95310342ce7dece7d9adb3dfe5b2e9a8290b39b37fd5294f72fbdab691949cb9

Sharing

Copy URL Twitter E-mail

General

Target

95310342ce7dece7d9adb3dfe5b2e9a8290b39b37fd5294f72fbdab691949cb9
Size

487KB
MD5

aeea226eac9ae9fd9e7715002aa6a8fb
SHA1

888fefd3ef4aa044ff860ce13227f3259d0f9abf
SHA256

95310342ce7dece7d9adb3dfe5b2e9a8290b39b37fd5294f72fbdab691949cb9
SHA512

5768988bb2b7ece07250109f294f2f564b0760b8f4d7519ab5c39e7a9102fd3aaeca5811257e4194c6fc4d479507344bd343d7d4a6116ee0d5c5a907667f09a4
SSDEEP

6144:HIE4GiuwycezQYyZAeXs8hY1G2pewkFUQmTCjdzhNKbgTHs93HYOp3:HbiNyb8hY1G2po1jt8gTm/p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95310342ce7dece7d9adb3dfe5b2e9a8290b39b37fd5294f72fbdab691949cb9

Files

95310342ce7dece7d9adb3dfe5b2e9a8290b39b37fd5294f72fbdab691949cb9
.exe windows:5 windows x86 arch:x86

09011a2a6c3eaf775ff44a75154903b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\code\测试工具\branch\DebuggingTool\Release\测试工具V6.2.pdb

Imports

kernel32

GetFileAttributesA
GetFileSizeEx
GetFileTime
GetCPInfo
GetOEMCP
SetErrorMode
GetTickCount
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapFree
HeapAlloc
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
SetStdHandle
GetFileType
ExitProcess
HeapSize
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
HeapCreate
VirtualFree
GetStdHandle
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
InterlockedIncrement
GetModuleHandleW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetThreadLocale
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalAddAtomA
WritePrivateProfileStringA
FreeResource
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CompareStringA
InterlockedExchange
lstrcmpA
GetCurrentProcessId
LocalAlloc
DeleteCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
MulDiv
SuspendThread
GetCurrentThreadId
SetThreadPriority
FreeLibrary
InterlockedDecrement
GetModuleFileNameW
lstrlenA
GetLocalTime
SetCurrentDirectoryA
CreateDirectoryA
GetModuleFileNameA
GetCommModemStatus
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
ResumeThread
CreateEventA
WriteFile
ResetEvent
Sleep
GetOverlappedResult
WaitForSingleObject
ReadFile
GetCommMask
WaitForMultipleObjects
ClearCommError
WaitCommEvent
GlobalFree
GlobalAlloc
SetEvent
PurgeComm
LeaveCriticalSection
SetCommState
BuildCommDCBA
GetCommState
SetCommMask
SetCommTimeouts
SetupComm
CreateFileA
CloseHandle
EnterCriticalSection
InitializeCriticalSection
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetLastError
UnhandledExceptionFilter
SetLastError

user32

PostThreadMessageA
GetSysColorBrush
UnregisterClassA
DestroyMenu
CharUpperA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
MapWindowPoints
TrackPopupMenu
SetMenu
SetForegroundWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
EqualRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
OffsetRect
IntersectRect
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
WindowFromPoint
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
PostQuitMessage
RegisterClipboardFormatA
PostMessageA
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
MessageBoxA
GetDesktopWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
SetWindowsHookExA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CallNextHookEx
GetMessageA
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
ReleaseCapture
SetCapture
AdjustWindowRectEx
LoadCursorA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
UnhookWindowsHookEx
ReleaseDC
GetDC
IsWindow
ScreenToClient
CopyRect
LoadImageA
SetCursor
UpdateWindow
InvalidateRect
GetSysColor
SetWindowLongA
GetWindowLongA
GetParent
GetSubMenu
LoadMenuA
FindWindowA
GetMessagePos
GetFocus
BringWindowToTop
SetTimer
KillTimer
DrawIcon
GetSystemMetrics
IsIconic
GetWindowRect
GetClientRect
LoadIconA
EnableWindow
SendMessageA
SystemParametersInfoA

gdi32

ExtSelectClipRgn
DeleteDC
CreateBitmap
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
CreateSolidBrush
GetWindowExtEx
GetViewportExtEx
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
CreateRectRgnIndirect
BitBlt
CreateCompatibleDC
DeleteObject
GetStockObject
GetObjectA
PtVisible

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegEnumValueA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderPathA

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsA
PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW
PathFindFileNameA

oledlg

ord8

ole32

CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoCreateInstance
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
VariantClear

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

ws2_32

socket
setsockopt
inet_addr
htons
WSACleanup
closesocket
select
ioctlsocket
recv
WSAGetLastError
send
WSAStartup
connect

Sections

.text
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09011a2a6c3eaf775ff44a75154903b2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

setupapi

ws2_32

Sections

.text Size: 290KB - Virtual size: 290KB

.rdata Size: 70KB - Virtual size: 69KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 74KB - Virtual size: 73KB

.reloc Size: 40KB - Virtual size: 39KB

.text
Size: 290KB - Virtual size: 290KB

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 74KB - Virtual size: 73KB

.reloc
Size: 40KB - Virtual size: 39KB