ba71a7674b04512cb24b568f0cf8cd874aeb21983da99c8009046a8474ea3a79

Sharing

Copy URL

Twitter E-mail

General

Target

ba71a7674b04512cb24b568f0cf8cd874aeb21983da99c8009046a8474ea3a79
Size

176KB
MD5

2cbd74d703dfd357a52849ad54491a46
SHA1

c6b3717b52bb563d136ce9879cce7edf293fb842
SHA256

ba71a7674b04512cb24b568f0cf8cd874aeb21983da99c8009046a8474ea3a79
SHA512

ea88ceaf0b692d20db085457f4893cfdac0187146ef4b27c50bd11a78b818408fd4abdf7a7a6850307cdab73ad141e4e919b0ccbe1dc58b08357ef1f5ef303b0
SSDEEP

3072:+Dny8vTGn1QB0UciIG0+gAAg0FuY3EPlQR9:u1r/zUt+HAOPO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba71a7674b04512cb24b568f0cf8cd874aeb21983da99c8009046a8474ea3a79

Files

ba71a7674b04512cb24b568f0cf8cd874aeb21983da99c8009046a8474ea3a79
.dll windows:4 windows x86 arch:x86

e83f29195bed28b44bfd33d51aea5c1d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

j:\data\北京文化\CultureBJ\接入顺网后台接口\cultureToX\culture\Release\culture.pdb

Imports

ws2_32

recvfrom
WSAResetEvent
WSAWaitForMultipleEvents
WSAEventSelect
WSACreateEvent
WSAGetOverlappedResult
WSAGetLastError
WSARecv
WSASend
shutdown
closesocket
connect
inet_addr
htons
ioctlsocket
socket
WSACleanup
WSAStartup
bind
WSACloseEvent
sendto

libcurl

curl_slist_append
curl_easy_init
curl_easy_setopt
curl_easy_perform
curl_easy_cleanup

kernel32

GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetTimeZoneInformation
HeapSize
GetCPInfo
GetOEMCP
GetCurrentProcess
WaitForSingleObject
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
MultiByteToWideChar
CompareStringW
CompareStringA
WideCharToMultiByte
lstrlenA
OutputDebugStringA
CreateThread
CreateEventA
GetModuleFileNameA
GetModuleHandleA
CloseHandle
TerminateThread
SetEvent
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
WriteFile
CreateFileA
UnhandledExceptionFilter
GetTickCount
Sleep
DeleteFileA
ReadFile
SetFilePointer
GetFileSize
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
LoadLibraryA
GetLastError
FindResourceA
SizeofResource
LockResource
LoadResource
FindResourceExA
InitializeCriticalSection
DeleteCriticalSection
RaiseException
VirtualFree
HeapCreate
HeapDestroy
GetCommandLineA
GetCurrentThreadId
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitProcess
RtlUnwind
HeapAlloc
HeapFree
IsBadWritePtr
LCMapStringA
LCMapStringW
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetEnvironmentVariableA
GetSystemDirectoryA
GetProcessHeap
QueryPerformanceCounter
GetCurrentProcessId
HeapReAlloc

user32

LoadIconA
LoadCursorA
MessageBoxA
CreateDialogParamA
GetMessageA
TranslateMessage
DispatchMessageA
RegisterClassA
PostQuitMessage
DefWindowProcA
ShowWindow
UpdateWindow
GetDC
ReleaseDC
GetWindowRect
SetWindowPos
SetDlgItemTextA
SetTimer
FindWindowA
SendMessageA
DestroyWindow

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
StretchBlt
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA

advapi32

RegCloseKey
RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA

oleaut32

SystemTimeToVariantTime
VarUdateFromDate

shlwapi

PathFindExtensionW
PathFindExtensionA
StrStrIA

gdiplus

GdipFree
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdipAlloc

Exports

Exports

End
SetClientInfo
Start

Sections

.text
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e83f29195bed28b44bfd33d51aea5c1d

Headers

File Characteristics

PDB Paths

Imports

ws2_32

libcurl

kernel32

user32

gdi32

advapi32

oleaut32

shlwapi

gdiplus

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 118KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 400B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 120KB - Virtual size: 118KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 400B

.reloc
Size: 8KB - Virtual size: 7KB