fb3af8a18cd7089f561ff844e59872de5f66a950fc55da32079031e553d14c97[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

fb3af8a18cd7089f561ff844e59872de5f66a950fc55da32079031e553d14c97.exe
Size

284KB
MD5

3470ad2fb47b1da4926523b827b39640
SHA1

8c95dd85a77111c0e018636ced178375039387eb
SHA256

fb3af8a18cd7089f561ff844e59872de5f66a950fc55da32079031e553d14c97
SHA512

6274f4f27f3e563f6f8c5c1eabff50a8e58d136ac80d2cf21116c124d97d978c8e1515a92db8ee21d7f72d2bdbbf4468a6f38c1d5b76ab85415b3f41f5ebfc13
SSDEEP

6144:IUQiCn5yMC+FLPg7iaDMXpuA4mCT1DtNQi37qMt6VECBJRTBucmMM:IUxCnc7+FLYmysT+Dtii/eBJRTgR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb3af8a18cd7089f561ff844e59872de5f66a950fc55da32079031e553d14c97.exe

Files

fb3af8a18cd7089f561ff844e59872de5f66a950fc55da32079031e553d14c97.exe
.exe windows:5 windows x64 arch:x64

3e40af150876feece407d7a491a6748c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\xc\Desktop\WinOsClientProject\x64\Release-exe\上线模块.pdb

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
OpenProcess
GetCurrentProcessId
GetDriveTypeW
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
GetSystemInfo
lstrcpyW
GetProcAddress
GetModuleHandleW
LoadLibraryW
FreeLibrary
GetModuleFileNameW
GetCommandLineW
GetStartupInfoW
CreateProcessW
ExitProcess
WideCharToMultiByte
QueryPerformanceFrequency
CreateEventW
SetEvent
ResetEvent
QueryPerformanceCounter
WaitForSingleObject
Sleep
CreateEventA
FormatMessageW
SetLastError
VirtualProtect
IsBadReadPtr
LoadLibraryA
GetNativeSystemInfo
GetConsoleWindow
GetLocalTime
GetLocaleInfoW
GetSystemDirectoryW
CreateMutexW
SetUnhandledExceptionFilter
SetErrorMode
GetCurrentThreadId
CreateThread
CreateFileW
GetFileSize
SetFilePointer
WriteFile
ReleaseMutex
CreateWaitableTimerW
HeapDestroy
HeapCreate
LocalFree
ReadFile
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetLastError
LCMapStringW
GetSystemTimeAsFileTime
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetTickCount
CloseHandle
Process32NextW
InitializeCriticalSection
Process32FirstW
CreateToolhelp32Snapshot
lstrcatW
MultiByteToWideChar
lstrlenW
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
InitializeCriticalSectionAndSpinCount
RaiseException
GetCPInfo
GetStringTypeW
GetVersion
HeapSetInformation
HeapSize
GetStdHandle
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
HeapReAlloc
ExitThread
EncodePointer
DecodePointer
TryEnterCriticalSection
CancelWaitableTimer
SetWaitableTimer
lstrlenA
UnmapViewOfFile
VirtualFree
SwitchToThread
CreateFileMappingW
MapViewOfFileEx

user32

EnumDisplayMonitors
GetMonitorInfoW
GetWindowTextW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
FindWindowA
GetWindowTextA
GetWindow
GetClassNameA
wsprintfW
GetWindowThreadProcessId
EnumWindows
SendMessageW
OpenWindowStationW
SetProcessWindowStation
IsWindow
PostThreadMessageA
GetInputState
GetLastInputInfo
GetForegroundWindow

advapi32

RegCloseKey
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken
LookupAccountSidW
GetTokenInformation
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegEnumKeyExA
RegOpenKeyExA

shell32

SHGetFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysStringLen
SysAllocString

ws2_32

shutdown
closesocket
send
WSAStringToAddressW
WSAIoctl
InetNtopW
htons
ntohs
WSAGetLastError
inet_ntoa
gethostbyname
gethostname
WSASetLastError
getpeername
getsockname
freeaddrinfo
getaddrinfo
WSAStartup
WSAResetEvent
WSAEventSelect
WSACleanup
bind
connect
recv
WSACloseEvent
WSACreateEvent
socket
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
setsockopt

dinput8

DirectInput8Create

shlwapi

StrChrW

winmm

timeGetDevCaps
timeEndPeriod
timeBeginPeriod
timeGetTime

Exports

Exports

Version
load
run

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e40af150876feece407d7a491a6748c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

dinput8

shlwapi

winmm

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 180KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 23KB - Virtual size: 39KB

.pdata Size: 10KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 180KB - Virtual size: 180KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 23KB - Virtual size: 39KB

.pdata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 6KB - Virtual size: 6KB