c945e6c2ff822271174a53dc9fcf50fb0b9fa36f20a1863f71dd6bbd47097ff9

Sharing

Copy URL Twitter E-mail

General

Target

c945e6c2ff822271174a53dc9fcf50fb0b9fa36f20a1863f71dd6bbd47097ff9
Size

2.7MB
MD5

b5cd9e1ad2a2024bc2af17bc0898038b
SHA1

38007e56694d142e5481c6eb703510298d4410ae
SHA256

c945e6c2ff822271174a53dc9fcf50fb0b9fa36f20a1863f71dd6bbd47097ff9
SHA512

53ceb05404d4ad34ee659bae3b8ae24ed615d44fb808a342eb5e9f185454d68c45344cde59baaadc224315c5910bc7784cbd5268f4f9383db73f320c6a266b3f
SSDEEP

49152:tXGRMKRUA5DeNHMtuTnS/kZ5AbFc+XVR0VxN:tWM5SGHMtuTnS/kYpc+I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c945e6c2ff822271174a53dc9fcf50fb0b9fa36f20a1863f71dd6bbd47097ff9

Files

c945e6c2ff822271174a53dc9fcf50fb0b9fa36f20a1863f71dd6bbd47097ff9
.exe windows:6 windows x86 arch:x86

1b940793f4ba6c94f401189ea89920df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\data\landun\workspace\p-f93f0d74ed8a49278e11882bf2562c5a\src\bin\Release_Win32\SGKaomoji.pdb

Imports

kernel32

SetLastError
LocalFree
LocalAlloc
GetSystemDirectoryW
OpenMutexW
CreateMutexW
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetLocalTime
GetStartupInfoW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
MoveFileExW
CopyFileW
GetSystemTime
GetTempPathW
WriteFile
SetFilePointer
ReadFile
GetTempFileNameW
GetFileSize
GetFileAttributesW
GetDiskFreeSpaceExW
FlushFileBuffers
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
GetSystemTimeAsFileTime
MultiByteToWideChar
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
GlobalHandle
GetEnvironmentVariableW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindResourceW
LoadResource
FindResourceExW
HeapReAlloc
LockResource
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree
SizeofResource
GetTickCount
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryW
GlobalUnlock
GlobalLock
CloseHandle
GlobalFree
GlobalAlloc
Sleep
WaitForSingleObject
GetVersionExW
GetCommandLineA
GetOEMCP
GetACP
GetModuleFileNameW
IsValidCodePage
SetEndOfFile
SetStdHandle
GetTimeZoneInformation
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
GetStdHandle
ExitProcess
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetFileType
SetEnvironmentVariableW
FindFirstFileExW
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
RaiseException
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
ResetEvent
GetCPInfo
CreateDirectoryW
GetFileAttributesExW
FileTimeToSystemTime
CreateProcessW
GetFileTime
GetCurrentProcess
ExitThread
CreateEventW
FormatMessageW
CreateThread
GetCommandLineW
GetModuleHandleW
OpenEventW
InitializeCriticalSectionAndSpinCount
RemoveDirectoryW
lstrlenW
OutputDebugStringW
LoadLibraryExW
SetEvent
VirtualFree
VirtualAlloc
QueryPerformanceFrequency
TerminateProcess
lstrcatW
lstrcpyW
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
GetExitCodeThread
InitOnceBeginInitialize
InitOnceComplete
GetStringTypeW
EncodePointer
LCMapStringEx
SetFileAttributesW

user32

MonitorFromPoint
TranslateMessage
DispatchMessageW
GetDC
ShowWindow
GetMonitorInfoW
FindWindowW
GetDesktopWindow
SetForegroundWindow
IsWindow
GetMessageW
NotifyWinEvent
GetPropW
GetCursorPos
SendInput
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
PostMessageW
GetWindowTextW
EnableWindow
GetParent
SetWindowLongW
SetCapture
LoadCursorW
IsIconic
SetPropW
ReleaseDC
InsertMenuItemW
SetFocus
SetWindowTextW
GetSystemMetrics
SendMessageW
ShowScrollBar
GetScrollInfo
SubtractRect
MonitorFromRect
SetRectEmpty
wsprintfW
DrawTextW
UpdateLayeredWindow
EndPaint
BeginPaint
ReleaseCapture
KillTimer
AppendMenuW
SetCursor
DestroyMenu
IsWindowEnabled
TrackMouseEvent
SetMenuItemInfoW
ClientToScreen
SetTimer
TrackPopupMenu
CreateWindowExW
RegisterClassExW
CreatePopupMenu
ScreenToClient
GetWindowPlacement
GetKeyState
GetFocus
MoveWindow
wvsprintfW
IntersectRect
RegisterClipboardFormatW
LoadIconW
LoadImageW
GetWindowRect
GetForegroundWindow
GetClipboardData
PtInRect
GetWindowLongW
GetWindowTextLengthW
DefWindowProcW
CallWindowProcW
DestroyWindow
IsWindowVisible
SetWindowPos

gdi32

GetFontData
GetObjectW
SetTextCharacterExtra
CreateFontIndirectW
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject
SetTextColor
GetStockObject
SetBkMode

advapi32

CryptAcquireContextW
CryptSetKeyParam
CryptDestroyKey
CryptEncrypt
CryptImportKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
SetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorSacl
GetLengthSid
AddAccessAllowedAceEx
CryptReleaseContext
CryptDecrypt
RegSetValueExW
RegOpenKeyW

imm32

ImmGetContext
ImmDisableIME
ImmNotifyIME

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetProcessMemoryInfo

wininet

HttpAddRequestHeadersA
InternetWriteFile
InternetCrackUrlA
InternetOpenW
HttpEndRequestW
HttpSendRequestExW
InternetQueryOptionW
InternetCloseHandle
InternetConnectA
InternetReadFile
HttpAddRequestHeadersW
InternetGetConnectedState
InternetSetOptionW
HttpOpenRequestA

msimg32

AlphaBlend

oleacc

LresultFromObject
AccessibleObjectFromWindow

shell32

SHFileOperationW
ShellExecuteW
SHGetFolderPathW

ole32

CoUninitialize
CoInitialize

oleaut32

SysAllocString

winhttp

WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpQueryOption
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpWriteData
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpCrackUrl

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 425KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 89KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 191KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1b940793f4ba6c94f401189ea89920df

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

imm32

version

psapi

wininet

msimg32

oleacc

shell32

ole32

oleaut32

winhttp

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 425KB - Virtual size: 424KB

.data Size: 89KB - Virtual size: 233KB

.rsrc Size: 209KB - Virtual size: 208KB

.reloc Size: 191KB - Virtual size: 192KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 425KB - Virtual size: 424KB

.data
Size: 89KB - Virtual size: 233KB

.rsrc
Size: 209KB - Virtual size: 208KB

.reloc
Size: 191KB - Virtual size: 192KB