c586ee68b86ea4645139b2d1575e4cb5

Sharing

Copy URL Twitter E-mail

General

Target

c586ee68b86ea4645139b2d1575e4cb5
Size

595KB
MD5

c586ee68b86ea4645139b2d1575e4cb5
SHA1

29105e2b38ae216d11ca4b09b2f450ee229f191a
SHA256

4c60dd140056e1e9566d4f914e000ddc268b2df5e332a361396d652337aff2d2
SHA512

2e151aa5c3508d04734df57d58c32eab5e4523d3ffb526ada851a3b03f09c626fa725b925978011b7afb606cad1109107342a3f2fd394068c25d33cb99763e46
SSDEEP

12288:xE2CHNm8kJpFQIBGnFAmZfqQqnTS66JFjYK0F8lggtgj/2aMFu:GDNmNJQIBGnFAmZSelz0bKtWeT8

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/hotreg.dll
unpack001/主程序.exe

Files

c586ee68b86ea4645139b2d1575e4cb5
.rar
cmkingocr.ini
cmkingocr2.ini
cmkingocr3.ini
hotreg.dll
.exe windows:4 windows x86 arch:x86

4809bd52ff1fc514cbcfe4d6e0336307

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord582
ord583
ord693
ord588
ord695
ord696
ord698
MethCallEngine
ord516
ord518
ord629
ord660
ord662
ord593
ord300
ord594
ord301
ord595
ord596
ord303
ord598
ord306
ord520
ord307
ord309
ord709
ord525
ord632
ord526
EVENT_SINK_AddRef
ord527
ord528
ord529
ord560
DllFunctionCall
ord670
ord568
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord710
ord711
ord712
ord606
ord607
ord608
ord716
ord609
ord717
ProcCallEngine
ord535
ord644
ord537
ord645
ord570
ord648
ord571
ord573
ord681
ord578
ord685
ord100
ord611
ord616
ord617
ord618
ord619
ord650
ord546
ord581

Sections

.text
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
主程序.exe
.exe windows:4 windows x86 arch:x86

40b683616c6fa1e3e98411704dba89f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord693
ord695
ord696
MethCallEngine
ord516
ord518
ord629
ord660
ord662
ord593
ord300
ord594
ord301
ord595
ord303
ord598
ord306
ord520
ord307
ord309
ord709
ord525
ord632
ord526
EVENT_SINK_AddRef
ord527
ord528
ord529
ord560
DllFunctionCall
ord569
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord710
ord711
ord712
ord606
ord607
ord608
ord609
ord716
ord717
ProcCallEngine
ord535
ord644
ord537
ord645
ord570
ord648
ord571
ord573
ord681
ord578
ord685
ord100
ord611
ord616
ord617
ord618
ord619
ord650
ord546
ord581

Sections

.text
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
搜索网址.txt

Sharing

General

Malware Config

Signatures

Files

4809bd52ff1fc514cbcfe4d6e0336307

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 188KB - Virtual size: 186KB

.data Size: - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 2KB

40b683616c6fa1e3e98411704dba89f3

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 176KB - Virtual size: 172KB

.data Size: - Virtual size: 17KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 188KB - Virtual size: 186KB

.data
Size: - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 176KB - Virtual size: 172KB

.data
Size: - Virtual size: 17KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB