34380446c01b14eb87a1945823d07dce064922be7516872cca255b691ad199de

Sharing

Copy URL Twitter E-mail

General

Target

34380446c01b14eb87a1945823d07dce064922be7516872cca255b691ad199de
Size

707KB
MD5

e14aab4d77a7111eda016313a8386415
SHA1

bf7dba8eb5f4e2bbb1bc708e296d8f87b01bd325
SHA256

34380446c01b14eb87a1945823d07dce064922be7516872cca255b691ad199de
SHA512

583d93f0877a389491b5c044b73ad80cfd149f9eab6a069e5419f7e45892c3327ed1da0dc62354466bda28328be8b4d0ee8797b45106e722450926e5c94a2360
SSDEEP

12288:Y4eaNcZRjyvq2Ofl4+gWKkuNz3TR6YVwxYB3zLSvXoN0iuSLQC:Y4eaNcZpWzOfl4+gbpNz3TtVwxYB3/SI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34380446c01b14eb87a1945823d07dce064922be7516872cca255b691ad199de

Files

34380446c01b14eb87a1945823d07dce064922be7516872cca255b691ad199de
.dll regsvr32 windows:5 windows x64 arch:x64

c52df2d0748ecd0d630f3a5bcf9bc38b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\zhanlue\haozip\bin\x64\release\pdb\HaoZipExt.pdb

Imports

kernel32

LoadLibraryW
HeapAlloc
GetProcessHeap
GetFileAttributesW
GetSystemDefaultLangID
SetLastError
GetCurrentThreadId
GetCurrentProcessId
GetACP
GetStartupInfoW
TerminateProcess
lstrlenW
FindFirstFileW
GetLongPathNameW
CreateFileW
GetFileAttributesExW
FindNextFileW
FindClose
CreateMutexW
ReleaseMutex
OpenMutexW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
InitializeCriticalSection
ResumeThread
FormatMessageW
LocalFree
WriteFile
SetFileTime
SetEndOfFile
GetFileSize
OpenProcess
GetEnvironmentVariableW
CreateDirectoryW
GetFullPathNameW
GetTempPathW
SetFileAttributesW
DeleteFileW
GetWindowsDirectoryW
MoveFileExW
GetTempFileNameW
MoveFileW
GetCurrentProcess
GetFileSizeEx
HeapFree
RtlVirtualUnwind
WriteConsoleW
SetFilePointerEx
GetConsoleCP
FlushFileBuffers
GetConsoleMode
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
LCMapStringW
HeapReAlloc
HeapSize
GetFileType
GetStdHandle
GetStringTypeW
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
CreateProcessW
GetPrivateProfileStringW
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
GetVersionExW
SetFilePointer
ReadFile
LoadLibraryExW
lstrcmpiW
FreeLibrary
GetModuleHandleW
GetProcAddress
FindResourceW
LoadResource
DisableThreadLibraryCalls
MultiByteToWideChar
GetVersion
LeaveCriticalSection
EncodePointer
EnterCriticalSection
SizeofResource
GlobalUnlock
WideCharToMultiByte
lstrcpynA
DeleteCriticalSection
GlobalLock
DecodePointer
RaiseException
CloseHandle
GetLastError
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
lstrcpynW

user32

GetMenuInfo
SetMenuItemInfoW
SetWindowTextW
GetDlgItem
AppendMenuW
DrawIconEx
DestroyMenu
IsMenu
CallWindowProcW
FillRect
BeginPaint
EndPaint
GetWindowLongW
MonitorFromWindow
ScreenToClient
EndDialog
GetMonitorInfoW
DefWindowProcW
ClientToScreen
GetWindowThreadProcessId
IsWindowVisible
SetWindowLongPtrW
EnumWindows
DialogBoxParamW
MessageBoxW
SetRect
GetDesktopWindow
GetActiveWindow
wsprintfW
GetWindow
GetWindowRect
GetDC
SetWindowPos
GetWindowLongPtrW
MapWindowPoints
GetParent
ReleaseDC
LoadStringW
GetPropW
SendMessageW
ShowWindow
IsWindow
SetTimer
SetDlgItemTextW
IsWindowEnabled
SetPropW
GetClientRect
KillTimer
InvalidateRect
EnableWindow
LoadImageW
CharNextW
GetMenuItemInfoW
InsertMenuItemW
GetMenuItemCount
UnregisterClassW
CreatePopupMenu
DestroyIcon
GetIconInfo

gdi32

GetBkColor
FillPath
BeginPath
PathToRegion
TextOutW
EndPath
LineTo
CreatePen
MoveToEx
CreateSolidBrush
SetTextColor
SetBkMode
CreateCompatibleBitmap
SelectObject
CreateDIBSection
CreateCompatibleDC
GetDIBits
DeleteDC
SetBkColor
ExtTextOutW
GetStockObject
DeleteObject

advapi32

RegEnumKeyExW
RegOpenKeyExW
GetUserNameW
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCloseKey

shell32

ShellExecuteW
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
DragQueryFileW

ole32

CoTaskMemFree
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2

oleaut32

VarUI4FromStr

comctl32

CreatePropertySheetPageW
DestroyPropertySheetPage

msimg32

TransparentBlt

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 459KB - Virtual size: 459KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c52df2d0748ecd0d630f3a5bcf9bc38b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

Exports

Exports

Sections

.text Size: 459KB - Virtual size: 459KB

.rdata Size: 197KB - Virtual size: 196KB

.data Size: 9KB - Virtual size: 16KB

.pdata Size: 20KB - Virtual size: 20KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 459KB - Virtual size: 459KB

.rdata
Size: 197KB - Virtual size: 196KB

.data
Size: 9KB - Virtual size: 16KB

.pdata
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 4KB - Virtual size: 3KB