2024-08-02_6f6e4c4e90dda742c7830f9b73f0ce58_xiaoba

Sharing

Copy URL

Twitter E-mail

General

Target

2024-08-02_6f6e4c4e90dda742c7830f9b73f0ce58_xiaoba
Size

2.0MB
MD5

6f6e4c4e90dda742c7830f9b73f0ce58
SHA1

2e3b5203c022916a617ce9e062f29605733b89f7
SHA256

26374fb6b4d38a90a597a766b3e351d4a1db3a29ca8e708f11ee0a150f3b9939
SHA512

a70c7e4c20b226f516ae53b5229b286136900b73497738ae7b966630f72593e54927c787d33a4193ae25a033f56f87157b4f868b4fa37edc90006a562ec5f562
SSDEEP

49152:Yhe/k1ZZkPYPYAUSR+0biSDKM570nNzMmec:f/kJHR+0TL570n5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-02_6f6e4c4e90dda742c7830f9b73f0ce58_xiaoba

Files

2024-08-02_6f6e4c4e90dda742c7830f9b73f0ce58_xiaoba
.exe windows:5 windows x86 arch:x86

9ddcd04576bd772b825d3a6f881612ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

h:\syzygy_wpsoptimize\result\wpsoffice.pdb

Imports

kernel32

GetProcAddress
LoadLibraryW
GetCommandLineW
FreeLibrary
TerminateProcess
OpenProcess
GetCurrentProcessId
GetModuleFileNameW
CloseHandle
GetLastError
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetModuleHandleW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CopyFileW
CreateProcessW
LocalFree
WaitForSingleObject
ReadFile
CreateFileW
GetFileAttributesExW
LoadLibraryA
VerifyVersionInfoW
VerSetConditionMask
GetSystemDirectoryA
CreateThread
GetTickCount
GetSystemInfo
LoadLibraryExW
VirtualFree
GetOverlappedResult
VirtualAlloc
SetEvent
GetCurrentThreadId
CreateEventW
MultiByteToWideChar
GetExitCodeProcess
OpenFileMappingW
Sleep
GetPrivateProfileStringW
ReleaseMutex
UnmapViewOfFile
CreateMutexW
VirtualQuery
MapViewOfFile
CreateFileMappingW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
UnregisterWaitEx
InterlockedDecrement
WaitForMultipleObjects
DeleteFileW
InitializeCriticalSection
QueueUserWorkItem
InterlockedIncrement
DeleteCriticalSection
GetStartupInfoW
GetTempPathW
SetDllDirectoryW
GetDllDirectoryW
ConnectNamedPipe
DisconnectNamedPipe
FlushFileBuffers
CreateIoCompletionPort
CreateNamedPipeW
WriteFile
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CancelIo
InterlockedExchange
WaitNamedPipeW
SetNamedPipeHandleState
GetVersionExW
LocalAlloc
GetCurrentProcess
GetPrivateProfileIntW
GetProcessId
SetUnhandledExceptionFilter
GetModuleHandleExW
SetErrorMode
RaiseException
GetUserDefaultUILanguage
SetFilePointerEx
GetFileSizeEx
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
CompareFileTime
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
FindClose
FindFirstFileW
CreateDirectoryW
FindNextFileW
ExpandEnvironmentStringsW
GetCurrentThread
ProcessIdToSessionId
GetStringTypeW
InterlockedCompareExchange
EncodePointer
DecodePointer
HeapSetInformation
RtlUnwind
ExitThread
ExitProcess
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
HeapReAlloc
SetConsoleCtrlHandler
UnhandledExceptionFilter
IsDebuggerPresent
LCMapStringW
GetCPInfo
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapCreate
HeapDestroy
QueryPerformanceCounter
IsProcessorFeaturePresent
HeapSize
SetEnvironmentVariableA
SetEnvironmentVariableW
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
GetProcessHeap

krpt

?_force_link_krpt@@YGXXZ

Exports

Exports

GetHostInterface
MdCallBack
MdCallBack12
ksGetHWND
wdGetApplicationObject

Sections

.text
Size: 469KB - Virtual size: 468KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.syzygy
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xw
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_MEM_EXECUTE

Sharing

General

Malware Config

Signatures

Files

9ddcd04576bd772b825d3a6f881612ba

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

krpt

Exports

Exports

Sections

.text Size: 469KB - Virtual size: 468KB

.rdata Size: 179KB - Virtual size: 178KB

.data Size: 41KB - Virtual size: 57KB

.syzygy Size: 1024B - Virtual size: 954B

.rsrc Size: 183KB - Virtual size: 183KB

.reloc Size: 30KB - Virtual size: 29KB

.xw Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 469KB - Virtual size: 468KB

.rdata
Size: 179KB - Virtual size: 178KB

.data
Size: 41KB - Virtual size: 57KB

.syzygy
Size: 1024B - Virtual size: 954B

.rsrc
Size: 183KB - Virtual size: 183KB

.reloc
Size: 30KB - Virtual size: 29KB

.xw
Size: 1.1MB - Virtual size: 1.1MB