程序安装_Setup[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

程序安装_Setup.exe
Size

4.9MB
MD5

b944dbebe358d84f77ee18c17c26d8a1
SHA1

d59163f3b857ad4e882846cdb2ede9db182cae2d
SHA256

1c2a0295006f12f4194fd789bcad2f13f17182f683483c2ae72528a8d13ff075
SHA512

78055519599ff91571d85e8a882d599113f55061a98ba6689db5a7001982c3de7a4d0ecd8505745dfe28828c35e78c9194dfb1a4e03b0048a53dc6647c8ddf1a
SSDEEP

98304:ui+5bdQcGWDBGNZnHUs3VyPdSWGbRLJq:5adDGWsNZnHUs3VyPdpsRV

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
sample	embeds_openssl

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
程序安装_Setup.exe

Files

程序安装_Setup.exe
.exe windows:6 windows x64 arch:x64

55638d07102e02c93ec16561e0226ea7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

IsValidCodePage
FindFirstFileExW
RemoveDirectoryW
DeleteFileW
GetFileAttributesExW
SetEndOfFile
GetTimeZoneInformation
GetFullPathNameW
GetCurrentDirectoryW
GetOEMCP
FlushFileBuffers
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetEnvironmentVariableW
SetStdHandle
FreeEnvironmentStringsW
HeapSize
WriteConsoleW
SetEvent
GetConsoleWindow
WideCharToMultiByte
FormatMessageW
FormatMessageA
LocalFree
VirtualProtectEx
GetCurrentProcess
CreateEventA
GetProcessHeap
HeapFree
HeapAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
CloseHandle
GetEnvironmentStringsW
EnumSystemFirmwareTables
GetTempPathW
GetConsoleOutputCP
GetLastError
ReleaseSemaphore
OpenEventA
ResetEvent
GetCurrentThreadId
Sleep
GetCurrentProcessId
WaitForSingleObjectEx
WaitForMultipleObjectsEx
SetWaitableTimer
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleA
GetProcAddress
CreateWaitableTimerA
GetStdHandle
GetFileType
WriteFile
GetModuleHandleW
MultiByteToWideChar
RtlVirtualUnwind
GetEnvironmentVariableW
SetLastError
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetModuleHandleExW
GetSystemTimeAsFileTime
VirtualFree
GetACP
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
GetExitCodeThread
CreateSemaphoreA
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
LoadLibraryW
GetSystemTime
SystemTimeToFileTime
FindClose
FindFirstFileW
FindNextFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetTickCount
InitializeCriticalSectionEx
CreateEventW
GetCurrentThread
GetSystemDirectoryW
SleepEx
MoveFileExW
GetEnvironmentVariableA
ReadFile
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
RaiseException
SetHandleInformation
IsDebuggerPresent
GetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
InitOnceExecuteOnce
GetTickCount64
SetFileCompletionNotificationModes
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
ExitProcess
SetConsoleCtrlHandler
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFilePointerEx
CreateDirectoryW
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
RtlUnwind

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
ShowWindow

ws2_32

gethostname
freeaddrinfo
getaddrinfo
__WSAFDIsSet
WSAIoctl
inet_ntop
inet_pton
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
sendto
recvfrom
getpeername
shutdown
socket
setsockopt
WSAPoll
connect
closesocket
WSASocketA
getnameinfo
ntohl
bind
accept
send
recv
WSASetLastError
getservbyname
getservbyport
gethostbyaddr
inet_ntoa
inet_addr
htons
htonl
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
select
ntohs
getsockopt
getsockname
ioctlsocket
listen

iphlpapi

GetAdaptersAddresses
if_indextoname

crypt32

CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenSystemStoreW
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

bcrypt

BCryptGenRandom

advapi32

CryptHashData
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
OpenThreadToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptEncrypt
CryptImportKey
CryptGetHashParam
DeregisterEventSource

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1010KB - Virtual size: 1010KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55638d07102e02c93ec16561e0226ea7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

iphlpapi

crypt32

bcrypt

advapi32

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 1010KB - Virtual size: 1010KB

.data Size: 31KB - Virtual size: 47KB

.pdata Size: 155KB - Virtual size: 154KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 46KB - Virtual size: 45KB

.rsrc Size: 43KB - Virtual size: 43KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 1010KB - Virtual size: 1010KB

.data
Size: 31KB - Virtual size: 47KB

.pdata
Size: 155KB - Virtual size: 154KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 46KB - Virtual size: 45KB

.rsrc
Size: 43KB - Virtual size: 43KB