银狐木马样本包 9X[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

银狐木马样本包 9X.rar
Size

481KB
MD5

fb419ca9665a968bee2f4984d9bb2140
SHA1

5d49c7a4d17d2f86143fb30174bfe71d164f5709
SHA256

b1728c4a31c5b87e356ba36d2f337ad9e3f4527afca4ce6140a1df15e701293d
SHA512

13530f8c08a999f259f53a45d53cfdc91e9674220f18e72ba339c42ed9e65c0a6e9ef83a3014c0f67f57213a062c118a4c7faa21de3e53768df3cc9c2a7279f0
SSDEEP

12288:7LFqcW/nSMq4W/Si4N7RC9WKEAQPoxscNsOv7pRSHdp:7ZqbPq3z4TYWbNg+cNsQ770dp

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/147.exe.vir
unpack001/2857381323.exe.vir
unpack001/XLSX202400000050346888uninst.exe.vir
unpack001/setupPDF.exe.vir
unpack001/setupPDF2.exe.vir
unpack001/setup登陆查询系统.exe.vir
unpack001/新0_23.exe.vir
unpack001/表格8-1号6008.exe.vir

Files

银狐木马样本包 9X.rar
.rar
147.exe.vir
.exe windows:6 windows x64 arch:x64

3b4c80acbf2a79a8de23b9b8328c2c96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FreeLibrary
GetFileAttributesA
VirtualAlloc
Sleep
WriteConsoleW
CreateFileW
GetConsoleCP
FlushFileBuffers
GetProcAddress
GetStringTypeW
LCMapStringW
LoadLibraryA
GetLastError
SetStdHandle
GetModuleFileNameA
HeapReAlloc
HeapSize
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
ReadFile
HeapAlloc
HeapFree
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStdHandle
WriteFile
GetModuleFileNameW
LoadLibraryExW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
GetProcessHeap
CloseHandle
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
SetEndOfFile

user32

DispatchMessageW
TranslateMessage
GetMessageW
PostMessageW
ShowWindow
LoadCursorW
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExW
DefWindowProcW
PostQuitMessage
MessageBoxW
RegisterClassW

advapi32

CheckTokenMembership
AllocateAndInitializeSid
FreeSid

shell32

ShellExecuteExA

Sections

.text
Size: 21.2MB - Virtual size: 21.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dat
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2857381323.exe.vir
.exe windows:6 windows x64 arch:x64

3b4c80acbf2a79a8de23b9b8328c2c96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FreeLibrary
GetFileAttributesA
VirtualAlloc
Sleep
WriteConsoleW
CreateFileW
GetConsoleCP
FlushFileBuffers
GetProcAddress
GetStringTypeW
LCMapStringW
LoadLibraryA
GetLastError
SetStdHandle
GetModuleFileNameA
HeapReAlloc
HeapSize
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
ReadFile
HeapAlloc
HeapFree
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStdHandle
WriteFile
GetModuleFileNameW
LoadLibraryExW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
GetProcessHeap
CloseHandle
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
SetEndOfFile

user32

DispatchMessageW
TranslateMessage
GetMessageW
PostMessageW
ShowWindow
LoadCursorW
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExW
DefWindowProcW
PostQuitMessage
MessageBoxW
RegisterClassW

advapi32

CheckTokenMembership
AllocateAndInitializeSid
FreeSid

shell32

ShellExecuteExA

Sections

.text
Size: 21.2MB - Virtual size: 21.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dat
Size: 512B - Virtual size: 75B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XLSX202400000050346888uninst.exe.vir
.exe windows:6 windows x64 arch:x64

9ef50982e9b6f9e420053d6546c7fd7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcAddress
FreeLibrary
GetFileAttributesA
VirtualAlloc
WriteConsoleW
CreateFileW
GetConsoleCP
FlushFileBuffers
LoadLibraryA
GetStringTypeW
LCMapStringW
GetLastError
GetModuleFileNameA
SetStdHandle
Sleep
HeapReAlloc
HeapSize
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
ReadFile
HeapAlloc
HeapFree
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStdHandle
WriteFile
GetModuleFileNameW
LoadLibraryExW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
GetProcessHeap
CloseHandle
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
SetEndOfFile

user32

DispatchMessageW
TranslateMessage
GetMessageW
PostMessageW
ShowWindow
LoadCursorW
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExW
DefWindowProcW
PostQuitMessage
MessageBoxW
RegisterClassW

advapi32

CheckTokenMembership
AllocateAndInitializeSid
FreeSid

shell32

ShellExecuteExA

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ddt
Size: 512B - Virtual size: 474B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setupPDF.exe.vir
.exe windows:6 windows x64 arch:x64

3b4c80acbf2a79a8de23b9b8328c2c96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FreeLibrary
GetFileAttributesA
VirtualAlloc
Sleep
WriteConsoleW
CreateFileW
GetConsoleCP
FlushFileBuffers
GetProcAddress
GetStringTypeW
LCMapStringW
LoadLibraryA
GetLastError
SetStdHandle
GetModuleFileNameA
HeapReAlloc
HeapSize
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
ReadFile
HeapAlloc
HeapFree
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStdHandle
WriteFile
GetModuleFileNameW
LoadLibraryExW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
GetProcessHeap
CloseHandle
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
SetEndOfFile

user32

DispatchMessageW
TranslateMessage
GetMessageW
PostMessageW
ShowWindow
LoadCursorW
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExW
DefWindowProcW
PostQuitMessage
MessageBoxW
RegisterClassW

advapi32

CheckTokenMembership
AllocateAndInitializeSid
FreeSid

shell32

ShellExecuteExA

Sections

.text
Size: 21.2MB - Virtual size: 21.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setupPDF2.exe.vir
.exe windows:6 windows x64 arch:x64

3b4c80acbf2a79a8de23b9b8328c2c96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FreeLibrary
GetFileAttributesA
VirtualAlloc
Sleep
WriteConsoleW
CreateFileW
GetConsoleCP
FlushFileBuffers
GetProcAddress
GetStringTypeW
LCMapStringW
LoadLibraryA
GetLastError
SetStdHandle
GetModuleFileNameA
HeapReAlloc
HeapSize
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
ReadFile
HeapAlloc
HeapFree
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStdHandle
WriteFile
GetModuleFileNameW
LoadLibraryExW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
GetProcessHeap
CloseHandle
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
SetEndOfFile

user32

DispatchMessageW
TranslateMessage
GetMessageW
PostMessageW
ShowWindow
LoadCursorW
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExW
DefWindowProcW
PostQuitMessage
MessageBoxW
RegisterClassW

advapi32

CheckTokenMembership
AllocateAndInitializeSid
FreeSid

shell32

ShellExecuteExA

Sections

.text
Size: 21.2MB - Virtual size: 21.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup登陆查询系统.exe.vir
.exe windows:6 windows x64 arch:x64

3b4c80acbf2a79a8de23b9b8328c2c96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FreeLibrary
GetFileAttributesA
VirtualAlloc
Sleep
WriteConsoleW
CreateFileW
GetConsoleCP
FlushFileBuffers
GetProcAddress
GetStringTypeW
LCMapStringW
LoadLibraryA
GetLastError
SetStdHandle
GetModuleFileNameA
HeapReAlloc
HeapSize
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
ReadFile
HeapAlloc
HeapFree
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStdHandle
WriteFile
GetModuleFileNameW
LoadLibraryExW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
GetProcessHeap
CloseHandle
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
SetEndOfFile

user32

DispatchMessageW
TranslateMessage
GetMessageW
PostMessageW
ShowWindow
LoadCursorW
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExW
DefWindowProcW
PostQuitMessage
MessageBoxW
RegisterClassW

advapi32

CheckTokenMembership
AllocateAndInitializeSid
FreeSid

shell32

ShellExecuteExA

Sections

.text
Size: 21.2MB - Virtual size: 21.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dat
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新0_23.exe.vir
.exe windows:6 windows x64 arch:x64

a924d03acfc9f9bb1b991957276529a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc

api-ms-win-crt-private-l1-1-0

__C_specific_handler
memcpy

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
__p__acmdln
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_atexit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
fclose
fopen
fread
fseek
ftell
fwrite

api-ms-win-crt-string-l1-1-0

memset
strlen
strncmp

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid

shell32

ShellExecuteExA

user32

MessageBoxA

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetLastError
GetModuleFileNameA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset

api-ms-win-crt-locale-l1-1-0

__initialize_lconv_for_unsigned_char

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 35B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
表格8-1号6008.exe.vir
.exe windows:5 windows x64 arch:x64

38dca0c0d225699f25028154d53df604

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileW
SetEndOfFile
GetFileAttributesW
Sleep
CreateFileA
WriteConsoleW
SetStdHandle
LoadLibraryW
FreeLibrary
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
GetCommandLineW
GetStartupInfoW
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
GetCurrentProcess
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
GetProcAddress
GetModuleHandleW
ExitProcess
FatalAppExitA
ReadFile
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
FlsAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
SetConsoleCtrlHandler
GetProcessHeap

user32

MessageBoxW

advapi32

RegCloseKey
RegOpenKeyExW

wininet

InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle

Sections

.text
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b4c80acbf2a79a8de23b9b8328c2c96

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 21.2MB - Virtual size: 21.2MB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 14KB

.pdata Size: 3KB - Virtual size: 2KB

.dat Size: 512B - Virtual size: 76B

.reloc Size: 1KB - Virtual size: 1KB

3b4c80acbf2a79a8de23b9b8328c2c96

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 21.2MB - Virtual size: 21.2MB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 14KB

.pdata Size: 3KB - Virtual size: 2KB

.dat Size: 512B - Virtual size: 75B

.reloc Size: 1KB - Virtual size: 1KB

9ef50982e9b6f9e420053d6546c7fd7c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 76KB - Virtual size: 76KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 14KB

.pdata Size: 3KB - Virtual size: 2KB

.ddt Size: 512B - Virtual size: 474B

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 4KB

3b4c80acbf2a79a8de23b9b8328c2c96

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 21.2MB - Virtual size: 21.2MB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 14KB

.pdata Size: 3KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 43KB - Virtual size: 44KB

3b4c80acbf2a79a8de23b9b8328c2c96

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text
Size: 21.2MB - Virtual size: 21.2MB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 14KB

.pdata
Size: 3KB - Virtual size: 2KB

.dat
Size: 512B - Virtual size: 76B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 21.2MB - Virtual size: 21.2MB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 14KB

.pdata
Size: 3KB - Virtual size: 2KB

.dat
Size: 512B - Virtual size: 75B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 76KB - Virtual size: 76KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 14KB

.pdata
Size: 3KB - Virtual size: 2KB

.ddt
Size: 512B - Virtual size: 474B

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 21.2MB - Virtual size: 21.2MB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 14KB

.pdata
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 43KB - Virtual size: 44KB

.text
Size: 21.2MB - Virtual size: 21.2MB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 14KB

.pdata
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 21.2MB - Virtual size: 21.2MB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 14KB

.pdata
Size: 3KB - Virtual size: 2KB

.dat
Size: 512B - Virtual size: 76B

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 8KB

.text
Size: 129KB - Virtual size: 129KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 512B - Virtual size: 480B

.tls
Size: 512B - Virtual size: 35B

.tls
Size: 512B - Virtual size: 336B

.reloc
Size: 512B - Virtual size: 144B

.text
Size: 147KB - Virtual size: 147KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 7KB - Virtual size: 16KB

.pdata
Size: 10KB - Virtual size: 10KB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 22KB - Virtual size: 22KB