2200389b567d0c0b2cdfe428920dc16b71ea70aeeb9444ef76291f1aca4f293a

Sharing

Copy URL Twitter E-mail

General

Target

2200389b567d0c0b2cdfe428920dc16b71ea70aeeb9444ef76291f1aca4f293a
Size

3.0MB
MD5

59b3547eb02545edab7c564b82fcd2d2
SHA1

075932edc6498688d35d9f61e6c347ed6aad0abf
SHA256

2200389b567d0c0b2cdfe428920dc16b71ea70aeeb9444ef76291f1aca4f293a
SHA512

cb015e959155586ae744cfa71e9f4aaded24da9e533563089e7db83d3c1c8945d32c0ac40700c45ba1110462bae0d4f7c0708dcad80911cc035f5f7d94ebd850
SSDEEP

98304:A8mUGZhVpdCelpRkfXYsMtMb4o3IVMCBr/i:v7GZhVpgw8itMbwBr/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2200389b567d0c0b2cdfe428920dc16b71ea70aeeb9444ef76291f1aca4f293a

Files

2200389b567d0c0b2cdfe428920dc16b71ea70aeeb9444ef76291f1aca4f293a
.exe windows:5 windows x86 arch:x86

431f9f6b29157f242f48fd8bb7711649

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\workspace\windows_ads_dev\liyy\easynote\VS2015Truck\MFC\src\ADS_Solutions\Release\TaskTip.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

HttpOpenRequestW
InternetOpenW
HttpQueryInfoW
InternetCrackUrlW
HttpSendRequestW
InternetCloseHandle
InternetConnectW
InternetReadFile
HttpAddRequestHeadersW
DeleteUrlCacheEntryW
InternetCanonicalizeUrlW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetSetOptionW
InternetQueryOptionW
InternetQueryDataAvailable
InternetOpenUrlW
InternetSetFilePointer
InternetWriteFile
GetUrlCacheEntryInfoW

kernel32

LocalReAlloc
GetFileSizeEx
GetFileTime
SetErrorMode
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
VirtualProtect
GetCurrentDirectoryW
VerSetConditionMask
lstrcpyW
VerifyVersionInfoW
FindResourceExW
GetWindowsDirectoryW
SearchPathW
GetProfileIntW
GlobalHandle
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
ExitProcess
GetStdHandle
QueryPerformanceFrequency
VirtualQuery
VirtualAlloc
HeapQueryInformation
GetCommandLineW
GetCommandLineA
GetFileType
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
CreateThread
RtlUnwind
GetCPInfo
GetStringTypeW
LCMapStringW
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalGetAtomNameW
CompareStringA
UnhandledExceptionFilter
GetCurrentThread
SetThreadPriority
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
EncodePointer
FileTimeToLocalFileTime
GetThreadLocale
lstrcmpiW
GetModuleHandleA
DuplicateHandle
GetVolumeInformationW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
LocalAlloc
LoadLibraryExW
MulDiv
GlobalSize
SetLastError
lstrcmpA
FlushFileBuffers
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
SystemTimeToFileTime
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
CreateFileMappingA
UnlockFile
HeapCompact
GetSystemInfo
DeleteFileA
GetVersionExA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapValidate
UnmapViewOfFile
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
InterlockedCompareExchange
GetFullPathNameW
HeapCreate
AreFileApisANSI
CreateSemaphoreW
ReleaseSemaphore
ExitThread
WaitForMultipleObjects
ResumeThread
GetCurrentThreadId
InitializeCriticalSection
TryEnterCriticalSection
TerminateProcess
GetSystemTimeAsFileTime
GetVersionExW
LeaveCriticalSection
EnterCriticalSection
ResetEvent
GetLocalTime
GetPrivateProfileIntW
SetEvent
CreateEventW
CreateMutexW
lstrcmpW
ReleaseMutex
FreeResource
OutputDebugStringW
FreeLibrary
InterlockedDecrement
InterlockedIncrement
IsBadWritePtr
GetTempFileNameW
GetTempPathW
GlobalUnlock
GlobalLock
GetTickCount
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
LoadLibraryW
RaiseException
HeapReAlloc
GlobalFree
GlobalAlloc
HeapSize
GetCurrentProcess
HeapFree
ReadFile
FindNextFileW
GetStartupInfoW
FindClose
FindFirstFileW
Process32FirstW
DeleteFileW
Process32NextW
CreateToolhelp32Snapshot
WaitForSingleObject
GetModuleFileNameW
CloseHandle
CreateFileW
WriteFile
CreateDirectoryA
WideCharToMultiByte
CopyFileW
GetModuleHandleW
GetProcAddress
FindResourceW
LoadResource
LockResource
GetLastError
Sleep
GetPrivateProfileStringW
MultiByteToWideChar
SetFileAttributesW
GetSystemDirectoryW
GetFileAttributesW
InitializeCriticalSectionAndSpinCount
WritePrivateProfileStringW
SizeofResource
CreateDirectoryW
GetACP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
GetConsoleCP
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
SetUnhandledExceptionFilter

user32

PostQuitMessage
FillRect
ClientToScreen
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
TranslateMessage
GetMessageW
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
SetDlgItemTextW
MoveWindow
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
EqualRect
GetSysColor
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
EndPaint
BeginPaint
GetForegroundWindow
SetActiveWindow
SetMenu
GetMenu
SetParent
GetKeyState
MessageBeep
IsIconic
IsWindowVisible
EndDeferWindowPos
EmptyClipboard
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
TrackMouseEvent
GetSystemMenu
SetWindowRgn
NotifyWinEvent
ModifyMenuW
MonitorFromPoint
EnumDisplayMonitors
OpenClipboard
GetWindow
GetParent
OffsetRect
CharNextW
GetDlgCtrlID
GetDlgItem
CharUpperW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringW
CopyRect
SetRectEmpty
DefWindowProcW
CallWindowProcW
ScreenToClient
SetFocus
SetCapture
ReleaseCapture
GetWindowThreadProcessId
IsWindow
wsprintfW
ShowWindow
SetForegroundWindow
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatW
ShowOwnedPopups
DestroyMenu
GetMenuItemInfoW
InflateRect
DrawStateW
GetSysColorBrush
CopyAcceleratorTableW
InvalidateRgn
SetRect
IntersectRect
IsRectEmpty
CopyImage
CheckMenuItem
GetSystemMetrics
GetDesktopWindow
SendDlgItemMessageA
RealChildWindowFromPoint
GetAsyncKeyState
WaitMessage
WindowFromPoint
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
CreatePopupMenu
InsertMenuItemW
DestroyIcon
UnpackDDElParam
PostThreadMessageW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
MapVirtualKeyW
CreateAcceleratorTableW
DestroyAcceleratorTable
GetWindowRgn
GetComboBoxInfo
DestroyCursor
GetFocus
ReuseDDElParam
CloseClipboard
GetCapture
CreateMenu
SetClipboardData
MessageBoxW
UnregisterClassW
EnableWindow
LoadMenuW
GetSubMenu
SetMenuItemInfoW
DeleteMenu
TrackPopupMenu
SendMessageW
LoadIconW
GetDoubleClickTime
SetWindowLongW
GetWindowLongW
SetLayeredWindowAttributes
FlashWindowEx
GetClientRect
SetTimer
SetWindowPos
GetCursorPos
GetWindowRect
PtInRect
SetCursor
LoadCursorW
SystemParametersInfoW
DrawIcon
InvertRect
HideCaret
GetIconInfo
InvalidateRect
UpdateWindow
IsZoomed
PostMessageW
KillTimer
LoadImageW
GetUpdateRect
SubtractRect
MapVirtualKeyExW
IsCharLowerW
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
IsClipboardFormatAvailable
FrameRect
CopyIcon
CharUpperBuffW
SetCursorPos
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
GetKeyNameTextW
UnionRect
EnableScrollBar
UpdateLayeredWindow
SetMenuDefaultItem
GetMenuDefaultItem
GetNextDlgGroupItem
SetClassLongW
LockWindowUpdate
DeferWindowPos
EnumChildWindows

gdi32

LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
CreateRectRgnIndirect
GetRgnBox
GetTextMetricsW
CombineRgn
GetMapMode
PatBlt
IntersectClipRect
DPtoLP
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetDIBits
RealizePalette
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateRoundRectRgn
OffsetRgn
EnumFontFamiliesExW
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
Rectangle
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
LPtoDP
RoundRect
ExtFloodFill
SetPaletteEntries
GetViewportOrgEx
GetWindowOrgEx
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetTextFaceW
SetPixelV
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteObject
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateBitmap
SetTextColor
SetBkColor
GetObjectW
GetTextColor
GetStockObject
GetBkColor
GetDeviceCaps
CreateDCW
CopyMetaFileW
DeleteDC
BitBlt
CreateCompatibleBitmap
SetRectRgn
CreateCompatibleDC

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegQueryValueExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
InitializeSecurityDescriptor
RegOpenKeyExW

shell32

ShellExecuteExW
Shell_NotifyIconW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
DragQueryFileW
DragFinish
SHAppBarMessage
SHGetMalloc
SHBrowseForFolderW
SHGetDesktopFolder
ShellExecuteW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathRemoveFileSpecW
PathCombineW
PathFileExistsW
PathIsURLW
UrlUnescapeW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
StrFormatKBSizeW

uxtheme

IsAppThemed
GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
GetThemeColor
GetThemePartSize
CloseThemeData
OpenThemeData
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
DrawThemeParentBackground
DrawThemeText

ole32

CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
DoDragDrop
OleGetClipboard
OleLockRunning
CoInitializeEx
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
ReleaseStgMedium
CoTaskMemAlloc
CoTaskMemFree
CoGetMalloc
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize
OleDuplicateData

oleaut32

VariantCopy
VarBstrFromDate
LoadTypeLi
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantChangeType
VariantInit
SysAllocStringLen
VariantClear
SysAllocString
SysFreeString
SafeArrayDestroy
OleCreateFontIndirect

oledlg

OleUIBusyW

gdiplus

GdipSetImageAttributesWrapMode
GdipDrawString
GdipCreateImageAttributes
GdipSetSolidFillColor
GdipCreateSolidFill
GdipCreateFont
GdipDisposeImageAttributes
GdipDeleteBrush
GdipDrawImageRectRect
GdipCreateFontFamilyFromName
GdipDrawRectangleI
GdipSetImageAttributesColorMatrix
GdipDeleteFontFamily
GdipCreateStringFormat
GdipGetFontSize
GdipGetPathWorldBounds
GdipGetFontStyle
GdipCreatePath
GdipDeletePath
GdipAddPathString
GdipGetFamily
GdipSetTextRenderingHint
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCreateFromHDC
GdiplusStartup
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipFree
GdipCloneBrush
GdipFillRectangleI
GdipDeleteStringFormat
GdipCreateHICONFromBitmap
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipDeleteFont
GdipDeletePen
GdipCreatePen1
GdipSetStringFormatAlign
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdiplusShutdown
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipGetImageGraphicsContext
GdipDeleteGraphics

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

ws2_32

inet_addr
__WSAFDIsSet
closesocket
gethostbyname
select
send
socket
connect
recv
htons
WSAGetLastError
WSAStartup
WSACleanup
inet_ntoa

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

431f9f6b29157f242f48fd8bb7711649

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

wininet

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

iphlpapi

ws2_32

oleacc

imm32

winmm

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 504KB - Virtual size: 504KB

.data Size: 28KB - Virtual size: 55KB

.gfids Size: 107KB - Virtual size: 106KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 48KB - Virtual size: 47KB

.reloc Size: 144KB - Virtual size: 143KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 504KB - Virtual size: 504KB

.data
Size: 28KB - Virtual size: 55KB

.gfids
Size: 107KB - Virtual size: 106KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 48KB - Virtual size: 47KB

.reloc
Size: 144KB - Virtual size: 143KB

.rmnet
Size: 56KB - Virtual size: 60KB