e0c6bf8d957f2dda8bc7cd016e6c213d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e0c6bf8d957f2dda8bc7cd016e6c213d
Size

649KB
MD5

e0c6bf8d957f2dda8bc7cd016e6c213d
SHA1

4555c38080e424fb095d1ee80b9a652f7ac076fe
SHA256

7e40caf3b6d4180d235fda0cf04afac3a85a63ef0e5ccf015fd06038fbaa6472
SHA512

9ca00e4cb910038110d4268aa1cefdad02a96caaf19802544b736e0687d2702ee5fc30f255d7f2cc9bb3d8ce96a06e7fe746777abbf8f1ba4e620abdd56cab56
SSDEEP

12288:6UnWEPHegooZpni8jeTHsSHb+hP1qNZuWXN1aoyW7CL1Q:6UVPTZpn7jWyDNqNEoyW7CLu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/淘宝批量评价器/淘宝批量评价器.exe

Files

e0c6bf8d957f2dda8bc7cd016e6c213d
.rar
淘宝批量评价器/WhatsNew.txt
淘宝批量评价器/买家评价.Txt
淘宝批量评价器/卖家评价.Txt
淘宝批量评价器/常见问题.txt
淘宝批量评价器/新云软件.url
.url
淘宝批量评价器/淘宝批量评价器.exe
.exe windows:4 windows x86 arch:x86

7fc189fe0bd959712a5a7fa74a9c81ed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

winmm

waveOutUnprepareHeader

ws2_32

accept

user32

SetRectEmpty

gdi32

Escape

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

DragAcceptFiles

ole32

CreateILockBytesOnHGlobal

oleaut32

SafeArrayUnaccessData

comctl32

ImageList_GetImageCount

oledlg

ord8

comdlg32

ChooseColorA

Sections

.text
Size: 631KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE