舒原林CAB压缩[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

舒原林CAB压缩.exe
Size

68KB
MD5

1358d3310fb6a2ae60c7dd062375cda3
SHA1

5e459ce511dcd5c30f8772472166b9503a30d421
SHA256

b159702a212d29c9e11c19b2cbff9254a9f01f3ee653872854cfa13a6313567e
SHA512

64bb632f354b700b0b3f6c571de325d236a5fbc8a74c52277d67d6cd580e0ce82aad84117a8f4f6f8e21cf532e1eea1edf7457982f3048e6329357203a566445
SSDEEP

768:RbXq32O8gg00BoDJ6yNlkIL90l5MyON/YfURtfTtGfRfUd0elRMpS:tOIzBoP7khl6Y8R9tGfRo0ePMpS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
舒原林CAB压缩.exe

Files

舒原林CAB压缩.exe
.exe windows:4 windows x86 arch:x86

808e99f950697c63d5237476dc847686

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
GetFileAttributesExA
WriteFile
CreateProcessA
lstrcatA
FindFirstFileA
lstrcmpiA
FindClose
CreateFileMappingA
FindNextFileA
GetModuleHandleA
CloseHandle
GetTempPathA
lstrcpyA
MapViewOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
MultiByteToWideChar
HeapSize
GetOEMCP
GetACP
lstrlenA
GetFileSize
CreateFileA
GetCPInfo
LoadLibraryA
RtlUnwind
Sleep
InitializeCriticalSection
GetLastError
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetProcAddress
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException

user32

GetDlgItem
GetWindowRect
SendDlgItemMessageA
LoadStringA
MoveWindow
wsprintfA
SendMessageA
MessageBoxA
SetClassLongA
LoadIconA
EndDialog
CheckDlgButton
IsDlgButtonChecked
EnableWindow
GetDlgItemTextA
DialogBoxParamA
SetDlgItemTextA

comdlg32

GetSaveFileNameA

advapi32

RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

shell32

DragFinish
SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA
DragQueryFileA

shlwapi

StrRChrA

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

808e99f950697c63d5237476dc847686

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

shlwapi

Sections

.text Size: 36KB - Virtual size: 32KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 12KB - Virtual size: 11KB