c432d1832aaa463fc08124a993960640

Sharing

Copy URL Twitter E-mail

General

Target

c432d1832aaa463fc08124a993960640
Size

175KB
MD5

c432d1832aaa463fc08124a993960640
SHA1

0e6dbbd706e59f41bda061d6cb6c78d9755eae4d
SHA256

fb94de4be3e7c14bfc2f6b34d23d1b45f253182b49f2fe618c6c7c43aa0db080
SHA512

6d3e422e587a97e417b6c14dbcc77e01b043afa64f578ba8a872bf2159fb7450ff0d6e14d2fbcafe8a42b74d97b298c0d21fd071dc92c52d3bc9a478e00ba7c5
SSDEEP

3072:Mh5oL2giJRMxL1xQbyBt2S0KuB8gwnad553JRdTV8:QoLBiJRMxL1xay32SZZJa5Th8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c432d1832aaa463fc08124a993960640

Files

c432d1832aaa463fc08124a993960640
.exe windows:5 windows x86 arch:x86

7d7ceb32a7ae605e2811bc52a7596cef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\project\网系表单任务系统\X2\Release\XXService.pdb

Imports

kernel32

CreateMutexW
DeleteFileW
GetTempPathW
SetEvent
WaitForSingleObject
ResetEvent
CloseHandle
CreateEventW
SetFileAttributesW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetLastError
GetSystemDirectoryW
InitializeCriticalSection
InterlockedCompareExchange
CreateFileA
GetLocaleInfoW
ReadFile
GetProcessHeap
SetEndOfFile
WriteConsoleW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapFree
GetStartupInfoW
HeapAlloc
RaiseException
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
HeapSize
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
CreateFileW
SetStdHandle
FlushFileBuffers
InterlockedExchange
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
GetModuleHandleA

advapi32

RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
CryptGetHashParam
CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
SetServiceStatus

shell32

ShellExecuteW

ole32

CoCreateGuid

shlwapi

PathFileExistsW

urlmon

URLDownloadToFileW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d7ceb32a7ae605e2811bc52a7596cef

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ole32

shlwapi

urlmon

version

Sections

.text Size: 134KB - Virtual size: 134KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 1024B - Virtual size: 600B

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 134KB - Virtual size: 134KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 1024B - Virtual size: 600B

.reloc
Size: 9KB - Virtual size: 9KB