61128a592513aecf194ef229f698386fbca2003b2423b30acc317961db577486

Sharing

Copy URL

Twitter E-mail

General

Target

61128a592513aecf194ef229f698386fbca2003b2423b30acc317961db577486
Size

2.1MB
MD5

01792b237072929b6aced92f0a6e02a0
SHA1

0715542fa66762702f3638ecc3c0df1943699b2b
SHA256

61128a592513aecf194ef229f698386fbca2003b2423b30acc317961db577486
SHA512

7c63ff2ce24ef75bc738bf8587aa9a0b201b2f151e31dea9fb213095ed07311d1131179b63a1329a7bc89dfd08f22475269e839a05380854c7e7df7ebaac12db
SSDEEP

24576:vaAbJRBVvgOLjo1yVHz6AKt2eDO/J+EVhUYwEQo7nJ9jQkDiiMr/98e6woLdT6Md:DD5z6t2eoRuYXnJ9EZ/ue6BTcWTMnL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61128a592513aecf194ef229f698386fbca2003b2423b30acc317961db577486

Files

61128a592513aecf194ef229f698386fbca2003b2423b30acc317961db577486
.exe windows:6 windows x86 arch:x86

051cd545b34bb35841c869ba210e13e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\landun\wubi_agent\workspace\p-3417ba0c0c0d46dfae3a04bc6431244c\src\bin\SogouPdb\SogouWubi\WbUserNetSchedule.pdb

Imports

imm32

ImmDisableIME
ImmGetHotKey
ImmSetHotKey

ziplib

UnZipEx
ZipFolderEx
ZipFolder
UnZip

kernel32

HeapCreate
HeapFree
HeapAlloc
HeapDestroy
GetProcessHeap
GetModuleHandleW
InitializeCriticalSectionEx
HeapSize
GetLastError
VirtualProtect
VirtualAlloc
GetSystemInfo
HeapReAlloc
RaiseException
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
QueryPerformanceFrequency
CopyFileW
ReadFile
WriteFile
SetFilePointer
CreateFileW
CloseHandle
GetProcAddress
GetFileSize
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetStdHandle
GetConsoleCP
GetOEMCP
IsValidCodePage
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
ExitProcess
GetFileInformationByHandle
GetDriveTypeW
SetEnvironmentVariableA
GetTimeZoneInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
GetACP
RtlUnwind
WideCharToMultiByte
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
SetLastError
GetCurrentProcess
GetModuleFileNameW
WaitForMultipleObjects
GetCurrentThreadId
ExitThread
CreateEventW
FormatMessageW
GlobalAlloc
GlobalFree
CreateThread
LocalFree
CreateProcessW
CreateDirectoryW
WaitForSingleObject
GetFileAttributesW
SetFileAttributesW
GetFileAttributesExW
FileTimeToSystemTime
DeleteFileW
MoveFileExW
GetTempFileNameW
GetExitCodeProcess
FindFirstFileW
FindNextFileW
FindClose
LocalAlloc
GetSystemDirectoryW
LoadLibraryW
CreateMutexW
ReleaseMutex
OpenMutexW
Sleep
FlushFileBuffers
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
FreeLibrary
RemoveDirectoryW
GetVersionExW
OpenProcess
GetCommandLineW
GetTempPathW
GetCurrentProcessId
TlsAlloc
TlsFree
SetPriorityClass
OpenEventW
QueryPerformanceCounter
SetEvent
IsBadWritePtr
lstrlenW
TerminateProcess
lstrcatW
GetLocalTime
lstrcpyW
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
GetTickCount
LoadLibraryExW
SizeofResource
LockResource
FindResourceExW
GetModuleHandleA
FindResourceW
GetCurrentDirectoryW
GlobalLock
GlobalUnlock
GetFileSizeEx
GetFullPathNameW
SetEndOfFile
lstrcmpW
GetFileType
LCMapStringW
GetStringTypeW
EncodePointer
GetCPInfo
SwitchToThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
CompareStringW
GetLocaleInfoW
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
LoadResource
OutputDebugStringW
SleepEx
GetSystemDirectoryA
LoadLibraryA
InitializeCriticalSection
FormatMessageA
GetStdHandle
PeekNamedPipe

user32

wvsprintfW
SetRectEmpty
GetWindowThreadProcessId
LoadIconW
CreateWindowExW
DestroyWindow
FindWindowW
PostMessageW
IsWindowVisible
MessageBoxW
GetClassNameW
GetSystemMetrics

shell32

ShellExecuteExW
SHGetFolderPathW
SHFileOperationW
Shell_NotifyIconW
ShellExecuteW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetProcessMemoryInfo

wininet

InternetQueryOptionW
InternetConnectA
InternetCrackUrlA
HttpOpenRequestA
InternetOpenUrlW
InternetSetCookieW
HttpEndRequestW
HttpSendRequestExW
HttpSendRequestW
InternetCloseHandle
InternetCanonicalizeUrlW
InternetReadFile
InternetSetOptionW
HttpOpenRequestW
HttpAddRequestHeadersW
InternetWriteFile
InternetOpenW
InternetConnectW
HttpQueryInfoW

shlwapi

PathIsDirectoryEmptyW

ws2_32

getpeername
connect
bind
send
recv
getsockopt
closesocket
WSACleanup
listen
recvfrom
sendto
htons
ntohs
getsockname
ioctlsocket
setsockopt
socket
accept
select
__WSAFDIsSet
gethostname
WSASetLastError
getservbyname
getservbyport
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
htonl
WSAGetLastError
WSAStartup

wldap32

ord27
ord32
ord33
ord22
ord35
ord41
ord50
ord60
ord211
ord79
ord30
ord200
ord301
ord46
ord143
ord26

gdi32

DeleteDC
DeleteObject
GetObjectW
CreateCompatibleDC
SetDIBColorTable
CreateDIBSection
SelectObject
BitBlt
CreateCompatibleBitmap

advapi32

CryptAcquireContextW
CryptDecrypt
CryptSetKeyParam
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext
AddAccessAllowedAceEx
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
RegOpenKeyW
RegEnumKeyW
RegQueryInfoKeyW
RegDeleteKeyW
RegFlushKey
RegCreateKeyExW
RegSetValueExW
BuildExplicitAccessWithNameW
LookupAccountSidW
RegCloseKey
OpenProcessToken
RegOpenKeyExW
RegQueryValueExW
GetTokenInformation
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetLengthSid

ole32

CoTaskMemFree
StgOpenStorageOnILockBytes
StgCreateDocfile
CreateILockBytesOnHGlobal
StgOpenStorage

gdiplus

GdipDisposeImage
GdipAlloc
GdipBitmapUnlockBits
GdipCloneImage
GdipGetImagePaletteSize
GdipGetImageHeight
GdipGetImagePixelFormat
GdipFree
GdipDeleteGraphics
GdipGetImagePalette
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipDrawImageI
GdiplusShutdown
GdipBitmapLockBits
GdiplusStartup
GdipGetImageGraphicsContext

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 580KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 91KB - Virtual size: 691KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

051cd545b34bb35841c869ba210e13e2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

imm32

ziplib

kernel32

user32

shell32

version

psapi

wininet

shlwapi

ws2_32

wldap32

gdi32

advapi32

ole32

gdiplus

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 580KB - Virtual size: 580KB

.data Size: 91KB - Virtual size: 691KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 152KB - Virtual size: 152KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 580KB - Virtual size: 580KB

.data
Size: 91KB - Virtual size: 691KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 152KB - Virtual size: 152KB