fb3af8a18cd7089f561ff844e59872de5f66a950fc55da32079031e553d14c97_cda15ee1e3d6a386e4bd24abd3d87a2f9b45c3789e21f7e9c1b74c839148ff1e[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

fb3af8a18cd7089f561ff844e59872de5f66a950fc55da32079031e553d14c97_cda15ee1e3d6a386e4bd24abd3d87a2f9b45c3789e21f7e9c1b74c839148ff1e.exe
Size

298KB
MD5

abd6ece083d4e5cd49a7101978f8c368
SHA1

ccebf1ae768f03694652aef8e4b39d1ff541a888
SHA256

cda15ee1e3d6a386e4bd24abd3d87a2f9b45c3789e21f7e9c1b74c839148ff1e
SHA512

09e08e2cb3b029760d7325260090b128e6ada9c0f58691d272069b93ac29d14a668a788e841480a70fd8d3aff827fd5821cc2421e1360c895c856bd2f183db37
SSDEEP

6144:MUQiCn5yMC+FLPg7iaDMXpuA4mCT1DtNQi37qMt6VECBJRTBucmMM1:MUxCnc7+FLYmysT+Dtii/eBJRTgR1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb3af8a18cd7089f561ff844e59872de5f66a950fc55da32079031e553d14c97_cda15ee1e3d6a386e4bd24abd3d87a2f9b45c3789e21f7e9c1b74c839148ff1e.exe

Files

fb3af8a18cd7089f561ff844e59872de5f66a950fc55da32079031e553d14c97_cda15ee1e3d6a386e4bd24abd3d87a2f9b45c3789e21f7e9c1b74c839148ff1e.exe
.exe windows:5 windows x64 arch:x64

3e40af150876feece407d7a491a6748c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\xc\Desktop\WinOsClientProject\x64\Release-exe\上线模块.pdb

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
OpenProcess
GetCurrentProcessId
GetDriveTypeW
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
GetSystemInfo
lstrcpyW
GetProcAddress
GetModuleHandleW
LoadLibraryW
FreeLibrary
GetModuleFileNameW
GetCommandLineW
GetStartupInfoW
CreateProcessW
ExitProcess
WideCharToMultiByte
QueryPerformanceFrequency
CreateEventW
SetEvent
ResetEvent
QueryPerformanceCounter
WaitForSingleObject
Sleep
CreateEventA
FormatMessageW
SetLastError
VirtualProtect
IsBadReadPtr
LoadLibraryA
GetNativeSystemInfo
GetConsoleWindow
GetLocalTime
GetLocaleInfoW
GetSystemDirectoryW
CreateMutexW
SetUnhandledExceptionFilter
SetErrorMode
GetCurrentThreadId
CreateThread
CreateFileW
GetFileSize
SetFilePointer
WriteFile
ReleaseMutex
CreateWaitableTimerW
HeapDestroy
HeapCreate
LocalFree
ReadFile
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetLastError
LCMapStringW
GetSystemTimeAsFileTime
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetTickCount
CloseHandle
Process32NextW
InitializeCriticalSection
Process32FirstW
CreateToolhelp32Snapshot
lstrcatW
MultiByteToWideChar
lstrlenW
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
InitializeCriticalSectionAndSpinCount
RaiseException
GetCPInfo
GetStringTypeW
GetVersion
HeapSetInformation
HeapSize
GetStdHandle
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
HeapReAlloc
ExitThread
EncodePointer
DecodePointer
TryEnterCriticalSection
CancelWaitableTimer
SetWaitableTimer
lstrlenA
UnmapViewOfFile
VirtualFree
SwitchToThread
CreateFileMappingW
MapViewOfFileEx

user32

EnumDisplayMonitors
GetMonitorInfoW
GetWindowTextW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
FindWindowA
GetWindowTextA
GetWindow
GetClassNameA
wsprintfW
GetWindowThreadProcessId
EnumWindows
SendMessageW
OpenWindowStationW
SetProcessWindowStation
IsWindow
PostThreadMessageA
GetInputState
GetLastInputInfo
GetForegroundWindow

advapi32

RegCloseKey
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken
LookupAccountSidW
GetTokenInformation
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegEnumKeyExA
RegOpenKeyExA

shell32

SHGetFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysStringLen
SysAllocString

ws2_32

shutdown
closesocket
send
WSAStringToAddressW
WSAIoctl
InetNtopW
htons
ntohs
WSAGetLastError
inet_ntoa
gethostbyname
gethostname
WSASetLastError
getpeername
getsockname
freeaddrinfo
getaddrinfo
WSAStartup
WSAResetEvent
WSAEventSelect
WSACleanup
bind
connect
recv
WSACloseEvent
WSACreateEvent
socket
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
setsockopt

dinput8

DirectInput8Create

shlwapi

StrChrW

winmm

timeGetDevCaps
timeEndPeriod
timeBeginPeriod
timeGetTime

Exports

Exports

Version
load
run

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bss
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3e40af150876feece407d7a491a6748c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

dinput8

shlwapi

winmm

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 180KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 23KB - Virtual size: 39KB

.pdata Size: 10KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 6KB - Virtual size: 6KB

.bss Size: 512B - Virtual size: 512B

.text
Size: 180KB - Virtual size: 180KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 23KB - Virtual size: 39KB

.pdata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 6KB - Virtual size: 6KB

.bss
Size: 512B - Virtual size: 512B