6d7d7c6ec818cad4972fe762436b5294221705aa85bec499ea95c8df7d54874b

Sharing

Copy URL Twitter E-mail

General

Target

6d7d7c6ec818cad4972fe762436b5294221705aa85bec499ea95c8df7d54874b
Size

2.2MB
MD5

70553c131ebdd417f069da72d91f8016
SHA1

3d3a9e992f76cefe6d832575d683a9c4fbabbf5b
SHA256

6d7d7c6ec818cad4972fe762436b5294221705aa85bec499ea95c8df7d54874b
SHA512

7b17ace43402a9cd11d0e6bd1ac8974f40dc01a9c100f94e03f7435f9138a41974ac32241aabf6eef94692c1ed03a8ce60778a839a284f093e327ae6beb5d9bc
SSDEEP

49152:C8otAXhYUINWs8Dlg1a7tgVJLNrxz9Bk+Ufi980hwmkmpB9kw3EoQ4VMAiyDDMFM:cQhYBNBa7tipsi980TkmnQYiyXGM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Iime.exe

Files

6d7d7c6ec818cad4972fe762436b5294221705aa85bec499ea95c8df7d54874b
.zip
Iime.exe
.exe windows:5 windows x86 arch:x86

bbb6d6bd88a3e906c214a735e558e8ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\IIME\Iimiwp\Release\Iimiwp.pdb

Imports

kernel32

GetTempPathW
VerifyVersionInfoW
GetProcAddress
GlobalFree
lstrcatW
CloseHandle
DeleteFileW
lstrcpyW
FreeLibrary
Sleep
GetSystemInfo
lstrcmpiA
CreateThread
FindFirstFileW
MapViewOfFile
UnmapViewOfFile
CreateDirectoryW
CopyFileW
WritePrivateProfileStringW
GetLastError
FindClose
CreateFileMappingW
lstrcmpiW
FindNextFileW
GlobalUnlock
lstrcpynW
GetStringTypeW
LCMapStringW
HeapReAlloc
RtlUnwind
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
lstrlenW
MultiByteToWideChar
lstrcmpW
CreateFileW
GetModuleFileNameW
MulDiv
LoadLibraryW
GlobalAlloc
WriteFile
GetModuleHandleW
GlobalLock
GetCurrentProcess
MoveFileExW
VerSetConditionMask
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapSize
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
IsProcessorFeaturePresent
TlsAlloc

user32

ReleaseDC
GetDC
wsprintfW
GetDesktopWindow
MessageBoxW
SetWindowTextW
GetDlgCtrlID
EnableWindow
MapDialogRect
LoadImageW
DialogBoxIndirectParamW
SetFocus
SetRect
GetDlgItem
EndDialog
SendDlgItemMessageW
ShowWindow
IsDlgButtonChecked
CreateWindowExW
CheckRadioButton
GetDlgItemTextW
SetDlgItemTextW
SendMessageW

gdi32

SetBkColor
DeleteObject
CreateFontW
CreateSolidBrush
EnumFontFamiliesW
GetDeviceCaps
SetTextColor

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegDeleteTreeW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyW
RegQueryValueExW

shell32

SHBrowseForFolderW
ord75
SHGetSpecialFolderPathW
SHFileOperationW
SHGetPathFromIDListW

ole32

CoUninitialize
CoInitialize
CoCreateGuid
CoCreateInstance
CoTaskMemFree

shlwapi

PathFindExtensionW
PathFileExistsW
PathRemoveExtensionW
PathAppendW
StrToIntExW
PathFindFileNameW
PathRemoveFileSpecW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comctl32

ord17

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
��ϵͳ��.html
ʹ��˵��.txt

Sharing

General

Malware Config

Signatures

Files

bbb6d6bd88a3e906c214a735e558e8ff

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

version

comctl32

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 3KB - Virtual size: 7KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 7KB - Virtual size: 7KB