9466048f3cef6d468f9d813bc23dbd71697343814be2ce9e90dd57c03cb4da8f

Sharing

Copy URL Twitter E-mail

General

Target

9466048f3cef6d468f9d813bc23dbd71697343814be2ce9e90dd57c03cb4da8f
Size

2.2MB
MD5

bbd6e73584df637849ef0ae83db2e060
SHA1

7f8cb5d2d1b8f234afe578ce3ce4dbe05b9480f3
SHA256

9466048f3cef6d468f9d813bc23dbd71697343814be2ce9e90dd57c03cb4da8f
SHA512

379b30b19695d43de942401d82c25377beb41b8a999b9e18e2eb5f544e30bbf25e58c0ca78bc1a3c7a06b672baa50f0f62ec9315fff013a3bded03ce77f929a7
SSDEEP

49152:RQzMWNy6nClL7cHYM3QZf7ffXZqyVWMfMtV:RYM7GClL7cHYMAZznwyUV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9466048f3cef6d468f9d813bc23dbd71697343814be2ce9e90dd57c03cb4da8f

Files

9466048f3cef6d468f9d813bc23dbd71697343814be2ce9e90dd57c03cb4da8f
.exe windows:6 windows x86 arch:x86

856d54b20d00870e6e727b0c7b63be7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\data\landun\workspace\p-f93f0d74ed8a49278e11882bf2562c5a\src\bin\Release_Win32\SogouCloud.pdb

Imports

ws2_32

htons
htonl
getservbyname
inet_ntoa
ntohs
WSAStartup
WSACleanup
WSASetLastError
setsockopt
recv
connect
socket
send
shutdown
getservbyport
gethostbyname
inet_addr
gethostbyaddr
closesocket
WSAGetLastError

wininet

HttpSendRequestExW
HttpEndRequestW
InternetOpenW
InternetCrackUrlA
InternetWriteFile
HttpOpenRequestA
InternetGetConnectedState
InternetReadFile
InternetCloseHandle
InternetConnectW
HttpOpenRequestW
InternetSetOptionW
InternetQueryOptionW
HttpAddRequestHeadersW
InternetConnectA
HttpAddRequestHeadersA

kernel32

GetDiskFreeSpaceExW
GetFileAttributesW
GetFileSize
GetTempFileNameW
ReadFile
SetFileAttributesW
SetFilePointer
WriteFile
GetTempPathW
GetSystemTime
CopyFileW
MoveFileExW
CreateFileMappingW
OpenFileMappingW
FlushFileBuffers
UnmapViewOfFile
GetStartupInfoW
GetLocalTime
GetCurrentThreadId
QueryPerformanceCounter
ReleaseMutex
CreateMutexW
OpenMutexW
LocalAlloc
LocalFree
GetSystemInfo
SetLastError
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
GetSystemTimeAsFileTime
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
GetSystemDirectoryW
GlobalUnlock
FreeLibrary
GetCurrentProcessId
GlobalLock
ResetEvent
LoadLibraryA
GetSystemDirectoryA
GlobalSize
Sleep
GetModuleFileNameW
GetProcAddress
InitializeCriticalSectionAndSpinCount
DecodePointer
GetVersion
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
InitializeCriticalSectionEx
lstrlenW
GetModuleHandleW
DeleteCriticalSection
SetEvent
GetLastError
CreateEventW
OpenEventW
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTickCount
CloseHandle
OutputDebugStringW
GetOEMCP
GetACP
IsValidCodePage
SetEndOfFile
SetStdHandle
GetFileSizeEx
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
MapViewOfFile
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStdHandle
GetTimeZoneInformation
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetFileType
SetEnvironmentVariableW
FindFirstFileExW
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
TlsFree
TlsSetValue
CreateDirectoryW
GetCommandLineW
GetCurrentProcess
CreateToolhelp32Snapshot
GlobalAlloc
GlobalFree
GetFileAttributesExW
FileTimeToSystemTime
CreateProcessW
GetFileTime
ExitThread
FormatMessageW
CreateThread
Thread32Next
Thread32First
GetThreadTimes
OpenThread
RemoveDirectoryW
OpenProcess
HeapFree
HeapAlloc
GetProcessHeap
LoadLibraryExW
GetModuleFileNameA
OutputDebugStringA
GetEnvironmentVariableW
GetEnvironmentVariableA
SuspendThread
GetCurrentDirectoryA
ResumeThread
GetVersionExA
GetThreadContext
GetThreadId
ReadProcessMemory
VirtualQuery
GetProcessTimes
GetVersionExW
VirtualFree
VirtualAlloc
QueryPerformanceFrequency
HeapSize
HeapReAlloc
TerminateProcess
lstrcatW
lstrcpyW
IsDebuggerPresent
SetUnhandledExceptionFilter
ExpandEnvironmentStringsW
SetWaitableTimer
CreateNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe
GetOverlappedResult
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
GetExitCodeThread
InitOnceBeginInitialize
InitOnceComplete
GetStringTypeW
EncodePointer
LCMapStringEx
GetCPInfo
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
RaiseException
RtlUnwind
TlsAlloc
TlsGetValue

user32

TranslateMessage
PostThreadMessageW
KillTimer
SetTimer
DispatchMessageW
GetKeyboardLayoutList
CreateWindowExW
DefWindowProcW
GetMessageW
PostMessageW
SetClipboardViewer
SendMessageW
SetRectEmpty
GetSystemMetrics
SystemParametersInfoW
LoadStringW
wsprintfW
wvsprintfW
DestroyIcon
UnloadKeyboardLayout
LoadKeyboardLayoutW
IsClipboardFormatAvailable
RegisterClassExW
IsWindow
OpenClipboard
IsDialogMessageW
ChangeClipboardChain
CloseClipboard
PeekMessageW
GetClipboardData

advapi32

CryptAcquireContextW
CryptDecrypt
CryptSetKeyParam
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
GetUserNameA
SetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorSacl
GetLengthSid
AddAccessAllowedAceEx
RegNotifyChangeKeyValue
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyW
RegEnumKeyW
RegQueryInfoKeyW
RegDeleteKeyW
RegFlushKey
RegSetValueExW
GetTokenInformation
LookupAccountSidW
OpenProcessToken
RegEnumValueW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysFreeString

imm32

ImmDisableIME

version

GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA

psapi

GetProcessMemoryInfo

shlwapi

SHDeleteKeyW

shell32

SHFileOperationW
SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteW

winhttp

WinHttpOpen
WinHttpWriteData
WinHttpReadData
WinHttpOpenRequest
WinHttpConnect
WinHttpQueryHeaders
WinHttpQueryOption
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpCloseHandle

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 82KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 180KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

856d54b20d00870e6e727b0c7b63be7c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wininet

kernel32

user32

advapi32

ole32

oleaut32

imm32

version

psapi

shlwapi

shell32

winhttp

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 386KB - Virtual size: 386KB

.data Size: 82KB - Virtual size: 236KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 180KB - Virtual size: 184KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 386KB - Virtual size: 386KB

.data
Size: 82KB - Virtual size: 236KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 180KB - Virtual size: 184KB