摧毁者[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

摧毁者.exe
Size

4.6MB
MD5

a8f40d2e5a91794ee1967dcc1384d8f7
SHA1

8292c820b7393e412ed33ef39a83a104bce58203
SHA256

de2aa78fa69a769844a037d0493bd7b69f91a7716b92d84ab0bd80ccba34bb8e
SHA512

a680d6af68e68ef6a3435a82d69477d55644dc2b88c53a240bdd79ca3d119ec0a232c72abebce3846b9a4d8e220a5561a7140a5504b75c17bd349374e79411e4
SSDEEP

98304:jyrB248of1E3PG2sfBGbpsXl0zjWEigx9KYRXRM9UPi:jyr048iK3PEfIbMl0zCEigiYp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
摧毁者.exe

Files

摧毁者.exe
.exe windows:6 windows x86 arch:x86

c4c9de084da928069a75daf1e5fead52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

FindWindowW

gdi32

Escape

winmm

waveOutWrite

winspool.drv

ClosePrinter

advapi32

RegQueryValueA

shell32

ShellExecuteA

ole32

CoGetClassObject

oleaut32

SysAllocString

comctl32

ImageList_Destroy

oledlg

ord8

ws2_32

WSAAsyncSelect

comdlg32

GetOpenFileNameA

Sections

.text
Size: 4.3MB - Virtual size: 22.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 271KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE