8a6acf40ebb425e7c2c000d4357dd2ec7274de7fe19123168406e9340a24692c

Sharing

Copy URL Twitter E-mail

General

Target

8a6acf40ebb425e7c2c000d4357dd2ec7274de7fe19123168406e9340a24692c
Size

1.5MB
MD5

339086c47a72ee8618286685acfb21b4
SHA1

8b4d092b9d00d7abb8c775a145e1a77c35fb321f
SHA256

8a6acf40ebb425e7c2c000d4357dd2ec7274de7fe19123168406e9340a24692c
SHA512

597c103fa07036fb2941f3f9ac36ed7c9adec459540e698adfe711fe4e32372639b02b6941874f7ba9e59d77cfd84e41ccec1fecd2a11367e63164477799f244
SSDEEP

24576:O3hQ/s/Oj8cx269P1nMEwr6dgX01QlZb3610JY7m3WnjXx/KGg2XNJaEDq:jj8cM6R5Mbr6OXu481Z7mGnjX5KGfXz0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a6acf40ebb425e7c2c000d4357dd2ec7274de7fe19123168406e9340a24692c

Files

8a6acf40ebb425e7c2c000d4357dd2ec7274de7fe19123168406e9340a24692c
.exe windows:5 windows x86 arch:x86

b5d675bc45be02805150afd33e6b3781

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\37Work\pc_code\lander\template\lianyun_cef\Bin\lander.pdb

Imports

kernel32

ReadFile
GetCommandLineW
FindResourceExW
GetSystemInfo
InterlockedIncrement
InterlockedDecrement
IsBadWritePtr
GetExitCodeThread
OutputDebugStringW
CreateProcessW
OpenProcess
TerminateProcess
GetModuleFileNameW
MulDiv
lstrcmpW
FreeLibrary
GetProcAddress
GetModuleHandleW
lstrcmpiW
LoadLibraryExW
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
FindFirstFileW
FindNextFileW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetCurrentProcessId
MultiByteToWideChar
FreeEnvironmentStringsW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
GetSystemTimeAsFileTime
CreateThread
ExitThread
VirtualQuery
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
QueryPerformanceCounter
WideCharToMultiByte
GetTickCount
LockResource
ResumeThread
TerminateThread
DeleteFileW
WaitForSingleObject
Sleep
WriteFile
CreateFileW
GetLastError
SetEvent
CloseHandle
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
GlobalFree
GlobalUnlock
GlobalLock
SizeofResource
GlobalAlloc
FreeResource
EnterCriticalSection
LoadResource
FindResourceW
InterlockedExchange
FlushInstructionCache
GetCurrentProcess
SetLastError
RaiseException
GetCurrentThreadId
LeaveCriticalSection
GetEnvironmentStringsW

user32

CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
LoadImageW
SendMessageW
UnregisterClassA
RedrawWindow
GetClientRect
OffsetRect
PtInRect
PostMessageW
SetCursor
IsWindowVisible
GetForegroundWindow
GetWindowLongW
SetWindowLongW
CallWindowProcW
DrawTextW
InflateRect
SetWindowTextW
SetFocus
SystemParametersInfoW
SetWindowPos
ShowWindow
UpdateWindow
IsIconic
SetForegroundWindow
DestroyWindow
BeginPaint
EndPaint
ScreenToClient
SetWindowRgn
GetDC
ReleaseDC
UpdateLayeredWindow
DefWindowProcW
ClientToScreen
IsChild
MessageBoxW
LoadMenuW
GetSubMenu
RemoveMenu
DestroyMenu
TrackPopupMenu
GetCursorPos
LoadIconW
DestroyAcceleratorTable
GetDesktopWindow
InvalidateRect
InvalidateRgn
FillRect
ReleaseCapture
SetCapture
MoveWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
GetKeyState
PostQuitMessage
SetLayeredWindowAttributes
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
GetFocus
GetWindow
GetDlgItem
IsWindow
GetClassNameW
GetSysColor
CharNextW
CreateAcceleratorTableW
GetParent

gdi32

GetDeviceCaps
CreateCompatibleBitmap
CreateFontW
SetBkColor
StretchBlt
CreateRoundRectRgn
RestoreDC
SetTextColor
SetBkMode
GetStockObject
GetDIBColorTable
DeleteObject
BitBlt
GetObjectW
SetDIBColorTable
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
SaveDC
CreateSolidBrush

advapi32

GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey
RegOpenKeyExW
GetUserNameW

shell32

ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
Shell_NotifyIconW

ole32

CoCreateGuid
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoInitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr
SysAllocStringLen
OleCreateFontIndirect
DispCallFunc
LoadTypeLi
LoadRegTypeLi
SafeArrayPutElement
SafeArrayCreate
VariantClear
VariantInit
SysStringLen
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SysFreeString
SysAllocString

shlwapi

PathFileExistsW
StrCpyW

comctl32

_TrackMouseEvent

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImageHeight

wininet

InternetGetCookieExW
FindCloseUrlCache
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
InternetSetCookieW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW
FindFirstUrlCacheEntryW

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5d675bc45be02805150afd33e6b3781

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

wininet

Sections

.text Size: 283KB - Virtual size: 282KB

.rdata Size: 53KB - Virtual size: 52KB

.data Size: 12KB - Virtual size: 29KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 283KB - Virtual size: 282KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 12KB - Virtual size: 29KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 24KB - Virtual size: 23KB