b304d90d513ee213315e17d422691c3ccf905140980355fbeff57ea6c6d09490

Sharing

Copy URL Twitter E-mail

General

Target

b304d90d513ee213315e17d422691c3ccf905140980355fbeff57ea6c6d09490
Size

1.6MB
MD5

ad19847f409c59f26dbed3168d0425dd
SHA1

4985b2525813cfc45a1d12f70ec5bb5a230f5216
SHA256

b304d90d513ee213315e17d422691c3ccf905140980355fbeff57ea6c6d09490
SHA512

438b86d5a8cda5a34a54720d28ec40d7c995d631a4769eec1009d0bcccf8b2b5b058b0cf5a7bac130f89dc2161bf3653e630ce2dc248f656c4b982a975e35d8b
SSDEEP

24576:bG+r0XrCWC1eZvk0/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:bqrQeZv1LNiXicJFFRGNzj3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b304d90d513ee213315e17d422691c3ccf905140980355fbeff57ea6c6d09490

Files

b304d90d513ee213315e17d422691c3ccf905140980355fbeff57ea6c6d09490
.exe windows:6 windows x86 arch:x86

4aaf83b49b2cc01309a543425b442ab5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\2495\Desktop\PESP\V652\fc2.0\ESP本体\vc12\Release\IJPLMSVC.pdb

Imports

shlwapi

PathQuoteSpacesW
PathAppendW
PathIsDirectoryW
PathFileExistsW

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses

kernel32

lstrcmpiW
lstrcpyW
FindClose
FindFirstFileW
FindNextFileW
GetSystemTimeAsFileTime
GetLocalTime
SetEvent
GetSystemDefaultLangID
GetModuleFileNameW
Sleep
GetVersionExW
GetSystemDefaultLCID
lstrcmpW
LocalFree
GetFileAttributesW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
OpenProcess
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
WritePrivateProfileStringW
GetPrivateProfileStringW
GetCurrentProcess
GetProcAddress
GetModuleHandleW
GetLastError
CreateMutexW
CloseHandle
LoadLibraryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetSystemDirectoryW
SetLastError
lstrlenW
GlobalFree
GlobalAlloc
SetStdHandle
HeapSize
GetConsoleCP
CreateFileW
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
CreateEventW
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetStringTypeW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCPInfo
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
LoadLibraryExW
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetACP
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap

user32

CharLowerW

winspool.drv

OpenPrinterW
EnumPrintersW
XcvDataW
GetPrinterDriverW
ClosePrinter

advapi32

RegisterServiceCtrlHandlerExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ReportEventW
DeregisterEventSource
RegisterEventSourceW
DeleteService
QueryServiceStatus
ControlService
StartServiceW
ChangeServiceConfig2W
CreateServiceW
SetServiceStatus
UnlockServiceDatabase
CloseServiceHandle
ChangeServiceConfigW
OpenServiceW
LockServiceDatabase
OpenSCManagerW
StartServiceCtrlDispatcherW
RegOpenKeyW
RegEnumValueW
RegCreateKeyExW
RegEnumKeyW
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 332KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4aaf83b49b2cc01309a543425b442ab5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

psapi

kernel32

user32

winspool.drv

advapi32

shell32

ole32

Sections

.text Size: 332KB - Virtual size: 332KB

.rdata Size: 85KB - Virtual size: 84KB

.data Size: 5KB - Virtual size: 11KB

.gfids Size: 1024B - Virtual size: 784B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.2MB - Virtual size: 1.9MB

.text
Size: 332KB - Virtual size: 332KB

.rdata
Size: 85KB - Virtual size: 84KB

.data
Size: 5KB - Virtual size: 11KB

.gfids
Size: 1024B - Virtual size: 784B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.2MB - Virtual size: 1.9MB