e4858efe96731ddd5959d6aec830c55a7255e16f0672977522a80c26a898837b

Sharing

Copy URL Twitter E-mail

General

Target

e4858efe96731ddd5959d6aec830c55a7255e16f0672977522a80c26a898837b
Size

1.2MB
MD5

cdd5ae52154583c551e083ba92c57715
SHA1

0bad415066a6795d26304f27fa4bd15c5e17b02f
SHA256

e4858efe96731ddd5959d6aec830c55a7255e16f0672977522a80c26a898837b
SHA512

c5de54b8246bcdab04ab98dd27c2d545fe8ce8158cd455a0772dcc99359b5f3a3587cb36428819839c28b9629c3e94d2baac81db53127333cd7f634d9ea09119
SSDEEP

24576:owGbf3kyOHs5IFUB8ni7YW1jKBP932Vkgyz:/LyOB47h1OL32Vkgyz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e4858efe96731ddd5959d6aec830c55a7255e16f0672977522a80c26a898837b

Files

e4858efe96731ddd5959d6aec830c55a7255e16f0672977522a80c26a898837b
.exe windows:6 windows x86 arch:x86

dfffcac19cde4922cc8e014f277fe49d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\landun\wubi_agent\workspace\p-3417ba0c0c0d46dfae3a04bc6431244c\src\bin\SogouPdb\SogouWubi\ScdReg.pdb

Imports

imm32

ImmDisableIME

kernel32

IsProcessorFeaturePresent
FindFirstFileW
HeapFree
FindNextFileW
GetTempPathW
InitializeCriticalSectionEx
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameW
GetDriveTypeW
GetCurrentDirectoryW
FindResourceW
LoadResource
FindResourceExW
LockResource
SizeofResource
FindClose
HeapSize
GetLastError
QueryPerformanceFrequency
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
ReadFile
SetLastError
WriteFile
SetFilePointer
CreateFileW
SetFileAttributesW
Sleep
CloseHandle
GetFileSize
FlushFileBuffers
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineW
GetCurrentProcess
GetModuleFileNameW
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
LoadLibraryW
FreeLibrary
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetCurrentThreadId
ExitThread
CreateEventW
FormatMessageW
GlobalAlloc
GlobalFree
CreateThread
LocalFree
CreateProcessW
RemoveDirectoryW
GetFileAttributesW
GetVersionExW
GetSystemDirectoryW
DeleteFileW
MoveFileExW
CreateDirectoryW
WaitForSingleObject
GetFileAttributesExW
FileTimeToSystemTime
CopyFileW
LocalAlloc
OpenEventW
CreateMutexW
ReleaseMutex
OpenMutexW
QueryPerformanceCounter
SetEvent
IsBadWritePtr
lstrlenW
TerminateProcess
GetProcessHeap
GetLocalTime
lstrcpyW
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
HeapCreate
GetStringTypeW
EncodePointer
GetCPInfo
CompareStringW
LCMapStringW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
OutputDebugStringW
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
lstrcatW
GetStartupInfoW
InitializeSListHead
RtlUnwind
LoadLibraryExW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP
GetFileType
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetEndOfFile
ReadConsoleW
WriteConsoleW

user32

IsWindowVisible
GetWindowThreadProcessId
CreateWindowExW
wvsprintfW
SetWindowTextW
SetTimer
TrackMouseEvent
IsDlgButtonChecked
SetPropW
GetWindowDC
GetClientRect
GetDlgItem
DrawTextW
CheckDlgButton
GetParent
DialogBoxParamW
InvalidateRect
ReleaseDC
BeginPaint
EndPaint
GetWindowTextW
RemovePropW
GetWindowLongW
CallWindowProcW
GetWindowRect
GetDC
SetWindowPos
MessageBoxW
GetPropW
ScreenToClient
SendMessageW
GetClassNameW
GetSystemMetrics
EndDialog
SetWindowLongW
SetRectEmpty
DefWindowProcW

gdi32

GetObjectW
CreateSolidBrush
DeleteObject
SelectObject
GetStockObject
GetTextExtentPoint32W
SetTextColor
SetBkMode
CreateFontIndirectW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetProcessMemoryInfo

wininet

HttpQueryInfoW
InternetCloseHandle
InternetSetOptionW
InternetOpenW
InternetWriteFile
InternetCrackUrlA
HttpEndRequestW
HttpSendRequestExW
InternetConnectA
HttpAddRequestHeadersW
HttpOpenRequestA
InternetOpenUrlW

advapi32

CryptAcquireContextW
CryptSetKeyParam
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext
RegQueryValueExW
RegOpenKeyW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
InitializeAcl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
AddAccessAllowedAceEx
GetLengthSid
OpenProcessToken
LookupAccountSidW
GetTokenInformation
RegCloseKey
RegEnumKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW

shell32

SHFileOperationW
ShellExecuteW
SHGetFolderPathW

Sections

.text
Size: 689KB - Virtual size: 688KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 383KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 76KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dfffcac19cde4922cc8e014f277fe49d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

imm32

kernel32

user32

gdi32

version

psapi

wininet

advapi32

shell32

Sections

.text Size: 689KB - Virtual size: 688KB

.rdata Size: 383KB - Virtual size: 382KB

.data Size: 76KB - Virtual size: 417KB

.rsrc Size: 96KB - Virtual size: 100KB

.text
Size: 689KB - Virtual size: 688KB

.rdata
Size: 383KB - Virtual size: 382KB

.data
Size: 76KB - Virtual size: 417KB

.rsrc
Size: 96KB - Virtual size: 100KB