33aa65641db70f9c5cbb3ef21afb933baf3e6bf56b4926b0f3d03a2c448e57f0

Sharing

Copy URL Twitter E-mail

General

Target

33aa65641db70f9c5cbb3ef21afb933baf3e6bf56b4926b0f3d03a2c448e57f0
Size

5.5MB
MD5

337d7e6b5f58aff6dba18584c6728103
SHA1

eb52f3dd11269ada87b12b4c66e9a66385dc96b8
SHA256

33aa65641db70f9c5cbb3ef21afb933baf3e6bf56b4926b0f3d03a2c448e57f0
SHA512

a4f7d8ca00cd53efbd64c3109d3d5953b0f2565f3dacee39ec12a582b37a57f8ae8b047d25522177929971f42c06f65f76f08d39252eff22817bf0b5c880bb5d
SSDEEP

98304:aMuomBt1prRC80K+CdfpFI2TQ/DUFE7ueoHZBVxCAnlZBKUxSnNgYBhfHMx5XLjN:fNyt7rU/xlDWE2fVgcBRxagY/810F5U

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/改键软件/Gaijian.exe
unpack001/改键软件/测试键位软件.exe

Files

33aa65641db70f9c5cbb3ef21afb933baf3e6bf56b4926b0f3d03a2c448e57f0
.zip
改键软件/Gaijian.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

LinTxKeyboard.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
改键软件/使用教程.jpg
.jpg
改键软件/打开异常装NET4.8.txt
改键软件/测试键位软件.exe
.exe windows:5 windows x86 arch:x86

e45527464e992d90e011db083eb1c1a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Documents\Visual Studio 2013\Projects\KeyboardTestUtility\Release\KeyboardTestUtility.pdb

Imports

kernel32

SetFilePointerEx
OutputDebugStringW
LCMapStringW
GetTimeZoneInformation
WriteConsoleW
SetEnvironmentVariableA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStartupInfoW
GetStdHandle
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
VirtualQuery
SizeofResource
VirtualAlloc
GetSystemInfo
IsProcessorFeaturePresent
IsDebuggerPresent
HeapQueryInformation
ReadConsoleW
CreateThread
GetModuleHandleExW
ExitProcess
RtlUnwind
GetCommandLineW
FindResourceExW
VirtualProtect
SearchPathW
GetProfileIntW
GetTickCount
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
lstrcpyW
GetWindowsDirectoryW
SetErrorMode
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetConsoleMode
GetConsoleCP
ExitThread
GetStringTypeW
FileTimeToSystemTime
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GlobalFlags
GlobalGetAtomNameW
ResumeThread
SetThreadPriority
WaitForSingleObject
lstrcmpiW
GetCurrentProcess
DuplicateHandle
CloseHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
CreateFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GetVersionExW
GetCurrentThread
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
WideCharToMultiByte
MultiByteToWideChar
CopyFileW
FormatMessageW
LocalFree
GlobalSize
GlobalAlloc
GetCurrentProcessId
LoadLibraryW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
FreeResource
SetLastError
OutputDebugStringA
DeleteCriticalSection
DecodePointer
EnterCriticalSection
HeapSize
GetLastError
RaiseException
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
DeleteFileW
GlobalFree
GlobalUnlock
GetTempPathW
GlobalLock
GetModuleHandleW
Sleep
MulDiv
FindResourceW
LoadResource
LockResource

user32

SetClassLongW
SetCursorPos
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
PostThreadMessageW
IsZoomed
GetComboBoxInfo
TrackMouseEvent
MonitorFromPoint
UpdateLayeredWindow
IsMenu
SetWindowRgn
DrawFrameControl
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetAsyncKeyState
MessageBeep
GetIconInfo
DrawFocusRect
GetNextDlgGroupItem
LockWindowUpdate
SetCapture
SetRect
WindowFromPoint
GetMenuDefaultItem
SetParent
GetSystemMenu
IsRectEmpty
UnionRect
MapVirtualKeyW
GetKeyNameTextW
KillTimer
SetTimer
DeleteMenu
CopyImage
SystemParametersInfoW
GetMenuItemInfoW
GetSysColorBrush
RealChildWindowFromPoint
SendDlgItemMessageA
ReuseDDElParam
UnpackDDElParam
SetRectEmpty
InsertMenuItemW
DestroyMenu
CreatePopupMenu
LoadMenuW
TranslateAcceleratorW
LoadAcceleratorsW
ReleaseCapture
BringWindowToTop
IsIconic
SetCursor
ShowOwnedPopups
GetCursorPos
TranslateMessage
GetMessageW
CharUpperW
IntersectRect
LoadBitmapW
SetMenuItemInfoW
DrawIcon
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetTopWindow
GetClassNameW
GetClassLongW
PtInRect
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
PostMessageW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
IsDialogMessageW
GetWindow
SetWindowLongW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetFocus
SetFocus
GetDlgCtrlID
CheckDlgButton
SetDlgItemTextW
MoveWindow
ShowWindow
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
GetLastActivePopup
GetWindowThreadProcessId
GetWindowRgn
DestroyCursor
MapDialogRect
CreateMenu
SubtractRect
GetUpdateRect
IsClipboardFormatAvailable
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
MessageBoxW
GetSysColor
FrameRect
CharUpperBuffW
RegisterClipboardFormatW
ModifyMenuW
SetMenuDefaultItem
CopyIcon
GetMenuCheckMarkDimensions
GetDoubleClickTime
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetParent
GetDesktopWindow
GetWindowLongW
SetActiveWindow
IsWindowEnabled
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
IsWindow
SendMessageW
UnregisterClassW
GetSystemMetrics
DefWindowProcW
CallNextHookEx
GetActiveWindow
UnhookWindowsHookEx
PostQuitMessage
SetWindowsHookExW
SetWindowPos
UpdateWindow
DrawIconEx
OffsetRect
InflateRect
GetClientRect
InvalidateRect
LoadCursorW
DestroyIcon
LoadIconW
EnableWindow
FillRect
CopyRect
LoadImageW

gdi32

TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CopyMetaFileW
CreateDCW
CombineRgn
CreateFontIndirectW
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextExtentPoint32W
GetTextMetricsW
GetBkColor
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
MoveToEx
CreatePolygonRgn
Polygon
Polyline
Rectangle
EnumFontFamiliesExW
GetRgnBox
OffsetRgn
CreateRoundRectRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
GetTextFaceW
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetTextAlign
SetTextColor
GetTextColor
CreateCompatibleDC
SetMapMode
SetBkMode
SetBkColor
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteObject
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateBitmap
DeleteDC
AddFontResourceExW
CreateCompatibleBitmap
CreateFontW
GetDeviceCaps
CreateDIBitmap
BitBlt
GetObjectW
SelectObject

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW

shell32

SHBrowseForFolderW
SHGetFileInfoW
DragQueryFileW
DragFinish
SHGetPathFromIDListW
SHAppBarMessage
ShellExecuteW
SHGetDesktopFolder
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx

shlwapi

PathIsUNCW
PathStripToRootW
PathFindFileNameW
StrFormatKBSizeW
PathFindExtensionW
PathRemoveFileSpecW

uxtheme

DrawThemeParentBackground
GetWindowTheme
GetThemeSysColor
GetCurrentThemeName
DrawThemeText
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
GetThemeColor
IsAppThemed
OpenThemeData
CloseThemeData
GetThemePartSize

ole32

OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoDisconnectObject
CoCreateInstance
CoCreateGuid
CoUninitialize
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
ReleaseStgMedium
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitialize

oleaut32

SysFreeString
VarBstrFromDate
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
LoadTypeLi
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipDrawImageRectI

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 512B - Virtual size: 12B

e45527464e992d90e011db083eb1c1a9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 320KB - Virtual size: 319KB

.data Size: 62KB - Virtual size: 92KB

.rsrc Size: 126KB - Virtual size: 125KB

.reloc Size: 116KB - Virtual size: 116KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 320KB - Virtual size: 319KB

.data
Size: 62KB - Virtual size: 92KB

.rsrc
Size: 126KB - Virtual size: 125KB

.reloc
Size: 116KB - Virtual size: 116KB