76c3615bf25eee1a74aad4550ccd010320d4fca00fd897ca906acfdff5a249e0

Sharing

Copy URL Twitter E-mail

General

Target

76c3615bf25eee1a74aad4550ccd010320d4fca00fd897ca906acfdff5a249e0
Size

13.7MB
MD5

85c00701a1466f14f82e51bb204c541b
SHA1

4e73ba4a6a5d47341be4630c6fe494d68f7221b0
SHA256

76c3615bf25eee1a74aad4550ccd010320d4fca00fd897ca906acfdff5a249e0
SHA512

d7e710931bab8a1f10fa3d9f63821495fa3b0f54225f9f14413f25a00b77395c5cdb9800047f23fdc52efdadb8736994f17c519cbb659e6aa83cde609284bac0
SSDEEP

393216:PfVFUF2z5FNEU1ZukOBWsxMeHt4EjRAF:PfWa5FNfPmXLHB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76c3615bf25eee1a74aad4550ccd010320d4fca00fd897ca906acfdff5a249e0

Files

76c3615bf25eee1a74aad4550ccd010320d4fca00fd897ca906acfdff5a249e0
.exe windows:6 windows x86 arch:x86

4bf444fb64138785ee3d7653374fb715

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

U:\SC\git\ChdStudy\Release\松鼠.pdb

Imports

kernel32

WriteFile
FindResourceA
CreateMutexA
ResumeThread
GetModuleHandleA
Sleep
CreateFileA
LockResource
DeleteFileA
GlobalAlloc
WritePrivateProfileStringA
LoadResource
GlobalLock
CreateDirectoryA
GetPrivateProfileStringA
GlobalUnlock
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateEventA
HeapCreate
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
SwitchToThread
GetCurrentThreadId
CreateSemaphoreA
ReleaseSemaphore
lstrlenA
PostQueuedCompletionStatus
GetProcAddress
GetFileSize
CreateFileMappingA
MapViewOfFileEx
UnmapViewOfFile
CreateIoCompletionPort
WaitForMultipleObjects
GetQueuedCompletionStatus
SetLastError
ResetEvent
SetEvent
GetNativeSystemInfo
FreeLibrary
OutputDebugStringA
VerSetConditionMask
GetCurrentProcessId
GetCurrentProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
VirtualFreeEx
CreateToolhelp32Snapshot
Process32First
Process32Next
Module32First
Module32Next
FormatMessageW
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
GetSystemDirectoryW
QueryPerformanceFrequency
GetTickCount
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
GetEnvironmentVariableA
SleepEx
VerifyVersionInfoW
OutputDebugStringW
GetCommandLineW
SizeofResource
GetModuleFileNameA
GetLocalTime
DeleteCriticalSection
HeapDestroy
HeapAlloc
MoveFileExW
InitializeCriticalSectionEx
HeapFree
CreateProcessA
ExitProcess
CloseHandle
GetCurrentDirectoryA
OpenProcess
GetLastError

user32

DispatchMessageA
MsgWaitForMultipleObjectsEx
SetWindowPos
GetDlgItem
TranslateMessage
SetWindowLongA
LoadMenuA
GetDlgItemTextA
EndDialog
EnableWindow
SetDlgItemTextA
GetCursorPos
DefDlgProcA
PtInRect
FindWindowA
CheckDlgButton
GetClientRect
PeekMessageA
GetSystemMetrics
GetDlgItemInt
wsprintfA
SendMessageA
LoadIconA
SetClipboardData
SetFocus
CreateWindowExA
DestroyMenu
RegisterClassA
IsDlgButtonChecked
MessageBoxA
SetWindowTextA
GetWindowLongA
EmptyClipboard
CallWindowProcA
CloseClipboard
OpenClipboard
ShowWindow
GetSubMenu
TrackPopupMenu
DialogBoxParamA
ScreenToClient
IsWindowVisible
DestroyWindow
LoadCursorA
GetWindowRect

comdlg32

GetOpenFileNameA

advapi32

RegEnumValueA
RegDeleteKeyValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptAcquireContextW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptReleaseContext

shell32

Shell_NotifyIconA
CommandLineToArgvW

msvcp140

?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wininet

InternetCloseHandle
HttpQueryInfoA
InternetReadFile
InternetOpenUrlA
InternetOpenA

mfc140

ord2381
ord2387
ord2383

shlwapi

PathFileExistsA

ws2_32

gethostname
htonl
socket
accept
WSAStartup
gethostbyname
WSACleanup
WSAGetLastError
__WSAFDIsSet
recvfrom
bind
listen
WSAGetOverlappedResult
WSASetLastError
WSACreateEvent
WSAEventSelect
connect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
recv
send
WSACloseEvent
inet_ntoa
sendto
WSAIoctl
ntohs
inet_addr
getaddrinfo
freeaddrinfo
htons
getsockname
getpeername
setsockopt
getsockopt
ioctlsocket
shutdown
closesocket
WSASend
WSARecv
select

winmm

timeGetTime

vcruntime140

__CxxFrameHandler3
strrchr
memcpy
strchr
_except_handler4_common
memset
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__vcrt_InitializeCriticalSectionEx
__std_terminate
memchr
_purecall
strstr
memmove

api-ms-win-crt-stdio-l1-1-0

fread
__stdio_common_vfscanf
_lseeki64
fgets
fputs
feof
fopen_s
fseek
ftell
_wfopen
_close
_wopen
_set_fmode
_read
_write
__stdio_common_vsprintf
fputc
fwrite
fflush
fclose
fopen
__stdio_common_vsscanf
__stdio_common_vfprintf
__stdio_common_vsprintf_s
__acrt_iob_func
__p__commode

api-ms-win-crt-runtime-l1-1-0

_initterm
_get_narrow_winmain_command_line
_errno
_register_thread_local_exe_atexit_callback
__sys_nerr
__sys_errlist
_set_app_type
_initterm_e
_exit
_controlfp_s
_seh_filter_exe
_c_exit
_cexit
_crt_atexit
_register_onexit_function
_invalid_parameter_noinfo
_initialize_narrow_environment
_configure_narrow_argv
terminate
exit
_beginthreadex
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-time-l1-1-0

_time64
strftime
_gmtime64

api-ms-win-crt-convert-l1-1-0

atoi
wcstombs
strtol
strtoll
strtoul

api-ms-win-crt-heap-l1-1-0

calloc
_recalloc
_callnewh
malloc
realloc
free
_set_new_mode

api-ms-win-crt-string-l1-1-0

strcspn
strcpy_s
strcat_s
_wcsdup
strncmp
strspn
strpbrk
wcspbrk
strncpy
_strdup

api-ms-win-crt-multibyte-l1-1-0

_mbsstr
_mbsnbcpy_s

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen
_except1

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-filesystem-l1-1-0

_unlink
_wstat64
_fstat64
_waccess

bcrypt

BCryptGenRandom

wldap32

ord14
ord216
ord208
ord41
ord117
ord26
ord27
ord46
ord167
ord142
ord79
ord133
ord147
ord301
ord127
ord145
ord219

Sections

.text
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13.3MB - Virtual size: 13.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bf444fb64138785ee3d7653374fb715

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

comdlg32

advapi32

shell32

msvcp140

version

wininet

mfc140

shlwapi

ws2_32

winmm

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

bcrypt

wldap32

Sections

.text Size: 366KB - Virtual size: 365KB

.rdata Size: 65KB - Virtual size: 64KB

.data Size: 2KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 96B

.rsrc Size: 13.3MB - Virtual size: 13.3MB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 366KB - Virtual size: 365KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 2KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 96B

.rsrc
Size: 13.3MB - Virtual size: 13.3MB

.reloc
Size: 17KB - Virtual size: 16KB