bdef09a8a055b47de10f0a116ba79edf

Sharing

Copy URL Twitter E-mail

General

Target

bdef09a8a055b47de10f0a116ba79edf
Size

389KB
MD5

bdef09a8a055b47de10f0a116ba79edf
SHA1

69102dc444fac0ac56cc3982bdd02e18de02a522
SHA256

c4ca663f6fdee28e73c314e3004a20ba7e489150eab4d8964bf93e007dc6458a
SHA512

5c07c1393af742ab70ebdeab17c16b9d982c8703845f4511827cf12016797b38bef7d37a1c7b7e95ca99d0b8017df0355f968c90be33658b5b9dd1a4043eeebf
SSDEEP

12288:QS/BxiCiwJ5yuEYnOYf+EV45hAN0y+Sbj:QiBxOYO8GWuZ0j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/InstallOptions.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/iesuper-v2.1.0.0.exe	nsis_installer_1
static1/unpack001/iesuper-v2.1.0.0.exe	nsis_installer_2

Files

bdef09a8a055b47de10f0a116ba79edf
.rar
iesuper-v2.1.0.0.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:4a:27:34:7d:15:36
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

17/07/2011, 04:04

Not After

17/07/2013, 18:44

Subject

CN=北京胡杨风信息技术有限公司,O=北京胡杨风信息技术有限公司,L=北京,ST=北京,C=CN,1.2.840.113549.1.9.1=#0c0e79636a406865696d61382e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

01:30:bf:4c:20:09:c4:6e:6c:e6:18:c7:e7:05:3e:13:32:18:95:a2
Signer

Actual PE Digest

01:30:bf:4c:20:09:c4:6e:6c:e6:18:c7:e7:05:3e:13:32:18:95:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
MicroBlog.exe
.exe windows:4 windows x86 arch:x86

2970bb42466bcc9669fb9cdb67c38af8

Code Sign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:4a:27:34:7d:15:36
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

17/07/2011, 04:04

Not After

17/07/2013, 18:44

Subject

CN=北京胡杨风信息技术有限公司,O=北京胡杨风信息技术有限公司,L=北京,ST=北京,C=CN,1.2.840.113549.1.9.1=#0c0e79636a406865696d61382e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

14:c9:ed:38:98:8e:7a:f4:8b:b0:3a:de:fe:37:39:a5:cf:c0:15:b2
Signer

Actual PE Digest

14:c9:ed:38:98:8e:7a:f4:8b:b0:3a:de:fe:37:39:a5:cf:c0:15:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1862
ord4220
ord2584
ord3654
ord3663
ord2438
ord823
ord6142
ord4083
ord2863
ord5606
ord2859
ord3571
ord3573
ord3693
ord3626
ord5875
ord4129
ord2763
ord4277
ord5683
ord2414
ord2567
ord5788
ord2614
ord1641
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3619
ord640
ord6194
ord1640
ord323
ord5785
ord2405
ord2864
ord1175
ord2096
ord2408
ord5860
ord807
ord2920
ord2012
ord4163
ord2120
ord554
ord1644
ord1146
ord5572
ord2919
ord939
ord940
ord941
ord5787
ord4133
ord4297
ord1621
ord537
ord5856
ord536
ord2452
ord2753
ord1195
ord472
ord5440
ord6383
ord5450
ord6394
ord2575
ord6055
ord1776
ord4396
ord5290
ord3402
ord324
ord3574
ord809
ord609
ord556
ord567
ord4275
ord4284
ord2379
ord5053
ord4774
ord5981
ord6270
ord3874
ord613
ord6880
ord289
ord2122
ord500
ord283
ord2448
ord5710
ord6929
ord6927
ord665
ord3790
ord354
ord2044
ord5834
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord5943
ord2621
ord1134
ord6877
ord1200
ord4278
ord1979
ord5442
ord3318
ord5186
ord3584
ord543
ord803
ord3337
ord3811
ord4287
ord3996
ord2862
ord6907
ord3998
ord6215
ord1768
ord2915
ord4538
ord4402
ord3640
ord693
ord4243
ord6675
ord3301
ord6762
ord6696
ord3797
ord6888
ord2135
ord818
ord1949
ord4034
ord540
ord541
ord860
ord641
ord800
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord3701
ord772
ord1574
ord1099
ord686
ord384
ord4853
ord4202
ord2764
ord1105
ord1168
ord1669
ord6334
ord6199
ord3092
ord2642
ord535
ord858
ord2818
ord6143
ord6883
ord5953
ord4224
ord2652
ord4710
ord470
ord2754
ord755
ord4234
ord2302
ord2370
ord2301
ord801
ord825
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4376
ord4424
ord5265
ord1576

msvcrt

_setmbcp
__CxxFrameHandler
free
malloc
wcscpy
wcslen
_ftol
memmove
_mbscmp
_mbsnbcpy
atoi
strrchr
fclose
fprintf
fopen
fflush
fwrite
sprintf
fread
__p___argc
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

kernel32

GetModuleHandleA
WaitForSingleObject
CreateThread
Sleep
CreateDirectoryA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeleteFileA
MultiByteToWideChar
WideCharToMultiByte
FindFirstFileA
FindNextFileA
FindClose
ExitProcess
GetModuleFileNameA
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetACP
GetCPInfo
lstrlenW
lstrlenA
GetVersion
GetVersionExA
GetStartupInfoA

user32

SystemParametersInfoA
GetSysColor
CopyRect
FillRect
DrawEdge
SetRect
GetMenuItemInfoA
EnableWindow
GetClientRect
PtInRect
GetFocus
GetCursor
IsIconic
DrawIcon
SetWindowPos
LoadIconA
PeekMessageA
DestroyIcon
wvsprintfA
RegisterWindowMessageA
FindWindowA
KillTimer
SetTimer
FrameRect
LoadImageA
GetIconInfo
CreateIconIndirect
DrawStateA
OffsetRect
InflateRect
DrawFocusRect
GetWindowRect
PostMessageA
ClientToScreen
WindowFromPoint
ReleaseDC
DrawIconEx
PostQuitMessage
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
SendMessageA
GetWindowLongA
GetDC
GetDesktopWindow
GetSystemMetrics
DestroyCursor
GetSubMenu
GrayStringA
TabbedTextOutA
LoadBitmapA
GetSysColorBrush
GetMenuStringA
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuState
ModifyMenuA
GetMenuItemCount
AppendMenuA
DrawTextA

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
PatBlt
GetStockObject
CreateFontA
SetTextColor
SetBkColor
CreateBitmap
GetObjectA
GetPixel
SetPixel
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
GetDeviceCaps
GetBkMode

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteExA
ShellExecuteA

comctl32

ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Draw
_TrackMouseEvent

winmm

PlaySoundA
timeGetTime

msvcirt

?close@ifstream@@QAEXXZ
_mtlock
?get@istream@@IAEAAV1@PADHH@Z
_mtunlock
??0ofstream@@QAE@XZ
?open@ofstream@@QAEXPBDHH@Z
??6ostream@@QAEAAV0@PBD@Z
??6ostream@@QAEAAV0@E@Z
?endl@@YAAAVostream@@AAV1@@Z
?close@ofstream@@QAEXXZ
??1ofstream@@UAE@XZ
??_Dofstream@@QAEXXZ
??0ifstream@@QAE@XZ
?openprot@filebuf@@2HB
?open@ifstream@@QAEXPBDHH@Z
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
??_Difstream@@QAEXXZ

wininet

InternetGetConnectedState
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetCloseHandle
InternetOpenA

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ies_uni.exe.nsis
iesuper.dll
.dll regsvr32 windows:4 windows x86 arch:x86

7346565d5bc5e9edb7521c66b53655a5

Code Sign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:4a:27:34:7d:15:36
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

17/07/2011, 04:04

Not After

17/07/2013, 18:44

Subject

CN=北京胡杨风信息技术有限公司,O=北京胡杨风信息技术有限公司,L=北京,ST=北京,C=CN,1.2.840.113549.1.9.1=#0c0e79636a406865696d61382e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

bf:47:74:8f:1a:6a:39:27:66:c8:5f:b9:de:4e:45:23:09:b5:d6:4b
Signer

Actual PE Digest

bf:47:74:8f:1a:6a:39:27:66:c8:5f:b9:de:4e:45:23:09:b5:d6:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

dsound

ord1

ws2_32

send

winmm

midiStreamOut
waveOutWrite
midiStreamClose

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

urlmon

CoInternetCombineUrl
CoGetClassObjectFromURL
ObtainUserAgentString

wininet

InternetSetOptionW
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
UnlockUrlCacheEntryFileW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryA
DeleteUrlCacheEntryA
UnlockUrlCacheEntryFileA
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetGetConnectedState
GetUrlCacheEntryInfoW
CreateUrlCacheEntryW
CommitUrlCacheEntryW
HttpQueryInfoW
FtpGetFileSize
HttpOpenRequestW
HttpSendRequestExW
InternetOpenW
InternetConnectW
InternetSetOptionA
InternetSetStatusCallbackW
InternetCloseHandle
InternetReadFileExA
InternetReadFile
HttpEndRequestW
FtpOpenFileW
InternetWriteFile
InternetGetLastResponseInfoW
FtpCommandW
InternetQueryOptionW
InternetCrackUrlW

shlwapi

PathFindFileNameW
SHSetValueW
SHGetValueW
UrlCanonicalizeW
SHDeleteKeyW
PathIsDirectoryW
PathIsRootW
PathFileExistsW
PathCombineW
StrStrIW
PathGetDriveNumberW

kernel32

VirtualAlloc
lstrlenW
GetModuleFileNameW
lstrcpyW
GetShortPathNameW
TlsSetValue
TlsGetValue
InterlockedIncrement
InterlockedDecrement
lstrlenA
GetTempPathW
GetTickCount
DeleteFileW
RemoveDirectoryW
CloseHandle
DisableThreadLibraryCalls
TlsAlloc
CopyFileW
MoveFileExW
MultiByteToWideChar
GetCurrentThreadId
WideCharToMultiByte
GetPrivateProfileStringW
SetLastError
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
OutputDebugStringA
LoadLibraryW
Sleep
GetCurrentProcess
FreeLibrary
SetErrorMode
LoadLibraryExA
CreateEventW
SetEvent
WaitForSingleObject
IsBadWritePtr
IsBadReadPtr
CancelWaitableTimer
WaitForMultipleObjects
ResetEvent
GetTempFileNameW
SetWaitableTimer
CreateWaitableTimerW
SystemTimeToFileTime
SetEndOfFile
SetFilePointer
CreateFileW
GetDiskFreeSpaceExW
SetFileTime
ReadFile
WriteFile
GlobalUnlock
GlobalLock
FindClose
SuspendThread
SetFileAttributesW
FindFirstFileW
GetFileSize
CreateDirectoryW
LoadLibraryA
WriteProcessMemory
ReadProcessMemory
VirtualProtect
GetCurrentThread
GetSystemTime
LocalFree
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
DeviceIoControl
GlobalFree
GlobalAlloc
GetProfileIntW
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceW
MulDiv
LocalAlloc
GetLongPathNameW
FindNextFileW
VirtualQuery
GetWindowsDirectoryW
HeapFree
HeapAlloc
GetProcessHeap
InterlockedCompareExchange
ResumeThread
FlushInstructionCache
GetThreadContext
SetThreadContext

user32

IsChild
PeekMessageW
TranslateMessage
DispatchMessageW
OpenClipboard
SetClipboardData
CloseClipboard
IsRectEmpty
SetCapture
LoadCursorW
SetCursor
SetWindowPos
ReleaseCapture
OffsetRect
GetDC
ReleaseDC
SetRect
InvalidateRect
GetSystemMetrics
IsWindowVisible
GetMenuItemCount
DeleteMenu
AppendMenuW
GetWindowLongW
SetWindowLongW
DialogBoxParamW
LoadMenuW
GetSubMenu
CopyRect
TrackPopupMenuEx
DestroyMenu
EndDialog
SetDlgItemTextW
BeginPaint
GetDlgItem
GetDesktopWindow
CheckDlgButton
FillRect
LoadIconW
DrawIcon
EndPaint
keybd_event
EnumWindows
GetWindowRect
MapWindowPoints
SetFocus
IsWindow
FindWindowExW
SetTimer
DestroyWindow
RemovePropW
GetWindowTextW
SetWindowTextW
SendMessageW
GetParent
GetAncestor
CallWindowProcW
PostMessageW
KillTimer
CallNextHookEx
IsDlgButtonChecked
EnableWindow
GetWindow
GetCapture
GetDCEx
EqualRect
EmptyClipboard
DestroyIcon
LoadBitmapW
GetMessagePos
CreateWindowExW
RegisterClassExW
GetSysColor
InflateRect
DrawTextA
FindWindowW
DestroyCursor
LoadImageW
GetCursor
PtInRect
TrackMouseEvent
DefWindowProcW
DrawTextW
UpdateWindow
UnhookWindowsHookEx
SetWindowsHookExW
EnumChildWindows
GetClassNameW
LoadStringW
GetForegroundWindow
MessageBoxW
GetMessageW
PostThreadMessageW
CharNextW
GetKeyState
GetCursorPos
ScreenToClient
GetPropW
SetPropW
wsprintfW
GetWindowThreadProcessId
RegisterWindowMessageW
SendMessageTimeoutW
ShowWindow
SetWindowLongA
GetClientRect

gdi32

GetDIBits
GetDeviceCaps
SaveDC
SetMapMode
SetViewportOrgEx
SetWindowOrgEx
SetROP2
UnrealizeObject
PatBlt
RestoreDC
CreateBitmap
CreatePatternBrush
SetTextColor
GetObjectW
CreateFontIndirectW
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
CreatePen
CreateSolidBrush
SelectObject
Rectangle
DeleteObject
SetBkMode
GetStockObject

advapi32

RegSetValueExW
GetTokenInformation
CopySid
RegSetKeySecurity
RegQueryInfoKeyW
RegEnumKeyW
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegDeleteKeyW
RegDeleteValueW
OpenProcessToken
RegQueryValueExW
RegCreateKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey

shell32

SHBrowseForFolderW
DragQueryFileW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

RevokeDragDrop
CoCreateGuid
ReleaseStgMedium
CreateStreamOnHGlobal
OleDraw
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
RegisterDragDrop
StringFromCLSID
StringFromIID

oleaut32

SysAllocString
RegisterTypeLi
LoadTypeLi
SysFreeString
OleLoadPicture

msvcrt

wcscpy
wcsstr
wcscat
memmove
iswdigit
swprintf
vswprintf
??2@YAPAXI@Z
memcpy
memset
wcsncmp
_ftol
_except_handler3
_wtoi
wcslen
_snwprintf
__CxxFrameHandler
wcscmp
_beginthreadex
memcmp
wcsncpy
wcsrchr
_wcsicmp
strlen
swscanf
strcpy
sprintf
isalnum
_ui64tow
_wtol
wcsncat
_wtoi64
wcspbrk
wcschr
strstr
strcmp
strncpy
strcat
strchr
toupper
_wcsnicmp
_snprintf
strrchr
fclose
fgets
fopen
fread
ftell
fseek
wcstod
iswspace
free
fwrite
malloc
_wfopen
abs
fwprintf
_strlwr
strncat
_ismbslead
fprintf
_strnicmp
rewind
_CxxThrowException
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
time

netapi32

Netbios

gdiplus

GdipSaveImageToFile
GdiplusStartup
GdipLoadImageFromStream
GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusShutdown
GdipCloneImage

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Rundll32_Update

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 828KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.phoenix
Size: 4KB - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
template.htm
.html
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

19:9d:f8:79Certificate

Key Usages

06:4a:27:34:7d:15:36Certificate

Extended Key Usages

Key Usages

39Certificate

Key Usages

01Certificate

Key Usages

01:30:bf:4c:20:09:c4:6e:6c:e6:18:c7:e7:05:3e:13:32:18:95:a2Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 22KB - Virtual size: 21KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

2970bb42466bcc9669fb9cdb67c38af8

Code Sign

19:9d:f8:79Certificate

Key Usages

06:4a:27:34:7d:15:36Certificate

Extended Key Usages

Key Usages

39Certificate

Key Usages

01Certificate

Key Usages

14:c9:ed:38:98:8e:7a:f4:8b:b0:3a:de:fe:37:39:a5:cf:c0:15:b2Signer

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

winmm

msvcirt

wininet

Sections

19:9d:f8:79
Certificate

06:4a:27:34:7d:15:36
Certificate

39
Certificate

01
Certificate

01:30:bf:4c:20:09:c4:6e:6c:e6:18:c7:e7:05:3e:13:32:18:95:a2
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 22KB - Virtual size: 21KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

19:9d:f8:79
Certificate

06:4a:27:34:7d:15:36
Certificate

39
Certificate

01
Certificate

14:c9:ed:38:98:8e:7a:f4:8b:b0:3a:de:fe:37:39:a5:cf:c0:15:b2
Signer

.text
Size: 88KB - Virtual size: 84KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 404KB - Virtual size: 403KB

19:9d:f8:79
Certificate

06:4a:27:34:7d:15:36
Certificate

39
Certificate

01
Certificate

bf:47:74:8f:1a:6a:39:27:66:c8:5f:b9:de:4e:45:23:09:b5:d6:4b
Signer

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 20KB - Virtual size: 828KB

.phoenix
Size: 4KB - Virtual size: 844B

.rsrc
Size: 136KB - Virtual size: 133KB

.reloc
Size: 16KB - Virtual size: 15KB