大漠综合工具[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

大漠综合工具.exe
Size

1.6MB
MD5

941a190170e6fdd50586d07efe1bcdeb
SHA1

f35faf14f86be97a1c331b17cdc5f1374d672744
SHA256

56d5286605547f8c8c3eed0e63ff06fa2665afc07712ca872768cde37198293d
SHA512

61c5007f31bad89d0526e6df908b5b34392dbfe7aebdc379923b6add60f2ecfa2ce7e7217f1fa03d77550ef9e86e4c88514b0a16d33756a74852ad3400736cb9
SSDEEP

49152:otAb5V4OE8Tq8zyQDNJk8ORbtbgW5P3xH+daoIRGuCoZlQdcgwYb:otAb5hHz7815PxHtTlQdcY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
大漠综合工具.exe

Files

大漠综合工具.exe
.exe windows:4 windows x86 arch:x86

35e0dee1f4b35e1868ee2ced1cd069a9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageA
GlobalFree
IsBadReadPtr
SetLastError
WaitForSingleObject
InterlockedCompareExchange
CreateEventA
SetEvent
OpenEventA
UnmapViewOfFile
MapViewOfFile
GetHandleInformation
ExitThread
LocalFree
VirtualAlloc
GetSystemDirectoryA
GetStartupInfoW
InterlockedExchange
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
WritePrivateProfileStringA
GetProfileIntW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetLastError
CopyFileW
Sleep
CreateFileA
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
LoadLibraryExW
GetModuleHandleA
WriteFile
IsBadWritePtr
VirtualQuery
FormatMessageW
CreateFileW
SetFilePointer
CloseHandle
SetUnhandledExceptionFilter
GetModuleFileNameW
lstrcatW
lstrlenW
WinExec
lstrcpyW
FreeLibrary
FindResourceW
SizeofResource
LoadResource
LockResource
GetModuleHandleW
MulDiv
GetProcAddress
lstrcpynW
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
MultiByteToWideChar
WideCharToMultiByte
GetVersionExW

user32

EqualRect
LoadMenuW
GetSubMenu
GetWindowDC
IsChild
OffsetRect
FillRect
GetFocus
DrawFrameControl
DrawFocusRect
wvsprintfW
HideCaret
CopyIcon
InflateRect
SetWindowLongW
ReleaseCapture
RedrawWindow
SetCapture
MessageBeep
GetSysColor
DrawTextW
BeginPaint
EndPaint
PostQuitMessage
IsWindowVisible
DefWindowProcW
RegisterClassExW
CreateWindowExW
GetDlgCtrlID
LoadStringW
SetWindowPos
GetParent
PostMessageW
OpenClipboard
EmptyClipboard
SetClipboardData
RegisterHotKey
GetDC
ClientToScreen
GetAsyncKeyState
GetScrollPos
SetScrollPos
SetScrollRange
MessageBoxW
GetKeyState
SetTimer
ShowCursor
KillTimer
SetCursorPos
InvalidateRgn
IsRectEmpty
SetCursor
IsWindow
ScreenToClient
SetRect
InvalidateRect
GetWindowRect
PtInRect
IsIconic
GetClientRect
DrawIcon
ReleaseDC
SendMessageW
EnableWindow
SetRectEmpty
GetForegroundWindow
GetSystemMetrics
UnregisterHotKey
GetNextDlgGroupItem
DispatchMessageW
GetMessageW
GetDCEx
UpdateWindow
GetCapture
GetClassNameW
GetWindowTextW
GetWindowLongW
MapVirtualKeyW
AdjustWindowRectEx
GetMenu
RemovePropA
GetPropA
GetIconInfo
GetWindowTextA
FindWindowA
WindowFromPoint
GetWindow
SystemParametersInfoW
AttachThreadInput
SetFocus
SetForegroundWindow
GetWindowLongA
UnhookWindowsHookEx
GetWindowThreadProcessId
DestroyCursor
GetCursorPos
GetActiveWindow
GetWindowPlacement
EnumWindows
TranslateAcceleratorA
GetDesktopWindow
LoadImageW
LoadCursorW
ShowWindow
LoadIconW
CloseClipboard

gdi32

Rectangle
GetStockObject
GetTextExtentPoint32W
CombineRgn
CreateRectRgnIndirect
GetDIBits
BitBlt
SetDIBits
LineDDA
SetPixelV
CreatePen
EnumFontFamiliesExW
CreateFontIndirectW
SetTextColor
SetBkMode
DeleteObject
CreateSolidBrush
GetBkColor
CreateCompatibleBitmap
SetROP2
CreatePatternBrush
CreateBitmap
PatBlt
UnrealizeObject
RealizePalette
SelectPalette
SelectObject
DeleteDC
GetObjectW
CreateCompatibleDC
GetDeviceCaps
GetPixel
CreateRectRgn

advapi32

RegOpenKeyExW
RegQueryValueW
RegCloseKey

shell32

DragQueryFileW
DragFinish
ShellExecuteW

mfc42u

ord4616
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord2372
ord4282
ord3084
ord4279
ord609
ord3569
ord4390
ord2567
ord2745
ord4474
ord927
ord1197
ord795
ord3716
ord3494
ord5785
ord616
ord3577
ord4392
ord2570
ord4213
ord2015
ord2403
ord283
ord6168
ord1172
ord2354
ord2286
ord3284
ord2916
ord3559
ord956
ord6617
ord4158
ord5651
ord2004
ord5880
ord554
ord2859
ord3798
ord355
ord2507
ord3447
ord3870
ord2290
ord2350
ord4197
ord6865
ord2756
ord6278
ord6279
ord6654
ord4273
ord541
ord801
ord2910
ord5568
ord3733
ord561
ord815
ord692
ord804
ord1202
ord1131
ord5296
ord2717
ord2579
ord3389
ord3724
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord6777
ord6451
ord6597
ord4215
ord2576
ord3649
ord2430
ord6266
ord2858
ord1637
ord6868
ord3785
ord2755
ord5436
ord6379
ord5446
ord6390
ord941
ord1263
ord1562
ord1193
ord6115
ord4312
ord6190
ord1563
ord1194
ord1808
ord5857
ord5706
ord4124
ord6874
ord6139
ord4400
ord858
ord2293
ord2281
ord942
ord5784
ord4292
ord3701
ord5261
ord4992
ord2506
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4419
ord3592
ord641
ord1634
ord1143
ord1165
ord324
ord825
ord3621
ord3658
ord2406
ord2855
ord2294
ord4229
ord535
ord800
ord940
ord537
ord860
ord540
ord4294
ord6193
ord6376
ord4704
ord2371
ord755
ord470
ord4370
ord613
ord2637
ord289
ord4470
ord640
ord2397
ord5781
ord1633
ord323
ord3614
ord861
ord2810
ord5783
ord5871
ord2235
ord472
ord5276
ord6051
ord1768
ord4418
ord3605
ord567
ord656
ord4270
ord6195
ord5286
ord4847
ord2362
ord538
ord6237
ord3397
ord3706
ord783
ord807
ord6871
ord3087
ord6211
ord2078
ord4219
ord5977
ord3566
ord2746
ord2634
ord4688
ord3747
ord5142
ord6330
ord823
ord2854
ord3688
ord4128
ord1569

msvcrt

_strupr
wcslen
_controlfp
_onexit
__dllonexit
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
strchr
memmove
time
_findfirst
remove
_findnext
_findclose
vsprintf
fopen
_itoa
strrchr
rand
floor
atof
fprintf
strncpy
atol
fseek
ftell
fread
wcscat
strncmp
sscanf
srand
_wsplitpath
_except_handler3
_wcsdup
wcsrchr
wcsstr
fwrite
_wfopen
wcscpy
fclose
sprintf
wcscmp
_ftol
swscanf
malloc
free
strstr
swprintf
__CxxFrameHandler

msvcp60

?_Xran@std@@YAXXZ
?_Xlen@std@@YAXXZ

Sections

"aX>8IE=
Size: 280KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

mLIdG]mK
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

31YbNCQB
Size: 8KB - Virtual size: 122.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

v.2^,4*M
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

c-xQN"dv
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35e0dee1f4b35e1868ee2ced1cd069a9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

mfc42u

msvcrt

msvcp60

Sections

"aX>8IE= Size: 280KB - Virtual size: 277KB

mLIdG]mK Size: 64KB - Virtual size: 63KB

31YbNCQB Size: 8KB - Virtual size: 122.6MB

v.2^,4*M Size: 1.2MB - Virtual size: 1.2MB

c-xQN"dv Size: 100KB - Virtual size: 98KB

"aX>8IE=
Size: 280KB - Virtual size: 277KB

mLIdG]mK
Size: 64KB - Virtual size: 63KB

31YbNCQB
Size: 8KB - Virtual size: 122.6MB

v.2^,4*M
Size: 1.2MB - Virtual size: 1.2MB

c-xQN"dv
Size: 100KB - Virtual size: 98KB