d0107329fcb98d55e7be5ec2fa67fa19b4a7ed6a9a4e96d3287d88b73d2fab1e

Sharing

Copy URL Twitter E-mail

General

Target

d0107329fcb98d55e7be5ec2fa67fa19b4a7ed6a9a4e96d3287d88b73d2fab1e
Size

3.4MB
MD5

690f17da7c5ab23f868a023739e46cc7
SHA1

069637b189b9f502649e1b6ec81782a86aa09e57
SHA256

d0107329fcb98d55e7be5ec2fa67fa19b4a7ed6a9a4e96d3287d88b73d2fab1e
SHA512

ff94e4a991ed51c5515249d10b31549886d8e37a15d587eea1d728e8a781716dd950b3ae9071b5eb7ab1ce0649878071cd525d5a831f492f3d170c1941fa0a5b
SSDEEP

3072:rMQBbBjVaIrUvekxvLH+lUl9cZBSdsPdzohGpoug9oPitziDJqFs6CcGtXebDfjV:IibZNrroils9capp1iV6s6CcueHMp4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0107329fcb98d55e7be5ec2fa67fa19b4a7ed6a9a4e96d3287d88b73d2fab1e

Files

d0107329fcb98d55e7be5ec2fa67fa19b4a7ed6a9a4e96d3287d88b73d2fab1e
.exe windows:6 windows x86 arch:x86

27266e51b6cd2bc4fa8800059b4bfa48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\workspace_back\app\pstyle\plugin\DACL\Release\QiyiDACL.pdb

Imports

kernel32

lstrlenW
RemoveDirectoryW
GetModuleFileNameW
FindClose
CreateFileW
GetVersionExW
Sleep
OutputDebugStringW
FindNextFileW
GetSystemInfo
LocalFree
GetModuleHandleW
CopyFileW
GetConsoleMode
SetLastError
FindFirstFileW
CreateDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
DeleteFileW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
RaiseException
HeapReAlloc
LockResource
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree
CloseHandle
SizeofResource
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetFileType
CompareStringW
LCMapStringW
FindFirstFileExW

advapi32

RegCloseKey
GetAclInformation
GetAce
EqualSid
RegDeleteKeyW
BuildExplicitAccessWithNameW
SetEntriesInAclW
RegCreateKeyExW
SetNamedSecurityInfoW
CopySid
GetNamedSecurityInfoW
RegEnumKeyExW
IsValidSid
RegSetValueExW
AddAce
InitializeAcl
RegOpenKeyExW
RegDeleteValueW
GetLengthSid
GetUserNameW
RegQueryValueExW
LookupAccountNameW

shell32

ShellExecuteW
SHChangeNotify
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW

ole32

CoInitialize
StringFromGUID2
CoUninitialize
CoCreateInstance
CoTaskMemFree

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

27266e51b6cd2bc4fa8800059b4bfa48

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ole32

wtsapi32

Sections

.text Size: 101KB - Virtual size: 101KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 82KB - Virtual size: 84KB

.text
Size: 101KB - Virtual size: 101KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 82KB - Virtual size: 84KB