792a08846c4f428b7328287ab2e40c379445668b2516767c542b15d16fd7e55c

Sharing

Copy URL Twitter E-mail

General

Target

792a08846c4f428b7328287ab2e40c379445668b2516767c542b15d16fd7e55c
Size

573KB
MD5

25c396fde6cf52d9e63f28872d205c4a
SHA1

15f8c5628d9379d5641ec6ac210feef533832ff0
SHA256

792a08846c4f428b7328287ab2e40c379445668b2516767c542b15d16fd7e55c
SHA512

514e1d3c49ad9639c719f48246d55a3984dfef4cdfb58c8ca3c81a713daa427336f6d001315c0c1b91d1ddb680c3b40b11dfb8c6c12347da69caf898bf1dc2d0
SSDEEP

12288:ntgJTAmLXnW+1gQSd7pNmXm5nLROuxbwLx2Zy46n3yUVq4/:nt2TjDntx0h5nLROux0Lx2Ze3ygq4/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
792a08846c4f428b7328287ab2e40c379445668b2516767c542b15d16fd7e55c

Files

792a08846c4f428b7328287ab2e40c379445668b2516767c542b15d16fd7e55c
.dll regsvr32 windows:5 windows x86 arch:x86

f2db9788a032fd0a90cd86e9d79c4586

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\zhanlue\haozip\bin\Win32\release\pdb\HaoZipExt.pdb

Imports

kernel32

GetExitCodeProcess
HeapFree
LoadLibraryW
HeapAlloc
GetProcessHeap
GetFileAttributesW
GetCurrentProcess
GetSystemDefaultLangID
SetLastError
GetCurrentThreadId
GetCurrentProcessId
GetACP
GetStartupInfoW
TerminateProcess
lstrlenW
FindFirstFileW
GetLongPathNameW
CreateFileW
GetFileAttributesExW
FindNextFileW
FindClose
CreateMutexW
ReleaseMutex
OpenMutexW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
InitializeCriticalSection
ResumeThread
InterlockedExchangeAdd
FormatMessageW
LocalFree
WriteFile
SetFileTime
SetEndOfFile
GetFileSize
OpenProcess
GetEnvironmentVariableW
CreateDirectoryW
GetFullPathNameW
GetTempPathW
SetFileAttributesW
DeleteFileW
GetWindowsDirectoryW
MoveFileExW
GetTempFileNameW
CreateProcessW
GetFileSizeEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
LCMapStringW
HeapReAlloc
HeapSize
GetFileType
GetStdHandle
GetStringTypeW
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetPrivateProfileStringW
SetStdHandle
GetConsoleMode
FlushFileBuffers
GetConsoleCP
SetFilePointerEx
WriteConsoleW
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
GetVersionExW
SetFilePointer
ReadFile
LoadLibraryExW
lstrcmpiW
FreeLibrary
GetModuleHandleW
GetProcAddress
FindResourceW
LoadResource
DisableThreadLibraryCalls
MultiByteToWideChar
GetVersion
LeaveCriticalSection
EncodePointer
GetModuleFileNameW
EnterCriticalSection
SizeofResource
GlobalUnlock
WideCharToMultiByte
InterlockedIncrement
lstrcpynA
DeleteCriticalSection
GlobalLock
DecodePointer
RaiseException
CloseHandle
GetLastError
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
MoveFileW
lstrcpynW

user32

ScreenToClient
BeginPaint
EndDialog
GetMonitorInfoW
EndPaint
MonitorFromWindow
ClientToScreen
GetWindowThreadProcessId
IsWindowVisible
FillRect
CallWindowProcW
EnumWindows
SetWindowLongW
DialogBoxParamW
MessageBoxW
GetIconInfo
SetRect
GetDesktopWindow
DefWindowProcW
wsprintfW
GetWindowLongW
GetWindow
GetWindowRect
SetWindowPos
MapWindowPoints
GetParent
ReleaseDC
LoadStringW
GetPropW
SendMessageW
ShowWindow
IsWindow
SetTimer
SetDlgItemTextW
IsWindowEnabled
SetPropW
GetClientRect
KillTimer
InvalidateRect
EnableWindow
LoadImageW
CharNextW
GetMenuItemInfoW
InsertMenuItemW
GetMenuItemCount
UnregisterClassW
CreatePopupMenu
DestroyIcon
IsMenu
SetMenuItemInfoW
DestroyMenu
GetMenuInfo
AppendMenuW
DrawIconEx
SetWindowTextW
GetDlgItem
GetActiveWindow
GetDC

gdi32

PathToRegion
TextOutW
EndPath
LineTo
CreatePen
MoveToEx
CreateSolidBrush
SetTextColor
SetBkMode
CreateCompatibleBitmap
SelectObject
BeginPath
CreateCompatibleDC
GetDIBits
DeleteDC
SetBkColor
ExtTextOutW
GetStockObject
DeleteObject
FillPath
CreateDIBSection
GetBkColor

advapi32

GetUserNameW
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

DragQueryFileW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteW

ole32

CoTaskMemFree
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance

oleaut32

VarUI4FromStr

comctl32

CreatePropertySheetPageW
DestroyPropertySheetPage

msimg32

TransparentBlt

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2db9788a032fd0a90cd86e9d79c4586

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

Exports

Exports

Sections

.text Size: 423KB - Virtual size: 423KB

.rdata Size: 100KB - Virtual size: 100KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 423KB - Virtual size: 423KB

.rdata
Size: 100KB - Virtual size: 100KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 24KB - Virtual size: 23KB