32ca93e41f5db95c98da0bce10a068cb8f3e3f8a0374c65466c3fb271d1ce737

Sharing

Copy URL

Twitter E-mail

General

Target

32ca93e41f5db95c98da0bce10a068cb8f3e3f8a0374c65466c3fb271d1ce737
Size

974KB
MD5

299dd5a95f7060e0f97e36648a6176fe
SHA1

11452b03ccada3c72fa323f8940ce07b61fd3c90
SHA256

32ca93e41f5db95c98da0bce10a068cb8f3e3f8a0374c65466c3fb271d1ce737
SHA512

40d28668727c6af04f62c282babe723f951d59b87ed92138e380295716f3eef2bfc2f7f405a0cadd2e77e6546127145cf5b20e0efa1edf10dc0266777771e5b4
SSDEEP

24576:+Kmy6kXSsvNDT3bnZwQIwj09f+oYOFBQykEq4wCjd+yVtJkQ1P:cyksvNDT3bnZwQInGOFrkEvjd+yRRP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32ca93e41f5db95c98da0bce10a068cb8f3e3f8a0374c65466c3fb271d1ce737

Files

32ca93e41f5db95c98da0bce10a068cb8f3e3f8a0374c65466c3fb271d1ce737
.exe windows x86

7b50fb6e9e6f4beebd1302e4b40481f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

duilib

?OnKillFocus@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSetFocus@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnLButtonDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnLButtonUp@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseMove@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?HandleMessage@WindowImplBase@DuiLib@@UAEJIIJ@Z
?HandleCustomMessage@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?GetStyle@WindowImplBase@DuiLib@@UAEJXZ
?SetValue@CProgressUI@DuiLib@@QAEXH@Z
?GetData@CDuiString@DuiLib@@QBEPB_WXZ
??YCDuiString@DuiLib@@QAEABV01@PB_W@Z
?GetInstance@CPaintManagerUI@DuiLib@@SAPAUHINSTANCE__@@XZ
?GetInstancePath@CPaintManagerUI@DuiLib@@SA?AVCDuiString@2@XZ
?OnKeyDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?SetInstance@CPaintManagerUI@DuiLib@@SAXPAUHINSTANCE__@@@Z
?SetResourcePath@CPaintManagerUI@DuiLib@@SAXPB_W@Z
?SetResourceZip@CPaintManagerUI@DuiLib@@SAXPAXI@Z
?SetResourceType@CPaintManagerUI@DuiLib@@SAXH@Z
?GetResourceType@CPaintManagerUI@DuiLib@@SAHXZ
?Create@CWindowWnd@DuiLib@@QAEPAUHWND__@@PAU3@PB_WKKHHHHPAUHMENU__@@@Z
?ShowModal@CWindowWnd@DuiLib@@QAEIXZ
?CenterWindow@CWindowWnd@DuiLib@@QAEXXZ
??0CDuiRect@DuiLib@@QAE@XZ
?GetWidth@CDuiRect@DuiLib@@QBEHXZ
?GetHeight@CDuiRect@DuiLib@@QBEHXZ
?OnCreate@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSysCommand@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnChar@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSize@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseHover@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseWheel@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnGetMinMaxInfo@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcHitTest@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcPaint@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcCalcSize@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcActivate@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnDestroy@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnClose@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?MessageHandler@WindowImplBase@DuiLib@@UAEJIIJAA_N@Z
?QueryControlText@WindowImplBase@DuiLib@@UAEPB_WPB_W0@Z
?CreateControl@WindowImplBase@DuiLib@@UAEPAVCControlUI@2@PB_W@Z
?GetClassStyle@WindowImplBase@DuiLib@@UBEIXZ
?ResponseDefaultKeyEvent@WindowImplBase@DuiLib@@MAEJI@Z
?OnClick@WindowImplBase@DuiLib@@MAEXAAUtagTNotifyUI@2@@Z
?GetMessageMap@WindowImplBase@DuiLib@@MBEPBUDUI_MSGMAP@2@XZ
?Notify@WindowImplBase@DuiLib@@UAEXAAUtagTNotifyUI@2@@Z
?OnFinalMessage@WindowImplBase@DuiLib@@UAEXPAUHWND__@@@Z
?GetSuperClassName@CWindowWnd@DuiLib@@MBEPB_WXZ
?SetIcon@CWindowWnd@DuiLib@@QAEXI@Z
?Close@CWindowWnd@DuiLib@@QAEXI@Z
??0CWindowWnd@DuiLib@@QAE@XZ
?GetMessageMap@CNotifyPump@DuiLib@@MBEPBUDUI_MSGMAP@2@XZ
?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z
??1CPaintManagerUI@DuiLib@@UAE@XZ
??0CPaintManagerUI@DuiLib@@QAE@XZ
??YCEventSource@DuiLib@@QAEXABVCDelegateBase@1@@Z
?GetObjectW@CDelegateBase@DuiLib@@IAEPAXXZ
??1CDelegateBase@DuiLib@@UAE@XZ
??0CDuiString@DuiLib@@QAE@XZ
??0CDelegateBase@DuiLib@@QAE@ABV01@@Z
??0CDelegateBase@DuiLib@@QAE@PAX0@Z
??1CStdStringPtrMap@DuiLib@@QAE@XZ
??0CStdStringPtrMap@DuiLib@@QAE@H@Z
?Format@CDuiString@DuiLib@@QAAHPB_WZZ
??8CDuiString@DuiLib@@QBE_NPB_W@Z
??BCDuiString@DuiLib@@QBEPB_WXZ
??1CDuiString@DuiLib@@QAE@XZ
??0CDuiString@DuiLib@@QAE@PB_WH@Z
?GetResourceDll@CPaintManagerUI@DuiLib@@SAPAUHINSTANCE__@@XZ

kernel32

SetUnhandledExceptionFilter
GetCurrentThreadId
LoadLibraryW
DecodePointer
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateThread
GetCurrentDirectoryW
ExpandEnvironmentStringsA
SetEndOfFile
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetStdHandle
GetFullPathNameW
GetCurrentProcessId
GetCurrentProcess
GetProcAddress
FreeLibrary
FindResourceW
GetCommandLineW
GetCommandLineA
CreateMutexW
SizeofResource
LoadResource
LockResource
FreeResource
Sleep
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
MultiByteToWideChar
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
WriteFile
ExitProcess
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
CreateFileW
GetModuleFileNameW
GetTickCount
CloseHandle
ReadFile
WaitForSingleObject
GetLastError
LoadLibraryExW
lstrcmpiA
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
GetCPInfo
SetLastError
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
FormatMessageA
InitializeCriticalSection
SleepEx
WaitForMultipleObjects
GetFileType
GetStdHandle
PeekNamedPipe
VerSetConditionMask
GetSystemDirectoryW
VerifyVersionInfoW
GetModuleFileNameA
GetLocalTime
GetModuleHandleExW
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind

user32

GetForegroundWindow
GetShellWindow
GetSystemMetrics
WindowFromPoint
SendMessageW
MoveWindow
KillTimer
SetTimer
SetWindowTextW
SystemParametersInfoW
FindWindowW
GetDesktopWindow
GetWindowRect
GetClassNameA

advapi32

GetTokenInformation
RegCloseKey
RegCreateKeyExA
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegOpenCurrentUser
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptEncrypt
CryptImportKey
CryptGetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
OpenProcessToken

shell32

ShellExecuteA
CommandLineToArgvW
SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteExW

ole32

CoUninitialize
CoInitialize

shlwapi

PathAppendW
StrStrIA
PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

getsockname
getpeername
connect
closesocket
bind
getsockopt
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
htons
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
recvfrom
sendto
accept
listen
ioctlsocket
gethostname
send

wldap32

ord301
ord127
ord27
ord26
ord118
ord41
ord208
ord216
ord14
ord46
ord145
ord142
ord79
ord133
ord147
ord167

Sections

.text
Size: 615KB - Virtual size: 615KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7b50fb6e9e6f4beebd1302e4b40481f7

Headers

DLL Characteristics

File Characteristics

Imports

duilib

kernel32

user32

advapi32

shell32

ole32

shlwapi

version

ws2_32

wldap32

Sections

.text Size: 615KB - Virtual size: 615KB

.rdata Size: 135KB - Virtual size: 134KB

.data Size: 8KB - Virtual size: 14KB

.gfids Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 97KB - Virtual size: 100KB

.text
Size: 615KB - Virtual size: 615KB

.rdata
Size: 135KB - Virtual size: 134KB

.data
Size: 8KB - Virtual size: 14KB

.gfids
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 97KB - Virtual size: 100KB