32c8018b6a1e149125afecf740ded5c1f440faa6c4585a3d256920e8960a49f3

Sharing

Copy URL Twitter E-mail

General

Target

32c8018b6a1e149125afecf740ded5c1f440faa6c4585a3d256920e8960a49f3
Size

7.0MB
MD5

80b86842036c0a89fd79fe0de3e7db43
SHA1

46e99f381b4f0f7716d96ab338c3458397cf1de3
SHA256

32c8018b6a1e149125afecf740ded5c1f440faa6c4585a3d256920e8960a49f3
SHA512

82f952ecd2bd588eab15f4ed355be1bb063121b101a63a114cb5c07f6ee524d35516148d3ecd183dff16e70a26dccbd71da99c2db567bca09e7b16cce08b2911
SSDEEP

196608:EP24C16IQ7OetYpOStpnue2HwkFLOyomFHKnPKL:sNc/QC1pue2HlFLL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32c8018b6a1e149125afecf740ded5c1f440faa6c4585a3d256920e8960a49f3

Files

32c8018b6a1e149125afecf740ded5c1f440faa6c4585a3d256920e8960a49f3
.exe windows:5 windows x86 arch:x86

79c28ca3f8ec145d095bae351d8e7467

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

J:\000完整模块\老友装机汇总\离线安装器\加密发布210716\Release\onedown.pdb

Imports

ws2_32

getservbyname
gethostbyname
WSACleanup
WSAGetLastError
socket
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSAIoctl
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
ioctlsocket
gethostname
WSAStartup
shutdown
htonl

wldap32

ord301
ord147
ord133
ord79
ord127
ord142
ord219
ord46
ord14
ord216
ord208
ord41
ord118
ord26
ord27
ord145
ord167

kernel32

GlobalReAlloc
GlobalHandle
LocalReAlloc
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
VirtualProtect
SetErrorMode
FindResourceExW
SearchPathW
GetProfileIntW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
QueryPerformanceCounter
TlsFree
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetCommandLineA
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
GetStringTypeW
LCMapStringW
GetCPInfo
GlobalGetAtomNameW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
LocalAlloc
TlsSetValue
TlsGetValue
GetSystemTimeAsFileTime
TlsAlloc
lstrcmpiW
DuplicateHandle
UnlockFile
LockFile
GetFullPathNameW
FlushFileBuffers
ResumeThread
SetThreadPriority
CreateEventW
SetEvent
GetPrivateProfileIntW
GetCurrentThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
lstrcmpA
GlobalSize
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleA
FreeResource
EncodePointer
OutputDebugStringA
VerifyVersionInfoW
VerSetConditionMask
FormatMessageA
PeekNamedPipe
GetStdHandle
GetFileType
WaitForMultipleObjects
ExpandEnvironmentStringsA
SleepEx
InitializeCriticalSection
SetEndOfFile
GetFileSize
LocalFileTimeToFileTime
SetFilePointer
SetFileTime
SetLastError
ReadFile
GetCurrentProcess
GlobalUnlock
GlobalLock
FindClose
FindNextFileW
FindFirstFileW
CopyFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
RemoveDirectoryW
GetFileAttributesW
LocalFree
FormatMessageW
CopyFileExW
WriteFile
GetTempPathW
OutputDebugStringW
DeleteFileW
GetTempFileNameW
GetWindowsDirectoryW
GetSystemDirectoryW
MulDiv
GetVolumeInformationW
DefineDosDeviceW
DeviceIoControl
CreateFileW
GlobalFree
GlobalAlloc
CloseHandle
CreateDirectoryW
GetLocalTime
SetFileAttributesW
GlobalMemoryStatus
GetTickCount
SystemTimeToFileTime
GetSystemTime
GetCurrentThreadId
GetCurrentProcessId
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
HeapFree
GetLastError
WritePrivateProfileStringW
GetPrivateProfileStringW
GetCurrentDirectoryW
GetModuleFileNameW
WinExec
lstrlenW
lstrcatW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
Sleep
GlobalMemoryStatusEx
GetModuleHandleW
GetVersionExW
GetSystemInfo
FreeLibrary
GetProcAddress
LoadLibraryW
lstrcpyW
WideCharToMultiByte
SetConsoleMode
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetCommandLineW
SetStdHandle
HeapQueryInformation
QueryPerformanceFrequency
VirtualAlloc
VirtualQuery
ExitProcess
GetACP
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
WriteConsoleW
FlushConsoleInputBuffer
ReadConsoleInputA

user32

SystemParametersInfoW
SetLayeredWindowAttributes
DrawIconEx
IsRectEmpty
DrawFocusRect
GetSysColorBrush
SetWindowRgn
DrawFrameControl
DrawEdge
PostQuitMessage
MapVirtualKeyW
GetKeyNameTextW
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
DrawStateW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuState
GetMenuStringW
GetWindowThreadProcessId
FillRect
GetWindowDC
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
EqualRect
MapWindowPoints
MessageBoxW
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
EnumDisplayMonitors
SetActiveWindow
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
SetMenu
GetMenu
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
TrackMouseEvent
IsZoomed
CopyIcon
ModifyMenuW
DestroyAcceleratorTable
SetClassLongW
GetUpdateRect
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
GetSubMenu
LoadMenuW
GetNextDlgGroupItem
ReleaseCapture
ClientToScreen
WindowFromPoint
GetCursorPos
GetCapture
GetWindowLongW
ExitWindowsEx
GrayStringW
DrawTextExW
TabbedTextOutW
CopyRect
UpdateWindow
GetScrollInfo
OffsetRect
SetRectEmpty
DrawIcon
SetCapture
GetSystemMenu
DeleteMenu
MessageBeep
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
IsIconic
LoadIconW
UnregisterClassW
GetMessageW
TranslateMessage
ShowOwnedPopups
CharUpperW
DestroyMenu
GetMenuItemInfoW
CopyImage
SendDlgItemMessageA
RealChildWindowFromPoint
GetAsyncKeyState
GetForegroundWindow
MapDialogRect
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
ReleaseDC
LoadAcceleratorsW
GetIconInfo
CreateAcceleratorTableW
CopyAcceleratorTableW
RegisterClipboardFormatW
CharUpperBuffW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
FrameRect
PostThreadMessageW
WaitMessage
SubtractRect
IsClipboardFormatAvailable
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
GetComboBoxInfo
CreateMenu
HideCaret
InvertRect
DestroyCursor
GetWindowRgn
GetDoubleClickTime
LockWindowUpdate
BringWindowToTop
SetRect
SetCursorPos
LoadImageW
DestroyIcon
EmptyClipboard
GetDC
SetCursor
PtInRect
ScreenToClient
GetMessagePos
SetWindowLongW
LoadCursorW
SetTimer
KillTimer
GetSystemMetrics
RedrawWindow
EnableWindow
GetClientRect
SendMessageW
InvalidateRect
GetParent
IsWindow
PostMessageW
GetSysColor
InflateRect
DrawTextW
IntersectRect
GetWindowRect

gdi32

LineTo
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CopyMetaFileW
CreateDCW
CombineRgn
CreateRectRgnIndirect
SetRectRgn
DPtoLP
IntersectClipRect
Ellipse
GetBkColor
GetTextColor
CreatePolygonRgn
Polygon
Polyline
GetTextMetricsW
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CreateRoundRectRgn
CreateDIBSection
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
Rectangle
GetRgnBox
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
EnumFontFamiliesExW
GetNearestPaletteIndex
GetSystemPaletteEntries
LPtoDP
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
GetTextFaceW
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetDeviceCaps
GetClipBox
ExcludeClipRect
CreateRectRgn
CreatePatternBrush
CreateHatchBrush
CreateBitmap
SetBkColor
DeleteObject
Escape
ExtTextOutW
RectVisible
PtVisible
TextOutW
CreatePen
PatBlt
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
GetTextExtentPoint32W
GetStockObject
SetBkMode
SetTextColor
SelectObject
GetObjectW
CreateFontIndirectW
CreateEllipticRgn
RestoreDC
CreateSolidBrush

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
CryptEnumProvidersA
CryptSignHashA
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptAcquireContextA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegQueryValueW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptEncrypt
RegCloseKey
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CryptDecrypt
CryptReleaseContext
CryptDestroyHash
CryptDestroyKey

shell32

DragQueryFileW
SHAppBarMessage
SHGetFileInfoW
DragFinish
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteW
SHGetDesktopFolder

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathIsDirectoryW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
StrFormatKBSizeW

uxtheme

GetWindowTheme
IsAppThemed
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
DrawThemeParentBackground
DrawThemeText
GetCurrentThemeName
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor

ole32

StringFromGUID2
CreateStreamOnHGlobal
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CoDisconnectObject
CoInitialize
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
RegisterDragDrop

oleaut32

SysFreeString
SysAllocString
VarBstrFromDate
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadTypeLi
VariantChangeType
SysAllocStringLen
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
VariantClear
VariantInit
SysStringLen
VarBstrCat

gdiplus

GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetInterpolationMode
GdipLoadImageFromStream
GdipReleaseDC
GdiplusStartup
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipGetDpiY
GdipDeleteStringFormat
GdipCreateStringFormat
GdipGraphicsClear
GdipDrawPath
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathArcI
GdipDeletePen
GdipCreatePen1
GdipDeletePath
GdipCreatePath
GdipFillPath
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipSetSmoothingMode
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipDrawImageRectI
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCloneImage
GdipDisposeImage
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateSolidFill
GdipCloneBrush
GdipAlloc
GdipDeleteBrush
GdipFree

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 786KB - Virtual size: 785KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79c28ca3f8ec145d095bae351d8e7467

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wldap32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

setupapi

version

oleacc

imm32

winmm

crypt32

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 786KB - Virtual size: 785KB

.data Size: 63KB - Virtual size: 102KB

.gfids Size: 106KB - Virtual size: 105KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 3.3MB - Virtual size: 3.3MB

.reloc Size: 185KB - Virtual size: 184KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 786KB - Virtual size: 785KB

.data
Size: 63KB - Virtual size: 102KB

.gfids
Size: 106KB - Virtual size: 105KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 185KB - Virtual size: 184KB