b53b1d4838cffc00030ff62150a087929adc2fb0f2b9353c1cb4a51c0202f6e8

Sharing

Copy URL Twitter E-mail

General

Target

b53b1d4838cffc00030ff62150a087929adc2fb0f2b9353c1cb4a51c0202f6e8
Size

4.1MB
MD5

6df0364536bc865c1c080cee4f5a7ec9
SHA1

a81d74d7fa6ef07ef2b866f2f4975eb5b02058c1
SHA256

b53b1d4838cffc00030ff62150a087929adc2fb0f2b9353c1cb4a51c0202f6e8
SHA512

efbdb3d9a907f6f5e1435b4c9ae610a3ca7175288706f201925cbe6f37fae467337fd41dbd1328235dfae1d43212c674775010562d252782548773a8fc7e8b56
SSDEEP

98304:XjaVQ9dOvi8LaAy4Mu6vEjLYnzK3y+DeO6tVuOpcE8lyX:Xjhgjyxu6hzKi+b6tVnpd8+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b53b1d4838cffc00030ff62150a087929adc2fb0f2b9353c1cb4a51c0202f6e8

Files

b53b1d4838cffc00030ff62150a087929adc2fb0f2b9353c1cb4a51c0202f6e8
.exe windows:6 windows x64 arch:x64

c3967d435c4279b82b43baa6ba6f8d2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\xuanyuan\Desktop\ChiYueBing\x64\Release\ChiYueBing.pdb

Imports

kernel32

WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
GlobalUnlock
HeapReAlloc
HeapSize
GetProcessHeap
GetStringTypeW
GetFileType
SetStdHandle
FreeEnvironmentStringsW
GlobalLock
FindResourceW
LoadResource
GlobalFree
GlobalAlloc
LockResource
FlushFileBuffers
SizeofResource
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapAlloc
HeapFree
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
WriteFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle

user32

KillTimer
UpdateLayeredWindow
LoadCursorW
LoadIconW
TranslateMessage
SetTimer
DispatchMessageW
PostQuitMessage
RegisterClassExW
GetSystemMetrics
CreateWindowExW
GetDC
DefWindowProcW
GetMessageW
ReleaseDC
ShowWindow
UpdateWindow

gdi32

SelectObject
CreateDIBSection
CreateCompatibleDC
GetStockObject
DeleteDC
DeleteObject
CreateCompatibleBitmap

ole32

CreateStreamOnHGlobal

gdiplus

GdipCloneBrush
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDeleteStringFormat
GdipDeleteFont
GdipDrawString
GdipCreateBitmapFromScan0
GdipDrawImageI
GdipSetStringFormatAlign
GdipDrawImageRectRectI
GdipLoadImageFromStream
GdipFree
GdipLoadImageFromStreamICM
GdipCreateFromHDC
GdipGraphicsClear
GdipCreateSolidFill
GdipCreateFont
GdipSetStringFormatLineAlign
GdipDisposeImage
GdipDrawImageRectI
GdipAlloc
GdipDeleteBrush
GdipCloneImage
GdipCreateFontFamilyFromName
GdipGetImageHeight
GdipDeleteFontFamily
GdipCreateStringFormat
GdiplusShutdown
GdiplusStartup
GdipGetImageWidth

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3967d435c4279b82b43baa6ba6f8d2a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ole32

gdiplus

Sections

.text Size: 89KB - Virtual size: 88KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 6KB - Virtual size: 6KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 4.0MB - Virtual size: 4.0MB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 89KB - Virtual size: 88KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 6KB - Virtual size: 6KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

.reloc
Size: 2KB - Virtual size: 1KB