4b0f8aa780dce24df88877e2939d2070N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

4b0f8aa780dce24df88877e2939d2070N.exe
Size

1.1MB
MD5

4b0f8aa780dce24df88877e2939d2070
SHA1

e326b7c53fed3895705aec9168d8baac2fcdc28d
SHA256

c104b51819424f9ea51ba50742b614ee3454456b4a89d46dde90c8d439a462e9
SHA512

be5225bfeb6b7c57c066e81b5cbc5c1167c27d4c3ecfc175628f4baaaef8d1ab7deec069d01c063c478272577c3aec00d2ac74bf2a70fa5470c508e988759b2a
SSDEEP

24576:pcRq2MmoG2/Tocl1yb2srs01rQw0hWHJjiqu/Uq7ZQz7H/eD9wu:pcRq2MmoB7d7wrlHhu/37ZQnH/69wu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b0f8aa780dce24df88877e2939d2070N.exe

Files

4b0f8aa780dce24df88877e2939d2070N.exe
.dll windows:6 windows x86 arch:x86

706ca572e4059af22ed823bbab59f3be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\快盘\Work\VS_Proj\Gr158\Gr158_DLL\Release\libAlg.pdb

Imports

kernel32

WriteFile
ReadFile
GetLastError
CloseHandle
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
SetLastError
HeapFree
HeapAlloc
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
HeapSize
GetStdHandle
GetModuleFileNameW
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcessHeap
GetFileType
DeleteCriticalSection
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
InterlockedExchange
FreeLibrary
LoadLibraryExW
CreateFileA
HeapReAlloc
RtlUnwind
OutputDebugStringW
LoadLibraryW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CreateFileW
DeleteFileA
GetSystemTime
LocalFree
GetTempPathA
DeleteFileW
GetVersionExA
OutputDebugStringA
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
GetTempPathW
GetFileAttributesW
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
FormatMessageW
FormatMessageA
UnlockFileEx
GetTickCount
LockFile
UnlockFile
WaitForSingleObject
SystemTimeToFileTime
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
CreateMutexW
GetFileSize
GetFullPathNameA
GetFullPathNameW
InitializeCriticalSection
InterlockedCompareExchange
GetTimeZoneInformation
SetEnvironmentVariableA
TryEnterCriticalSection
Sleep
InterlockedDecrement
InterlockedIncrement

advapi32

CryptReleaseContext
CryptAcquireContextA
CryptGenRandom

Exports

Exports

AlgClientRun
AlgReturnBossScore
AlgTimeUpdate
BackStageBackCoin
BackStageBackScore
BackStageBuyCoin
BackStageBuyScore
BackStageCode
BackStageCodeCmp
BackStageCodeSet
BackStageExit
BackStageGetCheckCode
BackStageGetConf
BackStageGetConfigPtr
BackStageGetHisPtr
BackStageGetHisRec
BackStageGetPlyPtr
BackStageGetPlyRec
BackStageGetPrizePtr
BackStageGetPrizeRec
BackStageInit
BackStageReleaseOrDebug
BackStageSave
BackStageSetConf
BackStageSetPlyIn
BackStageSetPlyOut
BackStageSettingEnter
BackStageSettingExit
CommuUpdate

Sections

.text
Size: 839KB - Virtual size: 838KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

706ca572e4059af22ed823bbab59f3be

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 839KB - Virtual size: 838KB

.rdata Size: 118KB - Virtual size: 118KB

.data Size: 19KB - Virtual size: 38KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 100KB - Virtual size: 100KB

.text
Size: 839KB - Virtual size: 838KB

.rdata
Size: 118KB - Virtual size: 118KB

.data
Size: 19KB - Virtual size: 38KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 100KB - Virtual size: 100KB