e83c9c2dcf1d82e5a4d224ff32079e4c90ec425f21eb14ff2c343511f76dadb2

Sharing

Copy URL Twitter E-mail

General

Target

e83c9c2dcf1d82e5a4d224ff32079e4c90ec425f21eb14ff2c343511f76dadb2
Size

1.6MB
MD5

1698676e46f7b34abd1228647073a850
SHA1

bf8438085e05e3f489bbf3fa0ca0bad2da551058
SHA256

e83c9c2dcf1d82e5a4d224ff32079e4c90ec425f21eb14ff2c343511f76dadb2
SHA512

51cdae3af8cc02b843afed9912a7a39e473f997cbeeea19056488349f6bbba62716f6d50b37eeeb9d89e5c104801d7e55b8fb407d8625cf4698c870944a7e451
SSDEEP

24576:PNlSDV7Gu9rwIITY2UtWBSL91ozlwoxxNL+CbeJETMjG/p37IVY0HwAT:VSebUt3kltxNLXSJETMi/6VY0HJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e83c9c2dcf1d82e5a4d224ff32079e4c90ec425f21eb14ff2c343511f76dadb2

Files

e83c9c2dcf1d82e5a4d224ff32079e4c90ec425f21eb14ff2c343511f76dadb2
.exe windows:6 windows x86 arch:x86

233d466bc5c784385e6e4b1957d22ce9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\data\landun\workspace\p-8e18b00276fd470e835a1e79d9eeecd4\src\bin\sogoupdb\sogouinput\SogouComMgr.pdb

Imports

wininet

InternetCloseHandle
HttpQueryInfoW
InternetOpenW
InternetSetOptionW
InternetReadFile
HttpAddRequestHeadersW
InternetConnectA
HttpSendRequestExW
HttpEndRequestW
InternetCrackUrlA
InternetWriteFile
HttpOpenRequestA
InternetOpenUrlW

kernel32

ReleaseSemaphore
EnterCriticalSection
GetExitCodeProcess
GetTickCount
DebugBreak
GetCurrentProcessId
DeleteCriticalSection
DecodePointer
RaiseException
CloseHandle
LeaveCriticalSection
Sleep
WaitForSingleObject
InitializeCriticalSectionEx
GetModuleFileNameW
FindNextFileW
FindFirstFileW
InitializeCriticalSection
TerminateThread
GlobalFree
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
CreateSemaphoreW
FindClose
GetTempPathW
DeleteFileW
UnmapViewOfFile
GetTempFileNameW
MoveFileW
ReadFile
HeapFree
WriteFile
SetFilePointer
SetEndOfFile
GetProcessHeap
GetFileSize
HeapAlloc
SetFileAttributesW
GetLastError
CreateTimerQueue
UnregisterWaitEx
CreateFileW
QueryDepthSList
InterlockedPopEntrySList
VirtualProtect
GetModuleHandleA
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
WriteConsoleW
HeapSize
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
GetCurrentDirectoryW
GetOEMCP
IsValidCodePage
SetStdHandle
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetACP
GetStdHandle
ExitProcess
GetFileAttributesW
OutputDebugStringW
QueryPerformanceFrequency
GlobalLock
QueryPerformanceCounter
GlobalUnlock
GetVersionExW
GlobalHandle
GetCommandLineW
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
GetProcAddress
FreeLibrary
SetLastError
GetCurrentProcess
GetCurrentThreadId
DuplicateHandle
ExitThread
CreateEventW
FormatMessageW
CreateThread
LocalFree
GetSystemDirectoryW
LoadLibraryW
GetModuleHandleW
OpenMutexW
LoadLibraryExW
RemoveDirectoryW
FileTimeToSystemTime
MoveFileExW
CreateDirectoryW
GetProcessId
CreateProcessW
CopyFileW
GetFileTime
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
OpenEventW
lstrlenW
lstrlenA
LocalAlloc
lstrcpyW
CreateMutexW
ReleaseMutex
FlushFileBuffers
VirtualFree
VirtualAlloc
SetEvent
TerminateProcess
lstrcatW
GetLocalTime
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
WaitForSingleObjectEx
GetQueuedCompletionStatus
TransactNamedPipe
CreateIoCompletionPort
SetNamedPipeHandleState
WaitNamedPipeW
ResetEvent
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
TryEnterCriticalSection
EncodePointer
CompareStringW
LCMapStringW
GetStringTypeW
GetCPInfo
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetTimeZoneInformation
GetFileType
GetCurrentThread
GetFullPathNameW
GetDriveTypeW

user32

SendMessageW
MessageBoxW
IsWindowVisible
GetMessageW
DestroyWindow
MoveWindow
GetWindowRect
LoadCursorW
RegisterClassExW
CreateWindowExW
DefWindowProcW
EnableWindow
GetCursorPos
SystemParametersInfoW
PostQuitMessage
IsWindow
DispatchMessageW
TranslateMessage
LoadIconW
ScreenToClient
FindWindowW
RegisterWindowMessageW
SetWindowPos
wsprintfW
EndPaint
BeginPaint
ReleaseDC
IsIconic
SetForegroundWindow
GetParent
KillTimer
AppendMenuW
SetCursor
SetCapture
SetPropW
DestroyMenu
IsWindowEnabled
TrackMouseEvent
SetMenuItemInfoW
ClientToScreen
TrackPopupMenu
GetWindowPlacement
NotifyWinEvent
CreatePopupMenu
GetSystemMetrics
GetPropW
GetDC
InsertMenuItemW
CallWindowProcW
GetKeyState
PtInRect
GetDesktopWindow
DrawTextW
UpdateLayeredWindow
GetFocus
IntersectRect
GetMonitorInfoW
MonitorFromPoint
SubtractRect
SetRectEmpty
CharNextW
wvsprintfW
LoadStringW
GetWindowTextW
GetWindowLongW
PostMessageW
SetWindowLongW
GetClientRect
SetTimer
ShowWindow
ReleaseCapture

advapi32

CryptAcquireContextW
CryptDecrypt
CryptSetKeyParam
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext
RegDeleteValueW
GetSecurityDescriptorSacl
RegOpenKeyW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetTokenInformation
LookupAccountSidW
OpenProcessToken
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
LookupAccountNameW
AddAccessAllowedAce
GetLengthSid
AddAccessAllowedAceEx
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
InitializeAcl
InitializeSecurityDescriptor
GetFileSecurityW
AddAce
SetSecurityDescriptorSacl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
EqualSid
GetAce
GetAclInformation
SetFileSecurityW
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl

ole32

OleSetContainedObject
OleCreate
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

imm32

ImmDisableIME

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetProcessMemoryInfo

msimg32

AlphaBlend

oleacc

LresultFromObject
AccessibleObjectFromWindow

shell32

ShellExecuteW
SHGetFolderPathW
ShellExecuteExW
SHFileOperationW
SHChangeNotify

gdi32

DeleteObject
GetObjectW
CreateDIBSection
SetTextCharacterExtra
SetBkMode
SetTextColor
CreateCompatibleDC
SelectObject
BitBlt
CreateFontIndirectW
GetFontData
DeleteDC

Sections

.text
Size: 1016KB - Virtual size: 1015KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 27KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 130KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

233d466bc5c784385e6e4b1957d22ce9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

advapi32

ole32

oleaut32

imm32

version

psapi

msimg32

oleacc

shell32

gdi32

Sections

.text Size: 1016KB - Virtual size: 1015KB

.rdata Size: 266KB - Virtual size: 266KB

.data Size: 27KB - Virtual size: 113KB

.rsrc Size: 164KB - Virtual size: 164KB

.reloc Size: 130KB - Virtual size: 132KB

.text
Size: 1016KB - Virtual size: 1015KB

.rdata
Size: 266KB - Virtual size: 266KB

.data
Size: 27KB - Virtual size: 113KB

.rsrc
Size: 164KB - Virtual size: 164KB

.reloc
Size: 130KB - Virtual size: 132KB