9707dc90c44309b82f4314269b0ecc13ff280d5b166ef7a2fe276ee6c71e5819

Sharing

Copy URL Twitter E-mail

General

Target

9707dc90c44309b82f4314269b0ecc13ff280d5b166ef7a2fe276ee6c71e5819
Size

2.6MB
MD5

4dbc644836134c14fb1a233de8cd0675
SHA1

3ff970f80435590cd31a4f281a944d11d11f7e51
SHA256

9707dc90c44309b82f4314269b0ecc13ff280d5b166ef7a2fe276ee6c71e5819
SHA512

0f8dbc8712cc290114c5b0f09ef96fb2fcac26116e79fe50ea4562075e207e66b11f2e54aa3754e7378be24b0d418ed224080db69daaaf271811eef45d41e662
SSDEEP

49152:QjMNEco5AsQ5NbZKOK7Q/SaSQu1Xbh2jRxE0MTDc/S5GGtRqfs1VStv4aP+TwDjr:QjMCKPNdV/S1NQuymVStAKtZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9707dc90c44309b82f4314269b0ecc13ff280d5b166ef7a2fe276ee6c71e5819

Files

9707dc90c44309b82f4314269b0ecc13ff280d5b166ef7a2fe276ee6c71e5819
.exe windows:5 windows x86 arch:x86

0ccc4afa8564f9926c8342edb1854651

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\baidu\netdisk\p2p-sdk-pc\project\bin\Release\kernelUpdate.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

DeleteCriticalSection
WideCharToMultiByte
InterlockedIncrement
TlsFree
FormatMessageA
CreateEventA
OpenEventA
GetFileSizeEx
FindFirstFileA
FindNextFileA
SetEndOfFile
FindClose
CreateMutexA
UnmapViewOfFile
SwitchToThread
SetFilePointerEx
CreateFileMappingA
RemoveDirectoryA
CreateDirectoryA
GetTickCount
MapViewOfFileEx
GetProcessTimes
SetLastError
GetCurrentProcess
ReleaseSemaphore
WriteFile
DuplicateHandle
GetModuleHandleA
Sleep
CreateFileA
WaitForSingleObjectEx
GetSystemInfo
ResetEvent
GetProcAddress
GetCurrentProcessId
TlsGetValue
GetSystemTimeAsFileTime
CreateSemaphoreA
SetWaitableTimer
LocalFree
HeapFree
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
GetCurrentThreadId
CreateEventW
HeapAlloc
VerSetConditionMask
GetProcessHeap
SleepEx
VerifyVersionInfoW
CreateIoCompletionPort
GetModuleFileNameA
GetModuleFileNameW
CreateFileW
GetFileAttributesW
GetVersionExW
GetLocalTime
GetDriveTypeW
MultiByteToWideChar
LoadLibraryW
FreeLibrary
CreateWaitableTimerW
CancelIo
GetStdHandle
GetFileType
GetSystemTime
SystemTimeToFileTime
QueryPerformanceCounter
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
HeapSize
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
QueueUserAPC
CloseHandle
InterlockedExchangeAdd
TlsAlloc
TerminateThread
SetEvent
GetLastError
FormatMessageW
PostQueuedCompletionStatus
ReleaseMutex
WaitForSingleObject
CreateMutexW
LeaveCriticalSection
WaitForMultipleObjects
InterlockedDecrement
EnterCriticalSection
InterlockedExchange
TlsSetValue
IsValidCodePage
FindFirstFileExA
SetStdHandle
ReadConsoleW
GetTimeZoneInformation
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetCommandLineW
GetCommandLineA
HeapReAlloc
WriteConsoleW
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
ReadFile
ExitProcess
GetModuleHandleExW
ExitThread
SetConsoleCtrlHandler
RtlUnwind
RaiseException
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualProtect
VirtualFree
VirtualAlloc
LoadLibraryExW
TryEnterCriticalSection
EncodePointer
DecodePointer
QueryPerformanceFrequency
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
WaitForMultipleObjectsEx
ResumeThread
GetLogicalProcessorInformation
CreateWaitableTimerA
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
GetFullPathNameW
RemoveDirectoryW
DeviceIoControl
MoveFileExW
FindFirstFileW
FindNextFileW
AreFileApisANSI
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegOpenKeyExA
InitializeSecurityDescriptor
OpenEventLogA
CloseEventLog
ReportEventA
RegisterEventSourceA
DeregisterEventSource
SetSecurityDescriptorDacl
RegCloseKey
ReadEventLogA
RegQueryValueExA

shell32

SHGetFolderPathW

ws2_32

connect
WSARecv
getsockopt
ioctlsocket
setsockopt
WSASetLastError
WSAStringToAddressW
getsockname
WSAAddressToStringW
htons
freeaddrinfo
WSAStringToAddressA
inet_addr
WSAAddressToStringA
ntohs
inet_ntoa
htonl
ntohl
WSACleanup
WSAStartup
getpeername
WSASocketW
listen
shutdown
select
WSASend
closesocket
WSAIoctl
bind
accept
__WSAFDIsSet
recv
send
getaddrinfo
WSAGetLastError

shlwapi

PathRemoveFileSpecW

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 486KB - Virtual size: 485KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 64KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 160KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0ccc4afa8564f9926c8342edb1854651

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

shell32

ws2_32

shlwapi

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 486KB - Virtual size: 485KB

.data Size: 64KB - Virtual size: 84KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 160KB - Virtual size: 164KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 486KB - Virtual size: 485KB

.data
Size: 64KB - Virtual size: 84KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 160KB - Virtual size: 164KB