ee0d9d07f595e2270d8edb7002037550dcacd19854e0584634994736042b7cba

Sharing

Copy URL Twitter E-mail

General

Target

ee0d9d07f595e2270d8edb7002037550dcacd19854e0584634994736042b7cba
Size

737KB
MD5

a91505a7bc1d3a2f2482a6492b5cc834
SHA1

21d30fa8ea10940d27022efef4298e24bf3523d1
SHA256

ee0d9d07f595e2270d8edb7002037550dcacd19854e0584634994736042b7cba
SHA512

204cc85dafb1667bd8c06d03ba3fcec36b29f7f4c73579de031bd2e66f5d0e5d2971e675f03b7aa1f9a0340ec390678b8ea8bdbce9c2c3b549c456c80fc22cf0
SSDEEP

12288:FIY4or7IaEUQ2pzyRE5yXBhZyjPl06chgZF/RUm:FINI0mpBsXIjPlXcOZBR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ee0d9d07f595e2270d8edb7002037550dcacd19854e0584634994736042b7cba

Files

ee0d9d07f595e2270d8edb7002037550dcacd19854e0584634994736042b7cba
.exe windows:6 windows x86 arch:x86

6e531e706fdac59d0317f47ef6bcac0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\landun\wubi_agent\workspace\p-3417ba0c0c0d46dfae3a04bc6431244c\src\bin\SogouPdb\SogouWubi\SogouWBSvc.pdb

Imports

userenv

CreateEnvironmentBlock

kernel32

GetTickCount
GetCurrentThreadId
CreateThread
Sleep
CreateEventW
WaitForSingleObject
SetEvent
DecodePointer
GetCommandLineW
MultiByteToWideChar
lstrcmpiW
FindResourceW
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
OpenProcess
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
SetEndOfFile
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
SetFilePointerEx
ReadConsoleW
GetConsoleMode
CloseHandle
GetConsoleCP
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GlobalFree
LoadLibraryW
GetSystemDirectoryW
SetLastError
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
ReadFile
GetCurrentProcess
WriteFile
CreateFileW
ExitThread
FormatMessageW
LocalFree
GetFileSize
CreateProcessW
FindNextFileW
FindClose
GetFileAttributesW
SetFileAttributesW
DeleteFileW
CreateDirectoryW
HeapFree
HeapAlloc
FlushFileBuffers
GetCurrentProcessId
CreateMutexW
ReleaseMutex
OpenMutexW
LocalAlloc
GetProcessHeap
QueryPerformanceCounter
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
IsDebuggerPresent
OutputDebugStringW
GetStringTypeW
EncodePointer
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
InitializeSListHead
RtlUnwind
GetModuleHandleExW
FindFirstFileExW
ExitProcess
GetStdHandle
GetACP
HeapSize
HeapReAlloc
GetDateFormatW

user32

CharNextW
LoadStringW
GetMessageW
TranslateMessage
GetClassNameW
IsWindowVisible
GetWindowThreadProcessId
SetRectEmpty
DispatchMessageW
PostThreadMessageW
CharUpperW
SetTimer
MessageBoxW

advapi32

RegDeleteValueW
GetSecurityDescriptorSacl
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
GetTokenInformation
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
RegQueryValueExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
SetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
InitializeAcl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
AddAccessAllowedAceEx
GetLengthSid
CreateProcessAsUserW
OpenProcessToken
AllocateAndInitializeSid
DuplicateTokenEx
EqualSid
FreeSid
RegEnumKeyExW

ole32

CoRevokeClassObject
CoResumeClassObjects
CoInitializeEx
CoReleaseServerProcess
CoInitializeSecurity
CoCreateInstance
CoUninitialize
StringFromGUID2
CoRegisterClassObject
CoTaskMemFree
CoTaskMemRealloc
CoAddRefServerProcess
CoTaskMemAlloc

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysAllocString

imm32

ImmDisableIME

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shell32

SHGetFolderPathW
ShellExecuteW

Sections

.text
Size: 273KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6e531e706fdac59d0317f47ef6bcac0d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

userenv

kernel32

user32

advapi32

ole32

oleaut32

imm32

version

shell32

Sections

.text Size: 273KB - Virtual size: 273KB

.rdata Size: 134KB - Virtual size: 133KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 215KB - Virtual size: 215KB

.reloc Size: 84KB - Virtual size: 84KB

.text
Size: 273KB - Virtual size: 273KB

.rdata
Size: 134KB - Virtual size: 133KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 215KB - Virtual size: 215KB

.reloc
Size: 84KB - Virtual size: 84KB