ef2eda19438cddf647db6429a157d41321cb17ee2e5d4d35d08d50f304b46212

Sharing

Copy URL

Twitter E-mail

General

Target

ef2eda19438cddf647db6429a157d41321cb17ee2e5d4d35d08d50f304b46212
Size

289KB
MD5

792a7183a882acbe755a7a10f5b79e7f
SHA1

f825e128f864208871db89fa1e8b6474a570f31e
SHA256

ef2eda19438cddf647db6429a157d41321cb17ee2e5d4d35d08d50f304b46212
SHA512

a24efd099b247cb5e857190b06bfb9e3e207c882cf99ffce20dd442e4298d4d074b76daccdcad9802a6cb31d0c67275a9ce0dc5790b6303873423b6bfa35e1d8
SSDEEP

6144:nINDVXnjZZ6p/dmF1nzorsyqRiHrXZHAsLf0RQEy+Zzhc0C:naZGc3nC8iLtAC0RQE1mD

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/997C SP程序(1.0.0.16)更新包/设计文件更改/YH-NIS/yhserver/CAuthorData.dll
unpack001/997C SP程序(1.0.0.16)更新包/设计文件更改/YH-NIS/yhserver/CSysInstall.dll
unpack001/997C SP程序(1.0.0.16)更新包/设计文件更改/YH-NIS/yhserver/LocDB.dll
unpack001/997C SP程序(1.0.0.16)更新包/设计文件更改/YH-NIS/yhserver/Process_Command.dll
unpack001/997C SP程序(1.0.0.16)更新包/设计文件更改/YH-NIS/yhserver/RestartSelf.exe
unpack001/997C SP程序(1.0.0.16)更新包/设计文件更改/YH-NIS/yhserver/Show_Log.exe
unpack001/997C SP程序(1.0.0.16)更新包/设计文件更改/YH-NIS/yhserver/Split_Class.dll
unpack001/997C SP程序(1.0.0.16)更新包/设计文件更改/YH-NIS/yhserver/yhserver.exe

Files

ef2eda19438cddf647db6429a157d41321cb17ee2e5d4d35d08d50f304b46212
.zip
2401158 997C SP程序V1.0.0.16 设计更改通知单.xlsx
.xlsx office2007
997C SP程序(1.0.0.16)更新包/升级说明.docx
.docx office2007
997C SP程序(1.0.0.16)更新包/设计文件更改/YH-NIS/yhserver/CAuthorData.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\项目\项目备份\2024年\现场报修\报修-昆山东部医疗中心\YHServer(1.0.0.15)\YHServer\YHServer\CAuthorData\obj\Release\CAuthorData.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
997C SP程序(1.0.0.16)更新包/设计文件更改/YH-NIS/yhserver/CSysInstall.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\项目\项目备份\2024年\现场报修\报修-昆山东部医疗中心\YHServer(1.0.0.15)\YHServer\YHServer\CSysInstall\obj\Release\CSysInstall.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
997C SP程序(1.0.0.16)更新包/设计文件更改/YH-NIS/yhserver/LocDB.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\项目\项目备份\2024年\现场报修\报修-昆山东部医疗中心\YHServer(1.0.0.15)\YHServer\YHServer\LocDB\obj\Release\LocDB.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
997C SP程序(1.0.0.16)更新包/设计文件更改/YH-NIS/yhserver/Process_Command.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\项目\项目备份\2024年\现场报修\报修-昆山东部医疗中心\YHServer(1.0.0.15)\YHServer\YHServer\Process_Command\obj\Release\Process_Command.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
997C SP程序(1.0.0.16)更新包/设计文件更改/YH-NIS/yhserver/RestartSelf.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\项目\项目备份\2024年\现场报修\报修-昆山东部医疗中心\YHServer(1.0.0.15)\YHServer\YHServer\RestartSelf\obj\Release\RestartSelf.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
997C SP程序(1.0.0.16)更新包/设计文件更改/YH-NIS/yhserver/Show_Log.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\项目\项目备份\2024年\现场报修\报修-昆山东部医疗中心\YHServer(1.0.0.15)\YHServer\YHServer\Show_Log\obj\Release\Show_Log.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
997C SP程序(1.0.0.16)更新包/设计文件更改/YH-NIS/yhserver/Split_Class.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\项目\项目备份\2024年\现场报修\报修-昆山东部医疗中心\YHServer(1.0.0.15)\YHServer\YHServer\Split_Class\obj\Release\Split_Class.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
997C SP程序(1.0.0.16)更新包/设计文件更改/YH-NIS/yhserver/yhserver.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\项目\项目备份\2024年\现场报修\报修-昆山东部医疗中心\YHServer(1.0.0.15)\YHServer\YHServer\YHServer\obj\Release\yhserver.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 9KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 940B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 6KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 940B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 14KB - Virtual size: 13KB

.rsrc Size: 1024B - Virtual size: 892B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 12KB - Virtual size: 11KB

.rsrc Size: 1024B - Virtual size: 972B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 7KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 14KB - Virtual size: 13KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 32KB - Virtual size: 31KB

.text
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 940B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 940B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 892B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 972B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 1024B - Virtual size: 988B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 179KB - Virtual size: 179KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B