1c9ed4b3959f2fbc61a39ef5448ef91d9a9fcc3518c00765a5676bd1c7b05f7c

Sharing

Copy URL Twitter E-mail

General

Target

1c9ed4b3959f2fbc61a39ef5448ef91d9a9fcc3518c00765a5676bd1c7b05f7c
Size

137KB
MD5

27496664ae9f648e52765219fdead94c
SHA1

5a40635b5a4867d19b4ae13f59d947ec2fb90ce3
SHA256

1c9ed4b3959f2fbc61a39ef5448ef91d9a9fcc3518c00765a5676bd1c7b05f7c
SHA512

cc0edc18740cfdabde0e49227e1ad11bea6349044cb55403a09ae6f56aa3ae08c70f726eec8a7da27411c08f912f5a96e2782921ed51434235eefdf44158ff0e
SSDEEP

3072:isiXG9r7UbpjrVgmS6tl7GYonzMoZ+gAecI:isyGdob5lo8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c9ed4b3959f2fbc61a39ef5448ef91d9a9fcc3518c00765a5676bd1c7b05f7c

Files

1c9ed4b3959f2fbc61a39ef5448ef91d9a9fcc3518c00765a5676bd1c7b05f7c
.exe windows x86

6a7128ba99291f5f85cd94eaaef9d661

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapFree
TerminateProcess
HeapSize
HeapReAlloc
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapAlloc
RaiseException
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetModuleHandleA
FindResourceA
LoadResource
LockResource
GlobalFree
CloseHandle
GetCurrentDirectoryA
CreateProcessA
GetPriorityClass
SetPriorityClass
LoadLibraryA
GetProcAddress
ReadProcessMemory
GetProfileStringA
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
SetErrorMode
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
lstrcpynA
GetLastError
GetProcessVersion
SizeofResource
MulDiv
SetLastError
WriteProcessMemory
GetModuleFileNameA
GetCurrentThread
GlobalAlloc
lstrcmpA
MultiByteToWideChar
LocalFree
InterlockedDecrement
WideCharToMultiByte
lstrlenA
GlobalUnlock
InterlockedIncrement
GlobalLock
lstrcatA
FreeLibrary
GetVersion
lstrcmpiA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
VirtualAlloc
SetHandleCount
GetStdHandle
GetFileType

user32

SetWindowTextA
wvsprintfA
PostQuitMessage
IsDialogMessageA
SetCursor
ValidateRect
TranslateMessage
GetMessageA
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
LoadStringA
LoadCursorA
GetSysColorBrush
GetCursorPos
GetClassNameA
DestroyMenu
InvalidateRect
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
LoadIconA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
IsWindow
PtInRect
GetMenuCheckMarkDimensions
LoadBitmapA
CopyRect
IsWindowVisible
GetTopWindow
MessageBoxA
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
GetWindow
SetWindowLongA
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
MapDialogRect
SetWindowPos
PostMessageA
GetCapture
GetActiveWindow
GetAsyncKeyState
GetWindowLongA
GetFocus
SetFocus
GetDlgItem
IsWindowEnabled
GetParent
KillTimer
FindWindowA
SetActiveWindow
BringWindowToTop
SetForegroundWindow
EndDialog
CreateDialogIndirectParamA
AdjustWindowRectEx
ScreenToClient
GetClientRect
ShowWindow
SetTimer
GetWindowRect
EnableWindow
SendMessageA
GetMenuItemID
ShowCaret
IsWindowUnicode
CharNextA
InflateRect
DefDlgProcA
DrawFocusRect
ExcludeUpdateRgn
HideCaret
UnregisterClassA

gdi32

SetBkColor
DeleteDC
CreateBitmap
RestoreDC
SelectObject
SaveDC
SetBkMode
GetStockObject
SetViewportOrgEx
OffsetViewportOrgEx
SetMapMode
ScaleViewportExtEx
SetViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
GetClipBox
DeleteObject
GetDeviceCaps
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateDIBitmap
CreateCompatibleDC
BitBlt
GetTextExtentPointA
SetTextColor
GetObjectA
CreateFontA
PatBlt

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

comctl32

PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ord17

key

?install@@YAHPAUHWND__@@@Z
?uninstall@@YAHXZ

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WYCao
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a7128ba99291f5f85cd94eaaef9d661

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

key

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 8KB - Virtual size: 23KB

.WYCao Size: 13KB - Virtual size: 24KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 8KB - Virtual size: 23KB

.WYCao
Size: 13KB - Virtual size: 24KB