TS-240313-UF2[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

TS-240313-UF2.exe
Size

1.2MB
MD5

c498edb88ddaba79809a3790146a7a59
SHA1

cf9dc7779ec28647b2ce1017554457c76376bff8
SHA256

04f8f88fa7bbb3b3472a9231bb0b3978ab5df6a95222c1706cd64bee28e28b4e
SHA512

67e43f9fd3abb8e18ec9dede992126eb044ce08db47ba1f9297670ed86c5d3461db532f3347b118eeba9240d528b57187f522ba8caa48399b4e9fdc7da4aa183
SSDEEP

24576:wVI76EhO5pHMfVVM197k7+yfCvTYCXellmKOjRqm7cZLMw:wm76+WqM1977vcAKuqmAZF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TS-240313-UF2.exe

Files

TS-240313-UF2.exe
.exe windows:6 windows x86 arch:x86

3ed55afd7b68716dfae17177f888630a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\小金牛\qqq_trreg999\memLoadLibrary\Release\exeLoadLibrary.pdb

Imports

kernel32

DecodePointer
DeleteCriticalSection
ExitProcess
GetTickCount
VirtualProtect
HeapFree
SetLastError
VirtualFree
VirtualAlloc
RaiseException
GetNativeSystemInfo
HeapAlloc
GetProcAddress
GetProcessHeap
FreeLibrary
IsBadReadPtr
CreateFileW
HeapSize
SetStdHandle
GetCurrentThread
GetLastError
Sleep
InitializeCriticalSectionEx
SetThreadPriority
GetCurrentProcess
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
LoadLibraryA
SetPriorityClass
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
CloseHandle
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
EncodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetCommandLineA
GetCommandLineW
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
HeapReAlloc
WriteConsoleW

advapi32

RegSetValueExA
RegCreateKeyA
RegCloseKey

shell32

SHChangeNotify
ShellExecuteA

iphlpapi

GetAdaptersInfo

ws2_32

sendto
htons
htonl
socket
WSAStartup
inet_pton
closesocket
WSACleanup

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ed55afd7b68716dfae17177f888630a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

iphlpapi

ws2_32

Sections

.text Size: 144KB - Virtual size: 143KB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 4KB - Virtual size: 7KB

Shared Size: 512B - Virtual size: 4B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 4KB - Virtual size: 7KB

Shared
Size: 512B - Virtual size: 4B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 7KB - Virtual size: 7KB