eb78a9157f3adaf5af02761590c7a5ac52a0433c64904d2e600fe8f967b07f2b

Sharing

Copy URL Twitter E-mail

General

Target

eb78a9157f3adaf5af02761590c7a5ac52a0433c64904d2e600fe8f967b07f2b
Size

2.9MB
MD5

ba0893a3d6f8ab4ba466f4328692e804
SHA1

9d553c843df7d22526da6df4b4a7531606ddf38f
SHA256

eb78a9157f3adaf5af02761590c7a5ac52a0433c64904d2e600fe8f967b07f2b
SHA512

adaf290dbd18d9d984ca68188479f632114e1a866dad34414f4c140b16c4ec87b52fb86a95ea34d12c9b435cda078c342bf01f50f7bc4da132b34934e214e75e
SSDEEP

49152:xT6V45SMgDPbMYaiD+D19VcqayZOPmmuorVMxmSn:9hSJrbM3WccqaGmuorVSm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb78a9157f3adaf5af02761590c7a5ac52a0433c64904d2e600fe8f967b07f2b

Files

eb78a9157f3adaf5af02761590c7a5ac52a0433c64904d2e600fe8f967b07f2b
.dll regsvr32 windows:5 windows x86 arch:x86

205bc478436c2fae58b10dc0fa262248

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\工作项目\加解密\客户端源码\phSoftEnc--32\phSoftEnc--32\Release\phEncAndDecAtv.pdb

Imports

kernel32

EncodePointer
DecodePointer
GetCommandLineA
HeapValidate
IsBadReadPtr
RtlUnwind
ExitProcess
CreateThread
ExitThread
RaiseException
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
GetStdHandle
WriteConsoleW
GetFileType
OutputDebugStringW
SetStdHandle
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStartupInfoW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapAlloc
HeapReAlloc
HeapSize
HeapQueryInformation
HeapFree
IsValidCodePage
IsProcessorFeaturePresent
GetStringTypeW
LCMapStringW
CompareStringW
GetTimeZoneInformation
CreateFileW
SetEnvironmentVariableA
OpenEventA
FileTimeToLocalFileTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
InitializeCriticalSectionAndSpinCount
Sleep
SearchPathA
GetTickCount
GetNumberFormatA
GetTempPathA
GetTempFileNameA
FindResourceExW
GetVersion
GetOEMCP
GetCPInfo
GetACP
GetFileAttributesExA
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToSystemTime
GetProfileIntA
VirtualProtect
lstrcmpiA
GetFullPathNameA
GetVolumeInformationA
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
DuplicateHandle
GetHandleInformation
GetAtomNameA
lstrcpyA
GlobalFlags
GetCurrentDirectoryA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
IsDBCSLeadByte
ResumeThread
SetThreadPriority
LoadLibraryW
GetVersionExA
lstrcmpW
GlobalGetAtomNameA
GlobalFindAtomA
GetUserDefaultLCID
FindResourceA
FreeResource
MulDiv
lstrlenW
CopyFileA
GlobalSize
FormatMessageA
LocalFree
GlobalFree
GlobalUnlock
InterlockedIncrement
GetCurrentProcessId
GlobalAddAtomA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
SetEvent
WaitForSingleObject
CloseHandle
lstrlenA
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
CompareStringA
ActivateActCtx
DeactivateActCtx
SetLastError
InterlockedExchange
GlobalLock
GlobalAlloc
GetModuleHandleW
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
GetLocaleInfoA
LoadLibraryA
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetModuleFileNameA
GetCurrentThreadId
DeleteFileA
FindClose
FindFirstFileA
GetLastError
GetWindowsDirectoryA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
MultiByteToWideChar
OutputDebugStringA
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte

user32

LoadAcceleratorsW
DestroyIcon
CharUpperA
GetKeyNameTextA
MapVirtualKeyA
GetAsyncKeyState
GetClipboardFormatNameA
UnpackDDElParam
LoadAcceleratorsA
TranslateAcceleratorA
ReuseDDElParam
LoadImageA
GetTabbedTextExtentW
GetDialogBaseUnits
MessageBeep
MonitorFromPoint
UpdateLayeredWindow
DrawIconEx
DestroyAcceleratorTable
CreateAcceleratorTableA
CopyAcceleratorTableA
ToAsciiEx
GetKeyboardLayout
GetKeyboardState
SetCursorPos
SetClassLongA
GetIconInfo
CopyImage
LoadImageW
SetClipboardData
CloseClipboard
EmptyClipboard
CopyIcon
CharUpperBuffA
WaitMessage
DefFrameProcA
TranslateMDISysAccel
DefMDIChildProcA
IsClipboardFormatAvailable
GetDoubleClickTime
IsCharLowerA
MapVirtualKeyExA
DestroyCursor
SetRect
UnionRect
SubtractRect
CheckDlgButton
LoadCursorW
LoadCursorA
PostThreadMessageA
NotifyWinEvent
HideCaret
OpenClipboard
WindowFromPoint
ShowScrollBar
GetNextDlgTabItem
GetNextDlgGroupItem
SetCapture
KillTimer
SetTimer
EnableScrollBar
RedrawWindow
LockWindowUpdate
GetDCEx
ShowOwnedPopups
IsWindowVisible
InvalidateRect
GetUpdateRect
UpdateWindow
ReleaseDC
GetWindowDC
GetDC
EndPaint
BeginPaint
ClientToScreen
BringWindowToTop
GetWindowRgn
SetWindowRgn
IsZoomed
IsIconic
GetSystemMenu
DrawMenuBar
RegisterWindowMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
LoadIconW
LoadIconA
SendDlgItemMessageA
MonitorFromWindow
GetMonitorInfoA
DestroyMenu
SetLayeredWindowAttributes
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
TrackPopupMenu
SetWindowPlacement
GetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetMenu
GetMenu
GetMessageTime
GetMessagePos
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
GetDlgItem
GetClassNameA
GetDesktopWindow
SetWindowLongA
GetWindowRect
CopyRect
ShowWindow
SetParent
SetWindowPos
CallWindowProcA
GetWindow
DefWindowProcA
DestroyWindow
GetActiveWindow
MessageBoxA
GetWindowLongA
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
GetKeyState
CallNextHookEx
PeekMessageA
GetCursorPos
SetWindowsHookExA
ValidateRect
GetMessageA
TranslateMessage
DispatchMessageA
GetMenuCheckMarkDimensions
GetFocus
PostMessageA
SendMessageA
MapDialogRect
LoadMenuW
LoadMenuA
SetMenuItemBitmaps
RemoveMenu
ModifyMenuA
InsertMenuItemA
InsertMenuA
GetSubMenu
GetMenuItemInfoA
GetMenuStringA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetMenuDefaultItem
SetMenuDefaultItem
EnableMenuItem
CheckMenuItem
AppendMenuA
DeleteMenu
IsMenu
CreatePopupMenu
CreateMenu
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DrawFocusRect
DrawFrameControl
DrawEdge
DrawStateA
DrawIcon
InvertRect
FrameRect
FillRect
LoadBitmapW
GetSysColorBrush
UnhookWindowsHookEx
PostQuitMessage
IsWindow
GetForegroundWindow
GetWindowThreadProcessId
SystemParametersInfoA
SetForegroundWindow
InflateRect
OffsetRect
EnumDisplayMonitors
RealChildWindowFromPoint
UnregisterClassA
EnumChildWindows
RegisterClipboardFormatA
IsRectEmpty
MapWindowPoints
IntersectRect
SetRectEmpty
ReleaseCapture
PtInRect
GetSystemMetrics
MoveWindow
SetWindowTextA
IsDialogMessageA
GetClientRect

gdi32

CreateFontIndirectA
CreateBitmap
CreateCompatibleBitmap
CreatePalette
GetPaletteEntries
SetPaletteEntries
GetNearestPaletteIndex
CreateRectRgn
CreateRectRgnIndirect
CreateEllipticRgn
CreatePatternBrush
CreatePolygonRgn
CreateRoundRectRgn
SetRectRgn
GetStockObject
CreateHatchBrush
CreateSolidBrush
CreatePen
GetObjectType
UnrealizeObject
CombineRgn
OffsetRgn
GetRgnBox
PtInRegion
CreateDCA
CreateCompatibleDC
GetDeviceCaps
SelectObject
GetCurrentPositionEx
RectVisible
PtVisible
FrameRgn
FillRgn
LPtoDP
DPtoLP
GetWindowExtEx
GetWindowOrgEx
GetViewportExtEx
GetViewportOrgEx
GetTextColor
GetObjectA
SetDIBColorTable
GetSystemPaletteEntries
EnumFontFamiliesExA
CreateDIBSection
RealizePalette
GetBkColor
Polyline
Ellipse
ExtSelectClipRgn
Polygon
Rectangle
PatBlt
BitBlt
StretchBlt
GetPixel
SetPixel
ExtFloodFill
TextOutA
ExtTextOutA
GetTextExtentPoint32A
GetTextAlign
GetTextFaceA
GetTextMetricsA
Escape
GetBoundsRect
SetPixelV
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
DeleteDC
CopyMetaFileA
DeleteObject
SetTextColor
SetBkColor
EnumFontFamiliesA
GetTextCharsetInfo
CreateDIBitmap
SaveDC
RestoreDC
SelectPalette
SetBkMode
SetPolyFillMode
SetROP2
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SelectClipRgn
ExcludeClipRect
IntersectClipRect
MoveToEx
LineTo
SetTextAlign
GetLayout
SetLayout

shell32

ExtractIconA
SHGetFileInfoA
DragFinish
DragQueryFileA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHAppBarMessage
SHBrowseForFolderA

ole32

ReadFmtUserTypeStg
ReleaseStgMedium
CreateOleAdviseHolder
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleSaveToStream
CreateDataAdviseHolder
CoDisconnectObject
CoInitialize
CoUninitialize
CoInitializeEx
ReadClassStm
CreateStreamOnHGlobal
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleLoadFromStream
DoDragDrop
OleTranslateAccelerator
IsAccelerator
OleLockRunning
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard
CoCreateGuid
StringFromGUID2
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CoTaskMemFree
OleDuplicateData
CoTaskMemAlloc
CreateDataCache
StringFromCLSID

oleaut32

OleCreatePropertyFrame
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit
OleCreateFontIndirect
VariantCopy
SysStringLen
SysStringByteLen
LoadTypeLi
RegisterTypeLi
SysAllocString
OleLoadPicture
SysFreeString
SystemTimeToVariantTime
SysAllocStringLen
LoadRegTypeLi
VarBstrFromDate
OleCreatePictureIndirect
VariantTimeToSystemTime

phsoftenc

phSoft_UnionEncryptData
phSoft_GetBidKey
phSoft_GetDecKeyResult
phSoft_GetEncKeyResultEx
phSoft_GetQR
phSoft_DecryptFile
phSoft_EncryptFileEx
phSoft_UnionDecryptData
phSoft_EncryptDataEx
phSoft_DecryptFileForBussSystem
phSoft_EncryptFileForBussSystemEx
phSoft_VerifySign
phSoft_VerifyToken
phSoft_EncryptSymmData
phSoft_DecryptSymmData
phSoft_DecryptDataEmergency
phSoft_DecryptFileEmergency
phSoft_DecryptData

msimg32

TransparentBlt
AlphaBlend

comctl32

ImageList_GetIconSize

shlwapi

PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA
PathRemoveFileSpecW

gdiplus

GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectI
GdipDisposeImage
GdipFree
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipDrawImageI
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipBitmapUnlockBits
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdiplusStartup
GdiplusShutdown

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

GetFileTitleA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyA
RegCreateKeyExA
RegQueryValueA
RegSetValueA
RegDeleteKeyA
RegSetValueExA
RegDeleteValueA
RegEnumValueA
RegOpenKeyExW
RegEnumKeyExA
OpenThreadToken
SetThreadToken
RevertToSelf

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

205bc478436c2fae58b10dc0fa262248

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

phsoftenc

msimg32

comctl32

shlwapi

gdiplus

oleacc

imm32

winmm

winspool.drv

comdlg32

advapi32

Exports

Exports

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 389KB - Virtual size: 389KB

.data Size: 25KB - Virtual size: 64KB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 232KB - Virtual size: 232KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 389KB - Virtual size: 389KB

.data
Size: 25KB - Virtual size: 64KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 232KB - Virtual size: 232KB