c96a8bc439a3baf00c4d092122aeb033

Sharing

Copy URL Twitter E-mail

General

Target

c96a8bc439a3baf00c4d092122aeb033
Size

77KB
MD5

c96a8bc439a3baf00c4d092122aeb033
SHA1

ba4d4aa987fb2fe8596e7d8a781af695d2a0ecd4
SHA256

9e3844c7b91189092cf645269f13cf611fff63454e03f5097c7bca7338d870b5
SHA512

1c095aecbae005bcd2fd9f2a88965ee5fd1e7a201bbbd33d2a00f2ccb3f35e27e03ca1906343090e7e1b4ef630dc10e46b2552256092eaa36af3c9477bd68ef7
SSDEEP

1536:DdxfgF5y1Pq2a9hw/XCMe3ZrV4/e7wdPJ5d5YijDtch+796Rs3egdX/HV:8F5WPq2a9m/XCMwZrVgnbD3Bh6C9dX/1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/屏幕取点工具v1.5.exe

Files

c96a8bc439a3baf00c4d092122aeb033
.rar
屏幕取点工具v1.5.exe
.exe windows:4 windows x86 arch:x86

1ad219cf093d748f7382a0adc6bfb1fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\1、临时文件\sp\release\ScreenPoint.pdb

Imports

kernel32

LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
SetStdHandle
GetLocaleInfoA
LoadLibraryA
GetConsoleMode
GetConsoleCP
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CloseHandle
FlushFileBuffers
GlobalLock
GlobalUnlock
GlobalAlloc
SetFilePointer
IsValidCodePage
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
RaiseException
RtlUnwind
GetLastError
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
ExitProcess
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
HeapSize
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP

user32

FrameRect
KillTimer
DispatchMessageW
GetMessageW
TranslateMessage
GetWindowDC
ReleaseDC
SetCursorPos
AppendMenuW
GetCursorPos
OpenClipboard
RegisterHotKey
MessageBoxW
TrackPopupMenu
CreatePopupMenu
LoadIconW
CloseClipboard
SetClipboardData
UnregisterHotKey
EmptyClipboard
DestroyMenu
GetWindowInfo
GetSysColorBrush
FillRect
LoadCursorW
OffsetRect
SetTimer
BeginPaint
EndPaint
SetWindowTextW
PostQuitMessage
EnableWindow
UpdateWindow
GetWindowRect
SendMessageW
DestroyWindow
ShowWindow
SetWindowPos
SetWindowLongW
GetWindowTextW
GetWindowLongW
InvalidateRect
GetClientRect
MoveWindow
DefWindowProcW
UnregisterClassW
RegisterClassW
CreateWindowExW
CallWindowProcW

gdi32

StretchBlt
MoveToEx
LineTo
SetROP2
GetObjectW
DeleteObject
CreateSolidBrush
SelectObject
GetStockObject
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
DeleteDC
GetPixel

comdlg32

ChooseColorW

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

1ad219cf093d748f7382a0adc6bfb1fd

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

Sections

.text Size: 88KB - Virtual size: 86KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 160KB - Virtual size: 158KB

.text
Size: 88KB - Virtual size: 86KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 160KB - Virtual size: 158KB