cb11bc65ade80d8befa7c54b9ab7f59d

Sharing

Copy URL Twitter E-mail

General

Target

cb11bc65ade80d8befa7c54b9ab7f59d
Size

2.0MB
MD5

cb11bc65ade80d8befa7c54b9ab7f59d
SHA1

65b5eeb5c3c61aafe0516cdb286d6d318c345202
SHA256

7dac514add437ad8d3f8cdeedd8ba956b0dae75e3b0183e16d6e955398bf6ff4
SHA512

6c83c532f984018c2f1785045b8ec397beb61e50f22843fa5f9a5d339221b284533e6f2043f7fae7f2763b5f10ec389e1709da7e2347eccbb84a585871c86a7f
SSDEEP

49152:2Dgjp6uMoiV6OmSdXp9/JZcAPFlXvz76gsSfi3Q9/a:2Ejp6uf3OmO1XlnnDbKg9i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/eDrvClient.exe

Files

cb11bc65ade80d8befa7c54b9ab7f59d
.rar
eDrvClient.exe
.exe windows:4 windows x86 arch:x86

84b849433e6b63cc5b1575cfff348435

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushInstructionCache
GetCurrentProcess
lstrcpynW
lstrcpynA
FreeLibrary
GetProcAddress
LoadLibraryW
IsBadWritePtr
MulDiv
LocalFree
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
SetConsoleCtrlHandler
LoadLibraryA
GetVersionExA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetCurrentProcessId
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
Sleep
SetUnhandledExceptionFilter
GetCurrentThread
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
ExitProcess
GetVersion
GetStartupInfoW
GetModuleHandleA
RaiseException
HeapReAlloc
RtlUnwind
GlobalAlloc
GlobalLock
GlobalUnlock
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
WideCharToMultiByte
FindResourceW
LoadResource
SizeofResource
LockResource
FreeResource
GetTempPathW
DeleteFileW
CreateProcessW
WaitForSingleObject
GetSystemDefaultLangID
GetUserDefaultLangID
GetLastError
lstrcatW
lstrcmpiW
InterlockedIncrement
GetModuleFileNameW
GetVersionExW
lstrcmpW
lstrlenA
OutputDebugStringW
DebugBreak
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
GetFileInformationByHandle
CloseHandle
CreateFileW
InterlockedDecrement
SetFilePointer
WriteFile
ReadFile
MultiByteToWideChar
GetProcessHeap
HeapAlloc
HeapFree
lstrcpyW
lstrlenW
GetStringTypeA
CreateDirectoryW
HeapSize

user32

FrameRect
OffsetRect
InflateRect
GetSysColor
PostQuitMessage
LoadStringA
RemoveMenu
PtInRect
LoadMenuW
LoadAcceleratorsW
SetCapture
GetDesktopWindow
GetSystemMetrics
SetCursor
AppendMenuW
CheckMenuRadioItem
GetDlgCtrlID
GetWindowThreadProcessId
ScreenToClient
WindowFromPoint
GetMessagePos
AdjustWindowRectEx
TranslateMessage
GetMessageW
PeekMessageW
ShowWindow
DefWindowProcW
TranslateAcceleratorW
ReleaseCapture
GetSysColorBrush
IsWindow
EndPaint
BeginPaint
GetDC
GetClassNameW
DrawFrameControl
DrawEdge
SetRectEmpty
CallNextHookEx
MonitorFromPoint
GetMonitorInfoW
LoadBitmapW
FillRect
CharLowerW
IsWindowEnabled
SetWindowsHookExW
TrackPopupMenuEx
UnhookWindowsHookEx
ModifyMenuW
LoadImageW
CreateWindowExW
SetWindowLongW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
wsprintfW
RegisterClassExW
GetWindowLongW
ReleaseDC
DrawTextW
SendMessageW
GetWindowDC
DispatchMessageW
CreateAcceleratorTableW
SetWindowTextW
GetKeyState
GetWindowTextW
GetWindowTextLengthW
IsChild
CharNextW
wvsprintfW
EnableWindow
LoadStringW
CallWindowProcW
SetFocus
GetWindow
SystemParametersInfoW
MessageBoxW
MapWindowPoints
GetWindowRect
ClientToScreen
CreatePopupMenu
GetMenuItemCount
GetMenuItemID
DeleteMenu
EnableMenuItem
DestroyMenu
IsMenu
DestroyWindow
InvalidateRect
UpdateWindow
GetParent
DialogBoxParamW
GetClientRect
SetWindowPos
RedrawWindow
GetDlgItem
EndDialog
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuItemInfoW
GetMenu
SetMenu
GetSubMenu
PostMessageW
GetActiveWindow
MessageBeep
IsWindowVisible
GetFocus
InvalidateRgn

gdi32

SetBrushOrgEx
CreatePatternBrush
PatBlt
SetBkColor
SetViewportOrgEx
CreatePen
Polygon
GetCurrentObject
CreateDIBSection
GetDeviceCaps
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC
SetTextColor
CreateFontIndirectW
SelectObject
SetBkMode
DeleteObject
SetWindowOrgEx
GetObjectW
CreateBitmap
GetStockObject
OffsetWindowOrgEx

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

ole32

OleLockRunning
StringFromCLSID
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleRun
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc

oleaut32

VariantInit
LoadRegTypeLi
OleCreateFontIndirect
SysStringLen
DispCallFunc
SysAllocStringLen
VariantClear
SysAllocString
CreateErrorInfo
SafeArrayCreate
SafeArrayPutElement
SysFreeString
VariantChangeType
GetErrorInfo
SetErrorInfo

comctl32

ImageList_EndDrag
ImageList_DragEnter
ImageList_DragShowNolock
ImageList_DragMove
ImageList_Create
ImageList_DragLeave
CreateStatusWindowW
InitCommonControlsEx
ImageList_GetImageCount
ImageList_Destroy
ImageList_LoadImageW
ImageList_BeginDrag
ImageList_Draw
ImageList_AddMasked
ImageList_DrawIndirect

shlwapi

StrStrIW
StrChrW
StrRChrW

setupapi

SetupIterateCabinetW

wininet

InternetCloseHandle
HttpQueryInfoA
InternetReadFile
HttpSendRequestW
HttpSendRequestExW
InternetWriteFile
HttpEndRequestW
InternetOpenW
InternetConnectW
HttpOpenRequestW

Sections

.text
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

84b849433e6b63cc5b1575cfff348435

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

comctl32

shlwapi

setupapi

wininet

Sections

.text Size: 244KB - Virtual size: 243KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 20KB - Virtual size: 20KB

.idata Size: 12KB - Virtual size: 9KB

.rsrc Size: 3.8MB - Virtual size: 3.8MB

.reloc Size: 24KB - Virtual size: 22KB

.text
Size: 244KB - Virtual size: 243KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 20KB - Virtual size: 20KB

.idata
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

.reloc
Size: 24KB - Virtual size: 22KB