cb75d6fbbb2b63719fae38a4ab763a56f4bf06107d1bb79d23b134e918a89a8e

Sharing

Copy URL Twitter E-mail

General

Target

cb75d6fbbb2b63719fae38a4ab763a56f4bf06107d1bb79d23b134e918a89a8e
Size

801KB
MD5

59a066cf4f307c0e2df968857eacf5e7
SHA1

2c1013c65e49522320a68958e6430b7772dfc0bb
SHA256

cb75d6fbbb2b63719fae38a4ab763a56f4bf06107d1bb79d23b134e918a89a8e
SHA512

257053e33f8d32e87759ca72c79259f3d8c7f8a6d68bfdfad935a9d98b7f116f1be5daa16adae18983a5fb686a90ba7817e4cf0f24576ea858f64ae0883939fd
SSDEEP

24576:O2rZqbruIIY0dx5V3SRK7KJlv37sYFHvAp:O2AruIIf3ri47KJlv4YJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb75d6fbbb2b63719fae38a4ab763a56f4bf06107d1bb79d23b134e918a89a8e

Files

cb75d6fbbb2b63719fae38a4ab763a56f4bf06107d1bb79d23b134e918a89a8e
.exe windows:5 windows x86 arch:x86

6fc8409b0b84e11c74d901b9c4c2313c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\work_old\MiFlash售后帮刷机\Release\MiFlash.pdb

Imports

kernel32

GetModuleHandleW
GetProcessHeap
LoadLibraryW
Sleep
ReadFile
CreateFileW
GetTempPathW
GetProcAddress
FindClose
RemoveDirectoryW
GetModuleHandleA
FindNextFileW
CloseHandle
CreateDirectoryW
GetCurrentProcessId
ExpandEnvironmentStringsW
ExitProcess
FindResourceW
LoadResource
WriteFile
SizeofResource
LockResource
GetCurrentProcess
CreateFileA
HeapFree
HeapAlloc
SetFilePointer
DeleteFileW
FindFirstFileW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLastError
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
RtlUnwind
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetStdHandle

user32

GetDesktopWindow
wsprintfW
MessageBoxW

advapi32

RegCloseKey
RegOpenKeyExW
RegCreateKeyW
RegSetValueExW

shell32

ShellExecuteW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

PathFileExistsW
PathRemoveFileSpecW

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 661KB - Virtual size: 660KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6fc8409b0b84e11c74d901b9c4c2313c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

version

shlwapi

Sections

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 6KB - Virtual size: 21KB

.rsrc Size: 661KB - Virtual size: 660KB

.reloc Size: 7KB - Virtual size: 7KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 6KB - Virtual size: 21KB

.rsrc
Size: 661KB - Virtual size: 660KB

.reloc
Size: 7KB - Virtual size: 7KB

.rmnet
Size: 56KB - Virtual size: 60KB