a0cf95b0a61f8072b75abcad04da0293

Sharing

Copy URL Twitter E-mail

General

Target

a0cf95b0a61f8072b75abcad04da0293
Size

7.4MB
MD5

a0cf95b0a61f8072b75abcad04da0293
SHA1

b7b265db1cc4b20a4f4abbe22aaa7a946abcf5ca
SHA256

f9222a3322464b177649dd83b88f39e645e21cada14d085ea382f9f6d95d1d68
SHA512

bdf83bb467ff16c1b86b307ec25293e08e090a1ed364e62aa923ac21b659da0acebcdb0e8465aabd2b8a9d88a91e59d6debc8e97a89ed5e2f7c8d9f1f65f5c6b
SSDEEP

196608:G2xqfj/ZNR/1WnCyDF945cg3TgvBbHhjsS:GsqflhWCyX45dT6Fh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/siteseo.exe

Files

a0cf95b0a61f8072b75abcad04da0293
.rar
siteseo.exe
.exe windows:5 windows x86 arch:x86

d878f8ac518f33cdd8431c14254dc333

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
GetLastError
GetDriveTypeW
CompareStringW
lstrcmpiW
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSection
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
ExitProcess
GetModuleFileNameA
lstrlenW
TlsSetValue
TlsAlloc
GlobalUnlock
LCMapStringW
LCMapStringA
GetCPInfo
GetStringTypeW
RtlUnwind
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoA
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
LoadLibraryA
LocalAlloc
PeekNamedPipe
GetStdHandle
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SearchPathW
ConnectNamedPipe
CreateNamedPipeW
GetVersion
GetExitCodeProcess
CreateProcessW
GlobalLock
GlobalAlloc
lstrcmpW
CreateFileW
WriteFile
CreateMutexW
FindFirstFileW
DeleteFileW
RemoveDirectoryW
FindNextFileW
GetTempFileNameW
GetTempPathW
InterlockedExchange
GetModuleHandleW
LoadLibraryExW
MultiByteToWideChar
GlobalFree
FindClose
ReadFile
CreateFileA
GetFileSize
TlsGetValue
GetLogicalDriveStringsW
FreeLibrary
LoadLibraryW
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateDirectoryW
GetCurrentProcessId
GetDiskFreeSpaceExW
ResetEvent
MoveFileW
TerminateThread
GetSystemTime
GetEnvironmentVariableW
GetWindowsDirectoryW
GetSystemDirectoryW
OutputDebugStringW
GlobalMemoryStatus
GetLocaleInfoW
EnumResourceLanguagesW
GetUserDefaultLangID
CloseHandle
GetExitCodeThread
SetEvent
WaitForSingleObject
CreateEventW
SetLastError
FlushInstructionCache
GetCurrentProcess
Sleep
RaiseException
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
TlsFree
MulDiv
GetFileAttributesW
GetSystemDefaultLangID
SetFilePointer
CopyFileW
FlushFileBuffers
LocalFree
FormatMessageW
WideCharToMultiByte
GetCurrentThread
CreateThread
SetFileAttributesW
GetVersionExW

user32

GetDC
ReleaseDC
TranslateMessage
GetWindowRect
DispatchMessageW
GetSysColorBrush
IsWindowVisible
IntersectRect
EqualRect
MapWindowPoints
DefWindowProcW
DestroyWindow
SetWindowTextW
GetDlgItem
SetWindowLongW
GetWindowLongW
CallWindowProcW
GetParent
ShowWindow
SendMessageW
DestroyIcon
GetComboBoxInfo
DrawFrameControl
RegisterWindowMessageW
CreateAcceleratorTableW
InvalidateRgn
GetDesktopWindow
DestroyAcceleratorTable
GetKeyState
SetRectEmpty
DrawStateW
DestroyMenu
AppendMenuW
CreatePopupMenu
TrackPopupMenu
TrackMouseEvent
InflateRect
GetWindowDC
LoadBitmapW
CharNextW
DrawFocusRect
GetClassNameW
OffsetRect
ReleaseCapture
GetCapture
SetCapture
UpdateWindow
PtInRect
GetDlgCtrlID
GetWindowTextLengthW
GetWindowTextW
SetScrollInfo
GetScrollPos
GetClassInfoExW
RegisterClassExW
DrawTextW
SetFocus
IsRectEmpty
CopyRect
SetScrollPos
EndPaint
FillRect
SetRect
BeginPaint
MoveWindow
GetScrollInfo
ScreenToClient
GetMessagePos
GetSysColor
RedrawWindow
GetMessageW
SystemParametersInfoW
GetActiveWindow
KillTimer
CreateWindowExW
DestroyCursor
CreateDialogParamW
EndDialog
DialogBoxParamW
GetNextDlgTabItem
IsWindowEnabled
InvalidateRect
SetCursor
GetWindow
MonitorFromWindow
GetMonitorInfoW
SetWindowPos
ClientToScreen
GetClientRect
GetSystemMetrics
LoadImageW
IsDialogMessageW
IsChild
GetFocus
PostQuitMessage
IsWindow
LoadStringW
GetPropW
GetForegroundWindow
MsgWaitForMultipleObjects
GetSystemMenu
ModifyMenuW
FindWindowW
ExitWindowsEx
SetPropW
RemovePropW
EnableMenuItem
LoadMenuW
GetSubMenu
SetTimer
LoadIconW
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
UnregisterClassA
MessageBoxW
EnableWindow
PostMessageW
SetForegroundWindow
SetCursorPos
GetCursorPos
PeekMessageW
LoadCursorW

gdi32

GetTextMetricsW
ExtTextOutW
SetBkColor
GetWindowExtEx
GetViewportExtEx
SetMapMode
GetMapMode
ExcludeClipRect
CreateFontIndirectW
GetObjectW
CreateSolidBrush
GetStockObject
GetBitmapBits
SetBkMode
CreateFontW
GetDeviceCaps
SetBrushOrgEx
CreatePatternBrush
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
CreateBitmapIndirect
SetTextColor

advapi32

AdjustTokenPrivileges
OpenProcessToken
StartServiceW
QueryServiceStatus
OpenServiceW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW
OpenSCManagerW
LockServiceDatabase
UnlockServiceDatabase
CloseServiceHandle
GetUserNameW
RegOpenKeyW

shell32

ShellExecuteW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW
ShellExecuteExW
SHBrowseForFolderW

ole32

OleInitialize
CoUninitialize
CLSIDFromString
CoTaskMemRealloc
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
CoInitialize
CoInitializeEx
OleUninitialize
CoTaskMemFree

oleaut32

VarUI4FromStr
OleLoadPicture
VarDateFromStr
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
SysStringLen
OleCreateFontIndirect
VariantChangeType
VariantCopy
VariantInit
VariantClear
SysAllocString
SysFreeString

dbghelp

SymGetLineFromAddr
SymGetSymFromAddr
SymFunctionTableAccess
SymGetModuleBase
StackWalk
SymInitialize
SymSetOptions
SymCleanup

shlwapi

PathIsUNCW
PathFileExistsW

comctl32

CreatePropertySheetPageW
PropertySheetW
DestroyPropertySheetPage
InitCommonControlsEx
ImageList_LoadImageW
ImageList_SetBkColor
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
_TrackMouseEvent

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

Sections

.text
Size: 613KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

d878f8ac518f33cdd8431c14254dc333

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

dbghelp

shlwapi

comctl32

version

comdlg32

Sections

.text Size: 613KB - Virtual size: 612KB

.rdata Size: 138KB - Virtual size: 138KB

.data Size: 9KB - Virtual size: 18KB

.rsrc Size: 160KB - Virtual size: 159KB

.reloc Size: 61KB - Virtual size: 60KB

.text
Size: 613KB - Virtual size: 612KB

.rdata
Size: 138KB - Virtual size: 138KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 160KB - Virtual size: 159KB

.reloc
Size: 61KB - Virtual size: 60KB