533438efdbf55cdec055a7088fd72386b92b2e296a50fda5746164fb200c9953

Sharing

Copy URL Twitter E-mail

General

Target

533438efdbf55cdec055a7088fd72386b92b2e296a50fda5746164fb200c9953
Size

280KB
MD5

826c4ba8496450d5a7a9ebab1e09187e
SHA1

391d199d5035592cfc180ad0e511a94e7ab012a5
SHA256

533438efdbf55cdec055a7088fd72386b92b2e296a50fda5746164fb200c9953
SHA512

66edf51a8c07e569cc1c7398d8528db08032bc58460a3ff72be1218c454b9de546b27cdbf596ddca4c3e3cab081e0e5b53ea452580414ef74a320f9cd88c02bc
SSDEEP

3072:Eo+oSXP4ARTvffu1D3GJtgkP063C2IxljYocrSJ3JXolOnwjtI2a4Ek:EDoSXP4AFabGJtgK0iIjjYocA0On7W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
533438efdbf55cdec055a7088fd72386b92b2e296a50fda5746164fb200c9953

Files

533438efdbf55cdec055a7088fd72386b92b2e296a50fda5746164fb200c9953
.exe windows x86

110d51eb9d13a17bdea3cf10f77b6682

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

kernel32

LocalAlloc
Sleep
GetLastError
MapViewOfFile
CreateFileMappingA
WriteFile
SetEndOfFile
GetFileAttributesExA
SetFileAttributesA
CopyFileA
FindNextFileA
FindClose
FindFirstFileA
RemoveDirectoryA
CreateDirectoryA
MoveFileA
GetTempPathA
GetWindowsDirectoryA
GetLogicalDrives
GetFileAttributesA
SetThreadPriority
SetPriorityClass
GetCurrentThread
GetCurrentProcess
GetVersionExA
GetTempFileNameA
HeapFree
HeapAlloc
GetProcessHeap
CreateFileW
FindFirstFileW
MultiByteToWideChar
lstrlenA
GetDiskFreeSpaceA
GetUserDefaultLangID
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
FreeResource
GlobalFree
GlobalHandle
LockResource
LoadResource
FindResourceA
LocalFree
lstrlenW
GlobalUnlock
GlobalLock
InterlockedIncrement
InterlockedDecrement
lstrcmpA
VirtualQueryEx
GetSystemInfo
RaiseException
GetFullPathNameA
GetCurrentDirectoryA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetConsoleCtrlHandler
FlushFileBuffers
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
WideCharToMultiByte
SetStdHandle
GetStdHandle
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
ExitProcess
GetCommandLineA
GetStartupInfoA
GetFileType
FileTimeToLocalFileTime
FileTimeToSystemTime
RtlUnwind
HeapSize
GetEnvironmentVariableA
GetShortPathNameA
DeleteFileA
ReadFile
SetFilePointer
GetFileSize
UnmapViewOfFile
GetFileTime
SetFileTime
GetModuleHandleA
CreateThread
WaitForSingleObject
TerminateThread
VirtualProtectEx
WriteProcessMemory
TerminateProcess
DeviceIoControl
GetModuleFileNameA
SetCurrentDirectoryA
CreateFileA
FreeLibrary
GetVersion
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
CloseHandle
OpenProcess
ReadProcessMemory
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetLogicalDriveStringsA
GetDriveTypeA
GlobalAlloc

user32

SetWindowPos
IsWindow
BeginPaint
RedrawWindow
EndPaint
GetDC
GetDesktopWindow
IsChild
FillRect
GetClassNameA
SendMessageA
SetWindowTextA
GetParent
CreateAcceleratorTableA
DestroyWindow
CreateWindowExA
wsprintfA
ReleaseCapture
MessageBoxA
CharUpperA
GetActiveWindow
SetCapture
InvalidateRgn
ShowWindow
MapWindowPoints
SystemParametersInfoA
GetWindowRect
ReleaseDC
EndDialog
DialogBoxParamA
SendDlgItemMessageA
SetFocus
EnableWindow
GetDlgItem
GetFocus
EnableMenuItem
GetSystemMenu
GetWindowLongA
GetSysColor
GetWindowTextLengthA
GetWindowTextA
GetWindow
DefWindowProcA
RegisterWindowMessageA
GetClassInfoExA
RegisterClassExA
DialogBoxIndirectParamA
GetCursorPos
ScreenToClient
GetClientRect
PtInRect
SetTimer
InvalidateRect
WindowFromPoint
KillTimer
LoadCursorA
SetCursor
CallWindowProcA
GetDlgCtrlID
GetSysColorBrush
LoadIconA
SetWindowLongA
SetDlgItemTextA

gdi32

CreateCompatibleBitmap
DeleteObject
SetBkMode
GetStockObject
SetTextColor
CreateSolidBrush
CreateFontIndirectA
GetObjectA
GetDeviceCaps
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC

advapi32

OpenServiceA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegEnumValueA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey
RegEnumKeyExA
RegDeleteKeyA
EnumServicesStatusA
QueryServiceStatus
ControlService
CloseServiceHandle
QueryServiceConfigA
OpenSCManagerA
DeleteService

shell32

ShellExecuteA

ole32

CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleInitialize
CreateStreamOnHGlobal
OleUninitialize
OleLockRunning

oleaut32

VariantClear
SysStringLen
LoadRegTypeLi
SysAllocString
SysAllocStringLen
SysFreeString
GetErrorInfo
SetErrorInfo
VariantChangeType
CreateErrorInfo
VariantInit
OleCreateFontIndirect

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ws2_32

inet_ntoa
WSACleanup
gethostname
WSAStartup
gethostbyname

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WYCao
Size: 76KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

110d51eb9d13a17bdea3cf10f77b6682

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

ws2_32

Sections

.text Size: 160KB - Virtual size: 159KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 20KB - Virtual size: 1.1MB

.WYCao Size: 76KB - Virtual size: 92KB

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 20KB - Virtual size: 1.1MB

.WYCao
Size: 76KB - Virtual size: 92KB