?Dll_GetLogFileName@@YAHPAGH@Z
?Dll_GetLogLevel@@YAKXZ
?Dll_GetLogTos@@YAKXZ
?Dll_SetLogOutput@@YAXKKPBG@Z
Static task
static1
1 signatures
General
-
Target
税务01.exe
-
Size
28.4MB
-
MD5
5f3de8f59fc5793c2a263ff88387091f
-
SHA1
61b1de4b55c6e33bdec8d9596362adf24ea2afb3
-
SHA256
eff1df350886c5814603033cae4cf6ab7f63319fb5273ed2097240341752f62f
-
SHA512
5acbb9bfdb7644046f86c8c2c8854a242639b9de5b14d131d55aae30afd0c312f664eb74cfea16ce7a8ddc6f2a31653be7b1905b0a3aedbc762f09394cf11bda
-
SSDEEP
786432:khjfAEK/mXrdahDXqDZc7HGMvqQA05DEoaDS8yjID9l8rg8K:khjfAEK/MrghDeMvqn91Z
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 税务01.exe
Files
-
税务01.exe.exe windows:4 windows x86 arch:x86
Password: infected
a324e1c7533b20c13111b5756e1c1126
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mfc42u
ord6135
ord287
ord6381
ord933
ord5930
ord5929
ord3805
ord929
ord2362
ord5977
ord3087
ord2606
ord2637
ord6330
ord6279
ord6874
ord6139
ord823
ord801
ord541
ord5436
ord6379
ord5446
ord6390
ord2755
ord6640
ord654
ord341
ord2053
ord2806
ord668
ord2762
ord356
ord5641
ord6149
ord3785
ord5579
ord1972
ord4053
ord2773
ord922
ord3173
ord5706
ord354
ord5769
ord3579
ord543
ord803
ord1989
ord6403
ord798
ord5188
ord533
ord5853
ord5854
ord6136
ord6303
ord521
ord537
ord1567
ord350
ord5180
ord3313
ord5438
ord1971
ord2385
ord665
ord610
ord3658
ord3611
ord3122
ord5647
ord535
ord942
ord2910
ord5568
ord6921
ord3806
ord2813
ord2810
ord861
ord470
ord755
ord2371
ord2858
ord540
ord4155
ord2822
ord940
ord2756
ord5857
ord1608
ord5859
ord5856
ord500
ord6138
ord772
ord568
ord6141
ord819
ord2914
ord2099
ord2836
ord955
ord1193
ord1562
ord1258
ord1165
ord1143
ord4229
ord641
ord324
ord3592
ord4419
ord4621
ord5273
ord2116
ord4667
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4704
ord4992
ord4847
ord4370
ord5261
ord6920
ord925
ord4272
ord6278
ord6918
ord4124
ord858
ord538
ord6654
ord4273
ord800
ord1131
ord2613
ord825
ord561
ord815
ord3733
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord6581
ord956
ord6657
ord6506
ord6473
ord2977
ord5710
ord5285
ord5303
ord4692
ord4074
ord2717
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord5679
ord1569
msvcrt
_CxxThrowException
wcsrchr
swscanf
wcscmp
wcscat
wcscpy
swprintf
wcsncpy
wcslen
strncpy
strrchr
strchr
wcschr
strstr
_wcsicoll
strspn
wcsstr
wcspbrk
wcsspn
_wcsnicmp
_wcsupr
sprintf
_wcsicmp
strncmp
_purecall
_wtol
atol
_vsnprintf
_snprintf
sscanf
__CxxFrameHandler
strpbrk
toupper
_strlwr
_strnicmp
_stricmp
wctomb
isxdigit
iswlower
__mb_cur_max
mbtowc
wcstod
wcscoll
_mbscoll
_mbscmp
_mbsicoll
_mbsicmp
iswspace
_wtoi
iswdigit
_controlfp
??1type_info@@UAE@XZ
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
_snwprintf
_vsnwprintf
wprintf
_mbschr
_mbspbrk
_mbsrchr
_mbsstr
_mbsupr
_mbslwr
_mbsrev
memmove
_mbsinc
_mbclen
_mbsspn
_mbscspn
vsprintf
_mbsnbcmp
isdigit
atoi
_ismbcspace
_mbsnicmp
_wcslwr
_wcsrev
wcscspn
vswprintf
wcsncmp
kernel32
SetEndOfFile
GetCurrentDirectoryW
CreateDirectoryW
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
OpenMutexW
CreateFileMappingW
MapViewOfFile
GetExitCodeProcess
UnmapViewOfFile
LoadLibraryExW
LoadLibraryExA
EnumResourceLanguagesW
FindResourceExW
SizeofResource
LoadResource
LockResource
GetTickCount
MoveFileW
CopyFileW
SetFileAttributesW
lstrcmpW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
FindFirstFileA
SetFilePointer
FindClose
LocalFree
OpenProcess
GetCurrentProcess
CreateThread
GetSystemDirectoryW
GetModuleHandleA
CreateFileA
GetFileInformationByHandle
GetCurrentProcessId
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
GetSystemInfo
GetComputerNameW
GetVersionExW
CreateFileW
CloseHandle
DeviceIoControl
LoadLibraryW
FreeLibrary
GetModuleFileNameW
CreateProcessW
WaitForSingleObject
Sleep
DeleteFileW
GetTempPathW
GetLastError
GetWindowsDirectoryW
GetFileAttributesW
InterlockedDecrement
lstrlenA
InterlockedIncrement
FormatMessageA
GetACP
FormatMessageW
SetLastError
VirtualQuery
EnumResourceNamesW
EnumResourceTypesW
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
GetModuleFileNameA
GetCurrentDirectoryA
OutputDebugStringA
SetThreadLocale
GetVersion
GetFileSize
WriteFile
OutputDebugStringW
FreeConsole
AllocConsole
lstrlenW
GetStartupInfoW
FindNextFileA
GetProcAddress
user32
DrawIcon
EnumWindows
IsWindowVisible
GetSystemMenu
GetWindowLongW
GetWindowTextW
GetWindowThreadProcessId
EnumDesktopWindows
OpenWindowStationW
SetProcessWindowStation
CloseWindowStation
GetUserObjectInformationW
OpenInputDesktop
OpenDesktopW
AppendMenuW
SendMessageW
LoadIconW
GetParent
GetClientRect
GetSystemMetrics
IsIconic
EnableWindow
MessageBoxW
CloseDesktop
SetThreadDesktop
GetThreadDesktop
advapi32
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
LookupAccountSidW
GetTokenInformation
GetUserNameW
RegOpenKeyW
QueryServiceConfigW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegSetValueExW
StartServiceW
ChangeServiceConfigW
CreateServiceW
RegDeleteKeyW
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyW
RegSetValueExA
RegQueryValueExA
RegCreateKeyExW
RegConnectRegistryW
RegDeleteValueW
shell32
ShellExecuteW
setupapi
SetupInstallFileW
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
mpr
WNetAddConnection2W
ws2_32
inet_addr
gethostname
WSACleanup
WSAStartup
ntohl
htonl
gethostbyaddr
gethostbyname
rpcrt4
UuidToStringW
RpcStringFreeW
UuidCreate
oleaut32
SysAllocStringLen
SysReAllocStringLen
Exports
Exports
Sections
.text Size: 300KB - Virtual size: 296KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 12KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.OutputL Size: 4KB - Virtual size: 889B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 41.0MB - Virtual size: 41.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ