Static task
static1
General
-
Target
名单册终端.exe
-
Size
756KB
-
MD5
87c800dac6fb2709eafd6561f100035a
-
SHA1
c15667dd8971a61b368f27c2e8a8f22ef7366bbc
-
SHA256
6f88b6f5f55488c28379f8e18a9ed347534cec25d7ba2ec2d9566bc712a4741d
-
SHA512
bb279745e0a9434198303b2c010a7bce231e7c0a95e2de1ec8a599a48c03749da2c3d8909ac36024f6ec82cde7a6cdb2a62aefa20b0d4b694b1a85b751b1e95d
-
SSDEEP
12288:BMR5KNIevOJGIGEMvQ+xC60QM6n7vFSspPsvVe3cuQlrJuTWI1p/:SR5KNIUO5GEiQ+x/M6n7wspOVn9lVuTB
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 名单册终端.exe
Files
-
名单册终端.exe.exe windows:5 windows x64 arch:x64
da33ea1c2f83b23350cae13d00ce316b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
lstrcatW
GlobalFree
lstrcpyW
GlobalAlloc
GetCurrentProcess
HeapFree
HeapAlloc
GetProcessHeap
GetLastError
OpenProcess
GetCurrentProcessId
lstrcmpW
GetSystemInfo
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
ExitProcess
CreateProcessW
GetStartupInfoW
GetCommandLineW
GetModuleFileNameW
WideCharToMultiByte
CreateEventW
QueryPerformanceFrequency
SetEvent
QueryPerformanceCounter
ResetEvent
CreateToolhelp32Snapshot
WriteFile
CreateFileW
ExpandEnvironmentStringsW
CopyFileW
GetFileAttributesW
CreateEventA
FormatMessageW
LoadLibraryA
GetNativeSystemInfo
SetLastError
VirtualProtect
IsBadReadPtr
GetThreadLocale
CreateThread
GetCurrentThreadId
GetSystemTime
SetUnhandledExceptionFilter
MoveFileExW
DeleteFileA
GetModuleFileNameA
CreateFileA
LocalFree
SetEnvironmentVariableA
SetEnvironmentVariableW
CompareStringW
GetExitCodeProcess
IsValidLocale
Process32FirstW
Process32NextW
CloseHandle
Sleep
GetTickCount
MultiByteToWideChar
lstrlenW
GetLocalTime
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSection
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
WriteConsoleW
SetStdHandle
GetSystemTimeAsFileTime
LCMapStringW
FlushFileBuffers
SetFilePointer
ReadFile
GetFileType
SetHandleCount
SetConsoleCtrlHandler
FatalAppExitA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
HeapSize
GetLocaleInfoW
GetStdHandle
GetVersion
HeapSetInformation
GetConsoleMode
GetConsoleCP
FlsAlloc
GetCurrentThread
FlsFree
FlsSetValue
FlsGetValue
TerminateProcess
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetCPInfo
HeapReAlloc
ExitThread
SetEndOfFile
EncodePointer
DecodePointer
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
ReleaseSemaphore
CreateSemaphoreW
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
DeleteTimerQueueTimer
CreateTimerQueueTimer
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForMultipleObjects
TryEnterCriticalSection
CancelWaitableTimer
SetWaitableTimer
lstrlenA
UnmapViewOfFile
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetTickCount64
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeSRWLock
RaiseException
CreateTimerQueue
DeleteTimerQueueEx
InitializeCriticalSectionAndSpinCount
InitializeConditionVariable
GetQueuedCompletionStatus
HeapCreate
HeapDestroy
CreateWaitableTimerW
PostQueuedCompletionStatus
TerminateThread
GetExitCodeThread
GetFileSize
MapViewOfFileEx
CreateFileMappingW
CreateIoCompletionPort
SwitchToThread
user32
GetLastInputInfo
SendMessageW
GetWindowTextW
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW
wsprintfW
PostThreadMessageA
GetForegroundWindow
advapi32
RegDeleteValueW
RegCreateKeyW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation
LookupAccountSidW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetCurrentHwProfileW
RegSetValueW
shell32
ShellExecuteA
ole32
CoInitialize
CoCreateInstance
CoUninitialize
oleaut32
VariantClear
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString
CreateErrorInfo
SetErrorInfo
VariantInit
VariantChangeType
GetErrorInfo
ws2_32
shutdown
closesocket
send
ioctlsocket
WSARecv
setsockopt
WSAIoctl
htonl
ntohl
InetNtopW
InetPtonW
htons
ntohs
WSAGetLastError
gethostname
gethostbyname
inet_ntoa
WSAStringToAddressW
WSASetLastError
getpeername
getsockname
sendto
WSASend
WSASendTo
WSARecvFrom
freeaddrinfo
WSAStartup
WSAResetEvent
WSAEventSelect
WSACleanup
bind
connect
recv
WSACloseEvent
WSACreateEvent
socket
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
recvfrom
WSAGetOverlappedResult
listen
getsockopt
getaddrinfo
shlwapi
PathFindFileNameA
PathFileExistsA
StrChrW
PathFileExistsW
winmm
timeGetDevCaps
timeEndPeriod
timeBeginPeriod
timeGetTime
Sections
.text Size: 550KB - Virtual size: 549KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 144KB - Virtual size: 144KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 37KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ