b92b5921f728c8021ec819268397d97c45079e40472036503644cf87c4468d7e

Sharing

Copy URL Twitter E-mail

General

Target

b92b5921f728c8021ec819268397d97c45079e40472036503644cf87c4468d7e
Size

1.4MB
MD5

0e0dabcde54f3e2d4a266553327c1c0c
SHA1

7fe45b5592bc3f187b321300df5a95f7649cc848
SHA256

b92b5921f728c8021ec819268397d97c45079e40472036503644cf87c4468d7e
SHA512

1e0ddd9d954d743fe8f3e80ab029ab383723d437532ccfe29157a2b0b4e89bcc2910521fe4f4e90df259f9347dee56c5bd20a62f150bee0ade7ad74a8510ac33
SSDEEP

12288:DP54CXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:DPOCsqjnhMgeiCl7G0nehbGZpbD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b92b5921f728c8021ec819268397d97c45079e40472036503644cf87c4468d7e

Files

b92b5921f728c8021ec819268397d97c45079e40472036503644cf87c4468d7e
.exe windows:5 windows x86 arch:x86

59d0065f12a3914dd6c7a7ccc381ed9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\yun\sky\SkyUpdateU\Release\SkyUpdateU.pdb

Imports

libcurl

curl_easy_cleanup
curl_easy_init
curl_easy_setopt
curl_easy_perform

zlibwrap

ZWZipExtract

mfc120u

ord4546
ord8099
ord10314
ord12126
ord12094
ord12799
ord5667
ord10131
ord6758
ord13771
ord949
ord2163
ord7881
ord1467
ord992
ord7542
ord10260
ord1684
ord12430
ord2343
ord2347
ord2844
ord5488
ord8059
ord4692
ord4672
ord1141
ord503
ord1688
ord12006
ord10896
ord11271
ord3362
ord3361
ord3122
ord6121
ord13612
ord2718
ord12048
ord9116
ord9091
ord2843
ord11837
ord1139
ord500
ord1441
ord8921
ord4049
ord3790
ord1518
ord5327
ord13117
ord2341
ord286
ord13997
ord2708
ord10353
ord7384
ord3654
ord1110
ord6392
ord6469
ord3839
ord2262
ord1108
ord1521
ord1445
ord971
ord1400
ord999
ord6702
ord9090
ord10136
ord8101
ord5314
ord7600
ord7610
ord7609
ord6032
ord12122
ord12114
ord5821
ord3809
ord6252
ord14527
ord6253
ord14528
ord6251
ord14526
ord7884
ord12402
ord14326
ord11858
ord11857
ord1992
ord7825
ord12818
ord4047
ord12792
ord6436
ord5137
ord5316
ord5160
ord5693
ord5430
ord9231
ord5664
ord9938
ord2948
ord5454
ord5157
ord10919
ord1386
ord887
ord14094
ord8346
ord4842
ord2204
ord12043
ord3223
ord3329
ord3330
ord3898
ord11999
ord2640
ord5838
ord13563
ord11592
ord6774
ord14455
ord7807
ord14449
ord3013
ord4451
ord9574
ord4459
ord4909
ord4874
ord4867
ord4905
ord4932
ord4883
ord4916
ord4928
ord4891
ord4895
ord4899
ord4887
ord4920
ord4879
ord1736
ord1727
ord1731
ord1723
ord1711
ord12132
ord12134
ord13738
ord3224
ord9137
ord10883
ord6875
ord12095
ord8846
ord14447
ord11811
ord3795
ord11964
ord9020
ord11601
ord11600
ord5557
ord10169
ord10165
ord10167
ord10168
ord10166
ord2719
ord8092
ord3260
ord3263
ord13616
ord6123
ord3195
ord3317
ord462
ord7004
ord4772
ord285
ord5824
ord2967
ord5019
ord280
ord1042
ord296
ord266
ord265
ord1506
ord2173
ord6735
ord9016
ord3215
ord1508
ord4193
ord12634
ord8352
ord8268
ord12736
ord8206
ord5262
ord2444
ord12412
ord12413
ord14448
ord7806
ord14454
ord2367
ord9279
ord4109

msvcr120

__CxxFrameHandler3
_CxxThrowException
memcpy
??0exception@std@@QAE@ABQBD@Z
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
?terminate@@YAXXZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
memset
_wrename
wcsstr
memchr
fwrite
tolower
fclose
fgetc
_wfopen_s
free
malloc
_purecall
??0exception@std@@QAE@ABV01@@Z
_except1
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
sprintf
sscanf
memmove

kernel32

CreateDirectoryW
GetPrivateProfileStringA
RemoveDirectoryW
OpenProcess
MultiByteToWideChar
GetLastError
InitializeCriticalSectionAndSpinCount
Sleep
DecodePointer
DeleteCriticalSection
GetCurrentDirectoryW
FindFirstFileW
FindNextFileW
MoveFileW
FindClose
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
CloseHandle
CreateThread
OutputDebugStringW
LocalFree
GetCurrentThreadId
CreateProcessW
DeleteFileW

user32

SendMessageW
SetForegroundWindow
SetTimer
wsprintfW
SetWindowPos
ShowWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
EnableWindow
PostMessageW
KillTimer
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
AppendMenuW
GetSystemMenu
LoadIconW
PostQuitMessage

shell32

SHGetSpecialFolderPathW

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsW

oleaut32

VariantClear

msvcp120

?_Syserror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Winerror_map@std@@YAPBDH@Z

psapi

EnumProcessModules
GetModuleFileNameExW
EnumProcesses

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

59d0065f12a3914dd6c7a7ccc381ed9d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libcurl

zlibwrap

mfc120u

msvcr120

kernel32

user32

shell32

comctl32

shlwapi

oleaut32

msvcp120

psapi

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 1.3MB - Virtual size: 1.3MB