273c8d8ecdd04a709c473352369e9475099de9e90c7685e4601bbcf501284c5bN

Sharing

Copy URL Twitter E-mail

General

Target

273c8d8ecdd04a709c473352369e9475099de9e90c7685e4601bbcf501284c5bN
Size

893KB
MD5

34e4635af32b2f191eed81b6d07a6800
SHA1

96adb46f0548a35e382bfe57de831477795fd484
SHA256

273c8d8ecdd04a709c473352369e9475099de9e90c7685e4601bbcf501284c5b
SHA512

21f3370c6f220fd51adc82cf1a25d98e3001ecf3b414c05933b2132aa8218638eaf38825390cd6b3d61382979b200b4ef435090ce881ad0ce0b072118acb5f40
SSDEEP

24576:eHnxRC/cgxiOgkib7pzKVfyX4HMXL8JaF1lAKgjmNB8T7oDklR0tO51vGDrm+J:1rFABA2OArP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
273c8d8ecdd04a709c473352369e9475099de9e90c7685e4601bbcf501284c5bN

Files

273c8d8ecdd04a709c473352369e9475099de9e90c7685e4601bbcf501284c5bN
.exe windows:6 windows x86 arch:x86

7096edfb7e4ab64a7b76a60c64d4cb6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\用户数据\Documents\Visual Studio 2015\Projects\Dism++\Release\Dism++x86.pdb

Imports

kernel32

HeapFree
HeapAlloc
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
VerifyVersionInfoW
VerSetConditionMask
SetLastError
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WritePrivateProfileSectionW
GetFileAttributesW
SetEvent
ResetEvent
GetLastError
DeviceIoControl
GetVolumePathNameW
GetVolumeInformationByHandleW
GetModuleFileNameW
GetEnvironmentVariableW
LoadLibraryExW
GetSystemDirectoryW
GetProcAddress
UnmapViewOfFile
MoveFileExW
DeleteFileW
GetNativeSystemInfo
GlobalMemoryStatusEx
GetUserDefaultLCID
GetSystemTimeAsFileTime
FindFirstFileW
FindClose
FileTimeToSystemTime
SystemTimeToFileTime
CreateFileW
WriteFile
LCIDToLocaleName
GetThreadLocale
GetLocaleInfoEx
CreateProcessW
GetWindowsDirectoryW
FindNextFileW
IsValidLocaleName
MoveFileW
CreateDirectoryW
GetVolumeInformationW
SetVolumeLabelW
RemoveDirectoryW
FreeLibrary
DeleteCriticalSection
GetTickCount
CreateFileMappingW
MapViewOfFile
LocalFree
GetCurrentProcess
TerminateProcess
ReadFile
SetFilePointer
GetTempPathA
GetTempFileNameA
DeleteFileA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
lstrcpyA
lstrcpynA
ReleaseMutex
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
InitializeSRWLock
AcquireSRWLockExclusive
AcquireSRWLockShared
VirtualFreeEx
VirtualAllocEx
CreateEventW
DuplicateHandle
WaitForMultipleObjects
ExpandEnvironmentStringsW
SetFilePointerEx
GetFileSizeEx
SetEnvironmentVariableW
HeapSize
CreateMutexW
GetFullPathNameW
lstrcmpiA
CopyFileW
GetFileSize
GetLocaleInfoW
GetExitCodeProcess
lstrcmpA
EnumUILanguagesW
CopyFileExW
Sleep
FreeResource
SetThreadUILanguage
SetThreadLocale
LocaleNameToLCID
OpenProcess
VirtualQuery
GetSystemInfo
VirtualProtect
DecodePointer
SetErrorMode
SetUnhandledExceptionFilter
GetDiskFreeSpaceExW
GetCurrentProcessId
GetProcessId
GetSystemTime
LoadLibraryW
FormatMessageW
GetLongPathNameW
GetTempPathW
WideCharToMultiByte
MultiByteToWideChar
GetDriveTypeW
SetFileAttributesW
CreateToolhelp32Snapshot
Process32NextW
GetShortPathNameW
GetLocalTime
GetStartupInfoW
WritePrivateProfileStringW
GetDiskFreeSpaceW
GetPrivateProfileSectionW
GetVersionExW
GetPrivateProfileStringW
LocalFileTimeToFileTime
GetCurrentDirectoryW
IsProcessorFeaturePresent
UnhandledExceptionFilter
DosDateTimeToFileTime
MulDiv
IsDebuggerPresent
GetTickCount64
TerminateThread
GetExitCodeThread
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GlobalAlloc
GlobalLock
GlobalUnlock
CreateIoCompletionPort
WaitForSingleObjectEx
OutputDebugStringA
InterlockedExchange
InterlockedCompareExchange
GetModuleHandleA
QueryPerformanceCounter
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
OutputDebugStringW
HeapReAlloc
HeapDestroy
RaiseException
GetModuleHandleW
GetCurrentThreadId
WaitForSingleObject
GetVolumeNameForVolumeMountPointW
CloseHandle

msvcrt

strlen
_mktime64
wcscpy
_wcstoui64
wcstol
sscanf
vsprintf_s
_vscprintf
_strtoui64
realloc
strcmp
strtoul
strtol
_wtoi
isdigit
swprintf_s
_mbschr
_wcsupr_s
wcsrchr
wcsstr
_mbslwr_s
iswspace
wcscmp
_mbscmp
calloc
abs
toupper
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABV0@@Z
wcsncpy
_itow
wcstod
malloc
_strcmpi
qsort_s
_lrotl
_unlock
__dllonexit
_lock
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_ftol2
_except_handler4_common
_controlfp
_time64
_localtime64_s
wcsftime
??_U@YAPAXI@Z
??_V@YAXPAX@Z
towupper
wcschr
swscanf
__CxxFrameHandler3
_CxxThrowException
_strlwr
_wcsnicmp
_vscwprintf
vswprintf_s
memcmp
memmove
wcslen
wcsncpy_s
wcstoul
memset
_errno
memcpy
wcsnlen
??2@YAPAXI@Z
_purecall
??3@YAXPAX@Z
_beginthreadex
strnlen
free
_wcslwr_s
bsearch
wcscat
_wcsicmp
_ftol2_sse

comctl32

InitCommonControlsEx
CreatePropertySheetPageW
DestroyPropertySheetPage
PropertySheetW
ord17
_TrackMouseEvent
ord345

ntdll

NtQueryVolumeInformationFile
NtCreateFile
ZwClose
RtlGetLastNtStatus
NtReadFile
ZwOpenSymbolicLinkObject
RtlInitUnicodeString
NtWriteFile
ZwQuerySymbolicLinkObject
RtlImageRvaToVa
NtDeleteKey
NtQueryInformationProcess
LdrVerifyImageMatchesChecksum
NtShutdownSystem
NtQueryInformationFile
RtlComputeCrc32
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
NtClose
ZwQueryDirectoryFile
NtOpenFile
NtReadVirtualMemory
NtWriteVirtualMemory
RtlNtStatusToDosError
NtQuerySystemInformation
RtlAdjustPrivilege
NtSetInformationFile
RtlImageNtHeader

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Exports

Exports

BcdGetCurrentEntryIdentifier
BcdGetFirmwareBootDevice
BcdGetFirmwareType
BcdGetSystemPartition
BcdIsWinPEBoot
BcdOpenStore
DismAddDriver
DismAddPackage
DismAppAssociationsDefaultExport
DismAppAssociationsDefaultImport
DismAppAssociationsDefaultRemove
DismAppAssociationsExport
DismAppAssociationsImport
DismAppAssociationsRemove
DismApplyDPI
DismApplyImage
DismAppxsCleanup
DismCaptureImage
DismCommitImage
DismCompactOs
DismComponentCleanup
DismCreateInterface
DismDeleteImage
DismDriverCleanup
DismExpandEnvironmentStrings
DismExportImage
DismFormatMessage
DismFreeMemory
DismGetAllUsersAppx
DismGetCapabilities
DismGetDrivers
DismGetFeatures
DismGetFileFilter
DismGetImageFileInfo
DismGetMountedImages
DismGetPackages
DismGetProvisionedAppxs
DismGetScratchDir
DismGetServices
DismGetSystemInfoByPath
DismGetSystemInfoBySession
DismHardLinkMerge
DismIsNoviceMode
DismMountImage
DismMultiLanguage
DismRegOpenKey
DismRegOpenKeyEx
DismRemoveAppx
DismRemoveCapability
DismRemoveDriver
DismRemovePackage
DismRemoveProvisionedAppx
DismRemoveService
DismRestoreHealth
DismScanHealth
DismSetBootImage
DismSetImageFileInfo
DismSetServiceStart
DismUnmountImage
DismWriteLog
IbsSetFirstBootCommandLine
WinREConfig2

Sections

.text
Size: 627KB - Virtual size: 627KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 110KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7096edfb7e4ab64a7b76a60c64d4cb6a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

comctl32

ntdll

userenv

Exports

Exports

Sections

.text Size: 627KB - Virtual size: 627KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 110KB - Virtual size: 112KB

.text
Size: 627KB - Virtual size: 627KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 110KB - Virtual size: 112KB