Mal[.]rar | Triage

General

Target

Mal.rar
Size

552KB
MD5

366ecf4e05b7befa05a53dba98fa005e
SHA1

e60fecb0f3b4cdc207599a03b6ea71f9c2a7aee3
SHA256

e47e7a76818c8b6d1c5407c8d191049936812b8a76afb4a48ddd03e16bb37872
SHA512

d581a973f19d84a024cf59ad41eb2b302547a21c07c4feaad84e1632078f95250c3d5d3c77a9471fa6f0913b6899c4bbbc73d1012b2c620069a114c0d0e4d7d1
SSDEEP

12288:A+SR8FAAS1YBiWLgz+eF59SSV6rk+AOTEFl08fOho3v:A+LLS1WX4JdSSV6VKfOho3v

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Mal/[可能的环境检测]开票系统2.exe
unpack001/Mal/[可能的环境检测]详情.exe

Files

Mal.rar
.rar
Mal/[可能的环境检测]开票系统2.exe
.exe windows:4 windows x86 arch:x86

e3c9a212c70317faf9c852831ebe3cf4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
SetUnhandledExceptionFilter
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetFileType
GetStdHandle
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
RaiseException
HeapFree
HeapReAlloc
HeapAlloc
TerminateProcess
GetCurrentProcess
HeapSize
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStringTypeW

user32

DispatchMessageA
EndDialog
DefWindowProcA
DestroyWindow
DialogBoxParamA
BeginPaint
GetClientRect
DrawTextA
EndPaint
PostQuitMessage
CreateWindowExA
ShowWindow
UpdateWindow
RegisterClassExA
LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage

wininet

InternetReadFile

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Mal/[可能的环境检测]详情.exe
.exe windows:6 windows x86 arch:x86

462f0b85dc119123b433ba425b589238

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHCreateStreamOnFileEx

urlmon

URLOpenBlockingStreamW

user32

PostThreadMessageW

kernel32

WriteConsoleW

Sections

.text
Size: - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 596KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3c9a212c70317faf9c852831ebe3cf4

Headers

File Characteristics

Imports

kernel32

user32

wininet

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 12KB - Virtual size: 15KB

.sxdata Size: 4KB - Virtual size: 24B

.rsrc Size: 8KB - Virtual size: 4KB

462f0b85dc119123b433ba425b589238

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

urlmon

user32

kernel32

Sections

.text Size: - Virtual size: 173KB

.rdata Size: - Virtual size: 46KB

.data Size: - Virtual size: 8KB

.text Size: - Virtual size: 270KB

.data Size: - Virtual size: 241KB

.text Size: 596KB - Virtual size: 595KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 12KB - Virtual size: 15KB

.sxdata
Size: 4KB - Virtual size: 24B

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: - Virtual size: 173KB

.rdata
Size: - Virtual size: 46KB

.data
Size: - Virtual size: 8KB

.text
Size: - Virtual size: 270KB

.data
Size: - Virtual size: 241KB

.text
Size: 596KB - Virtual size: 595KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 4KB