acb228b66695dc08d19b2f76b203056a920fe58df3aaf6281ee4645d72b70d69

Sharing

Copy URL

Twitter E-mail

General

Target

acb228b66695dc08d19b2f76b203056a920fe58df3aaf6281ee4645d72b70d69
Size

808KB
MD5

eed6699d047c428b70bc3d99e355a7c2
SHA1

632b2c7be0dc4c054b9dbf8c6b0db5d5499a34ff
SHA256

acb228b66695dc08d19b2f76b203056a920fe58df3aaf6281ee4645d72b70d69
SHA512

54f168d2c73c775c053dd37dd271869261484f6d47bbebab98957600e65cc995ea9f0bef2200e35b3b3cb6a6ec3ffeb827aae14f807938c108d234ca5a7c6237
SSDEEP

12288:MJKCRsK2OANPG2Nl4ySBCGdo6hcXBW3CMYxHwALEQ2BjvrEH7q:LVrNl4yh8DhcXBW3CM4rgrEH7q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
acb228b66695dc08d19b2f76b203056a920fe58df3aaf6281ee4645d72b70d69

Files

acb228b66695dc08d19b2f76b203056a920fe58df3aaf6281ee4645d72b70d69
.exe windows:6 windows x86 arch:x86

361f7e4bd354f199bd8959dc3b1fc9bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\用户数据\Documents\Visual Studio 2015\Projects\Dism++\Release\Dism++x86.pdb

Imports

kernel32

HeapReAlloc
HeapFree
InitOnceExecuteOnce
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
Sleep
TerminateProcess
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetNativeSystemInfo
IsWow64Process
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
GetCurrentThreadId
HeapDestroy
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
VerifyVersionInfoW
VerSetConditionMask
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WritePrivateProfileSectionW
GetFileAttributesW
DeviceIoControl
GetVolumePathNameW
GetVolumeInformationByHandleW
GetModuleFileNameW
GetEnvironmentVariableW
UnmapViewOfFile
MoveFileExW
DeleteFileW
GlobalMemoryStatusEx
GetUserDefaultLCID
LCIDToLocaleName
GetThreadLocale
GetLocaleInfoEx
CreateProcessW
GetWindowsDirectoryW
FindClose
FindFirstFileW
FindNextFileW
IsValidLocaleName
MoveFileW
CreateDirectoryW
GetVolumeInformationW
SetVolumeLabelW
RemoveDirectoryW
DeleteCriticalSection
GetTickCount
CreateFileMappingW
MapViewOfFile
LocalFree
GetCurrentProcess
ReadFile
WriteFile
SetFilePointer
GetTempPathA
GetTempFileNameA
DeleteFileA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
lstrcpyA
lstrcpynA
ReleaseMutex
HeapAlloc
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
InitializeSRWLock
AcquireSRWLockExclusive
AcquireSRWLockShared
VirtualFreeEx
VirtualAllocEx
DuplicateHandle
WaitForMultipleObjects
ExpandEnvironmentStringsW
SetFilePointerEx
GetFileSizeEx
SetEnvironmentVariableW
GetVolumeNameForVolumeMountPointW
CreateMutexW
GetFullPathNameW
lstrcmpiA
CopyFileW
GetFileSize
GetLocaleInfoW
GetExitCodeProcess
WideCharToMultiByte
lstrcmpA
SystemTimeToFileTime
GetExitCodeThread
EnumUILanguagesW
CopyFileExW
FreeResource
SetThreadUILanguage
SetThreadLocale
LocaleNameToLCID
OpenProcess
DecodePointer
VirtualProtect
GetDiskFreeSpaceExW
GetCurrentProcessId
VirtualQuery
GetProcessId
GetSystemTime
LoadLibraryW
FormatMessageW
GetLongPathNameW
GetTempPathW
MultiByteToWideChar
GetDriveTypeW
SetFileAttributesW
ProcessIdToSessionId
GetShortPathNameW
GetLocalTime
GetStartupInfoW
WritePrivateProfileStringW
GetModuleHandleExW
GetDiskFreeSpaceW
GetPrivateProfileSectionW
GetVersionExW
GetPrivateProfileStringW
LocalFileTimeToFileTime
GetCurrentDirectoryW
DosDateTimeToFileTime
MulDiv
GetTickCount64
TerminateThread
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GlobalAlloc
GlobalLock
GlobalUnlock
CreateIoCompletionPort
EncodePointer
SetErrorMode
SetLastError
GetLastError
RaiseException
CloseHandle
ReleaseSRWLockShared
CreateFileW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
IsDebuggerPresent
OutputDebugStringW
WakeAllConditionVariable
ExitProcess
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
AreFileApisANSI

comctl32

ord17
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
ord345
InitCommonControlsEx
_TrackMouseEvent

ntdll

RtlAdjustPrivilege
ZwClose
NtCreateFile
NtQueryVolumeInformationFile
RtlGetLastNtStatus
RtlImageNtHeader
ZwOpenSymbolicLinkObject
RtlInitUnicodeString
NtWriteFile
ZwQuerySymbolicLinkObject
RtlImageRvaToVa
NtDeleteKey
NtQueryInformationProcess
NtShutdownSystem
NtReadFile
NtQueryInformationFile
RtlComputeCrc32
NtSetInformationFile
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
NtClose
ZwQueryDirectoryFile
NtOpenFile
NtReadVirtualMemory
NtWriteVirtualMemory
NtQuerySystemInformation
ZwAddBootEntry
ZwSetBootEntryOrder
NtTranslateFilePath
ZwEnumerateBootEntries
ZwQueryBootEntryOrder
RtlNtStatusToDosError
LdrVerifyImageMatchesChecksum

msvcrt

_ftol2_sse
_except_handler3
_ftol2
memset
??3@YAXPAX@Z
_purecall
??2@YAPAXI@Z
wcsnlen
memcpy
_errno
wcstoul
wcsncpy_s
wcslen
memmove
memcmp
_wcsnicmp
wcschr
towupper
??_V@YAXPAX@Z
??_U@YAPAXI@Z
wcsftime
_localtime64_s
_time64
_wcstoui64
_wcsicmp
_beginthreadex
_wcslwr_s
bsearch
free
malloc
strlen
strnlen
_mktime64
wcscpy
wcstol
_strtoui64
realloc
strcmp
strtoul
strtol
_wtoi
isdigit
??0exception@@QAE@ABV0@@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
_wcsupr_s
wcsrchr
wcsstr
_mbschr
_mbslwr_s
iswspace
wcscmp
wcscpy_s
_mbscmp
calloc
abs
toupper
wcsncpy
_itow
wcstod
wcscat
_strcmpi
qsort_s
_lrotl
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
__CxxFrameHandler3
_amsg_exit
_except_handler4_common
__wgetmainargs
__setusermatherr
_initterm
_initterm_e
_set_fmode
__p__commode
_controlfp_s
_strlwr
__DestructExceptionObject
_invalid_parameter
_msize
__set_app_type
_wcmdln
abort
_XcptFilter
?terminate@@YAXXZ
vswprintf_s
_vscwprintf
swscanf
sscanf
vsprintf_s
_vscprintf
swprintf_s

Exports

Exports

BcdGetCurrentEntryIdentifier
BcdGetFirmwareBootDevice
BcdGetFirmwareType
BcdGetSystemPartition
BcdIsWinPEBoot
BcdOpenStore
DismAddDriver
DismAddPackage
DismAppAssociationsDefaultExport
DismAppAssociationsDefaultImport
DismAppAssociationsDefaultRemove
DismAppAssociationsExport
DismAppAssociationsImport
DismAppAssociationsRemove
DismApplyDPI
DismApplyImage
DismAppxsCleanup
DismCaptureImage
DismCommitImage
DismCompactOs
DismComponentCleanup
DismCreateInterface
DismDeleteImage
DismDriverCleanup
DismExpandEnvironmentStrings
DismExportImage
DismFormatMessage
DismFreeMemory
DismGetAllUsersAppx
DismGetCapabilities
DismGetDrivers
DismGetFeatures
DismGetFileFilter
DismGetImageFileInfo
DismGetMountedImages
DismGetPackages
DismGetProvisionedAppxs
DismGetScratchDir
DismGetServices
DismGetSystemInfoByPath
DismGetSystemInfoBySession
DismHardLinkMerge
DismIsNoviceMode
DismMountImage
DismMultiLanguage
DismRegOpenKey
DismRegOpenKeyEx
DismRemoveAppx
DismRemoveCapability
DismRemoveDriver
DismRemovePackage
DismRemoveProvisionedAppx
DismRemoveService
DismRestoreHealth
DismScanHealth
DismSetBootImage
DismSetImageFileInfo
DismSetServiceStart
DismUnmountImage
DismWriteLog
IbsSetFirstBootCommandLine
WinREConfig2

Sections

.text
Size: 533KB - Virtual size: 533KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

361f7e4bd354f199bd8959dc3b1fc9bd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

comctl32

ntdll

msvcrt

Exports

Exports

Sections

.text Size: 533KB - Virtual size: 533KB

.rdata Size: 148KB - Virtual size: 147KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 46KB - Virtual size: 45KB

.text
Size: 533KB - Virtual size: 533KB

.rdata
Size: 148KB - Virtual size: 147KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 46KB - Virtual size: 45KB