8233bf14d4388080627e8915c0ceac49[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

8233bf14d4388080627e8915c0ceac49.zip
Size

41KB
MD5

63146e5561c85556cc576b6d1f364f08
SHA1

014a0dd8b8c4dd9831b5a91c8055e2b67a8c1ef2
SHA256

d885e793fd6df3f6b2f9f9df353f93ece1e39c6974b6d8516dd0d906d8bdcf21
SHA512

532bffa33e12574e60a78df47ce1e4d2d7fa10991aeafec5d48e9462297a339001a4748fcb4c50a23aba9ce163b66825d0dab7c1b04d2973606153af9daa5f14
SSDEEP

768:rvwT4lLJQIwxm7IDL/TvcOcu56BsXvG/HvQ+/gBz7rT:rvwTyJixmsDL/rcOcu56BWvGR/gR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/99c4f351cf75f28b6d08afb9128949cd4ddfaed979525e47349c51c5c0dfae45

Files

8233bf14d4388080627e8915c0ceac49.zip
.zip

Password: infected
99c4f351cf75f28b6d08afb9128949cd4ddfaed979525e47349c51c5c0dfae45
.dll windows:6 windows x86 arch:x86

Password: infected

16ccf2a59f71672a938509eb1c399b99

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\原\xiang_dll32\Release\read_dll32.pdb

Imports

kernel32

GetTickCount
GetProcAddress
CloseHandle
GetSystemDirectoryA
CreateFileA
GetLastError
Wow64RevertWow64FsRedirection
CopyFileA
MultiByteToWideChar
GetModuleHandleA
GetCurrentThreadId
DeviceIoControl
WriteConsoleW
Wow64DisableWow64FsRedirection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
DecodePointer

advapi32

RegCreateKeyA
CreateServiceA
RegCloseKey
CloseServiceHandle
RegQueryValueExA
OpenSCManagerA
DeleteService
ControlService
StartServiceA
RegSetValueExA
RegOpenKeyExA
OpenServiceA

Exports

Exports

GetDev
GetProcessModuleBase
IDeleteFile
IVirtualAllocate
Read64ProcessMemory
StarDevice
StopDevice
Write64ProcessMemory
dVirtualProtect

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

16ccf2a59f71672a938509eb1c399b99

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB