2b6f33a2a44c2e77d8c312d891e7737078dd59854a6b1ddb40a8e4d472b0f6e0

Sharing

Copy URL

Twitter E-mail

General

Target

2b6f33a2a44c2e77d8c312d891e7737078dd59854a6b1ddb40a8e4d472b0f6e0
Size

4.1MB
MD5

a785432652389c62cd64eb86e75d0770
SHA1

488cb0811b8b864c86d4b2de185e5881b6da0819
SHA256

2b6f33a2a44c2e77d8c312d891e7737078dd59854a6b1ddb40a8e4d472b0f6e0
SHA512

7daf47e0920f88e0de3f57b733c4ac9e7bdb52fe7d2bd20dd72517a2c3478718ad458b46eb19f223dc8779ecaf8282a2110ff6fc7eb31e3660e733de54aa6e65
SSDEEP

49152:FZVu5f+7Ij5OPY9+Zj7+/V7ct33Cefih+1X2EQ4JN/8rL:jcF+0tM+2tnCefisjQ4JBw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b6f33a2a44c2e77d8c312d891e7737078dd59854a6b1ddb40a8e4d472b0f6e0

Files

2b6f33a2a44c2e77d8c312d891e7737078dd59854a6b1ddb40a8e4d472b0f6e0
.exe windows:4 windows x86 arch:x86

0526b7b682ea8172f4041b7117cb8fd8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\广告相关\广告\私服劫持\SFHook\桌标\bin\release\DK.pdb

Imports

kernel32

TerminateProcess
QueryDosDeviceA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateToolhelp32Snapshot
EnterCriticalSection
GetModuleFileNameA
ReadFile
Process32NextW
FindNextFileA
FindFirstFileA
GetWindowsDirectoryA
GetLogicalDriveStringsA
GetCurrentProcessId
OpenEventA
SetUnhandledExceptionFilter
SetEvent
GetLastError
LeaveCriticalSection
GetFileAttributesA
GetCurrentThreadId
WriteFile
OutputDebugStringA
FindClose
OpenFileMappingA
CreateMutexA
GetCurrentProcess
GetPrivateProfileStringA
CopyFileA
GetFileSize
DeleteFileA
CreateDirectoryA
DuplicateHandle
GetProcessTimes
MultiByteToWideChar
WideCharToMultiByte
GetCurrentDirectoryW
SetFilePointer
SystemTimeToFileTime
LocalFileTimeToFileTime
GetTickCount
CreateEventA
WaitForSingleObject
ResumeThread
OpenMutexA
InterlockedCompareExchange
SetEndOfFile
GetLocaleInfoW
SetStdHandle
OpenThread
OpenProcess
Process32FirstW
Sleep
LocalFree
WaitNamedPipeA
GetLocalTime
InitializeCriticalSection
CloseHandle
DeviceIoControl
SetFileAttributesA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LoadLibraryA
InterlockedExchange
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
ExitThread
CreateThread
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
RaiseException
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
HeapSize
GetConsoleCP
GetConsoleMode
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
FlushFileBuffers
HeapDestroy

user32

TranslateMessage
GetMessageW
GetWindowThreadProcessId
GetClassNameA
SendMessageA
wsprintfA
SetWinEventHook
DispatchMessageW
GetWindowTextA

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExA
RegCloseKey
SetNamedSecurityInfoA
RegEnumKeyExA
BuildExplicitAccessWithNameA
SetEntriesInAclA
RegDeleteValueA
GetNamedSecurityInfoA

shell32

ShellExecuteA
SHGetSpecialFolderPathA
SHChangeNotify

ole32

CoCreateGuid
CoInitialize

psapi

GetProcessImageFileNameA

iphlpapi

GetAdaptersInfo

wininet

InternetOpenA
HttpQueryInfoA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetSetOptionA
InternetCloseHandle
InternetQueryOptionA
InternetReadFile

Sections

.text
Size: 408KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 690B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0526b7b682ea8172f4041b7117cb8fd8

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

psapi

iphlpapi

wininet

Sections

.text Size: 408KB - Virtual size: 405KB

.rdata Size: 96KB - Virtual size: 92KB

.data Size: 20KB - Virtual size: 29KB

.vmp0 Size: 8KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 690B

.text
Size: 408KB - Virtual size: 405KB

.rdata
Size: 96KB - Virtual size: 92KB

.data
Size: 20KB - Virtual size: 29KB

.vmp0
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 690B