6f2b5b4aec962ae8f9d68b88f88676d32af4ee57e8e650991852e9810fc49a35

Sharing

Copy URL

Twitter E-mail

General

Target

6f2b5b4aec962ae8f9d68b88f88676d32af4ee57e8e650991852e9810fc49a35
Size

350KB
MD5

093e748a90c40eddac94850d44649748
SHA1

f4377f0dca867e8071b322a149d1e9a8deab919c
SHA256

6f2b5b4aec962ae8f9d68b88f88676d32af4ee57e8e650991852e9810fc49a35
SHA512

8b49258beb3de47b9ab64154aea4d2f09399003561ba9b1b355833c2c0a9583e73bb2c6ceda27b585c6047a79aae79fdef8aeb23cd325d4862995a49ed5e97aa
SSDEEP

6144:FPd4SFzmWsts3IUmhRo44WZHuBboIUtF02QOBPf+:F14Sp/ss3bmhRj40HSoIUtFPf+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f2b5b4aec962ae8f9d68b88f88676d32af4ee57e8e650991852e9810fc49a35

Files

6f2b5b4aec962ae8f9d68b88f88676d32af4ee57e8e650991852e9810fc49a35
.dll windows:5 windows x86 arch:x86

3594cfa223a6582e0e5aa4ce998c45c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\2019的CASE\vs2008编程\2018的Case\D9xdll维护\时间明细更新sop\辅助软件\DownTimeINIWR_v2.0.0.13\Debug\DownTimeINIWR.pdb

Imports

mfc90ud

ord930
ord5779
ord747
ord2493
ord396
ord6142
ord8432
ord5835
ord8553
ord9105
ord8145
ord3738
ord8692
ord5841
ord2717
ord4398
ord4635
ord4178
ord8394
ord1140
ord6531
ord8459
ord3687
ord3790
ord6268
ord4358
ord354
ord723
ord714
ord8827
ord335
ord1453
ord408
ord1641
ord4515
ord940
ord5497
ord487
ord4947
ord6440
ord2954
ord812
ord9161
ord1637
ord1635
ord3950
ord7961
ord1476
ord6565
ord3378
ord6271
ord6270
ord963
ord5948
ord8111
ord6093
ord6282
ord2092
ord6929
ord6886
ord6879
ord6080
ord961
ord286
ord8631
ord1410
ord2957
ord2298
ord4661
ord8783
ord2033
ord6442
ord7604
ord6465
ord3143
ord1860
ord668
ord6164
ord3183
ord5420
ord9073
ord1926
ord6306
ord768
ord427
ord5531
ord8528
ord7294
ord7239
ord292
ord3462
ord302
ord4013
ord1133
ord5102
ord1561
ord701
ord9110
ord7280
ord6816
ord6305
ord2022
ord8530
ord3761
ord4008
ord9017
ord5991
ord2565
ord950
ord7569
ord6407
ord7029
ord7203
ord2863
ord2411
ord2410
ord2251
ord2250
ord4659
ord8780
ord2339
ord2336
ord6804
ord7638
ord7603
ord8152
ord5987
ord2032
ord6446
ord7538
ord2701
ord7420
ord9365
ord6377
ord7593
ord3245
ord1900
ord5197
ord7015
ord6487
ord4323
ord6707
ord3140
ord2307
ord8868
ord7644
ord7642
ord1218
ord1223
ord1227
ord1225
ord1229
ord3551
ord3571
ord3555
ord3561
ord6121
ord9366
ord5738
ord9368
ord6537
ord2906
ord2861
ord8169
ord5747
ord1389
ord7462
ord9297
ord7868
ord5781
ord2716
ord4474
ord7626
ord7628
ord912
ord3337
ord1665
ord952
ord1628
ord1626
ord1654
ord1553
ord9196
ord1504
ord1617
ord2713
ord5998
ord5342
ord425
ord942
ord1408
ord1523
ord1664
ord1662
ord1516
ord1423
ord1503
ord336
ord948
ord715
ord3559
ord3557
ord3574
ord3569
ord3553
ord3576
ord3564
ord3546
ord3548
ord3566
ord3256
ord3243
ord2209
ord9367
ord5739
ord9369
ord5071
ord7299
ord8730
ord4493
ord1968
ord7562
ord2782
ord2385
ord2384
ord2306
ord7590
ord3804
ord4122
ord4320
ord6518
ord4097
ord4348
ord3807
ord3996
ord3796
ord5598
ord5599
ord5589
ord3994
ord5994
ord6712
ord1857
ord5054
ord690
ord5530
ord935
ord2166
ord9152
ord4477
ord291
ord4426
ord2849
ord2174
ord6466
ord3033
ord1769
ord8287
ord406
ord753
ord5281
ord5487
ord4899
ord943

msvcr90d

??0exception@std@@QAE@XZ
__CxxFrameHandler3
_snprintf_s
_errno
_CrtDbgReport
strcpy
wcscpy
_invalid_parameter
_vsnwprintf_s
_snwprintf_s
wcscpy_s
wcsncpy_s
strcpy_s
_time64
ceil
floor
memcmp
_wcsicmp
memmove_s
wcslen
_mktime64
_gmtime64_s
_localtime64_s
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_wtoi
_vsnprintf_s
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_CrtSetCheckCount
_encoded_null
_free_dbg
_malloc_dbg
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
_CRT_RTC_INITW
??_V@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_recalloc
calloc
free
malloc
abs
memset
memcpy_s
_resetstkoflw
_CrtDbgReportW

kernel32

MapViewOfFile
GetSystemInfo
UnmapViewOfFile
VirtualAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLastError
OutputDebugStringW
OutputDebugStringA
OpenEventA
SetEvent
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
MulDiv
Sleep
GetTickCount
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
lstrlenW
CreateFileMappingA
CreateDirectoryW
LocalFree
LocalAlloc
InterlockedCompareExchange
IsDebuggerPresent
RaiseException
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
GetModuleFileNameW
HeapAlloc
GetProcessHeap
VirtualQuery
FreeLibrary
GetCurrentThread
OpenFileMappingA
InterlockedIncrement
InterlockedDecrement
LocalFileTimeToFileTime
WaitForSingleObject
TerminateThread
WritePrivateProfileStringW
GetPrivateProfileStringW
CopyFileW

user32

OffsetRect
InflateRect
EqualRect
IntersectRect
SetRect
PtInRect
IsRectEmpty
CopyRect
UnionRect
SetRectEmpty
MessageBoxA
GetSystemMetrics
PeekMessageW
MoveWindow
SubtractRect

gdi32

GetDIBColorTable
GetObjectW
SetDIBColorTable
DeleteDC
CreateCompatibleDC
SelectObject
StretchBlt
DeleteObject
SetStretchBltMode
CreateDIBSection

msimg32

TransparentBlt
AlphaBlend

shlwapi

PathFileExistsW
PathIsDirectoryW

oleaut32

DosDateTimeToVariantTime
VariantTimeToSystemTime
VarUdateFromDate
VariantChangeType
SystemTimeToVariantTime
SysFreeString
VarDateFromUdate

msvcp90d

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0_Container_base_secure@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Debug_message@std@@YAXPB_W0I@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?_Orphan_all@_Container_base_secure@std@@QBEXXZ
??1_Container_base_secure@std@@QAE@XZ

gdiplus

GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipFree
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdiplusShutdown
GdiplusStartup

advapi32

RevertToSelf
OpenThreadToken
SetThreadToken

Exports

Exports

InitDialog

Sections

.textbss
Size: - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3594cfa223a6582e0e5aa4ce998c45c0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc90ud

msvcr90d

kernel32

user32

gdi32

msimg32

shlwapi

oleaut32

msvcp90d

gdiplus

advapi32

Exports

Exports

Sections

.textbss Size: - Virtual size: 115KB

.text Size: 261KB - Virtual size: 260KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 2KB - Virtual size: 3KB

.idata Size: 10KB - Virtual size: 9KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 14KB - Virtual size: 13KB

.textbss
Size: - Virtual size: 115KB

.text
Size: 261KB - Virtual size: 260KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 2KB - Virtual size: 3KB

.idata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 14KB - Virtual size: 13KB