c2994806b7adfd609ec0c9e75eb4eeec

Sharing

Copy URL Twitter E-mail

General

Target

c2994806b7adfd609ec0c9e75eb4eeec
Size

2.3MB
MD5

c2994806b7adfd609ec0c9e75eb4eeec
SHA1

7a100803a69aa956b563d64bd515c7b4559decb6
SHA256

979d24921f5017c5b8fe7f0f13a66b8c51690209fbc2f1c7cd57fbfa90eb7ca9
SHA512

5059af70209839565acc08be5f43669a9330d52249a92a22a882037d0336bc592165845476163ed4d539624063de26a188fe0817ac571a2ed07100d237c54f48
SSDEEP

49152:7XJb+zPNiB8JsZvhSJ31LUgY0PrSjh64h7bZl2Fhi63iQOHW:9b/yszSd3+g89Ua63f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setup.exe

Files

c2994806b7adfd609ec0c9e75eb4eeec
.rar
Setup.msi
.msi
setup.exe
.exe windows:5 windows x86 arch:x86

928e6da25d23c91661ea2007a59330be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

setup.pdb

Imports

kernel32

EndUpdateResourceA
MultiByteToWideChar
IsValidCodePage
GetDiskFreeSpaceExA
Sleep
SetFilePointer
FindResourceA
LoadResource
LockResource
SizeofResource
CreateEventA
SetEvent
FormatMessageA
LocalFree
CreateProcessA
GetModuleFileNameA
ExpandEnvironmentStringsA
GlobalAlloc
GlobalFree
GetSystemDirectoryA
GetVersionExA
CompareStringA
GetSystemInfo
GetCurrentProcess
GetFileAttributesA
GetTempPathA
GetTempFileNameA
DeleteFileA
CreateDirectoryA
CopyFileA
WideCharToMultiByte
GetEnvironmentVariableA
ReadFile
GetWindowsDirectoryA
GetDateFormatA
GetTimeFormatA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcessId
RaiseException
RtlUnwind
CloseHandle
ExitProcess
LCMapStringA
LCMapStringW
GetCPInfo
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
CreateFileW
SetEndOfFile
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateThread
InitializeCriticalSection
MulDiv
lstrlenW
GetExitCodeProcess
WaitForSingleObject
GetTickCount
FindNextFileA
FindClose
FindFirstFileA
WriteFile
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetThreadLocale
UpdateResourceA
BeginUpdateResourceA
LocalAlloc
lstrlenA
UpdateResourceW
GetTempPathW
GetTempFileNameW
GetSystemDirectoryW
GetModuleFileNameW
GetFileAttributesW
FormatMessageW
FindResourceW
DeleteFileW
CreateProcessW
CreateDirectoryW
CopyFileW
BeginUpdateResourceW
GetVersion

gdi32

CreateFontIndirectA
EnumFontFamiliesExA
DeleteObject
GetObjectA
GetStockObject
DeleteDC
GetObjectW
GetDeviceCaps
CreateCompatibleDC
GetTextExtentPoint32A
GetTextMetricsA
SelectObject

user32

ScreenToClient
SetClassLongA
LoadCursorA
SetCursor
LoadIconA
LoadImageA
SetFocus
GetFocus
EnableWindow
MsgWaitForMultipleObjects
SetDlgItemTextA
SetWindowTextA
GetDlgItem
DispatchMessageA
TranslateMessage
IsDialogMessageA
PeekMessageA
DestroyWindow
ShowWindow
SetForegroundWindow
MoveWindow
CreateDialogParamA
CreateDialogIndirectParamA
SendMessageA
GetClientRect
ShowScrollBar
SendDlgItemMessageA
SystemParametersInfoA
GetWindowRect
CharNextA
ExitWindowsEx
MessageBoxA
GetSystemMetrics
DrawTextW
ReleaseDC
GetDialogBaseUnits
LoadStringA
GetDC
MessageBoxW

ole32

CoUninitialize
CoInitialize

shell32

ShellExecuteA
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
ShellExecuteExA

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

928e6da25d23c91661ea2007a59330be

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

user32

ole32

shell32

Sections

.text Size: 283KB - Virtual size: 282KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 130KB - Virtual size: 129KB

.text
Size: 283KB - Virtual size: 282KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 130KB - Virtual size: 129KB