yanzehng[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

yanzehng.exe
Size

80KB
MD5

7e411ae882af0ac8d1608a4a20e359ff
SHA1

52058703f506a53b8dd075cc07b982dc4d294df3
SHA256

6d07bf38831cf20448514d47ff1b4e0085e548fd4c1077c315ff61346dc067e2
SHA512

61e2cd1d9512d2563640dd8539961c04f7369c97e3a2c3849120e1bd573b1f1ea7a7bf409e757b69db7ae39cbc8093d3321a90b170114274463f0ed2f885a8b0
SSDEEP

1536:xs03B9M+bMNf9AsxHAQVFgcarKRbegzjO:G03B9M1f9n6QjgcaGRpO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
yanzehng.exe

Files

yanzehng.exe
.exe windows:4 windows x86 arch:x86

2407e22aa8113506629bdf202fff2dbb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5708
ord605
ord278
ord2077
ord1638
ord1971
ord4411
ord4975
ord4919
ord3663
ord5450
ord6394
ord5440
ord6383
ord4099
ord2818
ord858
ord2820
ord3811
ord535
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord2514
ord2621
ord1200
ord1134
ord641
ord616
ord692
ord693
ord804
ord4129
ord5683
ord5265
ord4376
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord537
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord2362
ord2302
ord4234
ord3996
ord4224
ord755
ord470
ord6215
ord6907
ord3286
ord3301
ord3097
ord551
ord4278
ord6199
ord939
ord2915
ord3361
ord326
ord2370
ord3337
ord1168
ord941
ord2764
ord6905
ord6270
ord1644
ord922
ord924
ord665
ord1979
ord5442
ord3318
ord5186
ord354
ord4220
ord2584
ord3654
ord2438
ord2863
ord2379
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord6055
ord1776
ord4401
ord5290
ord3402
ord3639
ord567
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord1146
ord2582
ord4402
ord3370
ord3640
ord6007
ord3998
ord2587
ord4406
ord3394
ord3729
ord6785
ord1261
ord503
ord540
ord860
ord775
ord800
ord5192
ord1994
ord4291
ord6123
ord1787
ord1006
ord2609
ord6322
ord2395
ord5658
ord5010
ord2490
ord1774
ord6121
ord5242
ord3314
ord3316
ord1911
ord3570
ord966
ord5478
ord5796
ord4863
ord4335
ord4447
ord2031
ord5481
ord5810
ord6334
ord4853
ord3092
ord4710
ord3957
ord825
ord2648
ord823
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
rand
strcmp
fopen
fseek
ftell
fread
fclose
strcat
strlen
sprintf
_mbscmp
atoi
memmove
memcmp
_CxxThrowException
strcpy
__CxxFrameHandler
memcpy
memset
wcscpy
wcslen
_setmbcp
_controlfp

kernel32

LeaveCriticalSection
MultiByteToWideChar
lstrlenA
EnterCriticalSection
GetQueuedCompletionStatus
CreateIoCompletionPort
GlobalAlloc
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
WaitForSingleObject
TerminateThread
PostQueuedCompletionStatus
GetSystemInfo
CreateThread
GetModuleFileNameA
ReadFile
GetFileSize
CreateFileA
WriteFile
DeleteFileA
OutputDebugStringA
VirtualAlloc
GetCurrentDirectoryA
GetLocalTime
Sleep
GetTickCount
GlobalUnlock
GlobalLock
FreeLibrary
GetProcAddress
LoadLibraryA
LocalFree
LocalUnlock
LocalLock
LocalAlloc
MoveFileExA
GetSystemDirectoryA
GetModuleHandleA
GetStartupInfoA
GlobalFree

user32

DispatchMessageA
LoadIconA
PeekMessageA
MessageBoxA
wsprintfA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
SendMessageA
LoadMenuA
DrawIcon
GetSubMenu
PostMessageA
IsIconic
GetClientRect
SetForegroundWindow
EnableWindow
OffsetRect
InflateRect
MessageBeep
GetCursorPos
GetSystemMetrics
TranslateMessage

shell32

Shell_NotifyIconA

shlwapi

PathRemoveFileSpecA

ws2_32

getpeername
WSAIoctl
WSAGetLastError
setsockopt
WSAAccept
WSASend
shutdown
listen
bind
htons
htonl
WSASocketA
inet_ntoa
gethostbyname
gethostname
WSACleanup
WSAStartup
send
WSARecv
closesocket

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2407e22aa8113506629bdf202fff2dbb

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

shell32

shlwapi

ws2_32

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 4KB