642e1f3461a752810eb5dda7c5e21c6e19dc220577c6523dd51ae67cb29ccda4

Sharing

Copy URL Twitter E-mail

General

Target

642e1f3461a752810eb5dda7c5e21c6e19dc220577c6523dd51ae67cb29ccda4
Size

791KB
MD5

f0a886649196f05495500ab395ee3bb2
SHA1

64463727d59b853df9870be65fd703ec5446f18f
SHA256

642e1f3461a752810eb5dda7c5e21c6e19dc220577c6523dd51ae67cb29ccda4
SHA512

d55329d702b918e028250163de0f8d05c733d46269fe9eacb312fd63404a7a07642fadcfda66e484769908d0fe7ae7f24dae17c3feb7f4b8ad74e7c74db8276e
SSDEEP

12288:Ut2zSpD/2tKxyXyQNt5HdfYndx/iJYipBBqbRv7JYtgTngPlxvjNmiyUn:U8zW/pkMxXipBBqbRTJYyTgTciD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
642e1f3461a752810eb5dda7c5e21c6e19dc220577c6523dd51ae67cb29ccda4

Files

642e1f3461a752810eb5dda7c5e21c6e19dc220577c6523dd51ae67cb29ccda4
.exe windows:5 windows x86

ea108d32d8efc019554dc397fe8d8caf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ssasr

sogou_speech_release_engine
sogou_speech_cleanup
sogou_speech_notify_network_status
sogou_speech_asr_init
sogou_speech_asr_stop
sogou_speech_do_idle
sogou_speech_process_sound_data
sogou_speech_create_engine
sogou_speech_asr_close
sogou_speech_init
sogou_speech_asr_start

iphlpapi

GetAdaptersInfo

psapi

GetProcessImageFileNameW

kernel32

InterlockedIncrement
SwitchToThread
GetCurrentProcessId
GetModuleHandleA
DeleteCriticalSection
CreateEventW
EnterCriticalSection
InterlockedExchange
LeaveCriticalSection
GetLastError
InitializeCriticalSection
SetEvent
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
GetLocaleInfoA
WaitForSingleObject
GetStringTypeW
GetStringTypeA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetProcessHeap
SetEndOfFile
SetStdHandle
LCMapStringW
LCMapStringA
GetCurrentDirectoryA
GetFullPathNameW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryA
IsValidCodePage
GetOEMCP
GetACP
GetVersionExW
Sleep
GetModuleHandleW
GlobalUnlock
GlobalDeleteAtom
GetTickCount
GetModuleFileNameA
GlobalLock
GlobalFree
MultiByteToWideChar
GetModuleFileNameW
WideCharToMultiByte
GlobalAlloc
CloseHandle
OpenProcess
GlobalAddAtomW
GetProcAddress
GetCPInfo
GetTimeZoneInformation
HeapSize
GetStartupInfoA
SetHandleCount
SetFilePointer
VirtualQuery
CreateProcessW
SetUnhandledExceptionFilter
GetCurrentProcess
OutputDebugStringW
WriteFile
LoadLibraryW
FormatMessageW
CreateFileW
lstrlenW
GetLocalTime
lstrcatW
IsDebuggerPresent
GetCurrentThreadId
lstrcpyW
FreeLibrary
ExitThread
SetLastError
LocalFree
CreateThread
OpenEventW
FindFirstFileW
GetSystemDirectoryW
FindClose
SetFileAttributesW
GetCommandLineW
FileTimeToSystemTime
GetConsoleMode
ReadFile
FlushFileBuffers
LocalAlloc
InitializeCriticalSectionAndSpinCount
CreateMutexW
OpenMutexW
ReleaseMutex
InterlockedDecrement
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetFileAttributesA
DeleteFileA
ExitProcess
TerminateProcess
UnhandledExceptionFilter
GetStartupInfoW
HeapReAlloc
FileTimeToLocalFileTime
GetDriveTypeW
ResumeThread
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
RtlUnwind
GetFileType
RaiseException
HeapCreate
VirtualFree
VirtualAlloc
GetStdHandle
GetConsoleCP
GetFileSize

user32

ReleaseDC
GetDesktopWindow
EnumDisplayMonitors
SetTimer
GetWindowRect
GetMessageW
MonitorFromPoint
SendInput
PostQuitMessage
SetCapture
KillTimer
GetKeyState
SubtractRect
FindWindowW
GetClassLongW
EnumWindows
TranslateMessage
GetForegroundWindow
LoadIconW
IntersectRect
SetClassLongW
GetClassNameW
SetWindowPos
GetCursorPos
ShowWindow
ReleaseCapture
wvsprintfW
SetClipboardData
PostThreadMessageW
LoadCursorW
DrawTextW
GetDC
DefWindowProcW
CallWindowProcW
GetPropW
CreateWindowExW
IsWindow
RegisterClassExW
SetPropW
BeginPaint
IsWindowEnabled
TrackMouseEvent
IsIconic
ScreenToClient
SetCursor
DestroyWindow
EndPaint
UpdateLayeredWindow
GetSystemMetrics
IsWindowVisible
SendMessageW
UnregisterHotKey
DestroyIcon
RegisterHotKey
GetMonitorInfoW
GetWindowThreadProcessId
MoveWindow
DispatchMessageW
PostMessageW
OpenClipboard
EmptyClipboard
CloseClipboard
ClientToScreen
PtInRect

wininet

InternetOpenW
InternetOpenUrlW
InternetSetOptionW
InternetGetConnectedState
InternetCloseHandle

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

winmm

waveInStart
waveInUnprepareHeader
waveInGetNumDevs
waveInReset
waveInAddBuffer
waveInClose
waveInPrepareHeader
waveInOpen

msimg32

AlphaBlend

gdi32

BitBlt
SetTextColor
DeleteDC
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteObject
CreateFontIndirectW
SetBkMode
GetFontData

advapi32

RegQueryValueExW
RegCreateKeyExW
GetSecurityDescriptorSacl
GetSidLengthRequired
RegCloseKey
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
RegOpenKeyExW

shell32

SHGetFolderPathW

Sections

.text
Size: 467KB - Virtual size: 467KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 94KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ea108d32d8efc019554dc397fe8d8caf

Headers

DLL Characteristics

File Characteristics

Imports

ssasr

iphlpapi

psapi

kernel32

user32

wininet

version

winmm

msimg32

gdi32

advapi32

shell32

Sections

.text Size: 467KB - Virtual size: 467KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 11KB - Virtual size: 23KB

.rsrc Size: 104KB - Virtual size: 104KB

.reloc Size: 94KB - Virtual size: 96KB

.text
Size: 467KB - Virtual size: 467KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 11KB - Virtual size: 23KB

.rsrc
Size: 104KB - Virtual size: 104KB

.reloc
Size: 94KB - Virtual size: 96KB