6d7da912a0bb1ebdf792d2deb6a938a9b62baf3f62006e145732f1f8a97ac9d5

Sharing

Copy URL Twitter E-mail

General

Target

6d7da912a0bb1ebdf792d2deb6a938a9b62baf3f62006e145732f1f8a97ac9d5
Size

226KB
MD5

db4f92f0b8452590d201ce1f5181f91f
SHA1

913b2851a7982c876356a725e74c72216779aa93
SHA256

6d7da912a0bb1ebdf792d2deb6a938a9b62baf3f62006e145732f1f8a97ac9d5
SHA512

41c15b467f755717a126905d4af74ecfe26a277af7239650d96d487f178935d2ae79aedf9b3627433fa1723ae76251140807459547b27588726005a136b615b6
SSDEEP

6144:UqJjxUAakiBpE4B9zuqqsNJcX6M9JRobX+rcD:UMUBnBS4TCFsjcX6MBobX+ID

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8ÔÂ6ºÅ/解压到桌面打开查阅/6008.exe
unpack001/Downloads/Downloads/T.exe
unpack001/ÒøºüÄ¾Âí/银狐木马/银狐木马.exe

Files

6d7da912a0bb1ebdf792d2deb6a938a9b62baf3f62006e145732f1f8a97ac9d5
.rar
8ÔÂ6ºÅ/解压到桌面打开查阅/6008.exe
.exe windows:5 windows x64 arch:x64

a9a10a3c91dcc2271db2e01836b5c18f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileW
SetEndOfFile
GetFileAttributesW
CreateFileA
WriteConsoleW
SetStdHandle
LoadLibraryW
FreeLibrary
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
GetCommandLineW
GetStartupInfoW
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
GetCurrentProcess
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
GetProcAddress
GetModuleHandleW
ExitProcess
FatalAppExitA
ReadFile
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
FlsAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
SetConsoleCtrlHandler
GetProcessHeap

user32

MessageBoxW

advapi32

RegCloseKey
RegOpenKeyExW

wininet

InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Downloads/Downloads/MS_calendar.lnk
.lnk
Downloads/Downloads/T.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Desktop\2023CryptsDone\drwk\obj\Debug\Erlianaw.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Downloads/Downloads/schedule.lnk
.lnk
ÒøºüÄ¾Âí/银狐木马/银狐木马.exe
.exe windows:5 windows x64 arch:x64

5a3e01d85678a781904ae0c97b3080a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleFileNameW
MoveFileExW
SetEndOfFile
CreateFileW
CreateProcessW
CloseHandle
GetFileAttributesW
ExitProcess
CreateFileA
WriteConsoleW
SetStdHandle
LoadLibraryW
FreeLibrary
SetConsoleCtrlHandler
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
GetCommandLineW
GetStartupInfoW
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetCPInfo
HeapAlloc
LCMapStringW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
GetCurrentProcess
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
FlsAlloc
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
GetProcAddress
GetModuleHandleW
FatalAppExitA
ReadFile
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
GetProcessHeap

user32

MessageBoxW

advapi32

RegOpenKeyExW
RegCloseKey

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlW
InternetOpenW

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9a10a3c91dcc2271db2e01836b5c18f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

wininet

Sections

.text Size: 144KB - Virtual size: 143KB

.rdata Size: 43KB - Virtual size: 42KB

.data Size: 7KB - Virtual size: 16KB

.pdata Size: 10KB - Virtual size: 9KB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 80KB - Virtual size: 80KB

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 512B - Virtual size: 12B

5a3e01d85678a781904ae0c97b3080a1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

wininet

Sections

.text Size: 166KB - Virtual size: 166KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 8KB - Virtual size: 18KB

.pdata Size: 12KB - Virtual size: 11KB

.reloc Size: 2KB - Virtual size: 2KB

.rsrc Size: 15KB - Virtual size: 15KB

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 7KB - Virtual size: 16KB

.pdata
Size: 10KB - Virtual size: 9KB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 80KB - Virtual size: 80KB

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 166KB - Virtual size: 166KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 8KB - Virtual size: 18KB

.pdata
Size: 12KB - Virtual size: 11KB

.reloc
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 15KB - Virtual size: 15KB