57bfe72b4bb4d2eb6fb1b3e11cdd521914504b7d07d83b4c0c8fb5b85d3862bf

Sharing

Copy URL Twitter E-mail

General

Target

57bfe72b4bb4d2eb6fb1b3e11cdd521914504b7d07d83b4c0c8fb5b85d3862bf
Size

4.4MB
MD5

48c0d87bd8f0884a38c8fac99914afa7
SHA1

3109f2fc8ec818d3769e427d891e8385ae92093c
SHA256

57bfe72b4bb4d2eb6fb1b3e11cdd521914504b7d07d83b4c0c8fb5b85d3862bf
SHA512

bbe30fe848926c8126ef0624bf550d039b4118a42133a3d3df58aacacfa13629b0b62fd07b92e51352f18f5fe638a799882800c291491b03624f800e6e56cc6f
SSDEEP

3072:bc6A69aLeBTaAdurLEXBySTLwYst7Hv5bwbA53:46h9naAdu8vbKHxc4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57bfe72b4bb4d2eb6fb1b3e11cdd521914504b7d07d83b4c0c8fb5b85d3862bf

Files

57bfe72b4bb4d2eb6fb1b3e11cdd521914504b7d07d83b4c0c8fb5b85d3862bf
.exe windows:5 windows x86 arch:x86

90d23a0829acb75ecbe82976ca15d8f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\buildbot\build1\kugou\build\Release\service.pdb

Imports

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

kernel32

ReadFile
CloseHandle
ConnectNamedPipe
DisconnectNamedPipe
lstrcpyW
lstrcatW
CreateEventW
LoadLibraryW
CreateProcessW
CreateFileW
CreateNamedPipeW
WaitNamedPipeW
WriteFile
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
QueryPerformanceCounter
WaitForSingleObject
InitializeSListHead
SetLastError
LocalFree
LocalAlloc
GlobalFree
GlobalAlloc
InterlockedDecrement
MultiByteToWideChar
FindResourceW
GetCommandLineW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetCurrentThreadId
RaiseException
GetProcAddress
FreeLibrary
InterlockedCompareExchange
InterlockedExchange
UnhandledExceptionFilter
OutputDebugStringW
GetVersionExW
GetCurrentProcessId
GetSystemTimeAsFileTime
IsDebuggerPresent

user32

TranslateMessage
DispatchMessageW
GetMessageW
wsprintfW
LoadStringW
CharNextW
CharUpperW

advapi32

RegisterEventSourceW
StartServiceW
CreateServiceW
ChangeServiceConfig2W
ChangeServiceConfigW
CreateProcessAsUserW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
EqualSid
GetTokenInformation
DuplicateToken
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CloseServiceHandle
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
ReportEventW
DeregisterEventSource

shell32

CommandLineToArgvW

ole32

CoCreateGuid
CoCreateInstance
CoReleaseServerProcess
CoAddRefServerProcess
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VarUI4FromStr

shlwapi

PathRemoveBackslashW
PathRemoveFileSpecW

msvcp140

?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

vcruntime140

__vcrt_InitializeCriticalSectionEx
__std_exception_copy
__std_exception_destroy
_except_handler4_common
memmove
wcsrchr
memcpy
__CxxFrameHandler3
memset
wcsstr
_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_cexit
_seh_filter_exe
_set_app_type
_initialize_onexit_table
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_controlfp_s
_invalid_parameter_noinfo_noreturn
_errno
_invalid_parameter_noinfo
_crt_atexit

api-ms-win-crt-heap-l1-1-0

free
_callnewh
_recalloc
_set_new_mode
malloc

api-ms-win-crt-string-l1-1-0

wcsncpy_s
wcscpy_s

api-ms-win-crt-stdio-l1-1-0

_putws
__p__commode
_set_fmode
__stdio_common_vsnwprintf_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

90d23a0829acb75ecbe82976ca15d8f5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

userenv

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 1024B - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 88B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 74KB - Virtual size: 76KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 88B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 74KB - Virtual size: 76KB