80362bacdbcf32f6dbb20abe9fdf731b0878ffaa418967d04061cd75e44eded0

Sharing

Copy URL Twitter E-mail

General

Target

80362bacdbcf32f6dbb20abe9fdf731b0878ffaa418967d04061cd75e44eded0
Size

4.2MB
MD5

e75d404f02d3b6822672dd0c4c1466b6
SHA1

9e75a9991c3c92d9dae32adad244e27626eab7a0
SHA256

80362bacdbcf32f6dbb20abe9fdf731b0878ffaa418967d04061cd75e44eded0
SHA512

8950c9ef20122a28292f9e029e9c33cb85ab148fdfe164e03bac526e2246c0b51e9558b011bc64b28f272a3dd4f7e649107ebb657df458f5043adaa8b317d3b4
SSDEEP

98304:ZcF+0Tc6LstcWsM0r1Qn3Qpdqbn85jB90FeS:GXTP+caR85IoS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
80362bacdbcf32f6dbb20abe9fdf731b0878ffaa418967d04061cd75e44eded0

Files

80362bacdbcf32f6dbb20abe9fdf731b0878ffaa418967d04061cd75e44eded0
.exe windows:4 windows x86 arch:x86

0526b7b682ea8172f4041b7117cb8fd8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\广告相关\广告\私服劫持\SFHook\桌标\bin\release\DK.pdb

Imports

kernel32

TerminateProcess
QueryDosDeviceA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateToolhelp32Snapshot
EnterCriticalSection
GetModuleFileNameA
ReadFile
Process32NextW
FindNextFileA
FindFirstFileA
GetWindowsDirectoryA
GetLogicalDriveStringsA
GetCurrentProcessId
OpenEventA
SetUnhandledExceptionFilter
SetEvent
GetLastError
LeaveCriticalSection
GetFileAttributesA
GetCurrentThreadId
WriteFile
OutputDebugStringA
FindClose
OpenFileMappingA
CreateMutexA
GetCurrentProcess
GetPrivateProfileStringA
CopyFileA
GetFileSize
DeleteFileA
CreateDirectoryA
DuplicateHandle
GetProcessTimes
MultiByteToWideChar
WideCharToMultiByte
GetCurrentDirectoryW
SetFilePointer
SystemTimeToFileTime
LocalFileTimeToFileTime
GetTickCount
CreateEventA
WaitForSingleObject
ResumeThread
OpenMutexA
InterlockedCompareExchange
SetEndOfFile
GetLocaleInfoW
SetStdHandle
OpenThread
OpenProcess
Process32FirstW
Sleep
LocalFree
WaitNamedPipeA
GetLocalTime
InitializeCriticalSection
CloseHandle
DeviceIoControl
SetFileAttributesA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LoadLibraryA
InterlockedExchange
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
ExitThread
CreateThread
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
RaiseException
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
HeapSize
GetConsoleCP
GetConsoleMode
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
FlushFileBuffers
HeapDestroy

user32

TranslateMessage
GetMessageW
GetWindowThreadProcessId
GetClassNameA
SendMessageA
wsprintfA
SetWinEventHook
DispatchMessageW
GetWindowTextA

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExA
RegCloseKey
SetNamedSecurityInfoA
RegEnumKeyExA
BuildExplicitAccessWithNameA
SetEntriesInAclA
RegDeleteValueA
GetNamedSecurityInfoA

shell32

ShellExecuteA
SHGetSpecialFolderPathA
SHChangeNotify

ole32

CoCreateGuid
CoInitialize

psapi

GetProcessImageFileNameA

iphlpapi

GetAdaptersInfo

wininet

InternetOpenA
HttpQueryInfoA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetSetOptionA
InternetCloseHandle
InternetQueryOptionA
InternetReadFile

Sections

.text
Size: 408KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 690B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0526b7b682ea8172f4041b7117cb8fd8

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

psapi

iphlpapi

wininet

Sections

.text Size: 408KB - Virtual size: 405KB

.rdata Size: 96KB - Virtual size: 92KB

.data Size: 20KB - Virtual size: 29KB

.vmp0 Size: 8KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 690B

.text
Size: 408KB - Virtual size: 405KB

.rdata
Size: 96KB - Virtual size: 92KB

.data
Size: 20KB - Virtual size: 29KB

.vmp0
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 690B