abef0c5dcd1b1a14bf60a8738e38f51620347e11f6d151a2b5d1981a6e5a0044

Sharing

Copy URL Twitter E-mail

General

Target

abef0c5dcd1b1a14bf60a8738e38f51620347e11f6d151a2b5d1981a6e5a0044
Size

5.3MB
MD5

0b763440bf11d86f7a3fed3d8b736b4d
SHA1

2eb3bc03664666cb543a5e9b4dc757821ad817e0
SHA256

abef0c5dcd1b1a14bf60a8738e38f51620347e11f6d151a2b5d1981a6e5a0044
SHA512

7371753a407ca3708232a20ff248000778557d78636f614d236a8a82649c3c628507e3084c904dacfa42f9ceb6937a7a14cb34f661da909d028a3f805d2a86cc
SSDEEP

98304:5lfm+cToKjSjF0HgbDgPEIfl8iPP4+DDLq7NsZAxZIxkLRmHl:XFPjFaEIfuiX4+DD9axqgRmF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abef0c5dcd1b1a14bf60a8738e38f51620347e11f6d151a2b5d1981a6e5a0044

Files

abef0c5dcd1b1a14bf60a8738e38f51620347e11f6d151a2b5d1981a6e5a0044
.dll windows:6 windows x86 arch:x86

4217f0034e761f3c0d191faa021a2b92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\KK_Work\Git\Documents\windowssdk\lib\x86\ReleaseLib\CloudClinkAPI.pdb

Imports

gdiplus

GdipGetImageHeight
GdiplusShutdown
GdiplusStartup
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromHBITMAP
GdipSetInterpolationMode
GdipDrawImageRectI
GdipAlloc
GdipDisposeImage
GdipFree
GdipCreateFromHDC
GdipDeleteGraphics
GdipGetImageWidth
GdipDrawImageI
GdipCloneImage

iphlpapi

GetExtendedTcpTable
GetAdaptersInfo

kernel32

ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
TryEnterCriticalSection
QueryPerformanceFrequency
LCMapStringW
GetStringTypeW
GetCPInfo
OpenEventA
GetLogicalProcessorInformation
CreateWaitableTimerA
FormatMessageA
OutputDebugStringW
GetUserDefaultLCID
SearchPathW
GetProfileIntW
GetTempFileNameW
GetWindowsDirectoryW
ReleaseSemaphore
CreateWaitableTimerW
EnterCriticalSection
GetSystemTime
FlushConsoleInputBuffer
GlobalMemoryStatus
SetLastError
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
VirtualFree
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
FindResourceExW
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SwitchToThread
SignalObjectAndWait
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetTimeZoneInformation
GetStdHandle
GetACP
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
SetStdHandle
VirtualQuery
VirtualAlloc
HeapQueryInformation
GetCommandLineW
GetCommandLineA
ExitProcess
SetConsoleCtrlHandler
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
GetVersionExA
SetEnvironmentVariableA
lstrcpyW
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
SystemTimeToFileTime
FileTimeToSystemTime
VirtualProtect
GlobalGetAtomNameW
lstrcmpiW
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryW
CopyFileW
GlobalSize
SetErrorMode
LocalFree
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
MulDiv
GlobalFree
GlobalFindAtomW
LoadLibraryA
EncodePointer
OutputDebugStringA
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcmpW
lstrcmpA
GlobalDeleteAtom
LockResource
LoadLibraryExW
GetVersionExW
GetCurrentThread
ResumeThread
SetThreadPriority
GetCurrentThreadId
FreeResource
GlobalUnlock
GlobalLock
FindResourceW
LoadResource
GlobalAlloc
SizeofResource
MoveFileW
GetSystemInfo
GetModuleHandleA
GetSystemDirectoryW
CreateFileW
ReleaseMutex
CreateMutexA
GetTickCount
DeleteFileW
InitializeCriticalSection
GetPrivateProfileIntW
GetModuleFileNameA
CreateDirectoryW
Module32NextW
WideCharToMultiByte
FreeLibrary
GetModuleHandleW
GetProcAddress
Module32FirstW
LoadLibraryW
WritePrivateProfileStringA
GetNativeSystemInfo
Process32FirstW
CreateFileA
Process32NextW
CreateToolhelp32Snapshot
DeviceIoControl
GetCurrentProcess
GetModuleFileNameW
GetPrivateProfileStringA
CreateIoCompletionPort
CreateEventA
CreateSemaphoreA
TlsFree
GetSystemTimeAsFileTime
TlsGetValue
VerifyVersionInfoW
SleepEx
GetProcessHeap
GetCurrentProcessId
VerSetConditionMask
DeleteCriticalSection
DecodePointer
QueueUserAPC
HeapAlloc
RaiseException
CloseHandle
HeapReAlloc
TlsAlloc
WaitForSingleObjectEx
TerminateThread
SetEvent
OpenMutexA
GetLastError
Sleep
MultiByteToWideChar
CreateEventW
PostQueuedCompletionStatus
HeapSize
OpenProcess
WaitForSingleObject
WaitForMultipleObjectsEx
InitializeCriticalSectionEx
GetTempPathW
GetQueuedCompletionStatus
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
HeapFree
TlsSetValue
SetWaitableTimer
WaitForMultipleObjects
DeleteTimerQueueTimer
TerminateProcess
ReadConsoleInputA
SetConsoleMode
GetDriveTypeW
PeekNamedPipe
CreateTimerQueue

user32

GetDlgItem
GetDlgCtrlID
SetFocus
GetCapture
GetMenu
SetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
TrackPopupMenu
UpdateWindow
SetActiveWindow
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
UnhookWindowsHookEx
GetLastActivePopup
GetWindowThreadProcessId
GetParent
EndDeferWindowPos
IsWindowEnabled
SetCursor
ShowOwnedPopups
PostQuitMessage
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowLongW
PostMessageW
GetWindowRect
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
GetDC
SendMessageW
GetSystemMetrics
DrawIcon
SetTimer
SetWindowLongW
GetClientRect
KillTimer
IsIconic
ReleaseDC
EnableWindow
wsprintfW
UnregisterClassW
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
MessageBoxW
IsMenu
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
CreateMenu
GetWindowRgn
DestroyCursor
RemovePropW
GetWindowTextW
GetWindowTextLengthW
AdjustWindowRectEx
ScreenToClient
MapWindowPoints
GetSysColor
CopyRect
EqualRect
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffW
RegisterClipboardFormatW
ModifyMenuW
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
SetRect
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
PostThreadMessageW
GetComboBoxInfo
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
MonitorFromPoint
UpdateLayeredWindow
UnionRect
FrameRect
CopyIcon
SetCursorPos
BringWindowToTop
GetSystemMenu
IsZoomed
DrawFrameControl
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetParent
SetWindowRgn
SetClassLongW
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadMenuW
GetKeyNameTextW
MapVirtualKeyW
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
MessageBeep
GetIconInfo
DrawIconEx
IsRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
GetMenuDefaultItem
CreatePopupMenu
LoadImageW
TrackMouseEvent
IntersectRect
MapDialogRect
GetAsyncKeyState
OffsetRect
SetRectEmpty
SendDlgItemMessageA
InflateRect
GetMenuItemInfoW
DestroyMenu
CharUpperW
DestroyIcon
LoadCursorW
GetSysColorBrush
InvalidateRect
RealChildWindowFromPoint
DeleteMenu
SystemParametersInfoW
CopyImage
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuState
GetMenuStringW
FillRect
ClientToScreen
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetDesktopWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetWindow
GetTopWindow
GetClassNameW
GetClassLongW
PtInRect

advapi32

RegCloseKey
RegQueryValueW
RegOpenKeyExW
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
RegQueryValueExW
CreateServiceW
CloseServiceHandle
OpenSCManagerW
DeleteService
StartServiceW
OpenServiceW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
DeregisterEventSource
RegisterEventSourceA
ReportEventA

ole32

OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CoInitializeEx
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateGuid

shell32

SHAppBarMessage
DragFinish
DragQueryFileW
SHBrowseForFolderW
SHGetDesktopFolder
ShellExecuteW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation

oleaut32

VarBstrFromDate
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
LoadTypeLi
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
SysAllocString

shlwapi

PathRemoveFileSpecW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
StrFormatKBSizeW

ws2_32

WSARecv
shutdown
freeaddrinfo
getaddrinfo
listen
getsockopt
connect
getsockname
WSAIoctl
accept
WSACleanup
bind
closesocket
WSASend
select
ntohl
WSASetLastError
WSAStringToAddressW
__WSAFDIsSet
WSASocketW
WSAStartup
ntohs
inet_ntoa
htonl
htons
ioctlsocket
setsockopt
WSAGetLastError
inet_addr
getpeername
recv
recvfrom
send
sendto
socket

mswsock

AcceptEx
GetAcceptExSockaddrs

gdi32

SetBkColor
SetTextColor
GetObjectW
BitBlt
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
Escape
ExcludeClipRect
GetClipBox
GetDeviceCaps
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
CreateBitmap
CopyMetaFileW
CreateDCW
CreateFontIndirectW
GetTextExtentPoint32W
GetTextMetricsW
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteDC
DeleteObject
ScaleWindowExtEx

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

uxtheme

DrawThemeBackground
DrawThemeParentBackground
GetThemePartSize
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetWindowTheme
GetCurrentThemeName
GetThemeColor
OpenThemeData
CloseThemeData
DrawThemeText

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

crypt32

CertFreeCertificateContext

Exports

Exports

YJSClinkStart
YJSClinkStop
YJSGetLocalIp

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 804KB - Virtual size: 804KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4217f0034e761f3c0d191faa021a2b92

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

iphlpapi

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

ws2_32

mswsock

gdi32

msimg32

winspool.drv

uxtheme

oleacc

imm32

winmm

crypt32

Exports

Exports

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 804KB - Virtual size: 804KB

.data Size: 79KB - Virtual size: 121KB

.gfids Size: 107KB - Virtual size: 107KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 201KB - Virtual size: 200KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 804KB - Virtual size: 804KB

.data
Size: 79KB - Virtual size: 121KB

.gfids
Size: 107KB - Virtual size: 107KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 201KB - Virtual size: 200KB