2f8ff11de4db7dc92ab31b0d1b92faea0e2aedd83c38c19501670db25fff0bff

Sharing

Copy URL Twitter E-mail

General

Target

2f8ff11de4db7dc92ab31b0d1b92faea0e2aedd83c38c19501670db25fff0bff
Size

11.1MB
MD5

1b49d1759da511e953b6279b5b76b16a
SHA1

3744f99bc8a95e0782a3c9625fd8226e302cb9ff
SHA256

2f8ff11de4db7dc92ab31b0d1b92faea0e2aedd83c38c19501670db25fff0bff
SHA512

53dbd89e2b606b1f96d761c2a8a66aef61e22d841dd8e862021586d1761d7bbb6e5c43c6e0887d1cf4c9a4681235382bacf11d4cd98f58acc09de7934be37ee5
SSDEEP

196608:XUXs6b2okIXqPcgcfhuBo7KbxvMU6xfexl+u7BDvgzTIURjHtKo:E86CokIXKIhvKbR8x8lrve0cNKo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/16޸/ҡ3޸.exe

Files

2f8ff11de4db7dc92ab31b0d1b92faea0e2aedd83c38c19501670db25fff0bff
.zip
16޸/1040-1649860362.data
16޸/1104-1651151521.data
16޸/data.mdb
16޸/data/elements.data
16޸/data/maps.txt
16޸/data/zx.dll
16޸/data/ɱ˹ʽ.txt
16޸/data/Ʒ.txt
16޸/data/¼.txt
16޸/data/ɱʽ.txt
16޸/logs/1076/2022-03-10/logs.txt
16޸/logs/422/2022-04-08/logs.txt
16޸/logs/81/2022-03-18/logs.txt
16޸/logs/ȥ81/2022-03-27/logs.txt
16޸/logs/ȥ81/2022-03-28/logs.txt
16޸/logs//2018-11-22/logs.txt
16޸/logs//2022-02-16/logs.txt
16޸/logs//2022-03-09/logs.txt
16޸/logs//2022-05-09/logs.txt
16޸/logs//2022-05-11/logs.txt
16޸/my/mysql-connector-odbc-5.1.12-win32.msi
.msi
16޸/my/mysql-connector-odbc-5.1.12-winx64.msi
.msi
16޸/template/1378_-1378-[û-1041]-20151215 21ʱ0233.data
16޸/template/422-422-[Ѫɫ-1040]-20220413 22ʱ3249.data
16޸/template/422Ʒ-422-[Ѫ-1104]-20220406 20ʱ1723.data
16޸/template/422Ʒ-422-[Ѫ-1104]-20220425 23ʱ2313.data
16޸/template/422Ʒ-422-[Ѫ-1104]-20220428 21ʱ1208.data
16޸/template/ȥ81-422-[Ѫ-1104]-20220328 12ʱ2123.data
16޸/ҡ3޸.exe
.exe windows:4 windows x86 arch:x86

f30834e34b2c4a6ea898ad2a9e0b6559

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

DrawDibDraw

avifil32

AVIStreamInfoA

rasapi32

RasGetConnectStatusA

winmm

midiStreamRestart

ws2_32

bind

kernel32

VirtualFree

user32

GetScrollPos

gdi32

PatBlt

msimg32

GradientFill

winspool.drv

OpenPrinterA

comdlg32

ChooseColorA

advapi32

RegEnumValueA

shell32

DragFinish

ole32

CLSIDFromProgID

oleaut32

VariantInit

odbc32

ord12

comctl32

ImageList_Create

wininet

InternetCanonicalizeUrlA

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

.text
Size: 1.5MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 359KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
16޸/־.txt
16޸/״ʹ鿴ң˵/ʹ˵.txt
16޸/״ʹ鿴ң˵/.doc
.doc windows office2003
16޸/״ʹ鿴ң˵/ʾװֵʹ÷.doc
.doc windows office2003
16޸/״ʹ鿴ң˵/ɺ.doc
.doc windows office2003
16޸/ɽɫͼƬ.7z
.7z
QQ图片20150922225155.png
.png
QQ图片20150922225205.jpg
.jpg
QQ图片20150922225221.jpg
.jpg
QQ图片20150922230115.png
.png
QQ图片20150922230125.png
.png
QQ图片20150922230135.png
.png
QQ图片20150922230158.png
.png
16޸/ɽɫͼƬ/QQͼƬ20150922225155.png
.png
16޸/ɽɫͼƬ/QQͼƬ20150922225205.jpg
.jpg
16޸/ɽɫͼƬ/QQͼƬ20150922225221.jpg
.jpg
16޸/ɽɫͼƬ/QQͼƬ20150922230115.png
.png
16޸/ɽɫͼƬ/QQͼƬ20150922230125.png
.png
16޸/ɽɫͼƬ/QQͼƬ20150922230135.png
.png
16޸/ɽɫͼƬ/QQͼƬ20150922230158.png
.png

Sharing

General

Malware Config

Signatures

Files

f30834e34b2c4a6ea898ad2a9e0b6559

Headers

File Characteristics

Imports

msvfw32

avifil32

rasapi32

winmm

ws2_32

kernel32

user32

gdi32

msimg32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

odbc32

comctl32

wininet

msvcrt

iphlpapi

psapi

Sections

.text Size: 1.5MB - Virtual size: 4.4MB

.sedata Size: 1.1MB - Virtual size: 1.1MB

.idata Size: 1KB - Virtual size: 4KB

.rsrc Size: 359KB - Virtual size: 360KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 1.5MB - Virtual size: 4.4MB

.sedata
Size: 1.1MB - Virtual size: 1.1MB

.idata
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 359KB - Virtual size: 360KB

.sedata
Size: 4KB - Virtual size: 4KB