99e51b5984e78f16280b04829504e3addc7b3dbe3791c68989a28baed9c170f5

Sharing

Copy URL Twitter E-mail

General

Target

99e51b5984e78f16280b04829504e3addc7b3dbe3791c68989a28baed9c170f5
Size

993KB
MD5

4ccdc205cab4c937aa7665727a7685ec
SHA1

7d5c520d96887fc81e0331da5e5c369b99c0ab26
SHA256

99e51b5984e78f16280b04829504e3addc7b3dbe3791c68989a28baed9c170f5
SHA512

1f19909e5df620be0c0266858fdd4f3663309974f387d1d3f02af0f5ccb8d8b66c3ea72e10365c4b53c12fd8b584653f292871ca5eda1a58b76adec79fcf4fc2
SSDEEP

24576:uLBhj9xn4Ooa7wJf48QK+Hx9J/no6UT6qmXjCW+ig3F:40Ooa7wJf48QK+R9tno7T3mXjC2g3F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99e51b5984e78f16280b04829504e3addc7b3dbe3791c68989a28baed9c170f5

Files

99e51b5984e78f16280b04829504e3addc7b3dbe3791c68989a28baed9c170f5
.exe windows x86

d49f4f34336246976c691a501e392cf9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForMultipleObjects
CreateSemaphoreW
ReleaseSemaphore
GetOverlappedResult
SetEvent
SetNamedPipeHandleState
CreateFileW
CloseHandle
CreateEventW
SetUnhandledExceptionFilter
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
GetModuleHandleW
LocalAlloc
LocalFree
GetPrivateProfileStringW
WaitForSingleObject
SetErrorMode
LoadLibraryW
MultiByteToWideChar
GetVersionExW
GetProcessId
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetEnvironmentStringsW
EncodePointer
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
FreeLibrary
FreeEnvironmentStringsW
LeaveCriticalSection
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
GetTickCount
GetModuleHandleExW
GetProcAddress
InitializeCriticalSection
InterlockedExchange
SetLastError
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
RaiseException
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
QueryPerformanceCounter
GetTempPathW
GetFileAttributesW
IsProcessorFeaturePresent
GetShortPathNameW
WideCharToMultiByte
FreeResource
FreeLibraryAndExitThread
WaitNamedPipeW
CreateNamedPipeW
ConnectNamedPipe
WriteFileEx
CancelIo
ReadFileEx
DisconnectNamedPipe
OpenThread
SwitchToThread
CreateThread
ResetEvent
TerminateThread
OpenFileMappingW
ProcessIdToSessionId
GetPrivateProfileIntW
GetSystemTimeAsFileTime
UnmapViewOfFile
MapViewOfFile
WritePrivateProfileStringW
DecodePointer
CreateMutexW
OutputDebugStringW
CreateProcessW
Sleep
GlobalMemoryStatusEx
GetCommandLineW
AddVectoredExceptionHandler
TerminateProcess
GetCurrentProcessId
RemoveVectoredExceptionHandler
ReadFile
WriteFile

user32

RegisterClassExW
GetSystemMetrics
LoadImageW
GetClassInfoExW
InvalidateRect
GetDlgCtrlID
PtInRect
OffsetRect
GetCapture
ReleaseCapture
SetCapture
PostMessageW
SetTimer
KillTimer
GetCursorPos
GetWindowRect
WindowFromPoint
SetCursor
ReleaseDC
ShowWindow
SetScrollPos
GetScrollInfo
ClientToScreen
FillRect
DefWindowProcW
CallWindowProcW
DrawTextW
GetClientRect
EndPaint
RegisterWindowMessageW
GetDlgItem
ScreenToClient
MoveWindow
CreateDialogParamW
BeginPaint
IsWindow
SetRectEmpty
CloseDesktop
OpenDesktopW
PostThreadMessageW
SetWindowLongW
GetWindowLongW
GetParent
SendMessageW
LoadCursorW
UnregisterClassW
GetDC
EnableWindow
SetWindowTextW
CreateWindowExW
SetRect
SetFocus
SetWindowPos
GetDlgItemTextW
IsWindowEnabled
GetWindowTextW
SetForegroundWindow
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindow
SystemParametersInfoW
GetForegroundWindow
SendInput
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsClipboardFormatAvailable
GetClipboardData
GetLastActivePopup
GetGUIThreadInfo
SetWindowRgn
UpdateWindow
EndDialog
DialogBoxParamW
IsIconic
CharNextW
EnumWindows
GetActiveWindow
DestroyWindow
UnionRect
InflateRect
GetWindowThreadProcessId
FindWindowExW
SendMessageTimeoutW
DispatchMessageW
MsgWaitForMultipleObjectsEx
PeekMessageW
TranslateMessage
RegisterClassW
GetClassInfoW
PostQuitMessage
MsgWaitForMultipleObjects
IntersectRect
RegisterClipboardFormatW
DrawIconEx

gdi32

RestoreDC
SaveDC
GetTextMetricsW
DPtoLP
SetViewportOrgEx
BitBlt
IntersectClipRect
GetClipBox
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
SetTextColor
GetTextColor
CreateFontIndirectW
SelectObject
SetBkMode
DeleteDC
DeleteObject
OffsetWindowOrgEx
CreatePatternBrush
SetStretchBltMode
RectVisible
CreateRectRgn
GetObjectW
ExtTextOutW
CreatePen
CreateRectRgnIndirect
SetRectRgn
SelectClipRgn
CreateDCW
CreateBitmap
SetBkColor
StretchBlt
PatBlt
GetTextExtentPoint32W
CreatePenIndirect
CreateDIBSection
MoveToEx
LineTo
GetStockObject
CombineRgn
CreateRoundRectRgn
Rectangle

advapi32

InitializeSecurityDescriptor
AllocateAndInitializeSid
SetEntriesInAclW
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
OpenProcessToken
GetTokenInformation
ConvertStringSidToSidW
RegQueryValueExW
RegGetKeySecurity
RegSetKeySecurity
GetSecurityDescriptorDacl

shell32

ord165
SHGetFolderPathW

ole32

CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VarUI4FromStr

msvcp120

?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?_2@placeholders@std@@3V?$_Ph@$01@2@A
?_4@placeholders@std@@3V?$_Ph@$03@2@A
?_3@placeholders@std@@3V?$_Ph@$02@2@A
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
_Nan
_Inf
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xbad_function_call@std@@YAXXZ
?_1@placeholders@std@@3V?$_Ph@$00@2@A
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W0@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_BADOFF@std@@3_JB
?_Syserror_map@std@@YAPBDH@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
PathAppendW
PathFindExtensionW
StrCmpW

gdiplus

GdipBitmapUnlockBits
GdipCreateBitmapFromFile
GdipCreateHBITMAPFromBitmap
GdipAlloc
GdipDeleteGraphics
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdipCloneBitmapAreaI
GdipGetImageHeight
GdipFree
GdiplusShutdown
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipSetInterpolationMode
GdipCreateFromHDC
GdipDisposeImage
GdipBitmapLockBits
GdipCloneImage
GdipGetImageWidth
GdiplusStartup

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

usp10

ScriptStringFree
ScriptStringOut
ScriptStringAnalyse

msvcr120

??0bad_cast@std@@QAE@ABV01@@Z
memcpy
memcmp
floor
ceil
__RTDynamicCast
_CxxThrowException
_dtest
localeconv
strchr
modf
sscanf
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
__CxxFrameHandler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
memset
_wsplitpath_s
sprintf_s
memchr
_wcslwr_s
tolower
strstr
sprintf
??8type_info@@QBE_NABV0@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
_waccess_s
?terminate@@YAXXZ
_vsnprintf
_vsnwprintf
fclose
fflush
setvbuf
fsetpos
fgetpos
_fseeki64
fwrite
_unlock_file
_lock_file
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
_except1
??0exception@std@@QAE@ABV01@@Z
wcsrchr
_ultow_s
ungetc
fputc
fgetc
_wcsnicmp
_set_invalid_parameter_handler
wcsstr
malloc
wcschr
_vscwprintf
swprintf_s
_recalloc
wmemcpy_s
memmove_s
_wtoi
memcpy_s
_wcsicmp
vswprintf_s
_purecall
wcsncpy_s
memmove
??2@YAPAXI@Z
??_V@YAXPAX@Z
free
??3@YAXPAX@Z

imm32

ImmDisableIME

crypt32

CertNameToStrW
CertGetNameStringW

imagehlp

ImageGetCertificateHeader

imepng

png_set_read_fn
png_get_error_ptr
png_create_info_struct
png_create_read_struct
png_read_png
png_destroy_read_struct
png_set_error_fn

Sections

.text
Size: 622KB - Virtual size: 621KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BaiduQu
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d49f4f34336246976c691a501e392cf9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp120

shlwapi

gdiplus

msimg32

comctl32

usp10

msvcr120

imm32

crypt32

imagehlp

imepng

Sections

.text Size: 622KB - Virtual size: 621KB

.rdata Size: 188KB - Virtual size: 187KB

.data Size: 23KB - Virtual size: 30KB

.BaiduQu Size: 512B - Virtual size: 4B

.rsrc Size: 124KB - Virtual size: 123KB

.reloc Size: 34KB - Virtual size: 34KB

.text
Size: 622KB - Virtual size: 621KB

.rdata
Size: 188KB - Virtual size: 187KB

.data
Size: 23KB - Virtual size: 30KB

.BaiduQu
Size: 512B - Virtual size: 4B

.rsrc
Size: 124KB - Virtual size: 123KB

.reloc
Size: 34KB - Virtual size: 34KB