1dce3970b0448faa1c2f9fd710b1f47b38597bb77fc099354b97ed62fefabb29

General

Target

1dce3970b0448faa1c2f9fd710b1f47b38597bb77fc099354b97ed62fefabb29
Size

609KB
MD5

b11c89aada6a819a8203e0a799c7e49f
SHA1

1c03e4cacdcdc6da1f0416963eaa04faf80e0743
SHA256

1dce3970b0448faa1c2f9fd710b1f47b38597bb77fc099354b97ed62fefabb29
SHA512

7b4340039b6733a73a262f71ef24fa248666751a3c1f41a54e5a580e7c92864ceea10bce50da2df6949ffd7fb5ce8e3737ae9311d479642b41a8b8b3871a2460
SSDEEP

12288:Kre9MjPG/KC04ghL8HjT0fgJM/j6HrklqmRWydPwzmdKJyzTK/eQ/:KreKzG/Kz4ghoDT7KmHrAqmNoqdjzTkT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/公_示6231-uninstall.exe

Files

1dce3970b0448faa1c2f9fd710b1f47b38597bb77fc099354b97ed62fefabb29
.zip
公_示6231-uninstall.exe
.exe windows:5 windows x64 arch:x64

c3f7960cdb0cf29097fba272dc160222

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
GetProcAddress
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
GetModuleHandleExW
FreeLibrary
ExitProcess
Sleep
TerminateProcess
GetCurrentProcess
RaiseException
EncodePointer
VirtualQuery
RtlUnwindEx
VirtualProtect

user32

wsprintfW

msvcrt

_environ
_fmode
__argc
__argv
_XcptFilter
?_set_new_mode@@YAHH@Z
_commode
_msize
?terminate@@YAXXZ
__getmainargs
realloc
_errno
abort
_initterm
_callnewh
malloc
free
tolower
memcmp
memmove
_local_unwind
__DestructExceptionObject
_amsg_exit
memset
_CxxThrowException
__C_specific_handler
__set_app_type
memcpy
__CxxFrameHandler
memchr
ceil

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3f7960cdb0cf29097fba272dc160222

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcrt

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 5KB - Virtual size: 6KB

.pdata Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 640B

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 5KB - Virtual size: 6KB

.pdata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 640B