2efac058fa9339ce434e2bff61f9e2af30ae562eaef06b521e979804a4a04ec9

Sharing

Copy URL Twitter E-mail

General

Target

2efac058fa9339ce434e2bff61f9e2af30ae562eaef06b521e979804a4a04ec9
Size

186KB
MD5

4505d03dce0ec163b75e994162d6175a
SHA1

51511a6582ead86ed3f33995bdb26cd840e8a4b7
SHA256

2efac058fa9339ce434e2bff61f9e2af30ae562eaef06b521e979804a4a04ec9
SHA512

a708c1f24948bbabb1f2686ef5a0da9f8c3133d5b610c20c32956696b5090e4d52f3e17399154ff632b3b93d8852baa8230997ee5ae2cc5d15e552d942079bb6
SSDEEP

3072:VTHHpFJHBkREhR3LbVLd/9DJCGg1b0EFqISFS+9VtW2SUZbFv16mWfnZaftShMq7:xpFjkMbVLd/PjFz9/W+FMm0ZAmOKrBbN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2efac058fa9339ce434e2bff61f9e2af30ae562eaef06b521e979804a4a04ec9

Files

2efac058fa9339ce434e2bff61f9e2af30ae562eaef06b521e979804a4a04ec9
.exe windows:5 windows x86 arch:x86

2e3aeedc08bab6fe7bf3bf190d20dde4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\devops\workspace\p-37d34ce895ed4865ac95061b653d796f\Output\BinFinal\maUpdat.pdb

Imports

comctl32

InitCommonControlsEx

common

?Left@CTXStringW@@QBE?AV1@H@Z
?AppendFormat@CTXStringW@@QAAXPB_WZZ
?Tokenize@CTXStringW@@QBE?AV1@PB_WAAH@Z
?ConvertToPureFile@FS@@YA?AVCTXStringW@@PB_W@Z
??0CTXHttpDownloadSink@@IAE@XZ
??1CTXHttpDownloadSink@@UAE@XZ
??0CHttpClient@@QAE@XZ
??1CHttpClient@@QAE@XZ
?SetUIInterface@CHttpClient@@QAEXPAVCTXHttpDownloadSink@@@Z
?Download@CHttpClient@@QAEHPB_WPAU_SYSTEMTIME@@0HPA_J@Z
?GetDownloadedFilePath@CHttpClient@@QAEHAAVCTXStringW@@@Z
?CancelDownload@CHttpClient@@QAEXXZ
?EnableQQNetworkSettings@CHttpClient@@QAEHH@Z
?SetEventMask@CHttpClient@@QAEXK@Z
?OnConnected@CTXHttpDownloadSink@@UAEXPAVCHttpClient@@@Z
?OnConnecting@CTXHttpDownloadSink@@UAEXPAVCHttpClient@@PB_W@Z
?OnDownloadStart@CTXHttpDownloadSink@@UAEXPAVCHttpClient@@KK@Z
?OnError@CTXHttpDownloadSink@@UAEXPAVCHttpClient@@K@Z
?OnRedirected@CTXHttpDownloadSink@@UAEXPAVCHttpClient@@PB_W@Z
??0CTXStringA@@QAE@XZ
??M@YA_NABVCTXStringA@@0@Z
?Format@CTXStringA@@QAAXPBDZZ
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
??0CTXBSTR@@QAE@PB_W@Z
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
??1CTXBSTR@@QAE@XZ
??BCTXBSTR@@QBEPA_WXZ
?GetMainThreadLoop@Misc@Util@@YAPAVMessageLoopForUI@AsyncTask@@XZ
?IsInitAsyncMsgLoop@Misc@Util@@YAHXZ
?LogTaskStart@Misc@Util@@YAKPB_W@Z
?LogTaskEnd@Misc@Util@@YAXK@Z
?CreateTXData@Data@Util@@YAHPAPAUITXData@@@Z
?CreateTXArray@Data@Util@@YAHPAPAUITXArray@@@Z
?PropertyDWord@CFmtString@@QAEHPB_WK0@Z
??0CFmtString@@QAE@XZ
??1CFmtString@@QAE@XZ
?DoFormat@CFmtString@@QAEPB_WPB_W@Z
?UnZipFile@CUnZipFile@@QAE_NABVCTXStringW@@0@Z
??0CUnZipFile@@QAE@XZ
??1CUnZipFile@@QAE@XZ
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
?OnUninitCom@Misc@Util@@YAXXZ
?OnExitWinMain@Misc@Util@@YAXXZ
?OnExitCoreCenter@Misc@Util@@YAXXZ
?ClearDeadQueue@Misc@Util@@YAXXZ
?GetExeDir@Sys@Util@@YA?AVCTXStringW@@XZ
?InitPlatform@CoreCenter@Util@@YAHPA_W@Z
?CreateObjectFromDllFile@Com@Util@@YGJPB_WABU_GUID@@1PAPAXPAUIUnknown@@@Z
?GetParentDir@FS@Util@@YA?AVCTXStringW@@V3@@Z
?InitPlatformFileSystem@Boot@Util@@YAHXZ
?InitPlatformCoreConfig@Boot@Util@@YAHXZ
?InitPlatformI18NConfig@Boot@Util@@YAHXZ
?InitPlatformGFConfig@Boot@Util@@YAHXZ
??YCTXStringW@@QAEAAV0@ABV0@@Z
?GetBuffer@CTXStringW@@QAEPA_WXZ
?MakeUpper@CTXStringW@@QAEAAV1@XZ
?Empty@CTXStringW@@QAEXXZ
?Right@CTXStringW@@QBE?AV1@H@Z
??1CTXStringW@@QAE@XZ
??0CTXStringW@@QAE@XZ
??0CTXStringW@@QAE@PB_W@Z
??0CTXStringW@@QAE@ABV0@@Z
?IsEmpty@CTXStringW@@QBE_NXZ
?ReleaseBuffer@CTXStringW@@QAEXH@Z
?GetBuffer@CTXStringW@@QAEPA_WH@Z
?GetLength@CTXStringW@@QBEHXZ
?Format@CTXStringW@@QAAXPB_WZZ
??4CTXStringW@@QAEAAV0@PA_W@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
??BCTXStringA@@QBEPBDXZ
?Replace@CTXStringA@@QAEHPBD0@Z
?Insert@CTXStringA@@QAEHHPBD@Z
??1CTXStringA@@QAE@XZ
??0CTXStringA@@QAE@PBD@Z
?SetMainAndLogicThreadId@Misc@Util@@YAXKK@Z
?SetMainAndLogicMsgLoop@Misc@Util@@YAXPAVMessageLoopForUI@AsyncTask@@PAVMessageLoop@4@@Z
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
??BCTXStringW@@QBEPB_WXZ
??H@YA?AVCTXStringW@@_WABV0@@Z
??0CTXStringW@@QAE@PA_W@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
?Compare@CTXStringW@@QBEHPB_W@Z
?GetString@CTXStringW@@QBEPB_WXZ
?CompareNoCase@CTXStringW@@QBEHPB_W@Z
?Trim@CTXStringW@@QAEAAV1@XZ
??ACTXStringW@@QBE_WH@Z
?FindOneOf@CTXStringW@@QBEHPB_W@Z
?Mid@CTXStringW@@QBE?AV1@HH@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
?SafeLoadLibrary@Sys@Util@@YAPAUHINSTANCE__@@PB_W@Z

gf

?SetDPIAdaptFlag@DPI@GF@Util@@YAXH@Z
?SetCustomObjectFactory@GF@Util@@YAXP6AHABU_GUID@@0PAPAX@Z@Z
?RawCreateGFElementByXtml@GF@Util@@YAJPA_WPAPAUIGFElement@@PAU3@PAUITXCore@@H@Z

asynctask

?PostDelayedTask@MessageLoop@AsyncTask@@QAEXPAVTask@2@_J@Z
?PostTask@MessageLoop@AsyncTask@@QAEXPAVTask@2@@Z
??_7MessageLoopForUI@AsyncTask@@6B@
?StartWithOptions@Thread@AsyncTask@@QAE_NABUOptions@12@@Z
??1Thread@AsyncTask@@UAE@XZ
??0Thread@AsyncTask@@QAE@PBD@Z
?Run@MessageLoopForUI@AsyncTask@@QAEXXZ
??1MessageLoop@AsyncTask@@UAE@XZ
??0MessageLoop@AsyncTask@@QAE@W4Type@01@@Z
?RegisterCallback@AtExitManager@AsyncTask@@SAXP6AXPAX@Z0@Z
??1AtExitManager@AsyncTask@@QAE@XZ
??0AtExitManager@AsyncTask@@QAE@XZ
?Unlock@LockImpl@AsyncTask@@QAEXXZ
?Lock@LockImpl@AsyncTask@@QAEXXZ
??1LockImpl@AsyncTask@@QAE@XZ
??0LockImpl@AsyncTask@@QAE@XZ

mautility

ord7
ord5
ord10
ord6
ord8
ord11

kernel32

WaitForSingleObject
CloseHandle
MultiByteToWideChar
WideCharToMultiByte
DeleteFileW
CopyFileW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetProcAddress
CreateMutexW
GetModuleHandleW
WritePrivateProfileStringW
GetSystemDirectoryW
GetEnvironmentVariableW
SetEnvironmentVariableW
CreateDirectoryW
GetVolumeInformationW
LocalFree
GetLongPathNameW
FindClose
GetPrivateProfileIntW
GetTempPathW
RemoveDirectoryW
QueryPerformanceCounter
GetFileAttributesW
FindFirstFileW
FindNextFileW
IsBadReadPtr
TerminateProcess
FreeLibrary
IsDebuggerPresent
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
InitializeSListHead
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
GetStartupInfoW
GetCurrentProcessId
ResumeThread
GetCommandLineW
GetTickCount
SetFileAttributesW
GetSystemTimeAsFileTime
IsProcessorFeaturePresent

user32

PostMessageW
IsWindow
GetWindowThreadProcessId
AttachThreadInput
SystemParametersInfoW
GetPropW
GetDesktopWindow
GetWindow
PostQuitMessage
SetPropW
LoadIconW
IsIconic
ShowWindow
IsWindowVisible
SetActiveWindow
GetForegroundWindow
SendMessageTimeoutW
AllowSetForegroundWindow
SetForegroundWindow
RemovePropW

advapi32

RegQueryValueExW
RegCreateKeyExW
RegCloseKey
GetUserNameW
RegSetValueExW
SetEntriesInAclW
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW

shell32

CommandLineToArgvW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteExW

ole32

OleUninitialize
CoTaskMemFree
OleInitialize

oleaut32

LoadRegTypeLi
LoadTypeLi
SysStringLen
SysFreeString

shlwapi

PathGetArgsW
PathAppendW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathRemoveBackslashW
PathAddBackslashW
wnsprintfW

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

wininet

InternetOpenW
InternetOpenUrlW
HttpQueryInfoW
InternetReadFile
InternetConnectW
HttpOpenRequestW
InternetGetConnectedState
HttpSendRequestW
InternetCloseHandle
InternetCanonicalizeUrlW
InternetCrackUrlW

rpcrt4

UuidCreateSequential
UuidToStringA
RpcStringFreeA

vcruntime140

_CxxThrowException
__std_exception_destroy
__std_exception_copy
memset
_purecall
memcpy
memmove
strchr
__CxxFrameHandler3
memcmp
_except_handler4_common

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
_set_new_mode
free
_recalloc
calloc

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
terminate
_beginthreadex
_errno
_register_thread_local_exe_atexit_callback
_c_exit
_invalid_parameter_noinfo_noreturn
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_invalid_parameter_noinfo
_seh_filter_exe
_set_app_type
_exit

api-ms-win-crt-convert-l1-1-0

_itoa_s
_wtol
_wtoi
atoi

api-ms-win-crt-string-l1-1-0

isalpha
wcsncpy
isdigit
wcsncat
wcscmp
strncmp
strlen
wcslen
isspace
wcscpy_s

api-ms-win-crt-stdio-l1-1-0

fclose
fread
_wfopen_s
_set_fmode
__p__commode
__stdio_common_vswprintf_s

api-ms-win-crt-filesystem-l1-1-0

_waccess

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2e3aeedc08bab6fe7bf3bf190d20dde4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

common

gf

asynctask

mautility

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp140

wininet

rpcrt4

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 59KB - Virtual size: 58KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 72KB - Virtual size: 76KB

.text
Size: 59KB - Virtual size: 58KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 72KB - Virtual size: 76KB