993724bccefd588b85cce9cda08ce488

General

Target

993724bccefd588b85cce9cda08ce488
Size

40KB
MD5

993724bccefd588b85cce9cda08ce488
SHA1

7554aee437031af7af5a68fc64e872d2a6d00586
SHA256

f24246002098249333b03936ed11453e2b1682ea6ecfd19ad2aa80804c7e2da5
SHA512

fe2ecba79290a9c07224dd2ea8dc50d8bae2b3e39894bec67251dd02d38d27968215437ee29c81a4bcdbaa1029463d167332bf610e3b315217fd7fb3b7320c3d
SSDEEP

384:jOCQzT8+mTjegjGvco/Iwm8Qbtj4FNw32gYk3NXsDMWtq199S3YBvC9DOZN15e8:SfzntDlmihgYONcY99FVJZxe8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
993724bccefd588b85cce9cda08ce488

Files

993724bccefd588b85cce9cda08ce488
.dll windows:4 windows x86 arch:x86

691c8f775985f388b6570eb3abd6c363

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetLastError
CreateMutexA
GetCurrentProcessId
ExitProcess
ResumeThread
WriteProcessMemory
VirtualProtectEx
OpenProcess
GetModuleFileNameA
ReadProcessMemory
GetPrivateProfileStringA
DeleteFileA
ReadFile
GetTempPathA
VirtualAlloc
GetCommandLineA
GetTickCount
RaiseException
GetLocalTime
GetCurrentThreadId
SetUnhandledExceptionFilter
SetThreadContext
OpenThread
InitializeCriticalSection
VirtualProtect
LeaveCriticalSection
EnterCriticalSection
IsBadReadPtr
TerminateThread
CreateThread
CreateFileA
WriteFile
CloseHandle
Sleep
GetCurrentProcess
TerminateProcess
LoadLibraryA
GetModuleHandleA
WideCharToMultiByte
GetProcAddress

user32

GetWindowTextA
CallNextHookEx
GetWindowThreadProcessId

imagehlp

ImageLoad
ImageUnload

msvcrt

_strupr
_strlwr
_strcmpi
_stricmp
wcslen
atol
srand
strcpy
sprintf
strlen
memcpy
??2@YAPAXI@Z
strrchr
memset
strcat
strncpy
strstr
strcmp
__CxxFrameHandler
rand

Exports

Exports

kingsoft
trte

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ewrw
Size: 4KB - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

691c8f775985f388b6570eb3abd6c363

Headers

File Characteristics

Imports

kernel32

user32

imagehlp

msvcrt

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 14KB

ewrw Size: 4KB - Virtual size: 140B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 14KB

ewrw
Size: 4KB - Virtual size: 140B

.reloc
Size: 4KB - Virtual size: 2KB