74b285511d835366ae29753e128f337ef06c418773e96f30918f45ec0f6c6573

Sharing

Copy URL

Twitter E-mail

General

Target

74b285511d835366ae29753e128f337ef06c418773e96f30918f45ec0f6c6573
Size

4.7MB
MD5

704a690c265c89ae2cc7451e7dad82ae
SHA1

b45a3ed9d3b566da8f04b512057a2bc6cf806821
SHA256

74b285511d835366ae29753e128f337ef06c418773e96f30918f45ec0f6c6573
SHA512

18eeff71ce59d25ffa87e200eee3298411852b52f25a0333faa7956b46eafe5cbe1c4116d813025b8ff6930af753d3b48a183e75ce547dda6243d67e80778a6b
SSDEEP

98304:GnAjCw6iRJsv6tWKFdu9ClvY9ETg6hxvWbrtUTrUHO2j:NjCYJsv6tWKFdu9Cl1fx+NcIOu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74b285511d835366ae29753e128f337ef06c418773e96f30918f45ec0f6c6573

Files

74b285511d835366ae29753e128f337ef06c418773e96f30918f45ec0f6c6573
.exe windows:6 windows x86 arch:x86

303359a4763438ef4ba400bb8c984880

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\source\tool_win2\ArchiveManager\Win32\AttachBuyVersion\123zip.pdb

Imports

kernel32

GetCurrentThread
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
FormatMessageW
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
GetSystemTime
GetLocalTime
MultiByteToWideChar
WideCharToMultiByte
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetStartupInfoW
ResetEvent
CreateFileW
GetFileAttributesExW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetLogicalDrives
GetLongPathNameW
RemoveDirectoryW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
SetErrorMode
DeviceIoControl
CopyFileW
MoveFileW
MoveFileExW
TzSpecificLocalTimeToSystemTime
CreateThread
SystemTimeToFileTime
GetFileInformationByHandleEx
FlushFileBuffers
GetFileType
ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
UnregisterWaitEx
RegisterWaitForSingleObject
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
FindFirstFileExW
FindNextFileW
GetModuleHandleExW
GetExitCodeProcess
OpenProcess
LoadLibraryA
GetSystemDirectoryW
ReleaseMutex
CreateMutexW
VirtualFree
WriteConsoleW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
HeapSize
SetEnvironmentVariableW
EnumSystemLocalesW
IsValidLocale
HeapFree
HeapAlloc
GetFileSizeEx
ExitProcess
GetStdHandle
SetStdHandle
GetConsoleOutputCP
ReadConsoleW
SwitchToThread
WaitForMultipleObjects
Sleep
WaitForSingleObject
DuplicateHandle
LocalFree
GetCurrentProcessId
GetCommandLineW
CreateEventW
WaitForSingleObjectEx
SetEvent
CloseHandle
GetModuleHandleW
GetConsoleWindow
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
OutputDebugStringW
GetProcAddress
FreeLibrary
GetLastError
LoadLibraryW
FileTimeToSystemTime
GetModuleFileNameW
GetConsoleMode
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
LoadLibraryExW
RtlUnwind
IsDebuggerPresent
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
LCMapStringW
CompareStringW
RaiseException
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
SetFileAttributesW
AreFileApisANSI
SetLastError

user32

DispatchMessageW
PeekMessageW
PostMessageW
DefWindowProcW
RegisterClassW
UnregisterClassW
TranslateMessage
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
GetWindowLongW
SetWindowLongW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CreateWindowExW
CharNextExA
DestroyWindow

advapi32

RegSetValueExW
RegFlushKey
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
BuildTrusteeWithSidW
GetNamedSecurityInfoW
GetEffectiveRightsFromAclW
LookupAccountSidW
MapGenericMask
GetTokenInformation
GetLengthSid
FreeSid
DuplicateToken
CopySid
AllocateAndInitializeSid
AccessCheck
OpenProcessToken
SystemFunction036
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

ole32

CoCreateInstance
CoTaskMemFree
CoInitialize
CoUninitialize

ws2_32

WSAAsyncSelect

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

winmm

timeKillEvent
timeSetEvent

netapi32

NetApiBufferFree
NetShareEnum

userenv

GetUserProfileDirectoryW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

303359a4763438ef4ba400bb8c984880

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

ws2_32

version

winmm

netapi32

userenv

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 15KB - Virtual size: 35KB

.rsrc Size: 200KB - Virtual size: 199KB

.reloc Size: 48KB - Virtual size: 48KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 15KB - Virtual size: 35KB

.rsrc
Size: 200KB - Virtual size: 199KB

.reloc
Size: 48KB - Virtual size: 48KB