23FlsEngineEasy[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

23FlsEngineEasy.zip
Size

19.0MB
MD5

dd5856480d1769804ca23c34f527219a
SHA1

baf8312333ab84857c02908c952cc68833db98cf
SHA256

a40cdb20bf681fc80d7ef133c02af5b1c3e2f3af295c87896e1929706c823c6d
SHA512

54deb3722dfcf84c897de5d56b74e8782f63f23451cfae8267266fc527c0cd112cf237394a9e67942493e10735ca24660dfacfcce79be90e98ed89c8c94f820e
SSDEEP

393216:AGZWcc+HBmeA+0+BfOSEh0X6AznBk+MGRlxs/on60LR:hQI0+BfOVqKAk+9ww60N

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/23-FlsEngine.exe
unpack001/core/23-FlsEngine-Easy-Core.dll

Files

23FlsEngineEasy.zip
.zip
23-FlsEngine.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.-y\
Size: - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.FJi
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
core/23-FlsEngine-Easy-Core.dll
.dll windows:6 windows x64 arch:x64

545db75f75bd389fe97c0b11f3d6761a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

RtlUnwindEx

d3dcompiler_47

D3DCompile

user32

CallWindowProcA
CharUpperBuffW

kernel32

GetCommandLineW
GetVersion
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

imm32

ImmReleaseContext

Sections

.text
Size: - Virtual size: 623KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.}a"
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Fk#
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BMF
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
必看使用说明.doc
.xls .doc windows office2003

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: - Virtual size: 3.8MB

.-y\ Size: - Virtual size: 4.0MB

.FJi Size: 7.8MB - Virtual size: 7.8MB

.rsrc Size: 124KB - Virtual size: 123KB

545db75f75bd389fe97c0b11f3d6761a

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

d3dcompiler_47

user32

kernel32

imm32

Sections

.text Size: - Virtual size: 623KB

.rdata Size: - Virtual size: 1.8MB

.data Size: - Virtual size: 18KB

.pdata Size: - Virtual size: 27KB

_RDATA Size: - Virtual size: 244B

.}a" Size: - Virtual size: 3.7MB

.Fk# Size: 3KB - Virtual size: 2KB

.BMF Size: 7.3MB - Virtual size: 7.3MB

.reloc Size: 512B - Virtual size: 196B

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: - Virtual size: 3.8MB

.-y\
Size: - Virtual size: 4.0MB

.FJi
Size: 7.8MB - Virtual size: 7.8MB

.rsrc
Size: 124KB - Virtual size: 123KB

.text
Size: - Virtual size: 623KB

.rdata
Size: - Virtual size: 1.8MB

.data
Size: - Virtual size: 18KB

.pdata
Size: - Virtual size: 27KB

_RDATA
Size: - Virtual size: 244B

.}a"
Size: - Virtual size: 3.7MB

.Fk#
Size: 3KB - Virtual size: 2KB

.BMF
Size: 7.3MB - Virtual size: 7.3MB

.reloc
Size: 512B - Virtual size: 196B

.rsrc
Size: 2KB - Virtual size: 1KB