48a46a617e71a16383a0cf6214b8d867d46ffe24aa47d545f88faf479545952e

Sharing

Copy URL Twitter E-mail

General

Target

48a46a617e71a16383a0cf6214b8d867d46ffe24aa47d545f88faf479545952e
Size

877KB
MD5

1dbdfc2322501d8ad41832eeed2ceeba
SHA1

392f6f9d795e53972b66bbdb4d0c7f4f3cb217bf
SHA256

48a46a617e71a16383a0cf6214b8d867d46ffe24aa47d545f88faf479545952e
SHA512

d06bd969da8cb0ca34e88378823d553d5cbc53226525cf6d536690643e8c49d22417fc0b464d900b341b624989602116975ff3f33c2d80987245a61397834909
SSDEEP

24576:H1QNI+QucJJgRrzh1mckKDwWoVOZXxZ/l0CG:m5Qucbgdvmc+lOZXxZ/GCG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48a46a617e71a16383a0cf6214b8d867d46ffe24aa47d545f88faf479545952e

Files

48a46a617e71a16383a0cf6214b8d867d46ffe24aa47d545f88faf479545952e
.exe windows x86

f8e0437cbea250542cfabc42c1b199bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileExW
GetProcessHeap
SetFilePointerEx
FlushFileBuffers
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
GetModuleHandleExW
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
ReadConsoleW
HeapSize
CreateProcessW
CreateThread
PeekNamedPipe
CreatePipe
HeapReAlloc
HeapFree
HeapAlloc
GetFileType
SetStdHandle
LoadLibraryExW
FreeLibrary
RtlUnwind
RaiseException
InitializeSListHead
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
SetEvent
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
LCMapStringW
CompareStringW
GetProcAddress
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
ExitProcess
FindResourceW
LoadResource
FreeResource
GetStdHandle
SizeofResource
FormatMessageW
WideCharToMultiByte
GetModuleHandleW
Process32FirstW
DeleteFileW
lstrcatW
Process32NextW
GetLastError
Sleep
CreateToolhelp32Snapshot
OpenProcess
GetCurrentThreadId
WritePrivateProfileStringW
FindClose
GetModuleFileNameW
TerminateProcess
GetShortPathNameW
FindNextFileW
ReadFile
MultiByteToWideChar
GetLocalTime
lstrcpyW
lstrlenW
lstrcpyA
GetFileSize
CloseHandle
GetFileAttributesW
CreateFileW
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
WriteFile
EnterCriticalSection
CreateDirectoryW
OutputDebugStringW
GetPrivateProfileStringW
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
GetCPInfo
DecodePointer
EncodePointer
DeleteCriticalSection
GetStringTypeW
LockResource
IsValidCodePage
SetEndOfFile

user32

CreatePopupMenu
FindWindowW
SendMessageW
wsprintfW
SetForegroundWindow
TrackPopupMenu
PostQuitMessage
LoadIconW
MessageBoxW
GetCursorPos
AppendMenuW

shell32

SHGetSpecialFolderLocation
ShellExecuteW
SHGetPathFromIDListW
Shell_NotifyIconW

ole32

CoUninitialize
CoInitialize

gdiplus

GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImageWidth
GdipDeleteGraphics
GdipGetImageEncodersSize
GdipFillRectangleI
GdipGetImageGraphicsContext
GdipBitmapGetPixel
GdiplusStartup
GdiplusShutdown
GdipGetImageHeight
GdipGetImageEncoders
GdipDeleteBrush
GdipDisposeImage
GdipBitmapSetPixel
GdipCreateSolidFill
GdipSaveImageToFile

duilib

?GetResourceDll@CPaintManagerUI@DuiLib@@SAPAUHINSTANCE__@@XZ
?SetInstance@CPaintManagerUI@DuiLib@@SAXPAUHINSTANCE__@@@Z
?SetResourcePath@CPaintManagerUI@DuiLib@@SAXPB_W@Z
?SetResourceZip@CPaintManagerUI@DuiLib@@SAXPB_W_N0@Z
?SetResourceZip@CPaintManagerUI@DuiLib@@SAXPAXIPB_W@Z
?SetResourceType@CPaintManagerUI@DuiLib@@SAXH@Z
?GetResourceType@CPaintManagerUI@DuiLib@@SAHXZ
??0WindowImplBase@DuiLib@@QAE@XZ
??1WindowImplBase@DuiLib@@UAE@XZ
?InitResource@WindowImplBase@DuiLib@@UAEXXZ
?GetSkinType@WindowImplBase@DuiLib@@MAE?AVCDuiString@2@XZ
?GetManagerName@WindowImplBase@DuiLib@@MAEPB_WXZ
??0CDuiString@DuiLib@@QAE@PB_WH@Z
??1CDuiString@DuiLib@@QAE@XZ
??8CDuiString@DuiLib@@QBE_NPB_W@Z
?GetSuperClassName@CWindowWnd@DuiLib@@MBEPB_WXZ
?OnFinalMessage@WindowImplBase@DuiLib@@UAEXPAUHWND__@@@Z
?GetMessageMap@WindowImplBase@DuiLib@@MBEPBUDUI_MSGMAP@2@XZ
?OnClick@WindowImplBase@DuiLib@@MAEXAAUtagTNotifyUI@2@@Z
?ResponseDefaultKeyEvent@WindowImplBase@DuiLib@@MAEJI@Z
?GetClassStyle@WindowImplBase@DuiLib@@UBEIXZ
?QueryControlText@WindowImplBase@DuiLib@@UAEPB_WPB_W0@Z
?GetInstancePath@CPaintManagerUI@DuiLib@@SA?AVCDuiString@2@XZ
?OnClose@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnDestroy@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcActivate@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcCalcSize@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcPaint@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcHitTest@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnGetMinMaxInfo@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseWheel@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseHover@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSize@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnChar@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSysCommand@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnCreate@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnKeyDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnKillFocus@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSetFocus@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnLButtonDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnLButtonUp@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseMove@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?HandleMessage@WindowImplBase@DuiLib@@UAEJIIJ@Z
?HandleCustomMessage@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?GetStyle@WindowImplBase@DuiLib@@UAEJXZ
?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z
?LoadResource@CResourceManager@DuiLib@@QAEHVSTRINGorID@2@PB_W@Z
?CenterWindow@CWindowWnd@DuiLib@@QAEXXZ
?ShowModal@CWindowWnd@DuiLib@@QAEIXZ
?Create@CWindowWnd@DuiLib@@QAEPAUHWND__@@PAU3@PB_WKKHHHHPAUHMENU__@@@Z
?SetIcon@CWindowWnd@DuiLib@@QAEXI@Z
??YCDuiString@DuiLib@@QAEABV01@PB_W@Z
?GetData@CDuiString@DuiLib@@QBEPB_WXZ
?GetInstance@CResourceManager@DuiLib@@SAPAV12@XZ
?SetBkImage@CControlUI@DuiLib@@QAEXPB_W@Z
?Notify@WindowImplBase@DuiLib@@UAEXAAUtagTNotifyUI@2@@Z
?SendMessageW@CWindowWnd@DuiLib@@QAEJIIJ@Z
?ShowWindow@CWindowWnd@DuiLib@@QAEX_N0@Z
??BCDuiString@DuiLib@@QBEPB_WXZ

ws2_32

WSAGetLastError
closesocket
select
ioctlsocket
freeaddrinfo
recv
connect
socket
send
getaddrinfo
setsockopt
WSAStartup

Sections

.text
Size: 445KB - Virtual size: 445KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8e0437cbea250542cfabc42c1b199bf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

gdiplus

duilib

ws2_32

Sections

.text Size: 445KB - Virtual size: 445KB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 7KB - Virtual size: 17KB

.gfids Size: 1024B - Virtual size: 768B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 292KB - Virtual size: 291KB

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 445KB - Virtual size: 445KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 7KB - Virtual size: 17KB

.gfids
Size: 1024B - Virtual size: 768B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 292KB - Virtual size: 291KB

.reloc
Size: 23KB - Virtual size: 23KB