df29feb3017e4a538236bd7052795aa6

Sharing

Copy URL

Twitter E-mail

General

Target

df29feb3017e4a538236bd7052795aa6
Size

1.2MB
MD5

df29feb3017e4a538236bd7052795aa6
SHA1

fa9105e64652923925c1fa9d2d755069e02da186
SHA256

e95bf25965db538201959b12138e4d70fc8bd40cda039e7c44b8c81aad1cfac8
SHA512

206e62ed8264974cf43a535a121a3633ae19feac759f1d14463f24753786dcf66c4a1b209f23397983f3c88a15f015d6a2baa0f75aaea3098eacb65532045d3c
SSDEEP

24576:D3xQg6W0vrnZsiGilKGLTl4GXN2AxUIYk1Q3hyn3TP0Z:DmW0vrqA/XdpeI1Q3O3TP0Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df29feb3017e4a538236bd7052795aa6

Files

df29feb3017e4a538236bd7052795aa6
.exe windows:4 windows x86 arch:x86

2512daed5dfe4741c3b956afb42f39e4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

i:\微博版本_主流\HummerPack\QQ1.48_1700_49\AutoProject\HummerSetup.pdb

Imports

msimg32

TransparentBlt

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetSpecialFolderLocation
CommandLineToArgvW
SHGetPathFromIDListW
SHFileOperationW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
Shell_NotifyIconW

msi

ord159
ord118
ord8
ord160
ord92
ord195
ord169
ord131
ord70
ord137
ord88
ord141
ord32

advapi32

OpenSCManagerW
StartServiceW
OpenServiceW
ChangeServiceConfigW
RegOpenKeyExW
CloseServiceHandle
RegCreateKeyW
RegCloseKey
RegSetValueExW
RegEnumKeyW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
QueryServiceStatus

shlwapi

PathFileExistsW
PathStripToRootW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

htons
socket
recv
WSACleanup
send
inet_addr
htonl
connect
WSAStartup
closesocket

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
GetTickCount
GetCurrentProcessId
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameW
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
FlushFileBuffers
LoadLibraryA
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetModuleFileNameA
GetStdHandle
FormatMessageW
LocalFree
GetLastError
InitializeCriticalSection
FindFirstFileW
CreateMutexW
SetFileAttributesW
GetVersionExW
DeleteCriticalSection
GetSystemDirectoryW
GetCurrentDirectoryW
CloseHandle
GetFileAttributesW
VirtualFree
VirtualAlloc
CreateDirectoryW
WriteFile
SizeofResource
ReadFile
CreateFileW
MultiByteToWideChar
LockResource
FreeResource
GetDriveTypeW
IsValidLocale
LoadResource
GlobalAlloc
GlobalLock
GlobalUnlock
CreateThread
EnterCriticalSection
Sleep
LeaveCriticalSection
CreateProcessW
GetPrivateProfileStringW
RemoveDirectoryW
GetDiskFreeSpaceExW
FindNextFileW
FreeLibrary
FindClose
GetProcAddress
lstrcmpW
WideCharToMultiByte
LoadLibraryW
GetPrivateProfileIntW
DeleteFileW
GetCurrentThreadId
GetWindowsDirectoryW
MoveFileExW
CopyFileW
WritePrivateProfileStringW
QueryPerformanceFrequency
QueryPerformanceCounter
IsBadWritePtr
IsBadReadPtr
WaitForSingleObject
lstrcmpiW
DeleteFileA
TerminateProcess
OpenProcess
lstrcatA
GetACP
Process32FirstW
CreateToolhelp32Snapshot
MoveFileW
RemoveDirectoryA
Process32NextW
HeapReAlloc
HeapCreate
HeapDestroy
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
RaiseException
GetStartupInfoW
GetProcessHeap
GetVersionExA
ExitProcess
SetStdHandle
GetModuleHandleA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
HeapAlloc
HeapFree
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
InterlockedCompareExchange
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CreateFileA
SetEndOfFile
GetThreadLocale
FindResourceW
LocalAlloc

user32

GetCursorPos
GetWindowDC
PtInRect
EnumWindows
SetCursor
PostQuitMessage
SetClassLongW
SetFocus
GetFocus
CreateWindowExW
IsWindow
GetDlgItemTextW
ReleaseDC
LoadCursorW
SetWindowLongW
SetWindowRgn
GetWindowThreadProcessId
GetDlgCtrlID
OffsetRect
SetWindowPos
KillTimer
SetDlgItemTextW
PostMessageW
GetClientRect
GetWindowLongW
GetWindowRect
CreateDialogParamW
GetDlgItem
SendMessageW
SetWindowTextW
EnableWindow
GetWindowTextW
ShowWindow
DispatchMessageW
TranslateAcceleratorW
TranslateMessage
GetMessageW
LoadAcceleratorsW
MessageBoxW
DialogBoxParamW
EndDialog
UpdateWindow
SetTimer
GetActiveWindow
GetParent
TrackMouseEvent
GetDC
GetClassNameW
CallNextHookEx
SetWindowsHookExW
GetKeyState
DrawIconEx
LoadBitmapW
UnhookWindowsHookEx
DestroyIcon
ReleaseCapture
LoadImageW
MapVirtualKeyW
DestroyWindow
GetWindow
BringWindowToTop
InvalidateRect
DrawTextW

gdi32

GetTextExtentExPointW
CreateFontW
GetObjectW
CreateRoundRectRgn
SetBkColor
BitBlt
SelectObject
DeleteDC
CreateCompatibleBitmap
GetStockObject
CreateCompatibleDC
DeleteObject
SetTextColor
SetBkMode

ole32

CoUninitialize
CoCreateInstance
StringFromCLSID
CreateStreamOnHGlobal
CoInitializeEx

oleaut32

SysAllocString
SysStringLen
SysFreeString

Sections

.text
Size: 272KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32.5MB - Virtual size: 32.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2512daed5dfe4741c3b956afb42f39e4

Headers

File Characteristics

PDB Paths

Imports

msimg32

shell32

msi

advapi32

shlwapi

version

ws2_32

kernel32

user32

gdi32

ole32

oleaut32

Sections

.text Size: 272KB - Virtual size: 269KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 8KB - Virtual size: 47KB

.rsrc Size: 32.5MB - Virtual size: 32.5MB

.text
Size: 272KB - Virtual size: 269KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 8KB - Virtual size: 47KB

.rsrc
Size: 32.5MB - Virtual size: 32.5MB