a7959325acd7b7897da68226752600fc8845f39803df342dab73717fb2e4853a

Sharing

Copy URL Twitter E-mail

General

Target

a7959325acd7b7897da68226752600fc8845f39803df342dab73717fb2e4853a
Size

182KB
MD5

944ba684adf6f9623219f4abb4062991
SHA1

b206935c9ffe6ad6b2703c27a7739b5713ef9c2b
SHA256

a7959325acd7b7897da68226752600fc8845f39803df342dab73717fb2e4853a
SHA512

6987eeebe89b77bf651afb2ba05b49aae9973d46c81a3127fb162ae29e1b3db4bb93d13d529ee84396fd820c8c56ef2c2468b41b0c5f484bab2a4b339304b172
SSDEEP

3072:dA9O+1BXAftS96CjMVgpmOmSC66W2/ujnbu8sYwVRjZkZpoPF67r:d74BXAKbAVgpjdwuuoIeot67r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7959325acd7b7897da68226752600fc8845f39803df342dab73717fb2e4853a

Files

a7959325acd7b7897da68226752600fc8845f39803df342dab73717fb2e4853a
.exe windows:5 windows x86

1cf0fbd1393cedeb65b2d2704f37d3e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

common

?SetTencentProductName@ProductConfig@Util@@YAHABVCTXStringW@@@Z
?OnExitCoreCenter@Misc@Util@@YAXXZ
?OnExitWinMain@Misc@Util@@YAXXZ
?OnUninitCom@Misc@Util@@YAXXZ
??4CTXStringW@@QAEAAV0@PA_W@Z
??0CTXStringW@@QAE@ABV0@@Z
?CreateObjectFromDllFile@Com@Util@@YGJPB_WABU_GUID@@1PAPAXPAUIUnknown@@@Z
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
?GetParentDir@File@Util@@YA?AVCTXStringW@@ABV3@@Z
?GetExeDir@Sys@Util@@YA?AVCTXStringW@@XZ
??YCTXBSTR@@QAEAAV0@ABVCTXStringW@@@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
?InitPlatform@CoreCenter@Util@@YAHPA_W@Z
?InitPlatformCoreConfig@Boot@Util@@YAHXZ
?InitPlatformI18NConfig@Boot@Util@@YAHXZ
??0CFmtString@@QAE@XZ
??1CFmtString@@QAE@XZ
?PropertyStr@CFmtString@@QAEHPB_W0@Z
?AddFmtString@TXStringBundle@@YAXABVCFmtString@@@Z
?InitPlatformFileSystem@Boot@Util@@YAHXZ
?InitPlatformGFConfig@Boot@Util@@YAHXZ
??1CTXStringA@@QAE@XZ
??BCTXStringA@@QBEPBDXZ
??BCTXStringW@@QBEPB_WXZ
?SetMainAndLogicThreadId@Misc@Util@@YAXKK@Z
?IsEmpty@CTXStringW@@QBE_NXZ
??YCTXStringW@@QAEAAV0@PB_W@Z
?GetLength@CTXStringW@@QBEHXZ
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??0CTXStringW@@QAE@PA_W@Z
??8@YA_NPB_WABVCTXStringW@@@Z
?Format@CTXStringW@@QAAXPB_WZZ
??4CTXStringW@@QAEAAV0@PB_W@Z
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
?Mid@CTXStringW@@QBE?AV1@HH@Z
??H@YA?AVCTXStringW@@ABV0@0@Z
?SetTimeout@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
??4CTXStringW@@QAEAAV0@ABVCTXBSTR@@@Z
?Utf8FromWS@Convert@Util@@YA?AVCTXStringA@@PB_WH@Z
?GetLength@CTXStringA@@QBEHXZ
?Empty@CTXStringW@@QAEXXZ
??0CTXBSTR@@QAE@ABV0@@Z
??ICTXBSTR@@QAEPAPA_WXZ
??0CTXBSTR@@QAE@XZ
??4CTXBSTR@@QAEAAV0@ABV0@@Z
??0CTXStringW@@QAE@UtagUTF8@@PBDH@Z
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
??0CTXStringW@@QAE@XZ
??BCTXBSTR@@QBEPA_WXZ
??1CTXBSTR@@QAE@XZ
??1CTXStringW@@QAE@XZ
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
??0CTXStringW@@QAE@PB_W@Z

kernel32

CreateFileW
GetLastError
WaitNamedPipeW
SetNamedPipeHandleState
FlushFileBuffers
DisconnectNamedPipe
ResetEvent
WriteFile
WaitForMultipleObjects
GetOverlappedResult
OpenMutexW
TerminateProcess
CreateProcessW
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateMutexW
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
WaitForSingleObjectEx
OpenProcess
GetModuleFileNameW
QueryDosDeviceW
SetEvent
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
CreateEventW
GetLogicalDriveStringsW
GetSystemTimeAsFileTime
CloseHandle
WaitForSingleObject
UnmapViewOfFile
GetCommandLineW
QueryPerformanceCounter
MapViewOfFile
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
SetEnvironmentVariableW

user32

PostQuitMessage
PostMessageW
LoadAcceleratorsW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW

shell32

ShellExecuteW
ShellExecuteExW
ord51

ole32

OleUninitialize
OleInitialize

shlwapi

PathFileExistsW

msvcp140

?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?widen@?$ctype@_W@std@@QBE_WD@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?uncaught_exception@std@@YA_NXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Xlength_error@std@@YAXPBD@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ

asynctask

??0AtExitManager@AsyncTask@@QAE@XZ
??1AtExitManager@AsyncTask@@QAE@XZ

apputil

?GetRegSubKeyBoolField@API@HRTXRegistry@@YAHPBD0PAHW4__MIDL___MIDL_itf_IRegistry_0000_0000_0003@@W4__MIDL___MIDL_itf_IRegistry_0000_0000_0004@@@Z
?SetRegSubKeyBoolField@API@HRTXRegistry@@YAHPBD0HW4__MIDL___MIDL_itf_IRegistry_0000_0000_0003@@W4__MIDL___MIDL_itf_IRegistry_0000_0000_0004@@@Z

eimcommon

?Init@WMessageOnlyWnd@@QAEHABVCTXStringW@@0H@Z
?RegCallback@WMessageHandler@@QAEHKPAUIMessageCallback@@@Z
NTServiceStart
??1WMessageHandler@@QAE@XZ
NTServiceIsAutoRun
NTServiceSetAutoRun
NTServiceIsExist
?UnregAllCallback@WMessageHandler@@QAEXPAUIMessageCallback@@@Z
?GetHWnd@WMessageOnlyWnd@@QBEPAUHWND__@@XZ
??0WMessageHandler@@QAE@XZ
NTServiceIsRunning

psapi

GetProcessImageFileNameW
EnumProcesses

vcruntime140

_except_handler4_common
_CxxThrowException
memset
_purecall
__std_exception_destroy
__std_exception_copy
__std_terminate
__CxxFrameHandler3
memmove
memcpy

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_seh_filter_exe
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_controlfp_s
_initialize_onexit_table
_crt_atexit
_beginthreadex
_invalid_parameter_noinfo_noreturn
terminate

api-ms-win-crt-string-l1-1-0

wcscpy_s
_wcsicmp
_wcsnicmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
_set_fmode
__p__commode

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1cf0fbd1393cedeb65b2d2704f37d3e4

Headers

DLL Characteristics

File Characteristics

Imports

common

kernel32

user32

shell32

ole32

shlwapi

msvcp140

asynctask

apputil

eimcommon

psapi

vcruntime140

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 49KB - Virtual size: 48KB

.reloc Size: 75KB - Virtual size: 76KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 49KB - Virtual size: 48KB

.reloc
Size: 75KB - Virtual size: 76KB