e2427196d9f40c275738151554f58d0c6a22d1e1ff684f60a093fc35b8ece7c1

Sharing

Copy URL Twitter E-mail

General

Target

e2427196d9f40c275738151554f58d0c6a22d1e1ff684f60a093fc35b8ece7c1
Size

3.0MB
MD5

a968966c93a7342102ab70c6cf2938c2
SHA1

5d1542175c9c99f2ea575ef7c76f8df1b9eb8fb4
SHA256

e2427196d9f40c275738151554f58d0c6a22d1e1ff684f60a093fc35b8ece7c1
SHA512

996ee8a64ecb5d3b11d536619924fc93890896a853d231c675e2e906595ff99f87382f4df6b3bd6f514d5027a46699f43fa7c9bc38479a27f6a6c3721f9219ee
SSDEEP

49152:K/iROwjnFDpbICzqtsFTn/i81Q7B3cpTnr/5izaTG7:gwr86qeVK8m7B3cB8aC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2427196d9f40c275738151554f58d0c6a22d1e1ff684f60a093fc35b8ece7c1

Files

e2427196d9f40c275738151554f58d0c6a22d1e1ff684f60a093fc35b8ece7c1
.exe windows:5 windows x86 arch:x86

8f6f1f583f020f2288c0eac510f964b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\project\ime_comp\branch\PinyinDev_R_8_9\Bin\SogouPdb\Component\SkinBox\Skinboxexe.pdb

Imports

kernel32

LoadLibraryW
GetVersionExW
MultiByteToWideChar
GetProcAddress
CreateMutexW
Sleep
GetModuleFileNameW
GetLastError
CloseHandle
InitializeCriticalSection
LeaveCriticalSection
WideCharToMultiByte
DeleteCriticalSection
GetCurrentThreadId
FindFirstFileW
CreateFileW
GetFileSizeEx
FindClose
FindNextFileW
GetTickCount
WaitForSingleObject
GetModuleHandleW
GlobalLock
GlobalAlloc
GlobalUnlock
EnterCriticalSection
OutputDebugStringW
TerminateThread
WaitForSingleObjectEx
GetQueuedCompletionStatus
TransactNamedPipe
CreateIoCompletionPort
WaitNamedPipeW
SetNamedPipeHandleState
SleepEx
GetSystemDirectoryA
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
FormatMessageA
SetEnvironmentVariableA
CompareStringA
GetFileInformationByHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetFullPathNameA
LoadLibraryA
TlsGetValue
TlsSetValue
SetFilePointer
VirtualQuery
CreateProcessW
SetUnhandledExceptionFilter
GetCurrentProcess
WriteFile
FormatMessageW
TerminateProcess
lstrlenW
GetLocalTime
lstrcatW
IsDebuggerPresent
GetCurrentProcessId
lstrcpyW
CreateDirectoryW
OpenMutexW
ReleaseMutex
InitializeCriticalSectionAndSpinCount
SetLastError
GetFileSize
ReadFile
ExitThread
GlobalFree
CreateEventW
DuplicateHandle
LocalFree
CreateThread
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
FindResourceW
LoadResource
SizeofResource
LockResource
GetCommandLineW
GetSystemDirectoryW
GetTempPathW
InterlockedIncrement
InterlockedCompareExchange
GetTempFileNameW
SystemTimeToFileTime
MoveFileExW
SetFileTime
CopyFileW
GetExitCodeProcess
GetFileAttributesW
FileTimeToSystemTime
GetProcessId
GetFileTime
DeleteFileW
SetFileAttributesW
FlushFileBuffers
InterlockedExchange
RemoveDirectoryW
TlsAlloc
TlsFree
LocalAlloc
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualAlloc
SetEvent
InterlockedDecrement
GlobalHandle
lstrlenA
DebugBreak
OpenEventW
CompareStringW
GlobalReAlloc
GetWindowsDirectoryA
GetACP
CreateFileA
CreateFileMappingA
OpenFileMappingA
GetModuleHandleA
SwitchToThread
HeapFree
HeapAlloc
HeapReAlloc
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetStartupInfoW
FileTimeToLocalFileTime
GetDriveTypeW
ResumeThread
GetFileType
RtlUnwind
RaiseException
ExitProcess
GetDriveTypeA
FindFirstFileA
HeapCreate
HeapDestroy
VirtualFree
GetStdHandle
GetModuleFileNameA
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
GetFullPathNameW
GetCurrentDirectoryA
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetConsoleCP
GetConsoleMode
SetStdHandle
SetEndOfFile
GetProcessHeap
FreeLibrary

user32

GetForegroundWindow
MsgWaitForMultipleObjectsEx
PeekMessageW
DrawTextW
UpdateLayeredWindow
IsWindowEnabled
TrackMouseEvent
GetKeyState
mouse_event
SetClassLongW
GetAsyncKeyState
GetClassLongW
MoveWindow
SubtractRect
GetFocus
LoadStringW
CharNextW
LoadImageW
FillRect
OffsetRect
InflateRect
SetRect
GetCursor
SetWindowRgn
CopyRect
SetCursorPos
SetScrollInfo
PostThreadMessageW
wsprintfW
IsRectEmpty
FindWindowW
SetForegroundWindow
PostMessageW
IsIconic
ReleaseCapture
IsWindow
GetCursorPos
RedrawWindow
PtInRect
KillTimer
SetCapture
ScreenToClient
SetTimer
DefWindowProcW
GetWindowThreadProcessId
SetRectEmpty
GetSystemMetrics
MessageBoxW
wvsprintfW
ShowWindow
GetWindowTextW
GetClassNameW
EnumThreadWindows
GetWindowTextLengthW
GetParent
GetWindowLongW
SetWindowLongW
SetWindowPos
IsWindowVisible
EnableWindow
SetWindowTextW
CallWindowProcW
ClientToScreen
SetCursor
CloseClipboard
GetWindowRect
GetMessageW
PostQuitMessage
TranslateMessage
EmptyClipboard
OpenClipboard
SetClipboardData
SendInput
DispatchMessageW
NotifyWinEvent
WindowFromPoint
DestroyIcon
SendMessageW
MonitorFromPoint
GetDC
ReleaseDC
GetDesktopWindow
GetMonitorInfoW
EndPaint
DestroyWindow
LoadCursorW
BeginPaint
SetPropW
RegisterClassExW
LoadIconW
IntersectRect
CreateWindowExW
GetPropW
SetFocus

gdi32

SelectObject
DeleteObject
SetBkMode
StretchBlt
CreateDIBSection
DeleteDC
BitBlt
CreateFontIndirectW
CreateDCW
GetObjectW
GetFontData
CreateCompatibleDC
CreateSolidBrush
CreateRectRgn
GetPixel
CreatePen
GetTextExtentExPointW
GetFontUnicodeRanges
CreateCompatibleBitmap
SelectClipRgn
LineTo
MoveToEx
SetTextCharacterExtra
StretchDIBits
SetTextColor
GetStockObject
GetClipRgn
Rectangle
GetDeviceCaps
ExtCreateRegion
CombineRgn
GetCharABCWidthsFloatW
GetTextMetricsW
SetMapMode
OffsetRgn
GetTextExtentPoint32W

comdlg32

GetSaveFileNameW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
SHGetFolderPathW
ShellExecuteW
SHFileOperationW

ole32

CoUninitialize
CoInitialize

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleInformation
GetProcessMemoryInfo

imm32

ImmDisableIME

wininet

InternetCrackUrlA
HttpOpenRequestA
HttpEndRequestW
InternetWriteFile
HttpAddRequestHeadersW
InternetOpenW
HttpSendRequestExW
InternetConnectA
InternetCloseHandle
InternetSetOptionW
InternetReadFile
InternetOpenUrlW

msimg32

TransparentBlt
GradientFill
AlphaBlend

oleacc

LresultFromObject
AccessibleObjectFromWindow

advapi32

CryptDecrypt
RegQueryValueExW
RegOpenKeyW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
OpenProcessToken
GetTokenInformation
LookupAccountSidW
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
GetNamedSecurityInfoW
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
GetLengthSid
SetSecurityDescriptorSacl
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext
CryptSetKeyParam
CryptAcquireContextW

oleaut32

SysAllocString

ws2_32

gethostname
WSASetLastError
recvfrom
getservbyport
gethostbyaddr
WSACleanup
getservbyname
htonl
inet_ntoa
gethostbyname
inet_addr
socket
connect
setsockopt
getpeername
getsockopt
htons
bind
accept
listen
__WSAFDIsSet
select
ioctlsocket
ntohs
getsockname
send
recv
WSAGetLastError
closesocket
WSAStartup
sendto

wldap32

ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord41
ord46
ord27

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 463KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 213KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8f6f1f583f020f2288c0eac510f964b8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

shell32

ole32

version

psapi

imm32

wininet

msimg32

oleacc

advapi32

oleaut32

ws2_32

wldap32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 463KB - Virtual size: 463KB

.data Size: 105KB - Virtual size: 190KB

.rsrc Size: 104KB - Virtual size: 104KB

.reloc Size: 213KB - Virtual size: 216KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 463KB - Virtual size: 463KB

.data
Size: 105KB - Virtual size: 190KB

.rsrc
Size: 104KB - Virtual size: 104KB

.reloc
Size: 213KB - Virtual size: 216KB