b818a40f613790d5e71bcac06428b920

Sharing

Copy URL Twitter E-mail

General

Target

b818a40f613790d5e71bcac06428b920
Size

916KB
MD5

b818a40f613790d5e71bcac06428b920
SHA1

e5be638001f40df601bc63cbe4d9083392c668a5
SHA256

40f292c78db5a463e6d139e781c77ef0e72be5664ea8bd94333ec9185d80e38b
SHA512

fee463d466c31eb31bc10b3bf96474ec48bb0bb9c6a5ca8ffd8efb59d9313c44b8756f03faac04ead0d1ddf439447b0434ecdcaed6a9020061dc07a21b2cf245
SSDEEP

12288:JpOkZ31+oDX9/8vka/4yYyab7wck1dfpUG5VlIim:2kN8F/4oab0ckvfpUG5VlG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b818a40f613790d5e71bcac06428b920

Files

b818a40f613790d5e71bcac06428b920
.exe windows:5 windows x86 arch:x86

48d1665904468681607003814f4deac1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\a\Desktop\SVN\클라이언트\작업\Client\Client_vs2008\Release_백두\client.pdb

Imports

wininet

HttpOpenRequestA
InternetReadFile
InternetConnectA
InternetCloseHandle
HttpSendRequestA
InternetOpenUrlA
InternetOpenA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

psapi

GetProcessImageFileNameA

dinput8

DirectInput8Create

ddraw

DirectDrawCreate
DirectDrawEnumerateExA

imm32

ImmGetContext
ImmGetConversionStatus
ImmGetCandidateListA
ImmSetCompositionFontA
ImmIsIME
ImmGetCandidateWindow
ImmReleaseContext
ImmGetCompositionStringA
ImmSetCandidateWindow
ImmSetConversionStatus
ImmGetProperty
ImmGetOpenStatus

wsock32

htons
WSACleanup
socket
closesocket
send
WSAAsyncSelect
htonl
WSAStartup
connect
inet_ntoa
recv
ntohl

dsound

ord11

winmm

mciSendStringA
mciGetErrorStringA
mmioDescend
mmioAscend
mmioClose
mmioRead
mmioOpenA

xaudio

control_message_send
control_dthread_start
control_win32_params_to_message
control_dthread_free

kernel32

IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
GetOEMCP
GetACP
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetTimeZoneInformation
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
HeapReAlloc
GetTickCount
_lclose
Sleep
_lread
GetModuleHandleA
_lopen
lstrlenA
CreateFileA
ReadFile
GetFileSizeEx
CloseHandle
SystemTimeToFileTime
QueryDosDeviceA
Process32First
GetWindowsDirectoryA
OpenProcess
CreateProcessA
FreeEnvironmentStringsW
Module32First
Process32Next
GetModuleFileNameA
GetCurrentDirectoryA
CreateToolhelp32Snapshot
OutputDebugStringA
Module32Next
WinExec
GetEnvironmentStringsW
lstrcpyA
HeapCreate
GetFileType
GetStdHandle
SetHandleCount
HeapSize
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
VirtualAlloc
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
MoveFileA
ExitProcess
GetProcAddress
GetModuleHandleW
DeleteFileA
SetCurrentDirectoryA
SetEnvironmentVariableA
HeapAlloc
HeapFree
GetLastError
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
GetSystemTime
IsValidLocale
VirtualFree
GetStringTypeA
WriteConsoleA
GetStringTypeW
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
CreateFileW
SetEndOfFile
GetProcessHeap
CompareStringA
TerminateProcess
CompareStringW
InterlockedDecrement
InterlockedIncrement

user32

GetClassNameA
RegisterClassExA
PostQuitMessage
KillTimer
GetParent
LoadIconA
TranslateMessage
PeekMessageA
GetCursorPos
DispatchMessageA
UpdateWindow
FindWindowA
LoadCursorA
VkKeyScanA
GetWindowThreadProcessId
GetWindow
SetTimer
ClientToScreen
GetWindowRect
SetCursor
GetClientRect
SendMessageA
GetDC
GetKeyboardLayout
SetWindowLongA
GetWindowLongA
ReleaseDC
SetWindowPos
GetCaretPos
ShowWindow
DestroyWindow
SetFocus
GetWindowTextA
CreateWindowExA
GetMonitorInfoA
MessageBoxA
PostMessageA
GetAsyncKeyState
GetKeyState
wsprintfA
DefWindowProcA

gdi32

ExtTextOutA
GetObjectA
GetTextColor
GetTextExtentPointA
RoundRect
GetStockObject
CreateFontA
DeleteObject
SetTextColor
SetBkMode
SelectObject
TextOutA
SetBkColor
CreatePenIndirect

advapi32

CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam

shell32

ShellExecuteA

Sections

.text
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 327KB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48d1665904468681607003814f4deac1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

version

psapi

dinput8

ddraw

imm32

wsock32

dsound

winmm

xaudio

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 512KB - Virtual size: 512KB

.rdata Size: 67KB - Virtual size: 67KB

.data Size: 327KB - Virtual size: 5.5MB

.rsrc Size: 7KB - Virtual size: 7KB

.text
Size: 512KB - Virtual size: 512KB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 327KB - Virtual size: 5.5MB

.rsrc
Size: 7KB - Virtual size: 7KB