fdf7c593f59656f043d1c167eb00cc6398373d9f936328f3baa1ad7d042a3302

Sharing

Copy URL Twitter E-mail

General

Target

fdf7c593f59656f043d1c167eb00cc6398373d9f936328f3baa1ad7d042a3302
Size

362KB
MD5

68059c44f514c78b9e5681919b0c4683
SHA1

271b25f58fc0384649dbb0a3cbed895e4a968f6b
SHA256

fdf7c593f59656f043d1c167eb00cc6398373d9f936328f3baa1ad7d042a3302
SHA512

c7712f0f9d4e2daf84f359e994cecb5168cf697bf18ff18ba2d9cb3f87a59eb0666fa6a1e10e80b231e009a720890e5d604716a4f3b0e178f5c3a587a5af8d89
SSDEEP

6144:0s2MYEyYTFIWLqsSPv3TWw7Ola8vNXvK41cWj/LTTOtfc2wMwkIpt2HRlm3fgmc5:fsEyXWLq13TW2Ol9lFXnTwfzw9TIjcdY

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/19.9.0.3/Bosskey.exe
unpack001/19.9.0.3/oleacc.dll

Files

fdf7c593f59656f043d1c167eb00cc6398373d9f936328f3baa1ad7d042a3302
.rar
19.9.0.3/Bosskey.exe
.exe windows:5 windows x86 arch:x86

d98c016a1fb1e61a85ef3f32a8b48310

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\天使软件\老板键\天使老板键Load - 2 - BS\Release\AngelBosskey.pdb

Imports

kernel32

SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesExA
SystemTimeToTzSpecificLocalTime
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
WriteConsoleW
SetFilePointerEx
GetConsoleMode
FileTimeToSystemTime
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
GetStringTypeW
GetFileType
LCMapStringW
GetStdHandle
ExitProcess
HeapQueryInformation
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
RtlUnwind
OutputDebugStringW
GetCPInfo
GetOEMCP
GetVolumeInformationA
GetCurrentProcess
GetFullPathNameA
FlushFileBuffers
FindFirstFileA
FindClose
DeleteFileA
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GlobalFlags
FormatMessageA
LocalFree
GlobalFree
GlobalGetAtomNameA
GlobalFindAtomA
FindResourceA
lstrcmpW
FreeResource
GetSystemDirectoryW
EncodePointer
MulDiv
GlobalUnlock
GetCurrentProcessId
GlobalAddAtomA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
CompareStringA
FindResourceW
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
LoadLibraryExW
GetModuleFileNameA
GetVersionExA
GetCurrentThread
GetCurrentThreadId
SetEvent
LoadLibraryW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
SetLastError
OutputDebugStringA
GetACP
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
HeapSize
HeapReAlloc
DecodePointer
CloseHandle
WriteFile
CreateThread
IsBadReadPtr
LoadLibraryA
GetProcessHeap
HeapFree
HeapAlloc
VirtualProtect
VirtualFree
CreateFileW
VirtualAlloc
GetProcAddress
GetConsoleCP
FreeLibrary

user32

ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
LoadIconA
GetWindow
GetTopWindow
GetClassNameA
GetClassLongA
SetWindowLongA
PtInRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
GetWindowTextA
RemovePropA
GetPropA
SetPropA
GetScrollPos
RedrawWindow
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
GetMenuItemCount
GetSubMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
DestroyWindow
IsChild
IsMenu
RealChildWindowFromPoint
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
SendMessageA
IsIconic
EnableWindow
GetSystemMetrics
RegisterWindowMessageA
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
UnhookWindowsHookEx
GetLastActivePopup
SetWindowTextA
IsDialogMessageA
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetDesktopWindow
GetMenuItemID
DrawIcon
GetClientRect
LoadIconW
UnregisterClassA
SendDlgItemMessageA
SetRectEmpty
OffsetRect
GetParent
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
LoadBitmapW
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExA
CallNextHookEx
PostMessageA
PostQuitMessage
SetCursor
IsWindowEnabled
MessageBoxA
GetWindowLongA
GetSysColorBrush
LoadCursorA
SetTimer
KillTimer
CharUpperA
DestroyMenu
IsWindow
GetWindowThreadProcessId
InvalidateRect

gdi32

GetStockObject
PtVisible
RectVisible
RestoreDC
SaveDC
SelectObject
SetBkColor
SetMapMode
SetTextColor
GetDeviceCaps
GetObjectA
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetClipBox
Escape
DeleteObject
DeleteDC
CreateBitmap

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shlwapi

PathFindFileNameA
PathIsUNCA
PathStripToRootA
PathFindExtensionA

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize

oleaut32

VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 170KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
19.9.0.3/Bosskey.ini
19.9.0.3/oleacc.dll
.dll regsvr32 windows:4 windows x86 arch:x86

66211fc6d178814d3109d6503c713b94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetStdHandle
GetConsoleMode
TlsGetValue
GetLastError
SetLastError
RaiseException
ExitProcess
GetStartupInfoA
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
GetSystemInfo
LoadLibraryW
LoadLibraryA
GetProcAddress
FreeLibrary
FormatMessageW
CreateFileW
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsFree
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
GetCurrentThread
OpenThread
IsDebuggerPresent
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
RtlUnwind
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetWindowsDirectoryA
GetVersionExA
CompareStringA
GetLocaleInfoA
EnumCalendarInfoA
CompareStringW
GetLocaleInfoW
VirtualFree
VirtualProtect
GetCPInfo
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetSystemMetrics
MessageBeep

Exports

Exports

AccGetRunningUtilityState
AccNotifyTouchInteraction
AccSetRunningUtilityState
AccessibleChildren
AccessibleObjectFromEvent
AccessibleObjectFromPoint
AccessibleObjectFromWindow
AccessibleObjectFromWindowTimeout
CreateStdAccessibleObject
CreateStdAccessibleProxyA
CreateStdAccessibleProxyW
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetOleaccVersionInfo
GetProcessHandleFromHwnd
GetRoleTextA
GetRoleTextW
GetStateTextA
GetStateTextW
IID_IAccessible
IID_IAccessibleHandler
LIBID_Accessibility
LresultFromObject
ObjectFromLresult
PropMgrClient_LookupProp
WindowFromAccessibleObject

Sections

.text
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d98c016a1fb1e61a85ef3f32a8b48310

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

ole32

oleaut32

oleacc

Sections

.text Size: 186KB - Virtual size: 186KB

.rdata Size: 57KB - Virtual size: 57KB

.data Size: 170KB - Virtual size: 180KB

.gfids Size: 3KB - Virtual size: 3KB

.giats Size: 512B - Virtual size: 4B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 13KB - Virtual size: 13KB

66211fc6d178814d3109d6503c713b94

Headers

File Characteristics

Imports

kernel32

oleaut32

user32

Exports

Exports

Sections

.text Size: 147KB - Virtual size: 147KB

.data Size: 6KB - Virtual size: 6KB

.rdata Size: 32KB - Virtual size: 31KB

.bss Size: - Virtual size: 10KB

.CRT Size: 512B - Virtual size: 4B

.idata Size: 3KB - Virtual size: 2KB

.edata Size: 1024B - Virtual size: 948B

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 186KB - Virtual size: 186KB

.rdata
Size: 57KB - Virtual size: 57KB

.data
Size: 170KB - Virtual size: 180KB

.gfids
Size: 3KB - Virtual size: 3KB

.giats
Size: 512B - Virtual size: 4B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 13KB - Virtual size: 13KB

.text
Size: 147KB - Virtual size: 147KB

.data
Size: 6KB - Virtual size: 6KB

.rdata
Size: 32KB - Virtual size: 31KB

.bss
Size: - Virtual size: 10KB

.CRT
Size: 512B - Virtual size: 4B

.idata
Size: 3KB - Virtual size: 2KB

.edata
Size: 1024B - Virtual size: 948B

.reloc
Size: 12KB - Virtual size: 11KB