9abb0c43b762a7a7fce2ffbd50e33ba8ef631ccea6548f62f583ff82c96ad51a

Sharing

Copy URL

Twitter E-mail

General

Target

9abb0c43b762a7a7fce2ffbd50e33ba8ef631ccea6548f62f583ff82c96ad51a
Size

996KB
MD5

66f4b1bafae9614dcec396d5047b212b
SHA1

e01e6e0bb5377cb05c36b87c015d4933bd42ec58
SHA256

9abb0c43b762a7a7fce2ffbd50e33ba8ef631ccea6548f62f583ff82c96ad51a
SHA512

03b017eff362519ef0859dfaae824d7da8e4dfe6846b203b6aa83da0ea09bf9cd5dabe990fde565ab7d373a261cfd5382783e3e2a08b903ae2404798bcd2e2f9
SSDEEP

12288:WOcJNQ/mr508KOtnlvBOR6amXUQOgJjVcn+RN:WOlV8BvgRQXNVc+7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
9abb0c43b762a7a7fce2ffbd50e33ba8ef631ccea6548f62f583ff82c96ad51a

Files

9abb0c43b762a7a7fce2ffbd50e33ba8ef631ccea6548f62f583ff82c96ad51a
.exe windows:4 windows x64 arch:x64

3781728b4c236e4af3668d2d6faed1db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

h:\2005demo编译\2005demo\x64\debug\2005demo.pdb

Imports

kernel32

EnumDateFormatsA
VirtualAlloc
GetProcAddress
LoadLibraryA
CompareStringW
CompareStringA
VirtualQuery
CreateFileA
CloseHandle
lstrlenA
GetTimeZoneInformation
GetLocaleInfoW
SetFilePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
RtlPcToFileHeader
HeapSize
HeapValidate
IsBadReadPtr
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetModuleFileNameW
RtlLookupFunctionEntry
RtlUnwindEx
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
FatalAppExitA
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
GetLastError
HeapReAlloc
GetModuleHandleA
ExitProcess
GetACP
GetOEMCP
GetCPInfo
FlsGetValue
TlsAlloc
FlsSetValue
GetCurrentThreadId
FlsAlloc
TlsFree
FlsFree
SetLastError
TlsSetValue
GetCurrentThread
DebugBreak
GetStdHandle
WriteFile
OutputDebugStringA
WriteConsoleW
GetFileType
OutputDebugStringW
WideCharToMultiByte
SetConsoleCtrlHandler
LoadLibraryW
RtlVirtualUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
FlushFileBuffers
GetConsoleCP
GetConsoleMode
FreeLibrary
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
SetEnvironmentVariableA

user32

UpdateWindow
ShowWindow
FindWindowA

wininet

HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetReadFile

Sections

.text
Size: 464KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 389KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3781728b4c236e4af3668d2d6faed1db

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

wininet

Sections

.text Size: 464KB - Virtual size: 464KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 389KB - Virtual size: 398KB

.pdata Size: 14KB - Virtual size: 14KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 41KB - Virtual size: 40KB

.text
Size: 464KB - Virtual size: 464KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 389KB - Virtual size: 398KB

.pdata
Size: 14KB - Virtual size: 14KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 41KB - Virtual size: 40KB