593e27276a631aca6be5023938c2c7848e9df10d081331dd40b6833b318e8deb

Sharing

Copy URL

Twitter E-mail

General

Target

593e27276a631aca6be5023938c2c7848e9df10d081331dd40b6833b318e8deb
Size

2.0MB
MD5

c899bb85be3393f601d7a76744bf5d1c
SHA1

bea5727a811bec4f84fabb2a16fbb38ab89c5a57
SHA256

593e27276a631aca6be5023938c2c7848e9df10d081331dd40b6833b318e8deb
SHA512

d19d79867add5a7adbf2850cc336f4cbf06254508dd0863ab591b0cb877180a011500c7449d995e584cbfd674b1a84005f727411eed006b9c9626da9f752c200
SSDEEP

49152:YT1jm2ydiMDyPrhzkfOUKpWkbS5v+LdZAPVYAwkKfLfsTJqI:YT1jm7diMDyPrhu1KpWkbS5v+nemfLfh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
593e27276a631aca6be5023938c2c7848e9df10d081331dd40b6833b318e8deb

Files

593e27276a631aca6be5023938c2c7848e9df10d081331dd40b6833b318e8deb
.exe windows:4 windows x86

5b1f2a9b99ff804773465281aaaddc5b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

sqlite3

sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_text
sqlite3_changes
sqlite3_close
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_count
sqlite3_column_name
sqlite3_column_text
sqlite3_column_type
sqlite3_errmsg
sqlite3_exec
sqlite3_finalize
sqlite3_free_table
sqlite3_get_table
sqlite3_key
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_open
sqlite3_prepare
sqlite3_rekey
sqlite3_step

mxqfconv

_ConvCcm2Pgn@8
_ConvChe2Pgn@8
_ConvChn2Pgn@8
_ConvInit@4
_ConvMxq2Pgn@8
_ConvXqf2Pgn@8

ecco

_EccoIndex@4
_EccoInitOpenVar@4
_EccoOpening@4
_EccoVariation@4

cchess

_CchessBoard2Fen@4
_CchessChin2File@8
_CchessFen2Board@8
_CchessFile2Chin@8
_CchessFile2Move@8
_CchessGenMoves@8
_CchessInit@4
_CchessMove2File@8
_CchessPromotion@4
_CchessSetIrrev@4
_CchessTryMove@12
_CchessUndoMove@4

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

comctl32

ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_EndDrag
ImageList_GetIcon
ImageList_GetImageCount
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetBkColor
InitCommonControlsEx
SetWindowSubclass

comdlg32

GetOpenFileNameW
GetSaveFileNameW

gdi32

AddFontMemResourceEx
BeginPath
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateFontIndirectW
CreateHatchBrush
CreatePen
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EndPath
ExcludeClipRect
GdiAlphaBlend
GetCurrentObject
GetDeviceCaps
GetObjectW
GetPixel
GetStockObject
GetTextColor
GetTextExtentPoint32A
GetTextExtentPoint32W
LineTo
MoveToEx
Polyline
Rectangle
RoundRect
SelectObject
SetBkColor
SetBkMode
SetStretchBltMode
SetTextColor
StretchBlt
StrokePath
TextOutW

gdiplus

GdipAddPathArc
GdipAddPathBezier
GdipAddPathLine
GdipAddPathString
GdipBitmapGetPixel
GdipBitmapSetPixel
GdipClosePathFigure
GdipCreateAdjustableArrowCap
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromStream
GdipCreateFontFamilyFromName
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipCreateHICONFromBitmap
GdipCreateLineBrush
GdipCreatePath
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipDeleteCustomLineCap
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeletePath
GdipDeletePen
GdipDisposeImage
GdipDrawEllipse
GdipDrawImageRect
GdipDrawImageRectRect
GdipDrawLine
GdipDrawPath
GdipDrawPolygon
GdipDrawRectangle
GdipFillEllipse
GdipFillPath
GdipFillPolygon
GdipFillRectangle
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImageHeight
GdipGetImageWidth
GdipGetMatrixElements
GdipGetPathGradientPointCount
GdipGetPenFillType
GdipLoadImageFromFile
GdipSaveImageToFile
GdipSetImageAttributesRemapTable
GdipSetPenCustomEndCap
GdipSetPenCustomStartCap
GdipSetSmoothingMode
GdipWindingModeOutline
GdiplusShutdown
GdiplusStartup

kernel32

CloseHandle
CompareStringW
CreateDirectoryW
CreateFileW
CreatePipe
CreateProcessW
CreateWaitableTimerA
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FreeLibrary
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetExitCodeThread
GetFileAttributesW
GetFileSize
GetFileSizeEx
GetLargestConsoleWindowSize
GetLastError
GetLocaleInfoA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetProcessTimes
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetVersionExW
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LoadResource
LocalFree
LockFile
LockResource
MoveFileW
MulDiv
MultiByteToWideChar
PeekConsoleInputA
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleInputA
ReadFile
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleWindowInfo
SetCurrentDirectoryW
SetUnhandledExceptionFilter
SetWaitableTimer
SizeofResource
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleInputA
WriteFile
WritePrivateProfileStringA
WritePrivateProfileStringW
lstrcmpiW

msvcrt

__doserrno
__getmainargs
__initenv
__lconv_init
__p__acmdln
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_beginthreadex
_cexit
_controlfp
_errno
_filelengthi64
_fileno
_fmode
_fpreset
_get_osfhandle
_i64toa
_i64tow
_initterm
_iob
_itoa
_itow
_onexit
_snprintf
_snwprintf
_strdup
_stricmp
_strnicmp
_ui64toa
_ui64tow
_ultoa
_ultow
_wtoi64
abort
atoi
calloc
exit
fclose
feof
fflush
fgetpos
fgets
fopen
fprintf
fputs
fread
free
freopen
fsetpos
fwrite
getc
isalpha
islower
isspace
isupper
localtime
iswctype
localeconv
log10
malloc
mbstowcs
memset
memcmp
memcpy
memmove
qsort
rand
realloc
setlocale
setvbuf
signal
sprintf
srand
strcat
strchr
strcpy
strlen
strncmp
strtol
strtoul
time
tolower
toupper
towlower
towupper
ungetc
vfprintf
wcscmp
wcscspn
wcslen
wcsncmp
wcsstr
wcstod
wcstombs
wcstoul

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoGetClassObject
CoGetObject
CoInitialize
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
OleInitialize
OleLockRunning
OleRun
OleUninitialize
StringFromIID

oleaut32

OleCreateFontIndirect
SafeArrayAccessData
SafeArrayCreate
SafeArrayDestroy
SafeArrayPutElement
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
SystemTimeToVariantTime
VarBstrFromDec
VarCat
VariantClear
VariantCopy

shell32

CommandLineToArgvW
DragQueryFileW
ExtractAssociatedIconW
ExtractIconW
SHFileOperationW
SHGetPathFromIDListW
ShellExecuteA
ShellExecuteW

shlwapi

PathRemoveBackslashW

user32

AdjustWindowRectEx
AppendMenuW
BeginDeferWindowPos
BeginPaint
CallNextHookEx
CallWindowProcW
CloseClipboard
CopyAcceleratorTableW
CreateAcceleratorTableW
CreateIconIndirect
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DeferWindowPos
DeleteMenu
DestroyAcceleratorTable
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
DrawIconEx
DrawMenuBar
DrawTextW
EmptyClipboard
EnableWindow
EndDeferWindowPos
EndPaint
EnumChildWindows
EnumThreadWindows
FillRect
FindWindowExW
FindWindowW
FlashWindowEx
GetActiveWindow
GetAncestor
GetAsyncKeyState
GetClassInfoExW
GetClassLongW
GetClassNameA
GetClassNameW
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyState
GetMenu
GetMessageW
GetMonitorInfoA
GetParent
GetPropW
GetScrollInfo
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextLengthW
GetWindowThreadProcessId
IntersectRect
InvalidateRect
IsClipboardFormatAvailable
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorW
LoadIconA
LoadImageA
LoadImageW
LoadStringW
MapVirtualKeyA
MapWindowPoints
MessageBoxW
ModifyMenuW
MonitorFromPoint
MsgWaitForMultipleObjects
OpenClipboard
OpenIcon
PeekMessageW
PostMessageW
PostQuitMessage
PtInRect
RegisterClassExW
ReleaseCapture
ReleaseDC
RemovePropW
ScreenToClient
SendMessageA
SendMessageTimeoutW
SendMessageW
SetCapture
SetClassLongW
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetMenuItemBitmaps
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetTimer
SetWinEventHook
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowsHookExW
ShowWindow
SystemParametersInfoW
TrackMouseEvent
TrackPopupMenu
TranslateAcceleratorW
TranslateMDISysAccel
TranslateMessage
UnhookWinEvent
UnhookWindowsHookEx
UnregisterClassW
UpdateLayeredWindow
UpdateWindow
VkKeyScanA
WindowFromPoint

uxtheme

SetWindowTheme

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetReadFile

winmm

PlaySoundW

ws2_32

WSAStartup
closesocket
connect
gethostbyname
htons
inet_addr
recv
send
socket

Exports

Exports

BACKCSERVICE@20
CLOSECSERVICE@4
OPENCOLORDIALOG@8
OPENCSERVICE@16

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 163B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b1f2a9b99ff804773465281aaaddc5b

Headers

File Characteristics

Imports

sqlite3

mxqfconv

ecco

cchess

advapi32

comctl32

comdlg32

gdi32

gdiplus

kernel32

msvcrt

ole32

oleaut32

shell32

shlwapi

user32

uxtheme

version

wininet

winmm

ws2_32

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.data Size: 67KB - Virtual size: 66KB

.rdata Size: 64KB - Virtual size: 63KB

.bss Size: - Virtual size: 92KB

.edata Size: 512B - Virtual size: 163B

.idata Size: 17KB - Virtual size: 16KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 301KB - Virtual size: 301KB

.reloc Size: 45KB - Virtual size: 44KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 67KB - Virtual size: 66KB

.rdata
Size: 64KB - Virtual size: 63KB

.bss
Size: - Virtual size: 92KB

.edata
Size: 512B - Virtual size: 163B

.idata
Size: 17KB - Virtual size: 16KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 301KB - Virtual size: 301KB

.reloc
Size: 45KB - Virtual size: 44KB