5x(24-12-05)[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

5x(24-12-05).zip
Size

47.4MB
MD5

d18193958388d83d65776a8eb316221a
SHA1

f29188ca7f732cdfb938a7576760b0cb0af0bbd0
SHA256

9818f5ae8db0a91f8375c40cf80c0ed333d92e2692babd57c2fcd35ec76a1218
SHA512

a87e0d72378aacdab6bac1696c69983dedbb9f4a64cef6ee20d7dd946eef2cfd84e2ae2157321d9f2bcfaeb51c99788f79b6b0ba3f34fbc185a947bbda682c55
SSDEEP

786432:pZQBVFK5ZpKYuM5q1DPm1aaQqApbpZUSrrMTJU3a9yU4NIMQL0VytoHjWYhqb6eu:piBVQZUFMUxPmADqmZrwdU3BU4NYQVyE

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/NEW_0RDERLISTDEC2024.exe
unpack001/[2024]第 082 号文..。.。...exe
unpack001/signtest_modified.exe
unpack001/uninstall-查询1205.exe
unpack001/表格-uninstall.exe

Files

5x(24-12-05).zip
.zip

Password: infected
NEW_0RDERLISTDEC2024.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1008KB - Virtual size: 1008KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
[2024]第 082 号文..。.。...exe
.exe windows:4 windows x86 arch:x86

Password: infected

8e0d72b413599b53ff3c827a1a12ddfa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
VirtualFree
Sleep
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
HeapDestroy
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
ExitProcess
GetStartupInfoA
GetProcessHeap
GetCommandLineA
VirtualAlloc
HeapReAlloc
HeapAlloc
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapFree
RtlUnwind
GetTickCount
SetErrorMode
CreateFileA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringA
GetThreadLocale
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
CloseHandle
GetCurrentThread
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
InterlockedDecrement
GetModuleFileNameW
GlobalFree
GlobalAlloc
FormatMessageA
LocalFree
MulDiv
GetCurrentThreadId
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
lstrcmpW
GetVersionExA
FreeResource
GlobalLock
GlobalUnlock
GetCurrentProcessId
LoadLibraryA
GlobalGetAtomNameA
GlobalAddAtomA
SetLastError
lstrlenA
CompareStringA
GetVersion
GetLastError
MultiByteToWideChar
InterlockedExchange
GetModuleHandleA
GetProcAddress
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource

user32

SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetWindowTextA
GetForegroundWindow
DispatchMessageA
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
MessageBoxA
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
DefWindowProcA
CallWindowProcA
GetWindowPlacement
GetDC
ReleaseDC
GetWindowRect
RegisterWindowMessageA
RegisterClipboardFormatA
GetClassNameA
GetSysColor
WinHelpA
SetWindowPos
SetFocus
GetWindowThreadProcessId
GetActiveWindow
IsWindowEnabled
GetFocus
GetDlgItem
SetWindowLongA
GetKeyState
GetDlgCtrlID
GetMenu
LoadIconA
SetCursor
PeekMessageA
GetCapture
GetParent
SetActiveWindow
IsWindowVisible
IsIconic
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetClassInfoA
CopyRect
GetLastActivePopup
PostMessageA
GetDesktopWindow
GetWindow
ShowWindow
GetWindowLongA
UnregisterClassA
IsWindow
SystemParametersInfoW
GetSystemMetrics
SystemParametersInfoA
LoadCursorA
EnableWindow
GetClientRect
SendMessageA
DrawTextA
LoadBitmapA
PtInRect
UpdateWindow
DestroyMenu
GetSysColorBrush
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
EndPaint
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
BeginPaint

gdi32

SaveDC
RestoreDC
SetMapMode
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetStockObject
GetDeviceCaps
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
DeleteDC
DeleteObject
SelectObject
GetObjectA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantChangeType
VariantInit
VariantClear

ws2_32

connect
inet_addr
htons
WSACleanup
recv
closesocket
WSAStartup
socket

Sections

.text
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23.0MB - Virtual size: 23.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
signtest_modified.exe
.exe windows:6 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

TEXT
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TEXT
Size: 769KB - Virtual size: 772KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
uninstall-查询1205.exe
.exe windows:4 windows x86 arch:x86

Password: infected

07a944a72d7fd80f12ff671e5d21c20a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDebuggerPresent
RaiseException
HeapFree
VirtualAlloc
HeapAlloc
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
ExitProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
Sleep
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetFileType
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetACP
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
SetErrorMode
GetOEMCP
GetCPInfo
CreateFileA
GetCurrentProcess
GetThreadLocale
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GlobalFlags
WritePrivateProfileStringA
FormatMessageA
LocalFree
MulDiv
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalUnlock
GlobalFree
FreeResource
GetCurrentProcessId
SetLastError
GlobalAddAtomA
CloseHandle
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
GetLastError
lstrlenA
WideCharToMultiByte
CompareStringA
MultiByteToWideChar
InterlockedExchange
GetVersion
GetModuleHandleA
SetHandleCount
GetProcAddress

user32

RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
PtInRect
DestroyMenu
DefWindowProcA
CallWindowProcA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
GetDesktopWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
SendMessageA
GetSysColorBrush
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
GetParent
GetClientRect
SetWindowRgn
DrawStateA
CopyRect
GetSysColor
EnableWindow
SystemParametersInfoW
SetWindowLongA
UnregisterClassA
LoadCursorA
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
GetDlgCtrlID
SetPropA

gdi32

SetMapMode
DeleteObject
SelectClipRgn
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
GetDeviceCaps
SetBkMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
SetPixelV
GetTextExtentPoint32A
CreateEllipticRgn
CreateEllipticRgnIndirect

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash

shlwapi

PathFindFileNameA
PathFindExtensionA

ws2_32

WSAStartup
recv
closesocket
connect
inet_addr
htons
WSACleanup
socket

oleaut32

VariantInit
VariantChangeType
VariantClear

Sections

.text
Size: 196KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22.9MB - Virtual size: 22.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
表格-uninstall.exe
.exe windows:5 windows x86 arch:x86

Password: infected

4ee318bd37d6980bb7c38a7ffa4a0f75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GetCurrentProcess
InitOnceExecuteOnce
lstrcatA
GetEnvironmentVariableA
FindFirstFileA
GetProcAddress
VirtualAlloc
FindClose
FindNextFileA
GetModuleHandleA
CheckRemoteDebuggerPresent
CreateFileW
SetStdHandle
WriteConsoleW
CloseHandle
SetFilePointer
GetStringTypeW
MultiByteToWideChar
LCMapStringW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapSize
RtlUnwind
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapAlloc
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
IsProcessorFeaturePresent
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
EncodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadLibraryW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep

user32

UpdateWindow
DispatchMessageA
ShowWindow
DefWindowProcA
TranslateAcceleratorA
CreateWindowExA
TranslateMessage
EndPaint
GetMessageA
RegisterClassExA
PostQuitMessage
BeginPaint

wininet

FtpOpenFileA
InternetCrackUrlA
InternetReadFile
FtpGetFileSize
InternetOpenA
InternetCloseHandle
InternetConnectA

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1008KB - Virtual size: 1008KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

8e0d72b413599b53ff3c827a1a12ddfa

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

ws2_32

Sections

.text Size: 180KB - Virtual size: 176KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 12KB - Virtual size: 24KB

.rsrc Size: 23.0MB - Virtual size: 23.0MB

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

TEXT Size: - Virtual size: 1.6MB

TEXT Size: 769KB - Virtual size: 772KB

.rsrc Size: 56KB - Virtual size: 60KB

Password: infected

07a944a72d7fd80f12ff671e5d21c20a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

ws2_32

oleaut32

Sections

.text Size: 196KB - Virtual size: 194KB

.rdata Size: 48KB - Virtual size: 45KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 22.9MB - Virtual size: 22.9MB

Password: infected

4ee318bd37d6980bb7c38a7ffa4a0f75

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

wininet

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 1008KB - Virtual size: 1008KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 180KB - Virtual size: 176KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 12KB - Virtual size: 24KB

.rsrc
Size: 23.0MB - Virtual size: 23.0MB

TEXT
Size: - Virtual size: 1.6MB

TEXT
Size: 769KB - Virtual size: 772KB

.rsrc
Size: 56KB - Virtual size: 60KB

.text
Size: 196KB - Virtual size: 194KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 22.9MB - Virtual size: 22.9MB

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 5KB