3x(24-10-15)[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

3x(24-10-15).zip
Size

9.3MB
MD5

dfb2c081de16080ffd45f92da4b305e3
SHA1

a248fb880059d4f0ced176fcd0ca6618c88e5b39
SHA256

98be2e4d783ddccbf3239f548458c7060947cc8d915aaf158674b122a12b6ded
SHA512

8ad88be1aa01c8dbe4f14df1ccff81583de8e3400cd8398c6ea47b1a30b93a7180c82775d010f27057ba0ddc3a9fd5f61d847fb321344d8ff238fe7166febf51
SSDEEP

196608:5EEIo/P94hxWK7Gjk8onYF8lsPJ5tRn2pVMm8CyOQ2TJ55p+AmW5b:KLYPQxztnM8lsh6VMm8z2TJ55RFb

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/a.exe
unpack001/bypass_sandbox.exe
unpack001/名单助手PDF.exe

Files

3x(24-10-15).zip
.zip

Password: infected
a.exe
.exe windows:4 windows x86 arch:x86

Password: infected

60d6cefd4ca9489577775f70220127d8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

send
htons
closesocket
WSACleanup

mfc42u

ord3054
ord5094
ord5098
ord4461
ord4298
ord3346
ord5006
ord976
ord5468
ord3398
ord2874
ord2873
ord4147
ord6051
ord4072
ord1768
ord4401
ord5233
ord2374
ord5157
ord6370
ord4347
ord5279
ord2641
ord1658
ord3793
ord4831
ord4430
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord2437
ord2116
ord5273
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4421
ord401
ord674
ord5250
ord825
ord823
ord1851
ord4241
ord3864
ord2119
ord2383
ord5096
ord5099
ord4462
ord3345
ord975
ord2875
ord4148
ord2375
ord5280
ord4431
ord2438
ord4422
ord796
ord554
ord529
ord402
ord807
ord2486
ord2619
ord2618
ord5996
ord2109
ord6617
ord4451
ord5251
ord4158
ord4609
ord4606
ord4604
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord2382
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord4418
ord3733
ord561
ord815
ord6211
ord2715
ord5297
ord5208
ord296
ord986
ord411
ord4154
ord6113
ord2613
ord1131
ord5261
ord4370
ord4847
ord4992
ord4704
ord2506
ord6048
ord4073
ord1767
ord5237
ord2377
ord5276
ord4435
ord5257
ord4419
ord3592
ord324
ord641
ord4229
ord1817
ord4233
ord4690
ord3053
ord3060
ord6332
ord2502
ord2534
ord5239
ord5736
ord1739
ord5573
ord3167
ord5649
ord4414
ord4947
ord4852
ord2391
ord4381
ord3449
ord3193
ord6076
ord6171
ord4617
ord4420
ord338
ord652
ord4817
ord4608
ord4607
ord1937
ord4268
ord4583
ord4893
ord5070
ord4335
ord4343
ord4717
ord4884
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4955
ord4103
ord5236
ord5286
ord3743
ord1719
ord4426
ord560
ord813
ord5256
ord2527
ord2093
ord5095
ord4240
ord1850
ord1089
ord617

msvcrt

_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
exit
_XcptFilter
_exit
_onexit
__dllonexit
time
localtime
sprintf
memcpy
atoi
__CxxFrameHandler

kernel32

GetProcAddress
LoadLibraryA
CloseHandle
WideCharToMultiByte
OutputDebugStringW
MultiByteToWideChar
GetModuleHandleW
GetStartupInfoW
OutputDebugStringA
Sleep

user32

EnableWindow
UpdateWindow

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bypass_sandbox.exe
.exe windows:6 windows x64 arch:x64

Password: infected

8b45f8268462da558d31cafd3c1acdb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\pc\source\repos\bypass_sandbox\bypass_sandbox\x64\Release\bypass_sandbox.pdb

Imports

kernel32

CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CloseHandle
WriteConsoleW
CreateFileW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx

user32

MessageBoxW

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
名单助手PDF.exe
.exe windows:5 windows x64 arch:x64

Password: infected

9d4b5a26c5dcb8a5eadbeaa11b31066e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

H:\2005demo编译\884a09c697a479c56ed376a25e4846bc\高仿酷狗\高仿酷狗\x64\Release\KugouUI.pdb

Imports

kernel32

RtlCaptureContext
RtlUnwindEx
GetCommandLineA
HeapAlloc
HeapFree
ExitProcess
HeapQueryInformation
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
RtlLookupFunctionEntry
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlPcToFileHeader
RaiseException
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenA
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
FormatMessageW
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
GlobalFlags
MulDiv
GlobalFindAtomW
GetVersionExW
CompareStringW
GetVersionExA
lstrlenW
WritePrivateProfileStringW
GlobalFree
GetCurrentProcessId
GetLastError
SetLastError
GlobalAddAtomW
CloseHandle
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
WideCharToMultiByte
CompareStringA
MultiByteToWideChar
LockResource
lstrcmpW
FreeLibrary
GetModuleHandleW
Sleep
FindResourceW
SizeofResource
LoadResource
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
GetConsoleWindow
LoadLibraryA
HeapSetInformation
GetProcAddress

user32

RegisterClipboardFormatW
PostThreadMessageW
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
CharUpperW
GetSysColorBrush
LoadCursorW
SetCapture
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
IsChild
GetCapture
GetClassNameW
GetClassLongPtrW
SetPropW
RemovePropW
SetFocus
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
UnhookWindowsHookEx
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
DestroyMenu
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
MessageBeep
GetNextDlgGroupItem
GetPropW
InvalidateRgn
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageW
PostQuitMessage
GetDC
UpdateLayeredWindow
ReleaseDC
ReleaseCapture
GetSystemMetrics
EnableWindow
LoadIconW
GetClientRect
IsIconic
SendMessageW
DrawIcon
PeekMessageW
DispatchMessageW
TranslateMessage
ShowWindow
UpdateWindow
SetMenu

gdi32

GetStockObject
TextOutW
GetDeviceCaps
ExtSelectClipRgn
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
GetBkColor
DeleteDC
GetWindowExtEx
GetViewportExtEx
SetMapMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
CreateCompatibleDC
CreateDIBSection
SelectObject
DeleteObject
ExtTextOutW

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString

gdiplus

GdipAlloc
GdipLoadImageFromStream
GdiplusStartup
GdiplusShutdown
GdipDisposeImage
GdipFree
GdipDeleteGraphics
GdipDrawImageRectRect
GdipCloneImage
GdipCreateFromHDC

Sections

.text
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

60d6cefd4ca9489577775f70220127d8

Headers

File Characteristics

Imports

ws2_32

mfc42u

msvcrt

kernel32

user32

msvcp60

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 5.8MB - Virtual size: 5.8MB

Password: infected

8b45f8268462da558d31cafd3c1acdb5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 60KB - Virtual size: 60KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

Password: infected

9d4b5a26c5dcb8a5eadbeaa11b31066e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

Sections

.text Size: 251KB - Virtual size: 250KB

.rdata Size: 90KB - Virtual size: 89KB

.data Size: 5.9MB - Virtual size: 5.9MB

.pdata Size: 17KB - Virtual size: 17KB

.rsrc Size: 48KB - Virtual size: 47KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 5.8MB - Virtual size: 5.8MB

.text
Size: 60KB - Virtual size: 60KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 251KB - Virtual size: 250KB

.rdata
Size: 90KB - Virtual size: 89KB

.data
Size: 5.9MB - Virtual size: 5.9MB

.pdata
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 48KB - Virtual size: 47KB