c79d99979b3fff2aab2a62f764f4f405

Sharing

Copy URL Twitter E-mail

General

Target

c79d99979b3fff2aab2a62f764f4f405
Size

1.4MB
MD5

c79d99979b3fff2aab2a62f764f4f405
SHA1

5b3ea708db785012e36134e06d07b948d002915c
SHA256

3c5c5de5e85cd24f04f38030227759c15b59517b3a3f8156db0ac86ed9cbfb33
SHA512

3b2bfe3f433cf35aa432a5e72323be710e4550454ff3f42abd1e0879d15e60e0d83d1f388ea8edcd0402fa96aa87fbe275ef86d441161103ecab2f3f2ee973b9
SSDEEP

24576:ZMxonhA0n4wX76ZtSJ1XgEfQxKz8qv8s2QFizLtbC78f76+CyMAr0eQiUMB80eQt:mMhA0n97OtSJJfuKT2QFizLtmmm+xMyj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c79d99979b3fff2aab2a62f764f4f405

Files

c79d99979b3fff2aab2a62f764f4f405
.exe windows:4 windows x86 arch:x86

9941f93648c016ae1e9c9f664ad59f80

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\cocds\kisengine_git2\product\win32\dbginfo\kinstuiofficial.pdb

Imports

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
GetUserDefaultLangID
GetComputerNameA
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
DeviceIoControl
CreateFileA
LoadLibraryA
OpenMutexW
OpenEventW
OpenSemaphoreW
GetCurrentProcessId
ExpandEnvironmentStringsW
CreateProcessW
GetTempPathW
SetUnhandledExceptionFilter
CreateEventW
CreateThread
SetEvent
ResetEvent
SetFileAttributesW
MoveFileW
GetLogicalDriveStringsW
QueryDosDeviceW
lstrcpyW
lstrcatW
GetDriveTypeW
SetCurrentDirectoryW
OutputDebugStringW
FlushFileBuffers
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
GetDriveTypeA
GetVolumeInformationW
ExpandEnvironmentStringsA
FormatMessageA
GetSystemDirectoryA
SleepEx
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
CreateFileMappingW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetCurrentDirectoryW
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
HeapCreate
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
GetStartupInfoW
VirtualQuery
GetModuleHandleA
VirtualProtect
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetSystemInfo
InterlockedCompareExchange
LockResource
FreeLibrary
GetLastError
GetPrivateProfileIntW
GetProcAddress
lstrcmpiW
LoadLibraryW
lstrlenA
GetFileSize
GetLocalTime
ProcessIdToSessionId
LocalAlloc
OpenProcess
LocalFree
GetSystemDirectoryW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetTickCount
GetFileAttributesW
SetEndOfFile
WriteFile
CreateDirectoryW
SetFilePointer
GetCurrentThread
SetThreadPriority
WaitForSingleObject
Sleep
TerminateThread
DeleteFileW
Process32NextW
MoveFileExW
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
FreeResource
lstrlenW
ReadFile
InterlockedDecrement
RaiseException
MultiByteToWideChar
FlushInstructionCache
CreateFileW
InterlockedIncrement
GetCurrentProcess
UnmapViewOfFile
CloseHandle
MapViewOfFileEx
GetUserDefaultLCID
FindResourceExW
GetWindowsDirectoryW
GlobalAlloc
GetVersionExW
GlobalLock
LeaveCriticalSection
LoadLibraryExW
SetLastError
EnterCriticalSection
GetModuleFileNameW
FindResourceW
DeleteCriticalSection
LoadResource
InterlockedExchange
GetCurrentThreadId
GlobalFree
InitializeCriticalSection
SizeofResource
GetModuleHandleW
GlobalUnlock
GetPrivateProfileStringW
GetStringTypeW

user32

EnableWindow
GetWindowThreadProcessId
IntersectRect
KillTimer
ClientToScreen
SetTimer
SetWindowTextW
GetCursorPos
EnumDisplaySettingsW
EnumDisplayDevicesW
GetSystemMetrics
UnregisterClassA
DrawIconEx
SetCapture
SetWindowLongW
SystemParametersInfoW
GetParent
SetWindowPos
GetWindow
ReleaseCapture
RegisterWindowMessageW
AttachThreadInput
PostThreadMessageW
GetWindowRect
IsRectEmpty
SetForegroundWindow
GetDlgCtrlID
GetWindowLongW
InvalidateRect
CharNextW
GetClientRect
ShowWindow
PostMessageW
MapWindowPoints
MoveWindow
GetFocus
GetKeyState
SetRectEmpty
UpdateLayeredWindow
IsChild
WindowFromPoint
LoadIconW
GetScrollPos
DefWindowProcW
PtInRect
DrawTextW
IsDialogMessageW
CreateWindowExW
DestroyIcon
SendMessageW
RegisterClassExW
InflateRect
PeekMessageW
SetFocus
IsWindow
BeginPaint
SetRect
GetMessageW
TranslateMessage
FindWindowW
OffsetRect
DispatchMessageW
EndPaint
EqualRect
LoadImageW
SetCursor
GetNextDlgTabItem
LoadBitmapW
DestroyWindow
LoadCursorW
CallWindowProcW
MonitorFromWindow
GetActiveWindow
GetDlgItem
GetDC
GetMonitorInfoW
GetDesktopWindow
CopyRect
ReleaseDC
IsWindowVisible
IsWindowEnabled
FindWindowExW
UpdateWindow
BringWindowToTop
EnumDisplayDevicesA
ScreenToClient
GetWindowTextW
GetWindowTextLengthW
SetActiveWindow
GetForegroundWindow
SetWindowRgn
GetClassInfoExW

gdi32

GetTextMetricsW
SetViewportOrgEx
ExtTextOutW
DeleteObject
SetBkColor
CreateFontIndirectW
SaveDC
SelectObject
SelectClipRgn
CreateRectRgnIndirect
SetBkMode
GetObjectW
BitBlt
TextOutW
CreateCompatibleBitmap
CreateBitmap
GetStockObject
StretchBlt
GetViewportOrgEx
CreateDIBSection
CreateCompatibleDC
GetTextExtentPoint32W
RestoreDC
DeleteDC
GetTextColor
RoundRect
MoveToEx
GetClipRgn
LineTo
Rectangle
CreatePen
CombineRgn
CreateRectRgn
GetDeviceCaps
GetCurrentObject
RectInRegion
SetStretchBltMode
ExtSelectClipRgn
CreateRoundRectRgn
OffsetRgn
SetTextColor
CreateFontW

advapi32

OpenProcessToken
DuplicateTokenEx
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegEnumKeyExA
RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA

shell32

ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation
Shell_NotifyIconW
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoSetProxyBlanket
CoInitializeEx
CoTaskMemAlloc
CoInitializeSecurity
CoTaskMemFree
CoTaskMemRealloc
CreateStreamOnHGlobal
CoCreateInstance
CoCreateGuid

oleaut32

VarUI4FromStr
SafeArrayUnlock
SysStringLen
VariantClear
VariantInit
SysAllocString
SysFreeString
SafeArrayLock

shlwapi

PathAppendW
PathFileExistsW
PathAddBackslashW
StrToIntW
PathRemoveFileSpecW
StrToIntA
PathFindFileNameW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

AlphaBlend

gdiplus

GdipSetPenMode
GdipSetPenStartCap
GdipDrawLine
GdipSetPenDashStyle
GdipCreateBitmapFromStream
GdipCreateFont
GdipSetPenEndCap
GdipSetCompositingQuality
GdipSetPixelOffsetMode
GdipGetFamily
GdipAddPathStringI
GdipGetFontSize
GdipFillPath
GdipDrawImageI
GdipFillRectangle
GdipDrawPath
GdipDrawRectangleI
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipBitmapUnlockBits
GdipMeasureString
GdipAddPathRectangleI
GdipDrawImageRectRect
GdipCreateFontFromLogfontW
GdipCreateHBITMAPFromBitmap
GdipFillRectangleI
GdipSetStringFormatLineAlign
GdipAddPathPieI
GdipGetImageWidth
GdipSetStringFormatFlags
GdipDrawImagePointsRectI
GdipCloneBrush
GdipGetImageHeight
GdipSetStringFormatTrimming
GdipSetClipPath
GdipDeleteBrush
GdipClosePathFigure
GdipSetInterpolationMode
GdipFree
GdipCreateBitmapFromScan0
GdipDeleteFontFamily
GdipDeletePath
GdipGetImagePixelFormat
GdipCreatePath
GdipCreateSolidFill
GdipDeleteFont
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawLinesI
GdipNewPrivateFontCollection
GdipLoadImageFromFile
GdipCreateFromHDC
GdipDeletePrivateFontCollection
GdipGraphicsClear
GdipCloneImage
GdipDrawImageRectI
GdipPrivateAddFontFile
GdipDrawString
GdipTranslateWorldTransform
GdipCreateLineBrushI
GdiplusStartup
GdipSetSmoothingMode
GdipGetFontCollectionFamilyCount
GdipRotateWorldTransform
GdipCloneBitmapArea
GdipSetTextRenderingHint
GdipDisposeImage
GdipCreateImageAttributes
GdipAlloc
GdipResetWorldTransform
GdipDisposeImageAttributes
GdiplusShutdown
GdipDrawImageRectRectI
GdipCreateStringFormat
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipSetImageAttributesColorMatrix
GdipDeleteStringFormat
GdipLoadImageFromStream
GdipDeletePen
GdipImageRotateFlip
GdipSetStringFormatAlign
GdipCreatePen1
GdipAddPathArcI

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

rasapi32

RasEnumConnectionsW

iphlpapi

GetAdaptersInfo

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

Sections

.text
Size: 720KB - Virtual size: 719KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 536KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9941f93648c016ae1e9c9f664ad59f80

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

version

rasapi32

iphlpapi

psapi

Sections

.text Size: 720KB - Virtual size: 719KB

.rdata Size: 148KB - Virtual size: 145KB

.data Size: 20KB - Virtual size: 35KB

.rsrc Size: 536KB - Virtual size: 532KB

.text
Size: 720KB - Virtual size: 719KB

.rdata
Size: 148KB - Virtual size: 145KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 536KB - Virtual size: 532KB