ac81a2091631adda70ffabc57692f3772294ab8361e9d7fab15c2227295804c2

Sharing

Copy URL Twitter E-mail

General

Target

ac81a2091631adda70ffabc57692f3772294ab8361e9d7fab15c2227295804c2
Size

170KB
MD5

b00d7b8d663ddbd8ccf584b75aa70ce0
SHA1

845b3e6f8bef16ec35c8e4f81c9d7be0e8fd25b7
SHA256

ac81a2091631adda70ffabc57692f3772294ab8361e9d7fab15c2227295804c2
SHA512

7bcadc415f3c3ed0a8796e23d481e8d436e206a2a3a0e09a16390ecd7dba3ad872b536d1564e5f1fb2ab5a365d220916ee1d21d716fe8c280007d8f88d07b8fb
SSDEEP

3072:VXH3ToVPSM1ltLMaWFMmGdMLF++ZIIVBLUij8TlkB2IOS2zkDZnH:NToVPSMCaWFoMB+ZIVxak2IO3snH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac81a2091631adda70ffabc57692f3772294ab8361e9d7fab15c2227295804c2

Files

ac81a2091631adda70ffabc57692f3772294ab8361e9d7fab15c2227295804c2
.exe windows:5 windows x86

f3172859f044bb74dcdbcefb415ea1c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

common

??0CTXStringW@@QAE@PA_W@Z
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??0CTXBSTR@@QAE@PB_W@Z
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
??1CTXBSTR@@QAE@XZ
??BCTXBSTR@@QBEPA_WXZ
?IsEmpty@CTXBSTR@@QAEHXZ
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
?OnExitWinMain@Misc@Util@@YAXXZ
?OnExitCoreCenter@Misc@Util@@YAXXZ
?SetMainAndLogicThreadId@Misc@Util@@YAXKK@Z
?InitPlatform@CoreCenter@Util@@YAHPA_W@Z
?PropertyStr@CFmtString@@QAEHPB_W0@Z
??0CFmtString@@QAE@XZ
??1CFmtString@@QAE@XZ
?AddFmtString@TXStringBundle@@YAXABVCFmtString@@@Z
?CreateObjectFromDllFile@Com@Util@@YGJPB_WABU_GUID@@1PAPAXPAUIUnknown@@@Z
?InitPlatformFileSystem@Boot@Util@@YAHXZ
?InitPlatformCoreConfig@Boot@Util@@YAHXZ
?InitPlatformI18NConfig@Boot@Util@@YAHXZ
?InitPlatformGFConfig@Boot@Util@@YAHXZ
?TXAssert@@YAHPB_W0H@Z
wcslcat
??0CTXStringA@@QAE@XZ
??1CTXStringA@@QAE@XZ
??M@YA_NABVCTXStringA@@0@Z
?Format@CTXStringA@@QAAXPBDZZ
??0CTXStringW@@QAE@PB_W@Z
??0CTXStringW@@QAE@ABV0@@Z
??0CTXStringW@@QAE@UtagEN@@PBDH@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
??4CTXStringW@@QAEAAV0@PA_W@Z
??H@YA?AVCTXStringW@@ABV0@0@Z
?Right@CTXStringW@@QBE?AV1@H@Z
??BCTXStringW@@QBEPB_WXZ
??7CTXStringW@@QBE_NXZ
??0CTXBSTR@@QAE@ABV0@@Z
?GetTickCount@CTXTime@@SA?AV1@XZ
??0CTXStringW@@QAE@XZ
ord26
?SetInterval@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?EraseTimerCallback@TXTimer@@YAHPAUITXTimerCallback@@I@Z
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
?PropertyDWord@CFmtString@@QAEHPB_WK0@Z
?DoFormat@CFmtString@@QAEPB_WPB_W@Z
??0CTXBSTR@@QAE@XZ
??4CTXBSTR@@QAEAAV0@ABV0@@Z
wcslcpy
??YCTXStringW@@QAEAAV0@ABV0@@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
?GetLength@CTXStringW@@QBEHXZ
?Find@CTXStringW@@QBEHPB_WH@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
?Trim@CTXStringW@@QAEAAV1@_W@Z
?Left@CTXStringW@@QBE?AV1@H@Z
?Copy@CTXBSTR@@QBEPA_WXZ
?IsFileExist@FS@@YAHPB_W@Z
?StartThread@CTXThreadModel@@QAEHXZ
?WaitThread@CTXThreadModel@@QAEHK@Z
??0CTXThreadModel@@IAE@XZ
??1CTXThreadModel@@MAE@XZ
??ACTXStringW@@QBE_WH@Z
?Mid@CTXStringW@@QBE?AV1@HH@Z
?TXLoadString@@YAPB_WPB_W0@Z
?GetTime@CTXTime@@QBE_JXZ
??1CTXStringW@@QAE@XZ

gf

?RawCreateGFElementByXtml@GF@Util@@YAJPA_WPAPAUIGFElement@@PAU3@PAUITXCore@@H@Z
?MessageBoxW@GF@Util@@YAJPAUIGFFrame@@PAPAUIGFSysMessageBox@@VCTXStringW@@2H@Z

apputil

?ConvertJSonToTXDataW@Convert@Util@@YAHABVCTXStringW@@PAPAUITXData@@@Z

kernel32

DecodePointer
RaiseException
GetCurrentThreadId
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetFileInformationByHandle
GetFileSize
WriteFile
ReadFile
SetFilePointer
CloseHandle
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
CreateFileW
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
FindClose
CreateDirectoryW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetProcAddress
CreateEventW
OutputDebugStringW
IsDebuggerPresent
GetCurrentProcessId

user32

PostThreadMessageW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetDesktopWindow

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoAddRefServerProcess
CoCreateInstance
CoInitialize
CoReleaseServerProcess

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString
SysStringLen
LoadTypeLi
LoadRegTypeLi

shlwapi

PathFileExistsW

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

wcsrchr
memmove
_except_handler4_common
__std_exception_copy
__std_exception_destroy
__std_terminate
memset
_CxxThrowException
__std_type_info_name
memcmp
_purecall
memcpy
__CxxFrameHandler3

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
_set_new_mode

api-ms-win-crt-string-l1-1-0

wcscpy_s
strcpy
wcscat_s
wcscpy
wcslen
_wcsicmp
strlen
strcat

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_invalid_parameter_noinfo_noreturn
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_controlfp_s
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
terminate

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f3172859f044bb74dcdbcefb415ea1c3

Headers

DLL Characteristics

File Characteristics

Imports

common

gf

apputil

kernel32

user32

shell32

ole32

oleaut32

shlwapi

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 54KB - Virtual size: 53KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 7KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 69KB - Virtual size: 72KB

.text
Size: 54KB - Virtual size: 53KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 69KB - Virtual size: 72KB