99931d4502a8cc4643f7ddfff16b66fa7d0fb4d80e2379088702cff5b47c1115

Sharing

Copy URL Twitter E-mail

General

Target

99931d4502a8cc4643f7ddfff16b66fa7d0fb4d80e2379088702cff5b47c1115
Size

654KB
MD5

0e8204a2f41ca1137d74ad501565c8d4
SHA1

66b4808aa98b538d46b0d9960a4800bbcf09a107
SHA256

99931d4502a8cc4643f7ddfff16b66fa7d0fb4d80e2379088702cff5b47c1115
SHA512

dc0203e1e52bde1560056d26eb8199546792b2c47c6004a3d6b9927e038d30e99a3769b8f08b1b267a97df4a19e2a602e3159e5d517108de64f3af425ef97002
SSDEEP

12288:r+lu3XnDA/V4eW2hOBEyrULausQSGMU/1t233FabTQx0P:VT3BEyzzU/b233FabA0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99931d4502a8cc4643f7ddfff16b66fa7d0fb4d80e2379088702cff5b47c1115

Files

99931d4502a8cc4643f7ddfff16b66fa7d0fb4d80e2379088702cff5b47c1115
.dll windows:5 windows x86 arch:x86

9cc63b5cbb4efa88d2996fc73fefbb29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\工作源码\ArLog\Source\ArLog\Release\ArLog.pdb

Imports

kernel32

CreateFileA
GetAtomNameA
GetModuleHandleW
GetCPInfo
GetOEMCP
FileTimeToLocalFileTime
GetFileAttributesExA
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileAttributesA
GetFileSizeEx
GetFileTime
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetDriveTypeA
GetDriveTypeW
FindFirstFileW
FindNextFileW
FindNextFileA
GetCommandLineA
RtlUnwind
ExitProcess
ExitThread
HeapReAlloc
RaiseException
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetACP
IsValidCodePage
HeapCreate
GetShortPathNameA
VirtualFree
FatalAppExitA
GetStdHandle
SetCurrentDirectoryA
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetFullPathNameW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiA
GetThreadLocale
GetStringTypeExA
FreeResource
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
InterlockedIncrement
GlobalFlags
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
InterlockedDecrement
GlobalFree
CopyFileA
GlobalSize
GlobalUnlock
FormatMessageA
LocalFree
lstrlenW
MulDiv
lstrlenA
GetLastError
SetLastError
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
GetModuleHandleA
CreateDirectoryW
SetUnhandledExceptionFilter
OutputDebugStringW
GetPrivateProfileIntW
GetModuleFileNameW
MoveFileW
DeleteFileW
FreeLibrary
GetCurrentProcess
CreateFileW
GetProcAddress
LoadLibraryA
CreateDirectoryA
GetPrivateProfileIntA
GetModuleFileNameA
MoveFileA
DeleteFileA
FindResourceA
LoadResource
LockResource
SizeofResource
GetTickCount
SuspendThread
WaitForSingleObject
GetCurrentProcessId
GetCurrentThreadId
Sleep
TerminateThread
ResumeThread
CloseHandle
SetThreadPriority
CreateThread
CreateEventA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ResetEvent
SetEvent
FindClose
FindFirstFileA
GetLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
MultiByteToWideChar
HeapDestroy
WideCharToMultiByte

user32

MapVirtualKeyA
IsRectEmpty
GetSystemMenu
SetParent
UnionRect
GetDCEx
LockWindowUpdate
SetCapture
BringWindowToTop
TranslateAcceleratorA
GetDialogBaseUnits
InvalidateRect
SetRectEmpty
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
DestroyMenu
GetMenuItemInfoA
InflateRect
CharUpperA
DestroyIcon
LoadCursorA
GetSysColorBrush
ScrollWindowEx
ShowWindow
MoveWindow
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetWindowTextLengthA
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyNameTextA
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetDesktopWindow
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
GetSysColor
PostQuitMessage
PostMessageA
CheckMenuItem
EnableMenuItem
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
DeleteMenu
WindowFromPoint
KillTimer
SetTimer
SetRect
UnpackDDElParam
ReuseDDElParam
LoadMenuA
GetMenuBarInfo
ReleaseCapture
LoadAcceleratorsA
InsertMenuItemA
ScrollWindow
CreatePopupMenu
GetMenuState
ModifyMenuA
SendMessageA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
SetCursor
UnregisterClassA
UnhookWindowsHookEx
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
ShowOwnedPopups
UpdateWindow

gdi32

PolyBezierTo
ExtSelectClipRgn
TextOutA
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
CreateCompatibleDC
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
PolylineTo
GetDCOrgEx
CreateFontIndirectA
GetTextExtentPoint32A
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetCharWidthA
CreateFontA
StretchDIBits
CreateCompatibleBitmap
GetTextMetricsA
GetBkColor
ArcTo
PolyDraw
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
CreateHatchBrush
CreateBitmap
RectVisible
PtVisible
StartDocA
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
GetObjectA
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCA
CopyMetaFileA
GetDeviceCaps
ExtTextOutA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegSetValueA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyA

shell32

ExtractIconA
DragFinish
DragQueryFileA
SHGetFileInfoA

shlwapi

PathFileExistsW
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveExtensionA
PathRemoveFileSpecW

ole32

StringFromGUID2
CoCreateInstance
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
CLSIDFromString
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoDisconnectObject
CoUninitialize
CoInitializeEx
StringFromCLSID

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromDate
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi

Exports

Exports

DllAddLog
DllAddMsgLog
DllAddMsgLogEx
DllAddMsgLogW
DllSetLogPath
DllSetUnhandledExceptionFilterEx

Sections

.text
Size: 496KB - Virtual size: 495KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cc63b5cbb4efa88d2996fc73fefbb29

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 496KB - Virtual size: 495KB

.rdata Size: 100KB - Virtual size: 100KB

.data Size: 13KB - Virtual size: 32KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 31KB - Virtual size: 31KB

.text
Size: 496KB - Virtual size: 495KB

.rdata
Size: 100KB - Virtual size: 100KB

.data
Size: 13KB - Virtual size: 32KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 31KB - Virtual size: 31KB