4f8731131b2997d7aa9724cbdd78520dcec848a46c64969fa89508c8292eb732

Sharing

Copy URL Twitter E-mail

General

Target

4f8731131b2997d7aa9724cbdd78520dcec848a46c64969fa89508c8292eb732
Size

289KB
MD5

06c1711fb9ebdd45b12490388f9491f0
SHA1

5ce39019b242bbecdbe436d193742a71dbbaa50d
SHA256

4f8731131b2997d7aa9724cbdd78520dcec848a46c64969fa89508c8292eb732
SHA512

04d7c44e2d57d7b861f58041ca103be355c52b0612f753dce43856119f8342103270bb0bd30f0b8f65dcf97bf08785ff819e5178121f81d5552a815c21043eab
SSDEEP

6144:1IGdbnAuMGbbaPyqWxcnZ//hROF/p/uwONct43j92Uecma:1jhnAukixAZG9pGHNu4B2Ue5a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f8731131b2997d7aa9724cbdd78520dcec848a46c64969fa89508c8292eb732

Files

4f8731131b2997d7aa9724cbdd78520dcec848a46c64969fa89508c8292eb732
.exe windows:6 windows x86 arch:x86

5f96b948e0bf98bb15cc56402ff6517a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\SVN_8F\开发库\3 仿真软件\tags\WSIM_V1.2.1.2\Release\WSIM.pdb

Imports

mfc120u

ord6763
ord6032
ord7004
ord464
ord4182
ord9013
ord5887
ord6492
ord1177
ord6452
ord1130
ord1108
ord1110
ord3654
ord7384
ord2173
ord4842
ord3918
ord10353
ord7946
ord13516
ord5753
ord7951
ord3129
ord6874
ord8699
ord13997
ord14094
ord13404
ord9091
ord9116
ord12048
ord2718
ord13612
ord6121
ord3122
ord3361
ord3362
ord4049
ord11271
ord10896
ord8921
ord12006
ord2974
ord12360
ord12985
ord3102
ord351
ord1059
ord11079
ord2967
ord5824
ord285
ord6383
ord1713
ord2834
ord12357
ord12968
ord11191
ord10912
ord8771
ord9150
ord9053
ord7033
ord7394
ord514
ord1148
ord981
ord1455
ord965
ord1442
ord9183
ord13488
ord11977
ord9094
ord5837
ord13560
ord9118
ord2515
ord4452
ord12052
ord11956
ord8091
ord3132
ord8280
ord4943
ord4944
ord6033
ord12331
ord1746
ord13569
ord5842
ord13567
ord5841
ord11305
ord5858
ord8713
ord9233
ord11675
ord11670
ord5274
ord3800
ord4544
ord11370
ord10283
ord5027
ord12430
ord1687
ord500
ord1139
ord11837
ord2843
ord12755
ord12222
ord2415
ord8107
ord10025
ord10028
ord7542
ord992
ord1467
ord13108
ord7881
ord2265
ord2261
ord2163
ord4416
ord13771
ord6392
ord950
ord1824
ord366
ord1069
ord11902
ord12121
ord2280
ord4546
ord462
ord6758
ord10131
ord5667
ord12799
ord12094
ord12126
ord10314
ord8099
ord12122
ord12114
ord5821
ord3809
ord6252
ord14527
ord6253
ord14528
ord6251
ord14526
ord7884
ord12402
ord14326
ord11858
ord11857
ord1992
ord7825
ord12818
ord4047
ord4109
ord9279
ord14454
ord7806
ord14448
ord12413
ord12412
ord1518
ord5262
ord8206
ord12736
ord8268
ord8352
ord6436
ord5019
ord7016
ord7390
ord481
ord8601
ord10857
ord9093
ord10132
ord5669
ord3806
ord4660
ord12531
ord12289
ord13212
ord2801
ord7544
ord2516
ord8277
ord13925
ord13692
ord2816
ord5514
ord6102
ord8962
ord3814
ord10905
ord11148
ord9078
ord12657
ord5482
ord12446
ord11133
ord9365
ord2676
ord12835
ord11968
ord4095
ord4045
ord14371
ord5282
ord5273
ord10312
ord10602
ord11019
ord11020
ord9244
ord11618
ord9860
ord7288
ord7521
ord944
ord1422
ord2308
ord11998
ord10390
ord13800
ord14099
ord10998
ord3790
ord9107
ord2638
ord6773
ord11963
ord8186
ord11156
ord11159
ord9390
ord9405
ord9395
ord9867
ord9872
ord9407
ord8804
ord8794
ord11621
ord11003
ord8892
ord11027
ord9928
ord9929
ord7671
ord358
ord6123
ord13616
ord3263
ord3260
ord8092
ord2719
ord10166
ord10168
ord10167
ord10165
ord10169
ord5557
ord11600
ord11601
ord9020
ord11964
ord3795
ord11811
ord14447
ord8846
ord12095
ord6875
ord10883
ord9137
ord3224
ord13738
ord12134
ord12132
ord1711
ord1723
ord1731
ord1727
ord1736
ord4879
ord4920
ord4887
ord4899
ord4895
ord4891
ord4928
ord4916
ord4883
ord4932
ord4905
ord4867
ord4874
ord4909
ord4459
ord9574
ord4451
ord3013
ord14449
ord7807
ord14455
ord6774
ord11592
ord13563
ord5838
ord2640
ord11999
ord3898
ord3330
ord3329
ord3223
ord12043
ord5157
ord5454
ord5664
ord4838
ord3889
ord2484
ord6510
ord4184
ord8628
ord1471
ord999
ord2136
ord1506
ord4621
ord4128
ord12792
ord306
ord1043
ord290
ord4839
ord6462
ord7543
ord7331
ord9231
ord5430
ord5693
ord5160
ord5316
ord5137
ord7609
ord7610
ord7600
ord5314
ord8101
ord10136
ord9090
ord14237
ord2480
ord6469
ord3839
ord6696
ord895
ord8242
ord2948
ord1125
ord1520
ord2262
ord6713
ord8247
ord8693
ord12957
ord286
ord4949
ord2214
ord2444
ord12956
ord1698
ord1386
ord887
ord4772
ord2204
ord2367
ord296
ord280
ord1042
ord8344
ord1508

msvcr120

_CxxThrowException
__CxxFrameHandler3
__RTDynamicCast
_libm_sse2_cos_precise
memcpy
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
memset
_purecall
free
strcat_s
?terminate@@YAXXZ
exit
memmove
strcpy_s
_libm_sse2_sin_precise

kernel32

GetLastError
InitializeCriticalSectionEx
OutputDebugStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetModuleFileNameW
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
EncodePointer
DeleteCriticalSection
DecodePointer

user32

EnableWindow
CheckMenuItem
SendMessageW
ClientToScreen
SetTimer
LoadCursorW
IsWindowVisible
MessageBoxW
UpdateWindow
AppendMenuW
SetWindowLongW
GetWindowLongW
GetSubMenu
GetCursorPos
LoadMenuW
OffsetRect
DeleteMenu
ReleaseDC
GetDC
CreatePopupMenu
GetSysColor
InflateRect

gdi32

CreateRectRgnIndirect
CombineRgn
FillRgn
Ellipse
CreateFontW
PtInRegion
GetStockObject
Rectangle
GetObjectW
CreateFontIndirectW
DPtoLP
GetTextExtentPoint32W
CreatePolygonRgn

comctl32

InitCommonControlsEx

msvcp120

?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z

ws2_32

htons
inet_addr
WSAStartup

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f96b948e0bf98bb15cc56402ff6517a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc120u

msvcr120

kernel32

user32

gdi32

comctl32

msvcp120

ws2_32

Sections

.text Size: 149KB - Virtual size: 149KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 78KB - Virtual size: 78KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 149KB - Virtual size: 149KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 78KB - Virtual size: 78KB

.reloc
Size: 18KB - Virtual size: 18KB