d5ca61c8e5cbd2600389e3db0cf220c0

Sharing

Copy URL Twitter E-mail

General

Target

d5ca61c8e5cbd2600389e3db0cf220c0
Size

135KB
MD5

d5ca61c8e5cbd2600389e3db0cf220c0
SHA1

139f21bce7ebacf66381bfb7e2f35d7d6c101c9c
SHA256

e9964db96361393ed4bb3970f59bdc6a985fc1dd7628344b0ae911df5f452fea
SHA512

a924fab30d7a10fdfc5c6b6358d809fe2c1feeae5a6f47d35d2381bc38a6f6d36064aab09790b0b819810f6726033543d7c7a0b4d81f3abc42598b8778e71b86
SSDEEP

3072:guKy5ZAQuCVNWJLG4sWkr5gy030KsL9At8HVEIkbWwumW:g1y/GCVCLxsWCJlK808HVIuJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HelioBar XP/HelioBarHook.dll
unpack001/HelioBar XP/HelioBarXP.exe

Files

d5ca61c8e5cbd2600389e3db0cf220c0
.rar
HelioBar XP/HelioBarHook.dll
.dll windows:4 windows x86 arch:x86

6ecdefa8448c991d294061b50af86f6d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleA
CloseHandle
CreateEventA
GetModuleFileNameA
DisableThreadLibraryCalls
Sleep
CreateThread
TerminateThread
WaitForSingleObject
GetExitCodeThread

user32

PeekMessageA
RedrawWindow
GetWindowLongA
KillTimer
PostMessageA
EnumWindows
GetWindowRect
GetCursorPos
PtInRect
SetTimer
GetClassNameA
CallWindowProcA
FindWindowA
SetWindowLongA
GetSystemMetrics
SystemParametersInfoA
SendMessageA

shell32

SHAppBarMessage

msvcrt

_adjust_fdiv
malloc
_initterm
free
_except_handler3
_ftol
sscanf
_stricmp
_mbslwr
_mbsstr

Sections

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HelioBar XP/HelioBarXP.exe
.exe windows:4 windows x86 arch:x86

3f0b6ee68de3cd55fee97dfd672c79a9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord823
ord3692
ord5791
ord470
ord5789
ord2393
ord1270
ord816
ord640
ord1168
ord1640
ord562
ord2859
ord3571
ord323
ord5647
ord5785
ord4396
ord3574
ord609
ord5053
ord3693
ord6170
ord3874
ord4123
ord2753
ord4133
ord4297
ord5788
ord2379
ord2642
ord2860
ord3610
ord656
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord2575
ord3922
ord1089
ord5199
ord2396
ord3346
ord5731
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord922
ord4129
ord4202
ord537
ord2621
ord2818
ord2725
ord1146
ord758
ord5859
ord2086
ord4287
ord2119
ord3092
ord6380
ord6199
ord2157
ord475
ord1768
ord6195
ord3870
ord2645
ord6215
ord6453
ord5981
ord6055
ord289
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord809
ord2614
ord5300
ord5277
ord2122
ord3797
ord6358
ord6880
ord1200
ord926
ord3716
ord790
ord6111
ord1783
ord5875
ord2754
ord2847
ord6143
ord5861
ord541
ord3873
ord4400
ord3630
ord682
ord3706
ord2450
ord5678
ord472
ord283
ord5786
ord5736
ord2582
ord3370
ord4402
ord3640
ord693
ord4243
ord2408
ord3286
ord6458
ord6242
ord6696
ord6605
ord3293
ord4284
ord3301
ord2652
ord1669
ord6907
ord2862
ord5781
ord2971
ord3996
ord2096
ord384
ord5265
ord5450
ord6394
ord5440
ord6383
ord3742
ord818
ord1232
ord2152
ord6379
ord1799
ord3361
ord1194
ord772
ord941
ord5572
ord2915
ord6142
ord500
ord6883
ord5860
ord5873
ord859
ord4278
ord4277
ord2763
ord940
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4710
ord4998
ord4853
ord4376
ord2587
ord4476
ord4234
ord2302
ord825
ord324
ord641
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord6172
ord755
ord535
ord858
ord4275
ord2414
ord3663
ord3626
ord540
ord860
ord1641
ord795
ord800
ord3619
ord3721
ord3402
ord5604
ord2864
ord326
ord6197
ord4267
ord713
ord567
ord414
ord804
ord3729
ord4424
ord3394
ord5290
ord4406
ord1776
ord4694
ord801
ord2124
ord2446
ord5261
ord1727
ord556
ord1088
ord613
ord6905
ord1576

msvcrt

__set_app_type
__p__fmode
_controlfp
time
_setmbcp
__CxxFrameHandler
_EH_prolog
strlen
strcmp
memset
rand
_ftol
memcpy
malloc
free
_purecall
strcat
strrchr
strcpy
sscanf
sprintf
srand
__p__commode
strstr
_except_handler3
_stricmp
_strupr
strncpy
atoi
strtoul
strchr
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv

kernel32

GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
ExpandEnvironmentStringsA
CreateToolhelp32Snapshot
Module32First
Module32Next
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
lstrcatA
WinExec
lstrcpyA
GetCurrentThreadId
GetModuleHandleA
GetProcAddress
OpenEventA
CloseHandle
GetLastError
FindResourceA
LoadResource
SizeofResource
LockResource
Sleep
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
LocalUnlock
GetStartupInfoA
LocalFree

user32

PtInRect
GetAsyncKeyState
ReleaseDC
InflateRect
WindowFromPoint
ScreenToClient
SetCapture
GetClassInfoA
DefWindowProcA
LoadBitmapA
UpdateWindow
SendMessageA
EnableWindow
CopyRect
GetWindowRect
LoadCursorA
SetCursor
LoadMenuA
GetSubMenu
SetMenuDefaultItem
EnableMenuItem
CheckMenuItem
ReleaseCapture
ClientToScreen
SetWindowPos
GetFocus
IsWindowVisible
GetForegroundWindow
SetForegroundWindow
IsIconic
DrawIcon
KillTimer
SetTimer
MapWindowPoints
LoadIconA
FindWindowA
PostMessageA
GetWindowThreadProcessId
RegisterWindowMessageA
RedrawWindow
GetWindowLongA
GetSystemMetrics
GetKeyState
SetWindowLongA
InvalidateRect
DrawFocusRect
GetSysColor
SetRect
FillRect
GetDC
CopyIcon
TrackPopupMenu
GetMenuItemID
GetParent
AttachThreadInput
RemoveMenu
GetCursorPos
DrawTextA
GetClientRect
DrawEdge

gdi32

CreateFontA
DeleteObject
SetDIBitsToDevice
RealizePalette
GetDeviceCaps
GdiFlush
CreateDIBSection
SelectObject
CreateCompatibleDC
GetObjectA
GetDIBColorTable
GetPixel
CreatePalette
CreateDiscardableBitmap
ExtTextOutA
GetTextExtentPoint32A
SetPixel
CreatePen
GetStockObject
CreateFontIndirectA
CreateRectRgnIndirect
TextOutA
SetTextJustification

advapi32

RegCloseKey
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
CryptVerifySignatureA
CryptHashData
CryptCreateHash
CryptImportKey
CryptAcquireContextA
CryptGenKey
CryptGetUserKey
RegQueryValueExA
RegQueryValueA
RegOpenKeyExA
RegFlushKey
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA

shell32

Shell_NotifyIconA
ShellExecuteA

comctl32

_TrackMouseEvent
ImageList_Draw
ImageList_AddMasked

ole32

CoGetMalloc
CoCreateInstance
StringFromIID

shlwapi

SHGetValueA
SHSetValueA

msvfw32

DrawDibDraw
DrawDibClose
DrawDibRealize
DrawDibSetPalette

Sections

.data
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HelioBar XP/HelioBarXP.url
HelioBar XP/下载说明.htm
.html .js polyglot
HelioBar XP/安装说明.txt
HelioBar XP/汉化说明.txt
HelioBar XP/非常世纪资源网.url
.url

Sharing

General

Malware Config

Signatures

Files

6ecdefa8448c991d294061b50af86f6d

Headers

File Characteristics

Imports

kernel32

user32

shell32

msvcrt

Sections

.data Size: 5KB - Virtual size: 5KB

.reloc Size: 1024B - Virtual size: 608B

3f0b6ee68de3cd55fee97dfd672c79a9

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

shlwapi

msvfw32

Sections

.data Size: 83KB - Virtual size: 84KB

.rsrc Size: 111KB - Virtual size: 112KB

.data
Size: 5KB - Virtual size: 5KB

.reloc
Size: 1024B - Virtual size: 608B

.data
Size: 83KB - Virtual size: 84KB

.rsrc
Size: 111KB - Virtual size: 112KB