f0d5018f2cec5cb2d180da73184a87c7520e023c8742b4d719760ec9643d6c46

Sharing

Copy URL

Twitter E-mail

General

Target

f0d5018f2cec5cb2d180da73184a87c7520e023c8742b4d719760ec9643d6c46
Size

1.3MB
MD5

853ddff4e12a4222714853f79340cea2
SHA1

603bd0d26137803ee29ed21ccea5d845fbbd4d1a
SHA256

f0d5018f2cec5cb2d180da73184a87c7520e023c8742b4d719760ec9643d6c46
SHA512

d248afb3c6c55d85768b4a69e60151a02daf1b0d014ed81c5ce63b5e5168f1c560a0a06492181d001cae5165a53c0f49907605f78ee434315b619b447f0b148d
SSDEEP

24576:V/CxhQi+gdzHd4E7yqPlEM5rvCau8l/b0F/WWBSm7xZEQc2hBjofRxi:podPyUlEIrqau8l/b0Fulm7xZxrkfRM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0d5018f2cec5cb2d180da73184a87c7520e023c8742b4d719760ec9643d6c46

Files

f0d5018f2cec5cb2d180da73184a87c7520e023c8742b4d719760ec9643d6c46
.exe windows:6 windows x86 arch:x86

5e197e9ecd69c3f8c3d7e72c27e18fdc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\project\sogouime\dev_11.1_pc_modify\Bin\SogouPdb\SogouInput\crashrpt.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

FreeLibrary
MultiByteToWideChar
GetSystemDirectoryA
OutputDebugStringA
CreateMutexA
OpenMutexA
Sleep
ReadFile
GetFileSize
CreateFileA
GlobalMemoryStatusEx
Process32Next
Process32First
CreateToolhelp32Snapshot
WideCharToMultiByte
CopyFileA
LoadLibraryA
GetProcAddress
IsBadWritePtr
GetCurrentProcess
lstrlenW
WriteFile
TerminateProcess
GetModuleFileNameW
SetFilePointer
CreateFileW
GetCurrentThreadId
FormatMessageW
lstrcatW
LoadLibraryW
GetLocalTime
GetCurrentProcessId
CreateProcessW
GetModuleHandleW
lstrcpyW
GetTickCount
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
OutputDebugStringW
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetModuleHandleExW
GetStdHandle
GetACP
GetCurrentThread
HeapSize
GetFileType
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
SetStdHandle
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
WriteConsoleW
GetProcessHeap
SetConsoleCtrlHandler
GetTimeZoneInformation
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
TerminateThread
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
CreateThread
SetEndOfFile
GetModuleFileNameA
ReadProcessMemory
OpenProcess
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
CloseHandle
DecodePointer
CreateDirectoryA
EncodePointer
GetTempPathW
GetSystemDirectoryW
Process32NextW
Process32FirstW
OpenMutexW
CreateDirectoryW
SetFileTime
GetProcessId
WaitForSingleObject
GetFileAttributesW
SetFileAttributesW
GetFileAttributesExW
FileTimeToSystemTime
GlobalAlloc
DeleteFileW
GlobalFree
MoveFileExW
SystemTimeToFileTime
CopyFileW
GetTempFileNameW
GetFileTime
GetExitCodeProcess
DuplicateHandle
ExitThread
LocalFree
QueryDosDeviceW
FindFirstFileW
RemoveDirectoryW
GetLogicalDriveStringsW
LocalAlloc
CreateMutexW
ReleaseMutex
GetVersionExW
GetWindowsDirectoryW
VirtualAlloc
QueryPerformanceFrequency
InitializeCriticalSection
OpenFileMappingW
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingW
MapViewOfFile
ResumeThread
FreeLibraryAndExitThread
GetOEMCP

user32

MonitorFromRect
SetWindowPos
IsWindowVisible
GetDC
SendMessageTimeoutW
GetWindowRect
FindWindowExW
MonitorFromPoint
GetWindowLongW
GetMonitorInfoW
WindowFromPoint
TranslateMessage
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW
wsprintfW
MessageBoxW
AttachThreadInput
EnumWindows
GetClassNameW
UnregisterClassA
GetDesktopWindow
SystemParametersInfoW
GetParent
wvsprintfW
SetForegroundWindow
IsIconic
ReleaseDC
GetWindowThreadProcessId
GetFocus
ShowWindow
GetForegroundWindow
GetSystemMetrics
UnregisterClassW
SetRectEmpty

advapi32

RegFlushKey
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
GetTokenInformation
LookupAccountSidW
OpenProcessToken
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyW
RegQueryValueExW
RegEnumValueW
SetNamedSecurityInfoW
RegDeleteValueW
RegCreateKeyExW
SetEntriesInAclW
RegQueryInfoKeyW
RegEnumKeyW
GetLengthSid
AddAccessAllowedAceEx
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
GetNamedSecurityInfoW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

imm32

ImmDisableIME

wininet

InternetCloseHandle
InternetConnectA
InternetOpenUrlA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpEndRequestA
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
HttpQueryInfoA

psapi

GetModuleInformation
GetProcessMemoryInfo
GetModuleFileNameExW

gdi32

GetDeviceCaps

shell32

SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderPathW
SHFileOperationW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5e197e9ecd69c3f8c3d7e72c27e18fdc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

imm32

wininet

psapi

gdi32

shell32

ole32

oleaut32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 180KB - Virtual size: 180KB

.data Size: 14KB - Virtual size: 150KB

.rsrc Size: 76KB - Virtual size: 76KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 180KB - Virtual size: 180KB

.data
Size: 14KB - Virtual size: 150KB

.rsrc
Size: 76KB - Virtual size: 76KB