d1f92a48671fb9961b5e3f6cf55bbd8a76766acf9fed3312b384805af95ee5be

Sharing

Copy URL

Twitter E-mail

General

Target

d1f92a48671fb9961b5e3f6cf55bbd8a76766acf9fed3312b384805af95ee5be
Size

2.5MB
MD5

7f0331cfb1be462f25e7d071ae8cb3a5
SHA1

ff2084bfa4d4381fbf8cf1534a0c7b49da11ec42
SHA256

d1f92a48671fb9961b5e3f6cf55bbd8a76766acf9fed3312b384805af95ee5be
SHA512

761994acbc62b1c7d4a9df305a88fce9c656f5fcb203256f4e678f30fe0aae8d14431490f91740ee3bfd858e315b4e7cf53be33e4df349c5684154fb9efeca9e
SSDEEP

49152:twQFUOS56+5i1SkYhyJ28VCIfLuuNGIDNwkXOY2S5k7+nc:twQaO8irYhyJlaIDNwk+Y2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1f92a48671fb9961b5e3f6cf55bbd8a76766acf9fed3312b384805af95ee5be

Files

d1f92a48671fb9961b5e3f6cf55bbd8a76766acf9fed3312b384805af95ee5be
.exe windows:6 windows x86 arch:x86

f86663984475fbd5b30f349f6d01b19a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Personal\MyWork\12.adsRise_cef\adsRise3\Release_yd\adsRise3.pdb

Imports

ws2_32

sendto
recvfrom
accept
freeaddrinfo
getaddrinfo
socket
setsockopt
getsockname
getpeername
closesocket
bind
connect
send
ioctlsocket
recv
WSASetLastError
select
__WSAFDIsSet
WSAIoctl
WSAGetLastError
getsockopt
htons
listen
WSACleanup
WSAStartup
gethostname
gethostbyname
inet_ntoa
inet_addr
ntohs

winmm

midiStreamOpen
waveOutWrite

kernel32

DeleteCriticalSection
GetCurrentThreadId
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
GlobalAlloc
GlobalUnlock
GlobalLock
MulDiv
lstrcmpiW
FindFirstFileA
FindNextFileA
RemoveDirectoryA
InitializeCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
GetSystemTimes
CreateProcessA
CreateProcessW
GetModuleHandleA
LoadLibraryA
lstrcmpiA
GetCurrentDirectoryW
GetFileType
ReadFile
SetFilePointer
SetFileTime
WriteFile
DuplicateHandle
DosDateTimeToFileTime
SystemTimeToFileTime
WideCharToMultiByte
GetEnvironmentVariableA
CreateDirectoryA
CreateFileA
DeleteFileA
GetFileAttributesA
GetFileSize
SetFileAttributesA
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
CreateMutexA
TerminateProcess
TerminateThread
SuspendThread
OpenProcess
GetTickCount
GetModuleFileNameA
LockResource
GlobalHandle
GlobalFree
LocalAlloc
LocalFree
QueryDosDeviceA
MoveFileA
K32EnumProcesses
K32EmptyWorkingSet
K32GetProcessImageFileNameA
InitializeCriticalSectionAndSpinCount
FormatMessageA
GetCommandLineW
HeapReAlloc
WaitForMultipleObjects
CreateThread
ExitThread
CopyFileA
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
OutputDebugStringW
VirtualQuery
InterlockedCompareExchange
LeaveCriticalSection
SetThreadContext
GetThreadContext
GetThreadTimes
FreeLibraryAndExitThread
RtlUnwind
GetModuleHandleExW
GetDriveTypeW
GetFullPathNameW
SetFilePointerEx
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetConsoleMode
ReadConsoleW
GetConsoleCP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetFileSizeEx
GetTimeZoneInformation
SetStdHandle
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetEndOfFile
WriteConsoleW
HeapAlloc
SetLastError
GetLastError
RaiseException
DecodePointer
MultiByteToWideChar
lstrcmpW
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
VirtualProtect
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
SetUnhandledExceptionFilter
CloseHandle
OutputDebugStringA
FindNextFileW
FindClose
CreateFileW
CreateDirectoryW
TlsGetValue
TlsAlloc
EncodePointer
WaitForSingleObjectEx
ExpandEnvironmentStringsA
PeekNamedPipe
GetStdHandle
GetVersionExA
SleepEx
InitializeCriticalSectionEx
EnterCriticalSection
GetProcessHeap
HeapSize
ResumeThread
HeapFree
Sleep

user32

RegisterClassA
DefWindowProcA
PostThreadMessageW
PostMessageW
SendMessageTimeoutW
PeekMessageW
DispatchMessageW
TranslateMessage
GetForegroundWindow
GetWindowTextA
SetWindowContextHelpId
GetClassNameA
GetWindowThreadProcessId
MapDialogRect
SystemParametersInfoW
GetAncestor
SetParent
CreateWindowExA
GetCursorInfo
GetCursorPos
MessageBoxIndirectW
MessageBoxExW
MessageBoxW
SetActiveWindow
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetClassNameW
GetParent
GetDesktopWindow
SetWindowLongW
SetWindowLongA
GetWindowLongW
GetWindowLongA
GetLayeredWindowAttributes
GetSysColor
MapWindowPoints
ScreenToClient
ClientToScreen
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
EnableWindow
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
GetDlgItem
SetWindowPos
MoveWindow
SetLayeredWindowAttributes
ShowWindow
DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
CallWindowProcA
DefWindowProcW
SendMessageW
RegisterWindowMessageW
wsprintfW
IsWindowVisible
CreateDialogIndirectParamW
EndDialog
OpenClipboard
CloseClipboard
GetSystemMetrics
MsgWaitForMultipleObjects
SetClipboardData
GetClipboardData
EmptyClipboard
VkKeyScanW
FillRect
MapVirtualKeyW
LoadCursorW

gdi32

GetStockObject
Ellipse
CreatePen
GetObjectW
SelectObject
BitBlt
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

CryptAcquireContextA
RegQueryValueExW
RegOpenKeyExA
RegDeleteValueA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegSetValueExA
CreateProcessAsUserA
CreateProcessAsUserW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext

shell32

ShellExecuteA

ole32

OleLockRunning
OleSetContainedObject
OleUninitialize
OleInitialize
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoCreateGuid
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoDisconnectObject
CoGetClassObject
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemAlloc

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
VariantInit
VariantClear
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysAllocString

libcef

cef_time_to_timet
cef_time_now
cef_uriencode
cef_base64encode
cef_get_mime_type
cef_time_delta
cef_enable_highdpi_support
cef_do_message_loop_work
cef_shutdown
cef_initialize
cef_execute_process
cef_register_extension
cef_post_task
cef_currently_on
cef_string_utf8_to_utf16
cef_string_multimap_append
cef_string_multimap_value
cef_string_multimap_key
cef_string_multimap_size
cef_string_map_append
cef_string_map_value
cef_string_map_key
cef_string_map_size
cef_string_list_append
cef_string_list_value
cef_string_list_size
cef_string_utf16_cmp
cef_v8value_create_function
cef_v8value_create_array_buffer
cef_v8value_create_array
cef_v8value_create_object
cef_v8value_create_string
cef_v8value_create_date
cef_v8value_create_double
cef_v8value_create_uint
cef_v8value_create_int
cef_v8value_create_bool
cef_v8value_create_null
cef_v8context_get_current_context
cef_stream_reader_create_for_data
cef_string_multimap_free
cef_string_multimap_alloc
cef_cookie_manager_get_global_manager
cef_api_hash
cef_string_map_free
cef_string_map_alloc
cef_string_userfree_utf16_free
cef_browser_host_create_browser_sync
cef_string_list_free
cef_string_list_alloc
cef_log
cef_string_ascii_to_utf16
cef_string_utf16_to_utf8
cef_string_utf16_clear
cef_string_utf8_clear
cef_string_utf16_set

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

PathFileExistsA
PathRemoveBackslashA
PathRemoveFileSpecA
PathIsDirectoryA
PathAddBackslashA
StrStrA
StrCmpIW
StrStrIA
StrStrIW

iphlpapi

GetAdaptersInfo
SendARP

wininet

InternetSetCookieA
InternetGetCookieA

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord143
ord46
ord211
ord60

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 398KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msvcjmc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f86663984475fbd5b30f349f6d01b19a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

winmm

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

libcef

version

shlwapi

iphlpapi

wininet

wldap32

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 398KB - Virtual size: 398KB

.data Size: 31KB - Virtual size: 166KB

.msvcjmc Size: 23KB - Virtual size: 22KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 104KB - Virtual size: 104KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 398KB - Virtual size: 398KB

.data
Size: 31KB - Virtual size: 166KB

.msvcjmc
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 104KB - Virtual size: 104KB