6016bc268a5c6f25d5a91ec7f4e556d0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6016bc268a5c6f25d5a91ec7f4e556d0N.exe
Size

704KB
MD5

6016bc268a5c6f25d5a91ec7f4e556d0
SHA1

37fb0f5bd99d14536df789c994048c0b6b148882
SHA256

71baef9f24525c53b193e157a1ab949dbddabb24b7a276cad5073b7ef0e9b8cf
SHA512

660e991d5980a9e72bf749c8d9f479c80914d398f76e30b34210086a5fcfa14021da597ddbf9d7f42dc1c4c006153bb26feed95136c0dcf25fd78ba370788388
SSDEEP

12288:jHBi52bA1n+fcm0CVpgHQzNe+pw0WSVZtTDZmz0sovx9pX1fzZ1cx3:jHy2bA+c9Ubvwbunmz0hpXZzTcx3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6016bc268a5c6f25d5a91ec7f4e556d0N.exe

Files

6016bc268a5c6f25d5a91ec7f4e556d0N.exe
.exe windows:5 windows x86 arch:x86

9e681c7445ef26ad2804ae00f9793bd6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

K:\备份\游斯机登陆器 V1.3\非游斯基\黑月 + vs2008\加载壳\vs2008壳\Release\start.pdb

Imports

kernel32

GetVersion
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
WriteFile
RtlUnwind
GetCPInfo
GetCommandLineA
GetOEMCP
InterlockedDecrement
InterlockedIncrement
GetStringTypeA
CloseHandle
LCMapStringW
RaiseException
WaitForSingleObject
MultiByteToWideChar
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
LocalSize
GetModuleHandleA
GetProcessHeap
VirtualFree
VirtualAlloc
RtlZeroMemory
lstrcmpiW
lstrcmpW
GetSystemInfo
GetExitCodeThread
lstrlenW
LeaveCriticalSection
CreateThread
EnterCriticalSection
LockResource
LoadResource
SizeofResource
FindResourceW
DeleteCriticalSection
InitializeCriticalSection
RtlMoveMemory
lstrcpynW
GetStringTypeW
GetModuleHandleW
GetACP
GetModuleHandleW
GetStartupInfoW
SetUnhandledExceptionFilter
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

atl

ord42

user32

DefMDIChildProcW
LoadCursorW
SetCursor
TrackMouseEvent
DestroyIcon
PostQuitMessage
SetWindowLongW
CreateWindowExW
GetWindowLongW
GetDlgItem
IsWindow
DefWindowProcW
SetFocus
LoadMenuW
DestroyMenu
AppendMenuW
GetMenuItemCount
InsertMenuW
CharLowerW
EndPaint
CallWindowProcW
GetAsyncKeyState
GetClientRect
GetFocus
GetWindowRect
GetParent
SetMenuInfo
GetClassNameW
DestroyWindow
ScreenToClient
InvalidateRect
ValidateRect
UpdateWindow
MoveWindow
SetWindowPos
SetParent
IsWindowVisible
IsWindowEnabled
EnableWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
MessageBoxW
SetPropW
GetPropW
RemovePropW
DestroyCursor
SetWindowRgn
SetRect
GetClassLongW
SetClassLongW
wsprintfA
RegisterClassExW
CharUpperW
SetForegroundWindow
DispatchMessageW
CreateMenu
CreatePopupMenu
BeginPaint
SendMessageW
PostMessageW
CopyImage
LoadBitmapW
LoadIconW
FillRect
GetSysColor
IsIconic
IsZoomed
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
RegisterWindowMessageW
RegisterHotKey
UnregisterHotKey
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
GetSystemMenu
MessageBoxA
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoW
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuState
GetMenuItemRect
GetMenuItemInfoW
GetMenuStringW
TrackPopupMenu
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
ShowWindow

gdi32

DeleteDC
SelectObject
BitBlt
ExtCreateRegion
GetObjectA
CreateDIBSection
StretchBlt
CreateSolidBrush
CreatePatternBrush
GetStockObject
CombineRgn
DeleteObject
CreateRoundRectRgn
CreateCompatibleDC

wininet

InternetOpenW
InternetOpenUrlW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle

shell32

DragQueryFileW
DragAcceptFiles
DragFinish
Shell_NotifyIconW

shlwapi

StrTrimW

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 525KB - Virtual size: 524KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e681c7445ef26ad2804ae00f9793bd6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

atl

user32

gdi32

wininet

shell32

shlwapi

Sections

.text Size: 129KB - Virtual size: 128KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 22KB - Virtual size: 24KB

.rsrc Size: 525KB - Virtual size: 524KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 129KB - Virtual size: 128KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 22KB - Virtual size: 24KB

.rsrc
Size: 525KB - Virtual size: 524KB

.reloc
Size: 9KB - Virtual size: 8KB