8b409997243f93a320ec28a7302510ad

Sharing

Copy URL Twitter E-mail

General

Target

8b409997243f93a320ec28a7302510ad
Size

2.1MB
MD5

8b409997243f93a320ec28a7302510ad
SHA1

7a2c8aec9410d0da6184d3e09ca9ebe814be1d0a
SHA256

097aa8592dadea135ff6eea86dc7b1ebce5501a3cdbfee532adeaa5416021274
SHA512

576c34e588c2a06ab0ff698e6aa90cfc79f8198d087ec9a6436c766fd10ff6ad00c4284a7d0eaee8c4d35ffcb18a99a9fbd77eeafe0fa3a9c8a801517590ca3f
SSDEEP

49152:xuHlTTwQWIg4VJbmyyYEjYJhoRKWd8xAJhbhnya/nTLWoaeu:UHVTwQWb4VJEY7JoRfJZhyKTi8u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ShenduER.exe

Files

8b409997243f93a320ec28a7302510ad
.rar
ShenduER.exe
.exe windows:5 windows x86 arch:x86

351b5d318720e1f9b1b4edcf02762310

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
LoadLibraryExW
GetFileSize
CreateFileW
InitializeCriticalSection
OutputDebugStringW
CreateDirectoryW
GetPrivateProfileStringW
GetSystemDirectoryW
GetTempPathW
GetSystemTimeAsFileTime
GetVersionExW
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetCurrentProcessId
GetTickCount
GlobalLock
GetModuleFileNameW
FreeEnvironmentStringsW
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
HeapSize
GetConsoleMode
GetConsoleCP
LCMapStringW
SetFilePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetFileType
SetHandleCount
GetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapAlloc
HeapFree
EncodePointer
DecodePointer
RtlUnwind
QueryPerformanceCounter
GlobalUnlock
MulDiv
lstrcmpW
FreeResource
SetLastError
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
lstrlenA
GetVersion
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetCurrentThreadId
CreateThread
WideCharToMultiByte
lstrlenW
WriteFile
CreatePipe
lstrcatW
CreateProcessW
WaitForSingleObject
ReadFile
lstrcpyW
CreateToolhelp32Snapshot
SizeofResource
GetLastError
Process32FirstW
Process32NextW
CloseHandle
OpenProcess
TerminateProcess
Sleep
CopyFileW
DeleteFileW
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
GetEnvironmentStringsW

user32

EqualRect
DrawFrameControl
LoadIconW
SendMessageW
IsWindow
MessageBoxW
SetWindowLongW
DrawIconEx
CreateWindowExW
MoveWindow
SetWindowPos
GetWindowRect
GetClientRect
InvalidateRect
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindow
OffsetRect
SetActiveWindow
EnableWindow
IsWindowEnabled
GetActiveWindow
SetWindowRgn
GetKeyState
ShowCursor
SetForegroundWindow
EnumWindows
SetTimer
RegisterDeviceNotificationW
PostThreadMessageW
SetPropW
PostMessageW
GetWindowLongW
DestroyIcon
FindWindowExW
GetDlgCtrlID
GetParent
GetClassInfoExW
LoadCursorW
CopyRect
SetRect
InflateRect
GetDlgItem
RegisterWindowMessageW
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DefWindowProcW
UnregisterClassA
ShowWindow
GetPropW
CharNextW
ReleaseDC
GetDC
RegisterClassExW
GetSysColor
KillTimer
IsWindowVisible
DrawTextW
SetCursor
PtInRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
LoadImageW
LoadBitmapW
CreateAcceleratorTableW
SetFocus
GetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
IsChild
SetCapture
RedrawWindow
InvalidateRgn
ScreenToClient
ClientToScreen

gdi32

GetStockObject
GetObjectW
CreateRectRgn
CreatePen
SetBkColor
ExtTextOutW
Rectangle
SelectClipRgn
SelectObject
RestoreDC
DeleteDC
DeleteObject
CreateRectRgnIndirect
GetClipRgn
MoveToEx
LineTo
TextOutW
GetTextExtentPoint32W
CombineRgn
SetRectRgn
OffsetRgn
BitBlt
CreateDIBSection
CreateCompatibleDC
SetTextColor
StretchBlt
CreateBitmap
CreateCompatibleBitmap
GetDeviceCaps
CreateSolidBrush
SetBkMode
RectInRegion
SaveDC
CreateFontIndirectW
RoundRect

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetFileInfoA
ShellExecuteW

ole32

CoInitialize
CoUninitialize
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VariantInit
SysStringLen
SysAllocStringLen
DispCallFunc
VarBstrCmp
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
SysAllocString
VarUI4FromStr
SysFreeString

shlwapi

StrToIntA
StrToIntW
PathFileExistsA

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromStream
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

wininet

HttpQueryInfoW
InternetReadFile
InternetOpenW
InternetOpenUrlW
InternetCloseHandle

iphlpapi

GetIfTable

Sections

.text
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

351b5d318720e1f9b1b4edcf02762310

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

wininet

iphlpapi

Sections

.text Size: 263KB - Virtual size: 262KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 11KB - Virtual size: 25KB

.rsrc Size: 4.4MB - Virtual size: 4.4MB

.text
Size: 263KB - Virtual size: 262KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 11KB - Virtual size: 25KB

.rsrc
Size: 4.4MB - Virtual size: 4.4MB