ec77ac7132017f7ec390beb010379c7d880561c82ecb88f62145b190921465cc

Sharing

Copy URL Twitter E-mail

General

Target

ec77ac7132017f7ec390beb010379c7d880561c82ecb88f62145b190921465cc
Size

4.6MB
MD5

d514ec629dbeba431c32f0e5449d5d8f
SHA1

ad62d046b7f40ae318900304825159f84420c4ad
SHA256

ec77ac7132017f7ec390beb010379c7d880561c82ecb88f62145b190921465cc
SHA512

38f0174560b6e1b2c0ad8fb32c0f8a9f0c3dcbc44b09a4c15016f447c9f7f4138f5b47adf8a72717732ff50798985f9d160c7d6412776748f4773e85ca2be479
SSDEEP

49152:PyVwASOSGtlqQ8IU6iUEPawfW1Ju20oGuYMT3YJjJtk4woIjjhFqcyVD7Rl6lAqP:oz+UQU1vTokp9FYVHyU24AT0C

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 2 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
sample	embeds_openssl
static1/unpack001/文档-doc-uninsta.exe	embeds_openssl

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/文档-doc-uninsta.exe

Files

ec77ac7132017f7ec390beb010379c7d880561c82ecb88f62145b190921465cc
.zip
文档-doc-uninsta.exe
.exe windows:6 windows x64 arch:x64

08a6a805c9bb6cef169b8506e1e475d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatusEx
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitOnceExecuteOnce
GetTickCount64
GetModuleHandleW
SetFileCompletionNotificationModes
GetHandleInformation
GetCurrentProcessId
TryEnterCriticalSection
GetCurrentThreadId
WaitForSingleObject
IsDebuggerPresent
SetHandleInformation
LoadLibraryA
GetProcAddress
FreeLibrary
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
Sleep
GetConsoleWindow
WideCharToMultiByte
FormatMessageA
VirtualProtectEx
GetCurrentProcess
WriteConsoleW
HeapSize
SetEndOfFile
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
GetTimeZoneInformation
SetFilePointerEx
GetFileSizeEx
HeapReAlloc
RemoveDirectoryW
DeleteFileW
GetFileAttributesExW
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
SetEvent
CloseHandle
EnumSystemFirmwareTables
RtlPcToFileHeader
WaitForSingleObjectEx
GetExitCodeThread
InitializeCriticalSectionEx
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
IsProcessorFeaturePresent
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
GetStdHandle
GetFileType
WriteFile
RtlVirtualUnwind
GetEnvironmentVariableW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VirtualFree
GetACP
ReleaseSemaphore
CreateSemaphoreA
GetSystemDirectoryA
LoadLibraryW
GetSystemTime
SystemTimeToFileTime
FindClose
FindFirstFileW
FindNextFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionAndSpinCount
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
LoadLibraryExW
CreateDirectoryW
CreateThread
ExitThread
FreeLibraryAndExitThread
ExitProcess
SetConsoleCtrlHandler
ReadFile
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetTempPathW
RtlUnwind

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
ShowWindow

advapi32

CryptGetUserKey
CryptSignHashW
CryptDestroyHash
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptEnumProvidersW
CryptGetProvParam
CryptSetHashParam

wininet

InternetOpenW
InternetOpenUrlA
InternetReadFile
HttpQueryInfoW
InternetCloseHandle

crypt32

CertEnumCertificatesInStore
CertOpenSystemStoreW
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertCloseStore
CertOpenStore
CertFindCertificateInStore

ws2_32

freeaddrinfo
getaddrinfo
ntohl
WSAIoctl
ntohs
getpeername
getnameinfo
WSASocketA
WSACleanup
WSAStartup
setsockopt
send
gethostbyaddr
inet_ntoa
htons
htonl
getsockopt
getsockname
getservbyport
getservbyname
WSASetLastError
ioctlsocket
connect
closesocket
bind
accept
WSAGetLastError
WSAPoll
inet_addr
recvfrom
sendto
select
listen
gethostbyname
shutdown
socket
recv

iphlpapi

if_indextoname
GetAdaptersAddresses

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1003KB - Virtual size: 1002KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08a6a805c9bb6cef169b8506e1e475d4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

wininet

crypt32

ws2_32

iphlpapi

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 1003KB - Virtual size: 1002KB

.data Size: 49KB - Virtual size: 65KB

.pdata Size: 153KB - Virtual size: 152KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 44KB - Virtual size: 44KB

.rsrc Size: 1024B - Virtual size: 784B

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 1003KB - Virtual size: 1002KB

.data
Size: 49KB - Virtual size: 65KB

.pdata
Size: 153KB - Virtual size: 152KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 44KB - Virtual size: 44KB

.rsrc
Size: 1024B - Virtual size: 784B