e:\e盘 拷贝\游戏盒版本\youxun\trunk\bin\Win32\Release\yxdown\anzer.pdb
Static task
static1
Behavioral task
behavioral1
Sample
22ebd0dc6a5609c17b654d340b2332eacde17b2e62488781c047dc09265c4b5dN.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
22ebd0dc6a5609c17b654d340b2332eacde17b2e62488781c047dc09265c4b5dN.exe
Resource
win10v2004-20241007-en
General
-
Target
22ebd0dc6a5609c17b654d340b2332eacde17b2e62488781c047dc09265c4b5dN
-
Size
6.6MB
-
MD5
c94b6b5d1755b42f1b7c7d8bcef70c10
-
SHA1
00a36d0b448243ae241d7be41411c01ec300d327
-
SHA256
22ebd0dc6a5609c17b654d340b2332eacde17b2e62488781c047dc09265c4b5d
-
SHA512
03002dd11cb3abd1fa84c2efccd6a2e625c79a339c4f822856be546dcd62cf48d067a72d64319848242c34654b42ccb5eb20c51d9a8b4f9a1269e8821bd8a506
-
SSDEEP
98304:gieU9xqa/wvvDI2gSQztt0tf8PHCuxauRXOOza:deOh4DIfztt0d8PZx7k
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 22ebd0dc6a5609c17b654d340b2332eacde17b2e62488781c047dc09265c4b5dN
Files
-
22ebd0dc6a5609c17b654d340b2332eacde17b2e62488781c047dc09265c4b5dN.exe windows:5 windows x86 arch:x86
49ab62ab8c3e7a781e0bafa6ab588245
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
wininet
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryDataAvailable
InternetSetOptionExW
InternetQueryOptionW
InternetCanonicalizeUrlW
GetUrlCacheEntryInfoW
InternetOpenW
InternetOpenUrlW
DeleteUrlCacheEntryW
InternetCrackUrlW
InternetReadFile
InternetConnectW
HttpSendRequestW
HttpAddRequestHeadersW
HttpQueryInfoW
HttpOpenRequestW
InternetCloseHandle
psapi
GetModuleBaseNameW
EnumProcessModules
EnumProcesses
dbghelp
MiniDumpWriteDump
kernel32
lstrcmpW
InterlockedExchange
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GlobalDeleteAtom
GlobalAddAtomW
InterlockedDecrement
FindNextFileW
GetVersionExA
LoadLibraryA
CompareStringW
GlobalFindAtomW
GetModuleHandleA
GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GetFileSizeEx
GetFileTime
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
MulDiv
SetErrorMode
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
UnhandledExceptionFilter
IsDebuggerPresent
CreateThread
HeapReAlloc
GetConsoleCP
GetConsoleMode
GetFileType
GetProcessHeap
SetStdHandle
RtlUnwind
RaiseException
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
LCMapStringA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GlobalFree
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
LocalAlloc
FreeLibrary
SetLastError
FileTimeToLocalFileTime
LocalFree
FormatMessageW
CreateSemaphoreW
ReleaseSemaphore
CreateFileA
WaitForMultipleObjects
ExitThread
CreateEventW
SetEvent
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
ResumeThread
FileTimeToSystemTime
UnmapViewOfFile
GetFileSize
CreatePipe
GetStartupInfoW
GetExitCodeProcess
CreateProcessW
GetModuleHandleW
LocalFileTimeToFileTime
GetCurrentDirectoryW
ReadFile
SetFileTime
SystemTimeToFileTime
SetFilePointer
FindClose
FindFirstFileW
WideCharToMultiByte
GetProcAddress
LoadLibraryW
GetTickCount
lstrlenA
FreeResource
GlobalUnlock
WritePrivateProfileStringW
GlobalAlloc
GlobalLock
SetFileAttributesW
DeleteFileW
GetDiskFreeSpaceExW
GetShortPathNameW
RemoveDirectoryW
lstrlenW
TerminateProcess
GetFileAttributesW
GetVersionExW
Sleep
OpenProcess
WriteFile
GetPrivateProfileStringW
WaitForSingleObject
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
CreateFileW
GetModuleFileNameW
CreateDirectoryW
GetCurrentProcess
SetUnhandledExceptionFilter
LockResource
GetLastError
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
GetUserDefaultLCID
GlobalFlags
InterlockedCompareExchange
user32
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
SetActiveWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
GetMenu
OffsetRect
SystemParametersInfoA
IsIconic
CreateDialogIndirectParamW
GetWindowTextLengthW
GetWindowTextW
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
BeginPaint
SendDlgItemMessageW
GetDlgItem
RegisterClipboardFormatW
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
ValidateRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetLastActivePopup
IsWindowEnabled
MessageBoxW
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetCursor
SetCapture
SetFocus
ReleaseCapture
CallWindowProcW
DefWindowProcW
SetRectEmpty
CopyRect
IsRectEmpty
PtInRect
IntersectRect
EndDialog
DestroyMenu
PostThreadMessageW
UnregisterClassW
MessageBeep
GetNextDlgTabItem
GetNextDlgGroupItem
InvalidateRgn
IsWindow
GetWindowThreadProcessId
CopyAcceleratorTableW
SetRect
CharNextW
GetSysColorBrush
CharUpperW
GetWindowPlacement
EndPaint
GetDesktopWindow
GetWindowRect
GetDC
GetWindowLongW
ReleaseDC
SetWindowLongW
SetWindowRgn
SetTimer
ScreenToClient
PostMessageW
KillTimer
LoadCursorW
GetClientRect
InvalidateRect
GetCursorPos
GetSystemMetrics
SendMessageW
EnableWindow
wsprintfW
UpdateWindow
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
PeekMessageW
gdi32
CreateBitmap
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetStockObject
SelectClipRgn
GetViewportExtEx
GetBkColor
GetTextColor
GetRgnBox
GetMapMode
GetDeviceCaps
CreateRectRgnIndirect
GetObjectW
GetClipBox
ExtSelectClipRgn
DeleteDC
PtVisible
DeleteObject
SelectObject
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateRoundRectRgn
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetWindowExtEx
comdlg32
GetFileTitleW
winspool.drv
OpenPrinterW
ClosePrinter
DocumentPropertiesW
advapi32
RegQueryValueW
RegEnumKeyW
RegCreateKeyExW
RegOpenKeyW
RegDeleteKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
shell32
SHGetSpecialFolderLocation
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
comctl32
_TrackMouseEvent
shlwapi
UrlUnescapeW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
oledlg
OleUIBusyW
ole32
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemAlloc
StgOpenStorageOnILockBytes
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
oleaut32
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SystemTimeToVariantTime
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
OleCreateFontIndirect
SysAllocString
SysFreeString
SysStringLen
gdiplus
GdipGetImageWidth
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipFillRectangleI
GdipDrawImageRectRect
GdipDeletePen
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint
GdipDeleteFont
GdipSetImageAttributesWrapMode
GdipSetStringFormatAlign
GdipDeleteFontFamily
GdipDisposeImageAttributes
GdipCreateFont
GdipCreateImageAttributes
GdipDrawString
GdipCreateFontFamilyFromName
GdipSetSolidFillColor
GdipGetImageHeight
GdipCreatePen1
GdipDeleteStringFormat
GdipDrawRectangleI
GdipGetPathWorldBounds
GdipGetFontStyle
GdipGetFamily
GdipAddPathString
GdipGetFontSize
GdipDeletePath
GdipCreatePath
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdipLoadImageFromFile
GdipDeleteGraphics
GdipFree
GdipLoadImageFromStream
GdiplusShutdown
GdipCreateStringFormat
GdipCloneImage
GdiplusStartup
iphlpapi
GetAdaptersInfo
GetAdaptersAddresses
netapi32
Netbios
snmpapi
SnmpUtilVarBindFree
SnmpUtilOidNCmp
SnmpUtilOidCpy
ws2_32
gethostbyname
send
WSAGetLastError
select
connect
WSAStartup
closesocket
__WSAFDIsSet
socket
recv
htons
Sections
.text Size: 609KB - Virtual size: 608KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 124KB - Virtual size: 124KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5.8MB - Virtual size: 5.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 70KB - Virtual size: 70KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ