d370ed5c81a25eb9e9489bbfc1350503

Sharing

Copy URL

Twitter E-mail

General

Target

d370ed5c81a25eb9e9489bbfc1350503
Size

314KB
MD5

d370ed5c81a25eb9e9489bbfc1350503
SHA1

de4000abc98c9238f94a28f6a6bd2bc5a8bd1dae
SHA256

2d7b1d385d39ef9529f8dce7d72d4002cc944639836efd1308772a8a002d5f91
SHA512

78289467d52f710c2417406606802fc3e7d148d71b8c712727cac3824b211da90501c2599205f2af918ef1cc80bf9095e39055e3841dff891563b2cc3b9d3303
SSDEEP

6144:nI03T1cJ2x3xbDKLvcO0hb2cHFFRCZXMJJRVk+8477oVLuSYAD5i3tcpCwb3x:z3ZYkB6Dxsb2GkqJRVk+Co/AFwaxh

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ha_Photilla-v1.0/Photilla 1.00/photilla.exe
unpack001/ha_Photilla-v1.0/Photilla 1.00/uninst.exe

Files

d370ed5c81a25eb9e9489bbfc1350503
.rar
ha_Photilla-v1.0/Photilla 1.00/main.jpg
.jpg
ha_Photilla-v1.0/Photilla 1.00/photilla.exe
.exe windows:4 windows x86 arch:x86

95006cb5cbe3e445c14ad690f7c1df16

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PeekNamedPipe
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
CreateThread
GetStdHandle
SetThreadPriority
GetCurrentThread
DuplicateHandle
GetThreadPriority
CreatePipe
ReleaseMutex
CreateMutexA
ResetEvent
HeapFree
GetEnvironmentVariableA
HeapAlloc
GetProcessHeap
FileTimeToLocalFileTime
GetModuleHandleA
SystemTimeToFileTime
FileTimeToSystemTime
LocalFileTimeToFileTime
GetModuleFileNameA
SetUnhandledExceptionFilter
VirtualQuery
GetCurrentThreadId
ExitProcess
GetLocaleInfoA
SetEvent
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
LocalFree
GetCurrentProcess
WinExec
GetVersionExA
GetStartupInfoA
CreateEventA
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
SetFilePointer
LoadLibraryA
LockResource
CompareStringA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
SetEnvironmentVariableA
FindResourceA
LoadResource
GetTempPathA
FreeLibrary
SizeofResource
Sleep
CreateProcessA
MultiByteToWideChar
GetTickCount
FormatMessageA
FindNextFileA
DeleteFileA
GetLastError
FindFirstFileA
GetFileTime
FindClose
SetFileTime
GetCurrentDirectoryA
ReadFile
CreateDirectoryA
MoveFileA
WideCharToMultiByte
CloseHandle
CopyFileA
RemoveDirectoryA
GetFileSize
GetFileAttributesA
CreateFileA
WriteFile
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
HeapReAlloc
VirtualAlloc
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
CompareStringW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetTimeZoneInformation
HeapSize
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RaiseException
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
GetSystemTimeAsFileTime

advapi32

RegCloseKey
RegDeleteKeyA
SetSecurityDescriptorDacl
RegCreateKeyExA
GetSidSubAuthority
GetAce
InitializeAcl
RegQueryValueExA
AddAccessAllowedAce
InitializeSecurityDescriptor
GetSidLengthRequired
InitializeSid
SetFileSecurityA
RegSetValueExA
RegOpenKeyExA

comctl32

ImageList_Create
ImageList_BeginDrag
ImageList_Merge
ImageList_GetImageInfo
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragEnter
CreateToolbarEx
ImageList_ReplaceIcon
PropertySheetA
ord17
ImageList_EndDrag
ImageList_DragLeave
ImageList_Destroy
_TrackMouseEvent

comdlg32

ChooseColorA
GetSaveFileNameA
GetOpenFileNameA

gdi32

DeleteDC
SelectObject
GetObjectA
SetTextColor
CreateCompatibleDC
DeleteObject
StretchBlt
GetTextColor
CreateFontA
SetBkMode
BitBlt
CreateCompatibleBitmap
CreateSolidBrush
GetStockObject
SetROP2
Rectangle
CreateDIBitmap
GetDIBits
CreateFontIndirectA
GetTextExtentPoint32A
MoveToEx
LineTo
SetDIBits
CreateDIBSection
TextOutA

msimg32

AlphaBlend

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

OleLoadPicture
OleLoadPicturePath

shell32

DragQueryFileA
DragQueryPoint
ShellExecuteExA
DragAcceptFiles
SHGetMalloc
SHBrowseForFolderA
DragFinish
SHGetPathFromIDListA
ShellExecuteA

user32

ReleaseCapture
GetPropA
SetMenu
GetDesktopWindow
ClientToScreen
SetFocus
CreateMenu
FrameRect
CreateDialogIndirectParamA
ReleaseDC
ShowWindow
FindWindowA
DestroyWindow
GetDC
GetCursor
SetCapture
EndPaint
SendMessageTimeoutA
LoadImageA
BeginPaint
DispatchMessageA
TranslateMessage
PeekMessageA
GetSysColor
GetWindowDC
GetWindowLongA
RegisterClassA
DefWindowProcA
KillTimer
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetDlgItemTextA
GetWindowTextA
SetPropA
EndDialog
DestroyIcon
GetMenu
InsertMenuA
CreateDialogParamA
EnableWindow
GetMessageA
IsDialogMessageA
MapVirtualKeyA
GetKeyNameTextA
GetKeyState
PostQuitMessage
InsertMenuItemA
SetMenuItemInfoA
SetForegroundWindow
GetSubMenu
MsgWaitForMultipleObjects
GetDlgCtrlID
MapDialogRect
UpdateWindow
CallWindowProcA
GetSystemMetrics
IsIconic
LoadIconA
IsWindowVisible
GetFocus
RemovePropA
SetTimer
ScreenToClient
WaitForInputIdle
GetDlgItem
SendDlgItemMessageA
FillRect
GetSysColorBrush
GetClientRect
InvalidateRect
DrawTextA
MonitorFromRect
DialogBoxIndirectParamA
MoveWindow
DestroyMenu
CreatePopupMenu
LoadCursorA
TrackPopupMenu
EnableMenuItem
MonitorFromWindow
AppendMenuA
GetWindowPlacement
IsWindow
GetWindowRect
SetDlgItemTextA
CreateWindowExA
GetMonitorInfoA
SetWindowTextA
SetScrollInfo
SetActiveWindow
GetParent
GetAsyncKeyState
SetWindowPos
SetWindowLongA
SetWindowPlacement
GetScrollInfo
IsZoomed
GetCursorPos
SetCursor
CheckDlgButton
IsDlgButtonChecked
MessageBoxA
PostMessageA
DialogBoxParamA
SendMessageA

ws2_32

WSAStartup
inet_addr
gethostbyname
connect
__WSAFDIsSet
closesocket
WSAGetLastError
recv
ioctlsocket
send
select
htons
socket

Sections

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 236KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ha_Photilla-v1.0/Photilla 1.00/uninst.exe
.exe windows:4 windows x86 arch:x86

95006cb5cbe3e445c14ad690f7c1df16

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PeekNamedPipe
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
CreateThread
GetStdHandle
SetThreadPriority
GetCurrentThread
DuplicateHandle
GetThreadPriority
CreatePipe
ReleaseMutex
CreateMutexA
ResetEvent
HeapFree
GetEnvironmentVariableA
HeapAlloc
GetProcessHeap
FileTimeToLocalFileTime
GetModuleHandleA
SystemTimeToFileTime
FileTimeToSystemTime
LocalFileTimeToFileTime
GetModuleFileNameA
SetUnhandledExceptionFilter
VirtualQuery
GetCurrentThreadId
ExitProcess
GetLocaleInfoA
SetEvent
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
LocalFree
GetCurrentProcess
WinExec
GetVersionExA
GetStartupInfoA
CreateEventA
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
SetFilePointer
LoadLibraryA
LockResource
CompareStringA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
SetEnvironmentVariableA
FindResourceA
LoadResource
GetTempPathA
FreeLibrary
SizeofResource
Sleep
CreateProcessA
MultiByteToWideChar
GetTickCount
FormatMessageA
FindNextFileA
DeleteFileA
GetLastError
FindFirstFileA
GetFileTime
FindClose
SetFileTime
GetCurrentDirectoryA
ReadFile
CreateDirectoryA
MoveFileA
WideCharToMultiByte
CloseHandle
CopyFileA
RemoveDirectoryA
GetFileSize
GetFileAttributesA
CreateFileA
WriteFile
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
HeapReAlloc
VirtualAlloc
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
CompareStringW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetTimeZoneInformation
HeapSize
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RaiseException
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
GetSystemTimeAsFileTime

advapi32

RegCloseKey
RegDeleteKeyA
SetSecurityDescriptorDacl
RegCreateKeyExA
GetSidSubAuthority
GetAce
InitializeAcl
RegQueryValueExA
AddAccessAllowedAce
InitializeSecurityDescriptor
GetSidLengthRequired
InitializeSid
SetFileSecurityA
RegSetValueExA
RegOpenKeyExA

comctl32

ImageList_Create
ImageList_BeginDrag
ImageList_Merge
ImageList_GetImageInfo
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragEnter
CreateToolbarEx
ImageList_ReplaceIcon
PropertySheetA
ord17
ImageList_EndDrag
ImageList_DragLeave
ImageList_Destroy
_TrackMouseEvent

comdlg32

ChooseColorA
GetSaveFileNameA
GetOpenFileNameA

gdi32

DeleteDC
SelectObject
GetObjectA
SetTextColor
CreateCompatibleDC
DeleteObject
StretchBlt
GetTextColor
CreateFontA
SetBkMode
BitBlt
CreateCompatibleBitmap
CreateSolidBrush
GetStockObject
SetROP2
Rectangle
CreateDIBitmap
GetDIBits
CreateFontIndirectA
GetTextExtentPoint32A
MoveToEx
LineTo
SetDIBits
CreateDIBSection
TextOutA

msimg32

AlphaBlend

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

OleLoadPicture
OleLoadPicturePath

shell32

DragQueryFileA
DragQueryPoint
ShellExecuteExA
DragAcceptFiles
SHGetMalloc
SHBrowseForFolderA
DragFinish
SHGetPathFromIDListA
ShellExecuteA

user32

ReleaseCapture
GetPropA
SetMenu
GetDesktopWindow
ClientToScreen
SetFocus
CreateMenu
FrameRect
CreateDialogIndirectParamA
ReleaseDC
ShowWindow
FindWindowA
DestroyWindow
GetDC
GetCursor
SetCapture
EndPaint
SendMessageTimeoutA
LoadImageA
BeginPaint
DispatchMessageA
TranslateMessage
PeekMessageA
GetSysColor
GetWindowDC
GetWindowLongA
RegisterClassA
DefWindowProcA
KillTimer
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetDlgItemTextA
GetWindowTextA
SetPropA
EndDialog
DestroyIcon
GetMenu
InsertMenuA
CreateDialogParamA
EnableWindow
GetMessageA
IsDialogMessageA
MapVirtualKeyA
GetKeyNameTextA
GetKeyState
PostQuitMessage
InsertMenuItemA
SetMenuItemInfoA
SetForegroundWindow
GetSubMenu
MsgWaitForMultipleObjects
GetDlgCtrlID
MapDialogRect
UpdateWindow
CallWindowProcA
GetSystemMetrics
IsIconic
LoadIconA
IsWindowVisible
GetFocus
RemovePropA
SetTimer
ScreenToClient
WaitForInputIdle
GetDlgItem
SendDlgItemMessageA
FillRect
GetSysColorBrush
GetClientRect
InvalidateRect
DrawTextA
MonitorFromRect
DialogBoxIndirectParamA
MoveWindow
DestroyMenu
CreatePopupMenu
LoadCursorA
TrackPopupMenu
EnableMenuItem
MonitorFromWindow
AppendMenuA
GetWindowPlacement
IsWindow
GetWindowRect
SetDlgItemTextA
CreateWindowExA
GetMonitorInfoA
SetWindowTextA
SetScrollInfo
SetActiveWindow
GetParent
GetAsyncKeyState
SetWindowPos
SetWindowLongA
SetWindowPlacement
GetScrollInfo
IsZoomed
GetCursorPos
SetCursor
CheckDlgButton
IsDlgButtonChecked
MessageBoxA
PostMessageA
DialogBoxParamA
SendMessageA

ws2_32

WSAStartup
inet_addr
gethostbyname
connect
__WSAFDIsSet
closesocket
WSAGetLastError
recv
ioctlsocket
send
select
htons
socket

Sections

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 236KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ha_Photilla-v1.0/Photilla 1.00/汉化说明.rtf
.rtf
ha_Photilla-v1.0/Photilla 1.00/汉化说明.txt

Sharing

General

Malware Config

Signatures

Files

95006cb5cbe3e445c14ad690f7c1df16

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

comdlg32

gdi32

msimg32

ole32

oleaut32

shell32

user32

ws2_32

Sections

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 236KB - Virtual size: 242KB

.rsrc Size: 116KB - Virtual size: 116KB

95006cb5cbe3e445c14ad690f7c1df16

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

comdlg32

gdi32

msimg32

ole32

oleaut32

shell32

user32

ws2_32

Sections

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 236KB - Virtual size: 242KB

.rsrc Size: 120KB - Virtual size: 116KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 236KB - Virtual size: 242KB

.rsrc
Size: 116KB - Virtual size: 116KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 236KB - Virtual size: 242KB

.rsrc
Size: 120KB - Virtual size: 116KB