c440db16dd67419bdb05058d3f0cdc9a

Sharing

Copy URL Twitter E-mail

General

Target

c440db16dd67419bdb05058d3f0cdc9a
Size

2.3MB
MD5

c440db16dd67419bdb05058d3f0cdc9a
SHA1

57e58ef540493da1a53153aaabae40bc149258c2
SHA256

d7e747f7d99bdc9cb5ee9fb0dcfe0e34e22ef07d9c1ec86a508ab5859815242c
SHA512

8ec4df379d2603a79aa9a979ef91b16e66957600e839b2add14e50ed522f761a08a4bf2dc51cfee813322d71876b09608abfe781145a04b7d03060951fd33a64
SSDEEP

49152:zo5X2iF2J07ofboFSd8loFqm1VVHRlSgJPWpwK+ElP+MMtPozRbOMz:AGI2a7o0Ud8lgqeHPSLblP+MMJozlTz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/灰鸽子2007/H_Client.exe

Files

c440db16dd67419bdb05058d3f0cdc9a
.rar
灰鸽子2007/H_Client.exe
.exe windows:4 windows x86 arch:x86

a7333743ef063a68d1d860bbdf1c328e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
VirtualAlloc

Sections

.pelock
Size: 855KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pelock
Size: 21KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pelock
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pelock
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pelock
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pelock
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
灰鸽子2007/SOUND/downfile.wav
灰鸽子2007/SOUND/login.wav
灰鸽子2007/SOUND/offline.wav
灰鸽子2007/SOUND/setting.wav
灰鸽子2007/SOUND/upfile.wav
灰鸽子2007/安装说明.url
.url
灰鸽子2007/版本更新说明.txt
灰鸽子2007/用户协议.doc
.doc windows office2003

Sharing

General

Malware Config

Signatures

Files

a7333743ef063a68d1d860bbdf1c328e

Headers

File Characteristics

Imports

kernel32

Sections

.pelock Size: 855KB - Virtual size: 1.8MB

.pelock Size: 21KB - Virtual size: 40KB

.pelock Size: - Virtual size: 20KB

.pelock Size: 6KB - Virtual size: 20KB

.pelock Size: - Virtual size: 112KB

.rsrc Size: 1.1MB - Virtual size: 3.0MB

.pelock Size: 25KB - Virtual size: 28KB

.pelock
Size: 855KB - Virtual size: 1.8MB

.pelock
Size: 21KB - Virtual size: 40KB

.pelock
Size: - Virtual size: 20KB

.pelock
Size: 6KB - Virtual size: 20KB

.pelock
Size: - Virtual size: 112KB

.rsrc
Size: 1.1MB - Virtual size: 3.0MB

.pelock
Size: 25KB - Virtual size: 28KB