30b80edf22d3807fcb6c4248ccf6b6a3e70246cd2017667717e26e3676ec42d1

Sharing

Copy URL Twitter E-mail

General

Target

30b80edf22d3807fcb6c4248ccf6b6a3e70246cd2017667717e26e3676ec42d1
Size

139KB
MD5

0448d57617e45042edcc92c9d8bebff9
SHA1

485f35de38f2164ca69c9a84c2f4a3ef940518bd
SHA256

30b80edf22d3807fcb6c4248ccf6b6a3e70246cd2017667717e26e3676ec42d1
SHA512

d6dfd10131975118d88bf61a47f313ca35ea7eff8dc6ab628e35d5d8721ff68046cfe51cabb1b64ec905135a2d0b312533cee374ca24cc1a044d17bf4a088501
SSDEEP

1536:Ol5mSj9fG9jSGSYmROohAXfTBYuLfq9L5u7AwGN1yrVLPUq4G1P5b5LFw6:Ol51ijSGSYmkoAltyLyrVbULG/5LF3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30b80edf22d3807fcb6c4248ccf6b6a3e70246cd2017667717e26e3676ec42d1

Files

30b80edf22d3807fcb6c4248ccf6b6a3e70246cd2017667717e26e3676ec42d1
.dll windows:5 windows x86 arch:x86

e10963e79a9e1a9cf8c7a4ec61df14c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\程序源码\热血江湖源码\baobaoMem\Release\ijl11.pdb

Imports

wininet

InternetCloseHandle
InternetOpenA
InternetReadFile
InternetOpenUrlA

kernel32

FreeLibrary
GetCurrentProcess
IsBadReadPtr
OpenProcess
WideCharToMultiByte
VirtualFreeEx
ReadProcessMemory
MultiByteToWideChar
IsBadStringPtrA
GetLastError
GetProcAddress
VirtualAllocEx
LoadLibraryA
GetModuleHandleA
CreateToolhelp32Snapshot
OutputDebugStringA
CloseHandle
GetNativeSystemInfo
ExitProcess
Sleep
DisableThreadLibraryCalls
DeleteFileA
FindResourceA
LoadResource
Process32First
FindResourceExA
SizeofResource
Process32Next
LockResource
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
CreateFileA
LCMapStringW
LCMapStringA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetEndOfFile
GetProcessHeap
InitializeCriticalSection
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetStringTypeW
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetCurrentThreadId
CreateThread
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
GetSystemTimeAsFileTime
GetCommandLineA
RaiseException
RtlUnwind
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ReadFile
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
SetFilePointer

user32

SendMessageA
OffsetRect
GetWindowRect
wsprintfA
MessageBoxA
GetWindowThreadProcessId
FindWindowA
FindWindowExA

advapi32

QueryServiceStatus
OpenSCManagerA
StartServiceA
DeleteService
CloseServiceHandle
OpenServiceA

shell32

ShellExecuteA
SHGetSpecialFolderPathA
SHGetFolderPathA

Exports

Exports

ijlErrorStr
ijlFree
ijlGetLibVersion
ijlInit
ijlRead
ijlWrite

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e10963e79a9e1a9cf8c7a4ec61df14c4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 104KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 5KB - Virtual size: 58KB

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 104KB - Virtual size: 104KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 5KB - Virtual size: 58KB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 8KB