89caccff36b83437c2bae394d6ab41c2

Sharing

Copy URL Twitter E-mail

General

Target

89caccff36b83437c2bae394d6ab41c2
Size

1.2MB
MD5

89caccff36b83437c2bae394d6ab41c2
SHA1

0ac5d705020ab7bfbb094a7f2ce6b6a3a190159b
SHA256

c00c9df851650742bd3aeebd8a37c49fa60e75e9c2f5fb0c90dda208dcbb2086
SHA512

cf7fc3a794f8cf51b7ede5316f04d4cec6c4016a4baac7ccf24cb78b460df88699b02c0d0e9f2492b5cb87a8db01c72c833bc85a1d0a235858734bca9c520b50
SSDEEP

24576:zO8Fcci3OKTdcQDL0Ph0KTV4vkC9eeb+VJ/WSc:5GkydFDoPhBTy+e6J/WD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89caccff36b83437c2bae394d6ab41c2

Files

89caccff36b83437c2bae394d6ab41c2
.dll windows:5 windows

908596462eb2a8da9f2c0e4a36c5ba2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\NewDeskTopIcon_fanggezi\Release\core.pdb

Imports

kernel32

lstrlenA
CreateFileA
DeleteFileA
CreateToolhelp32Snapshot
Process32First
Process32Next
Module32First
TerminateProcess
CreateProcessA
CreateThread
WaitForSingleObject
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetFileAttributesA
IsBadReadPtr
FreeLibrary
InterlockedCompareExchange
CreateFileMappingA
MapViewOfFile
OpenFileMappingA
UnmapViewOfFile
SetFileAttributesA
FindResourceA
LoadResource
LockResource
SizeofResource
WriteFile
SetFilePointer
SystemTimeToFileTime
ReadFile
GetCurrentDirectoryA
LocalFileTimeToFileTime
CreateDirectoryA
SetFileTime
GetComputerNameW
GetModuleFileNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
ExitProcess
GetSystemDirectoryW
GetThreadContext
GetCurrentThread
InitializeCriticalSection
LeaveCriticalSection
SetThreadPriority
FlushInstructionCache
VirtualAlloc
EnterCriticalSection
GetThreadPriority
VirtualProtect
ResumeThread
GetNativeSystemInfo
VirtualFree
GetProcessHeap
CreateMutexA
Sleep
CloseHandle
OpenProcess
SetLastError
GetModuleHandleW
LocalFree
LocalAlloc
LoadLibraryA
GetModuleFileNameA
GetLongPathNameW
GetFileAttributesW
GetFullPathNameW
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
CreateFileW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
FindClose
FindNextFileA
FindFirstFileA
WideCharToMultiByte
GetProcAddress
LoadLibraryW
GetLastError
MultiByteToWideChar
HeapDestroy
HeapCreate
SuspendThread
OpenThread
GetCurrentThreadId
HeapFree
GetCurrentProcess
VirtualQuery
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
GetTimeZoneInformation
GetStartupInfoW
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
HeapSize
TlsFree
MoveFileExA
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RaiseException
GetStdHandle
GetFileType
WriteConsoleW
RtlUnwind
FindFirstFileExA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCommandLineA
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
HeapReAlloc
ExitThread
DecodePointer
EncodePointer
DeleteCriticalSection
GetStringTypeW
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
HeapAlloc
OutputDebugStringA

user32

DestroyMenu
CallWindowProcA
PostMessageA
ReleaseDC
GetDC
SetTimer
UpdateWindow
TrackPopupMenu
EnumWindows
GetWindowThreadProcessId
GetSubMenu
GetWindowTextA
GetMessageA
TranslateMessage
LoadMenuA
GetCursorPos
SetWindowLongA
InvalidateRect
DispatchMessageA
FindWindowExA
FindWindowA
GetWindowLongA
SendMessageA

gdi32

CreateCompatibleDC
CreateDIBSection
DeleteDC
SelectObject
GetObjectA

advapi32

RegQueryValueExA
OpenServiceW
RegSetValueExW
SetNamedSecurityInfoA
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
GetUserNameA
RegSetValueExA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyExW
RegOpenKeyExA
RegCloseKey
RegFlushKey
OpenSCManagerW
StartServiceW
LookupPrivilegeValueW
CreateServiceW
CloseServiceHandle

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHChangeNotify
SHGetSpecialFolderPathA
ShellExecuteA

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance

shlwapi

PathRemoveFileSpecA
PathStripPathA
PathFileExistsW

winhttp

WinHttpCloseHandle
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpReceiveResponse
WinHttpSendRequest

gdiplus

GdiplusStartup
GdipFree
GdipAlloc
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipDisposeImage
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipGetImageGraphicsContext
GdipDeletePen
GdipSetPenMode
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipCreatePath
GdipDeletePath
GdipResetPath
GdipClosePathFigure
GdipAddPathArcI
GdipCreateFromHDC
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipDeleteFont
GdipCreateFont
GdipGetFamilyName
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipCloneFontFamily
GdipDrawImageRectI
GdipDrawImageI
GdipDrawString
GdipFillPath
GdipDrawPath
GdipSetPageUnit
GdipCreatePen1
GdipSetSmoothingMode

winmm

timeGetTime

wininet

InternetCheckConnectionW
InternetConnectW
InternetCloseHandle
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetOpenW
HttpOpenRequestW

netapi32

Netbios

iphlpapi

SendARP
GetAdaptersInfo

ws2_32

inet_addr

fltlib

FilterConnectCommunicationPort
FilterSendMessage

Sections

.text
Size: 586KB - Virtual size: 585KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 226KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

908596462eb2a8da9f2c0e4a36c5ba2d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

winhttp

gdiplus

winmm

wininet

netapi32

iphlpapi

ws2_32

fltlib

Sections

.text Size: 586KB - Virtual size: 585KB

.rdata Size: 139KB - Virtual size: 138KB

.data Size: 226KB - Virtual size: 242KB

.rsrc Size: 250KB - Virtual size: 250KB

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 586KB - Virtual size: 585KB

.rdata
Size: 139KB - Virtual size: 138KB

.data
Size: 226KB - Virtual size: 242KB

.rsrc
Size: 250KB - Virtual size: 250KB

.reloc
Size: 29KB - Virtual size: 29KB