c96edc1d61ab02eaca223a545daf698bb8f8fd96205fa6e21a0f0ca9c6faa234

Sharing

Copy URL Twitter E-mail

General

Target

c96edc1d61ab02eaca223a545daf698bb8f8fd96205fa6e21a0f0ca9c6faa234
Size

2.9MB
MD5

b196d2bae60013f06e1db9d0fb95465b
SHA1

922b84227433b60479e6389c1d2da90b198ab70a
SHA256

c96edc1d61ab02eaca223a545daf698bb8f8fd96205fa6e21a0f0ca9c6faa234
SHA512

46777738a8e7271cf72b05c69a282ee10e844b46805b759e21c74c374cdd89adef517cd91daeb9edf831f8d36157352c23613b9d92a79f82bb3069d2a96e85a6
SSDEEP

49152:d99V0FaqjZG5pNz6gk24o5Bd1EPFFYGlAglbCWDV54ycuUjR6JUbQyFLaNmUm6DW:P0FXIpNz6a5rm9ug4cVFq6KEykNmc8es

Score

3^/10

qr link

Malware Config

Signatures

One or more HTTP URLs in qr code identified
Detects presence of HTTP links in QR codes.
qr link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/VxKex/VxKex.exe

Files

c96edc1d61ab02eaca223a545daf698bb8f8fd96205fa6e21a0f0ca9c6faa234
.zip
VxKex/#XIAOYI.VC.url
.url
VxKex/#��ע��.url
.url
VxKex/#��ȡ��.png
.png
- http://weixin.qq.com/r/c0QvNzrEjmfxrX5U9xFh
VxKex/#��ǵ�Ⱥ.txt
VxKex/VxKex.exe
.exe windows:4 windows x86 arch:x86

7a5e2524b66da5177b4ec46d305a3dd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

shell32

ShellExecuteExW

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
memcpy
free
malloc
wcscmp
memcmp
memmove
strlen
memset

kernel32

GetCurrentDirectoryW
GetStartupInfoA
GetModuleHandleA
GetSystemDirectoryW
LoadLibraryExW
GetModuleHandleW
GetProcAddress
GetVersion
SetFilePointer
WriteFile
ReadFile
CreateFileW
DeleteFileW
FindNextFileW
RemoveDirectoryW
FindFirstFileW
FindClose
GetModuleFileNameW
GetCommandLineW
GetTempPathW
lstrlenW
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
lstrcpyW
GetExitCodeProcess
WaitForSingleObject
CloseHandle
CreateProcessW
SetCurrentDirectoryW
SetFileAttributesW
SetFileTime
lstrcatW
GetLastError
CreateDirectoryW

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a5e2524b66da5177b4ec46d305a3dd7

Headers

DLL Characteristics

File Characteristics

Imports

user32

shell32

msvcrt

kernel32

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 2KB