f7c702e72082a881f47c86944b31cd51ae3e1ca22570327c24900eb8b8cc9cad

Sharing

Copy URL Twitter E-mail

General

Target

f7c702e72082a881f47c86944b31cd51ae3e1ca22570327c24900eb8b8cc9cad
Size

322KB
MD5

f179b4fdbaac245d7713302f4d1afba9
SHA1

7cc270c951176d7c3304c515898199ead4e1fd48
SHA256

f7c702e72082a881f47c86944b31cd51ae3e1ca22570327c24900eb8b8cc9cad
SHA512

d73987effbc2b73b35e5a2432f0091c7539bbe6e3e3010746b74442931c7b0dbed427804a73076c6e580f6142e5e8e4e33a3ca6cfea144190c0378fb5f2fcbe6
SSDEEP

6144:5lHtO2m0x+V30zy71tkU9xtqTDJsuNtf9D/zZS:5lm0x+ZhZtkU9DqTDJsuNh9DVS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7c702e72082a881f47c86944b31cd51ae3e1ca22570327c24900eb8b8cc9cad

Files

f7c702e72082a881f47c86944b31cd51ae3e1ca22570327c24900eb8b8cc9cad
.exe windows:5 windows x64 arch:x64

655c43997910911c0f6194cfd3a04995

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\zhanlue\haozip\bin\x64\release\pdb\HaoZipC.pdb

Imports

kernel32

InitializeCriticalSectionAndSpinCount
WaitForSingleObject
GetPrivateProfileStringW
GetLastError
CloseHandle
FreeLibrary
GetVersionExW
ReadFile
SetFilePointer
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapFree
GetCurrentThreadId
OpenProcess
HeapAlloc
LocalFree
GetProcessHeap
FindResourceW
lstrcmpiW
FindFirstFileW
CreateFileW
GetFileAttributesExW
GetEnvironmentVariableW
FindClose
GetFileSize
SystemTimeToFileTime
GetSystemTime
GetModuleHandleW
WriteFile
SetFileTime
SetEndOfFile
FormatMessageW
CreateEventW
SetEvent
ResetEvent
lstrlenW
lstrcatW
lstrcpyW
DeleteFileW
GetFileSizeEx
GetCurrentProcess
CreateDirectoryW
GetFullPathNameW
SetFileAttributesW
MoveFileExW
GetTempFileNameW
MoveFileW
GetCurrentProcessId
CreateMutexW
ReleaseMutex
GetStdHandle
RtlVirtualUnwind
LoadLibraryW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
GetFileAttributesW
ExpandEnvironmentStringsW
GetProcAddress

user32

LoadStringW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree

msvcp140

?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
??Bid@locale@std@@QEAA_KXZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?wcin@std@@3V?$basic_istream@_WU?$char_traits@_W@std@@@1@A
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?get@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?ignore@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_JG@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_JD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$ctype@_W@std@@2V0locale@2@A
?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ

vcruntime140

memset
_CxxThrowException
_purecall
__C_specific_handler
__CxxFrameHandler3
wcschr
__std_exception_destroy
memmove
__std_exception_copy
wcsstr
__std_terminate
memcpy

api-ms-win-crt-string-l1-1-0

towupper
_stricmp
wcsncpy
_wcsicmp
wcslen
strlen
towlower

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
terminate
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
exit
_exit
_c_exit
__p___argc
__p___wargv

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfwprintf
__p__commode
_set_fmode
__stdio_common_vswprintf

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
malloc

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

655c43997910911c0f6194cfd3a04995

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

msvcp140

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 216KB - Virtual size: 215KB

.rdata Size: 85KB - Virtual size: 85KB

.data Size: 6KB - Virtual size: 8KB

.pdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 2KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 216KB - Virtual size: 215KB

.rdata
Size: 85KB - Virtual size: 85KB

.data
Size: 6KB - Virtual size: 8KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 2KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 1KB