Cientx2Patch-2[.]4[.]2[.]18-2[.]4[.]2[.]21-zh-cn[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Cientx2Patch-2.4.2.18-2.4.2.21-zh-cn.exe
Size

11.5MB
MD5

86d3f49dbdfd2ee68f5ffe24caea0468
SHA1

5c3eb33f83e716d89166a528a6963677d329fe76
SHA256

73d831e0167deb8a7022a09c17c13da24e336ac6af4a0362d74737284e54f082
SHA512

9cf023471cfd7239d05fad0ef6fbd68430dbc3c2bc14492198e5d497c514e25aae9ab4625fa7216484e67b775c6ea2998bedeb58f9674a2ec224ae43d4fc5230
SSDEEP

196608:rYtWuRt36cLVH8LhMVl2zJLtRUcQJYkchcsU0fXZ3RAGdmoc4CXDaqj7LO6D41Ke:YWm36cHPylLUclkch/UIXZ3RAP1X7O6C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Cientx2Patch-2.4.2.18-2.4.2.21-zh-cn.exe

Files

Cientx2Patch-2.4.2.18-2.4.2.21-zh-cn.exe
.exe windows x86

d13195e3037e5fc54e6b36f55412e713

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipCreateFromHDC
GdipAlloc
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipCloneImage
GdipDrawImageRectI
GdipDeleteGraphics
GdipFree
GdiplusStartup
GdiplusShutdown

kernel32

VirtualFree
FormatMessageW
SystemTimeToFileTime
GetLocalTime
CloseHandle
GetLastError
CreateFileW
MultiByteToWideChar
CreateFileA
GetFileSizeEx
GetFileType
WriteFile
ReadFile
GetStdHandle
GetStartupInfoW
SetFilePointerEx
CreateEventW
WaitForSingleObject
SetFilePointer
SetEndOfFile
GetFileSize
WritePrivateProfileStringW
CopyFileW
WideCharToMultiByte
GetFileTime
GetPrivateProfileIntW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetPrivateProfileStringW
ResetEvent
SetFileTime
GetFileAttributesW
EndUpdateResourceW
EnumResourceTypesW
FreeLibrary
Sleep
BeginUpdateResourceW
LoadLibraryW
EnumResourceNamesW
EnumResourceLanguagesW
UpdateResourceW
SizeofResource
LockResource
LoadResource
FindResourceW
Process32NextW
TerminateProcess
OpenProcess
GetCurrentProcessId
Process32FirstW
VirtualAlloc
GetDiskFreeSpaceExW
GetDriveTypeW
GetExitCodeThread
GetCurrentThread
SetEvent
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDebuggerPresent
GetCommandLineW
CreateMutexA
OpenMutexA
GetModuleFileNameW
CreateThread
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateEventA
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSection
GetFullPathNameW
HeapSize
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
FlushFileBuffers
SetStdHandle
GetFullPathNameA
HeapReAlloc
GetConsoleMode
GetUserDefaultLCID
GetConsoleCP
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapCreate
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
WriteConsoleA
WriteConsoleW
GetConsoleOutputCP
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetExitCodeProcess
CreateProcessW
GetLocaleInfoW
GetProcessHeap
CreateToolhelp32Snapshot
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetModuleFileNameA
ExitProcess
GetProcAddress
GetModuleHandleW
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
HeapAlloc
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
GetFileInformationByHandle
PeekNamedPipe
RtlUnwind
RaiseException
MoveFileW
SetFileAttributesW
CreateDirectoryW
DeleteFileW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentDirectoryA
ExitThread
GetCurrentThreadId
LCMapStringA
LCMapStringW
GetCPInfo

user32

GetSystemMenu
EnableMenuItem
GetWindowTextW
SetFocus
EndDialog
GetDlgItem
EnableWindow
SetWindowTextW
BeginPaint
GetWindowRect
EndPaint
DefWindowProcW
GetDesktopWindow
DialogBoxParamW
LoadIconW
LoadCursorW
RegisterClassW
CreateWindowExW
GetSystemMetrics
MoveWindow
SetTimer
LoadStringW
MessageBoxW
KillTimer
InvalidateRect
UpdateWindow
PostMessageW
SendMessageW
ShowWindow

gdi32

GetStockObject
SetBkMode

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW

shell32

SHBrowseForFolderW
CommandLineToArgvW
SHGetFolderLocation
SHGetPathFromIDListW
SHChangeNotify

ole32

CoInitializeEx
CoCreateInstance
CoTaskMemFree
CreateStreamOnHGlobal
CoUninitialize

Sections

.text
Size: 437KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 526KB - Virtual size: 525KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d13195e3037e5fc54e6b36f55412e713

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 437KB - Virtual size: 436KB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 7KB - Virtual size: 1.0MB

.rsrc Size: 526KB - Virtual size: 525KB

.text
Size: 437KB - Virtual size: 436KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 7KB - Virtual size: 1.0MB

.rsrc
Size: 526KB - Virtual size: 525KB