937110abe549230c6dbe4d702cf5a8f3a93eeaa3f6f3e03c82c63fc7d42f6da7

Sharing

Copy URL Twitter E-mail

General

Target

937110abe549230c6dbe4d702cf5a8f3a93eeaa3f6f3e03c82c63fc7d42f6da7
Size

435KB
MD5

fc2542a0ec94309a9ef705fce5bc9d41
SHA1

84128bc7a0a1be2d8404b67b1984b1fa270593d8
SHA256

937110abe549230c6dbe4d702cf5a8f3a93eeaa3f6f3e03c82c63fc7d42f6da7
SHA512

96ff42823d8a2035beff34f640129e749a23b8c885ed79be86424fc32f6f8dbc8d8a2daaa40aaddff1744ef513ce69cb85e98dbb0684395062e0b4fc4e2ad5e8
SSDEEP

12288:X3aHPl9rRwJCs2QIskSQqJvdKJE31bRfaH0kFWEfAo:X3avl9dwJCBSfKJQ1bcUkM6A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
937110abe549230c6dbe4d702cf5a8f3a93eeaa3f6f3e03c82c63fc7d42f6da7

Files

937110abe549230c6dbe4d702cf5a8f3a93eeaa3f6f3e03c82c63fc7d42f6da7
.dll regsvr32 windows:5 windows x86 arch:x86

6ef48272d36bb140382a4a829b7e2c6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\zhanlue\haozip\bin\Win32\release\pdb\HaoZipExt32.pdb

Imports

kernel32

LoadLibraryExW
WaitForSingleObject
GetPrivateProfileStringW
CreateProcessW
GetExitCodeProcess
HeapFree
LoadLibraryW
HeapAlloc
GetProcessHeap
GetCurrentProcess
GetVersionExW
GetSystemDefaultLangID
GetFileAttributesW
FindFirstFileW
GetLongPathNameW
CreateFileW
GetFileAttributesExW
FindNextFileW
FindClose
CreateMutexW
ReleaseMutex
OpenMutexW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetACP
InitializeCriticalSection
ReadFile
SetFilePointer
GetCurrentThreadId
OpenProcess
LocalFree
GetEnvironmentVariableW
WriteFile
SetEndOfFile
GetFileSize
CreateDirectoryW
GetFullPathNameW
lstrlenW
GetTempPathW
DeleteFileW
lstrcmpiW
InterlockedExchangeAdd
GetFileSizeEx
GetCurrentProcessId
FormatMessageW
CreateEventW
SetEvent
ResetEvent
SetFilePointerEx
GetConsoleCP
FlushFileBuffers
GetConsoleMode
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
LCMapStringW
WriteConsoleW
HeapReAlloc
HeapSize
GetFileType
GetStdHandle
GetStringTypeW
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
InterlockedFlushSList
FreeLibrary
GetModuleHandleW
GetProcAddress
FindResourceW
LoadResource
DisableThreadLibraryCalls
MultiByteToWideChar
GetVersion
LeaveCriticalSection
EncodePointer
GetModuleFileNameW
EnterCriticalSection
SizeofResource
GlobalUnlock
WideCharToMultiByte
InterlockedIncrement
lstrcpynA
DeleteCriticalSection
GlobalLock
DecodePointer
RaiseException
CloseHandle
GetLastError
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
lstrcpynW
RtlUnwind
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx

user32

GetIconInfo
LoadStringW
GetDesktopWindow
wsprintfW
SetRect
GetDC
ReleaseDC
LoadImageW
CharNextW
GetMenuItemInfoW
InsertMenuItemW
GetMenuItemCount
CreatePopupMenu
DestroyIcon
IsMenu
SetMenuItemInfoW
DestroyMenu
GetMenuInfo
AppendMenuW
DrawIconEx

gdi32

CreateCompatibleBitmap
SelectObject
CreateDIBSection
CreateCompatibleDC
GetDIBits
DeleteDC
SetBkColor
ExtTextOutW
DeleteObject

advapi32

GetUserNameW
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetPathFromIDListW
DragQueryFileW
ShellExecuteW
SHGetSpecialFolderLocation
ShellExecuteExW

ole32

CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
ReleaseStgMedium
CoCreateInstance

oleaut32

VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ef48272d36bb140382a4a829b7e2c6f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 317KB - Virtual size: 316KB

.rdata Size: 78KB - Virtual size: 77KB

.data Size: 5KB - Virtual size: 9KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 317KB - Virtual size: 316KB

.rdata
Size: 78KB - Virtual size: 77KB

.data
Size: 5KB - Virtual size: 9KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 17KB - Virtual size: 17KB