

4f0679741406c338542316250e4c2782e7ea3e6ad40a6b44ebcbd5218a67ea7e
SHA512

31df4413f9211dedf667f72640dea529f0d0a17a127c511f83ebbd9bcb99908805d5de4502e3fbab29e08d7023fd219179a8f9efd1786943ca121734a1e301fb
SSDEEP

49152:iuSz2tRetVRE2ZfSbnVjLBZku5ZdBRbL3552rExYP:9Sz2tR6bRFWLf/Rb3WEQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/freightms.EXE

Files

c170787c0ebf2585e3c788276e50f0e0
.rar
freightms.EXE
.exe windows:4 windows x86 arch:x86

0822234b27e1a9d93373a171d4980177

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord537
ord5875
ord5787
ord5788
ord755
ord470
ord3571
ord6199
ord941
ord5953
ord2642
ord3092
ord283
ord472
ord2859
ord1641
ord823
ord4710
ord6453
ord2575
ord6055
ord1776
ord4396
ord5290
ord3402
ord4424
ord3574
ord609
ord567
ord2302
ord3698
ord765
ord1105
ord3597
ord540
ord860
ord3259
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord2379
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord1200
ord858
ord5710
ord4202
ord845
ord1572
ord1158
ord1134
ord1199
ord1247
ord3953
ord1783
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord857
ord800
ord3098
ord4224
ord4234
ord2414
ord3663
ord3626
ord825
ord324
ord1168
ord1146
ord641
ord3619
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4079
ord4465
ord4673
ord1816
ord1576

msvcrt

_setmbcp
_ltoa
_mkdir
_fcloseall
_chdir
__CxxFrameHandler
fclose
fgets
fopen
sprintf
_mbscmp
fputs
atol
fwrite
fread
fgetc
fputc
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
memmove
fseek

kernel32

GetModuleHandleA
GetModuleFileNameA
GetTempPathA
GetLocalTime
GetSystemDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetWindowsDirectoryA
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
_llseek
_lread
GlobalAlloc
LocalAlloc
LocalFree
OpenFile
GlobalReAlloc
GlobalFree
GlobalLock
GlobalUnlock
_lclose
WinExec
DeleteFileA
GetStartupInfoA

user32

EnableWindow
SetTimer
KillTimer
MessageBoxA
SetDlgItemTextA
LoadIconA
DrawStateA
LoadBitmapA
GetClientRect
GetSystemMetrics
SendMessageA
IsIconic
PostQuitMessage
GetDC
DrawIcon

gdi32

SetDIBitsToDevice
PatBlt
Rectangle
SelectPalette
RealizePalette
DeleteObject
CreateFontIndirectA
CreatePalette

advapi32

RegQueryValueExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA

shell32

ShellExecuteA
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderLocation

comctl32

ord17

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantClear

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

0822234b27e1a9d93373a171d4980177

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 100KB - Virtual size: 99KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 100KB - Virtual size: 99KB