82b646d08a39781773287fc3ef8f87fc60b8a11836656e4611c85d817509c059

Sharing

Copy URL

Twitter E-mail

General

Target

82b646d08a39781773287fc3ef8f87fc60b8a11836656e4611c85d817509c059
Size

1.7MB
MD5

5c94d5b0bf7b4db8d1482f99cf064077
SHA1

70f65aa3d75e507254f5142d8f57c5ae328257c3
SHA256

82b646d08a39781773287fc3ef8f87fc60b8a11836656e4611c85d817509c059
SHA512

e2bf13407897d5c666eda4ee616a6ee5d30ac0c219d1f855c32e6da69e8b362295d497cc09df480fc37c552dc404a4dfaff54969de6aa243001c9c66aacdeb5a
SSDEEP

49152:DMaMXwVPCnPQuP7rFnH6qUiKuTAsFE10gdN7gIrP7E:DNTVqnPQuzrFH6qXHnI8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82b646d08a39781773287fc3ef8f87fc60b8a11836656e4611c85d817509c059

Files

82b646d08a39781773287fc3ef8f87fc60b8a11836656e4611c85d817509c059
.exe windows:5 windows x86 arch:x86

064e1df950fb9f79d98f1dbed5177b82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\autobuild_se_doctor_13\360sedoctor\ExtDoctor\Release\360bdoctor.pdb

Imports

kernel32

MulDiv
lstrcmpW
Sleep
OpenMutexW
ReleaseMutex
CreateEventW
HeapAlloc
GetProcessHeap
HeapFree
TerminateThread
ExitProcess
CreateToolhelp32Snapshot
Process32FirstW
TerminateProcess
Process32NextW
CopyFileW
MoveFileW
lstrcatW
GetEnvironmentVariableW
GetTempFileNameW
ResumeThread
GetThreadContext
SetThreadContext
VirtualQuery
InterlockedCompareExchange
GetCurrentThread
VirtualProtect
SuspendThread
MapViewOfFile
CreateFileMappingW
LoadLibraryA
K32GetModuleInformation
GetFileAttributesExW
GetFileAttributesW
FlushViewOfFile
QueryFullProcessImageNameW
GetWindowsDirectoryW
SetFileTime
SetFileAttributesW
FormatMessageW
LocalAlloc
GetLogicalDriveStringsA
GetVersion
GetSystemDirectoryA
GetDriveTypeA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetPrivateProfileStringW
GetModuleHandleA
GetSystemDefaultLangID
GetFileType
SystemTimeToFileTime
FindResourceW
DosDateTimeToFileTime
LoadResource
OpenEventW
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
lstrcmpiW
FlushInstructionCache
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
OutputDebugStringW
GetCurrentThreadId
FindResourceExW
GetSystemTime
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
CreateThread
K32GetModuleFileNameExW
K32EnumProcessModules
CreateMutexW
GetExitCodeProcess
WaitForSingleObject
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetModuleFileNameA
GetStdHandle
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
DeleteAtom
FindAtomW
TlsAlloc
AddAtomW
OpenThread
GetAtomNameW
TlsSetValue
TlsGetValue
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
FlushFileBuffers
IsProcessorFeaturePresent
HeapSize
OpenProcess
LocalFree
WritePrivateProfileStringW
GetCurrentProcess
RemoveDirectoryW
lstrcpyW
GetFullPathNameW
SetLastError
FindClose
FindNextFileW
FindFirstFileW
MoveFileExW
GetTickCount
LockResource
SizeofResource
InterlockedExchange
lstrcmpiA
lstrcmpA
WideCharToMultiByte
lstrlenW
RaiseException
GetVersionExW
MultiByteToWideChar
lstrlenA
CreateFileW
GetLastError
VirtualAlloc
ReadFile
VirtualFree
SetFilePointer
GetFileSize
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
CreateProcessW
LoadLibraryW
GetModuleFileNameW
GetModuleHandleW
GetCurrentProcessId
CloseHandle
HeapReAlloc
HeapDestroy
DeleteFileW
CreateDirectoryW
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetTempPathW
WriteFile
CreateFileA
SetEvent
DeviceIoControl
GetCurrentDirectoryW

user32

GetWindowThreadProcessId
CharUpperBuffW
CallWindowProcW
GetDesktopWindow
GetSystemMetrics
WindowFromPoint
GetMessageW
TranslateMessage
SystemParametersInfoW
SetCursor
GetCursorPos
GetShellWindow
UpdateWindow
GetCapture
ShowWindow
PostMessageW
SetTimer
IsWindow
FindWindowW
SendMessageW
GetWindow
GetWindowRect
GetParent
GetWindowLongW
TrackMouseEvent
AdjustWindowRectEx
DrawTextW
InflateRect
DrawIconEx
GetIconInfo
WindowFromDC
UnregisterClassA
DispatchMessageW
GetTopWindow
IsWindowVisible
RegisterClassExW
GetClassInfoExW
LoadCursorW
PostQuitMessage
DefWindowProcW
DestroyWindow
GetDlgItem
CreateWindowExW
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
SetWindowLongW
SetWindowPos
EndDialog
CharNextW
DestroyAcceleratorTable
PtInRect
UpdateLayeredWindow
ExitWindowsEx
MessageBoxW
GetForegroundWindow
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
wsprintfW
LoadStringW
ReplyMessage
InSendMessageEx
LoadIconW
SetWindowRgn
DialogBoxParamW
IsIconic
GetActiveWindow
PeekMessageW
SetForegroundWindow
GetKeyState
KillTimer
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetClassNameW
GetSysColor
RedrawWindow
CreateAcceleratorTableW
ClientToScreen
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
InvalidateRect
GetDC
ReleaseDC

gdi32

CreateRoundRectRgn
CreateSolidBrush
CreateCompatibleBitmap
BitBlt
GetStockObject
GetDeviceCaps
GetObjectW
SelectObject
DeleteObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
SetViewportOrgEx
GetObjectType
GetRandomRgn
GdiAlphaBlend
GetLayout
SetLayout
GetCurrentObject
SetBkMode
LPtoDP
SetGraphicsMode
SetWorldTransform
GetTextExtentPoint32W
CreateFontIndirectW
SelectClipRgn
CreateRectRgn
CombineRgn
OffsetRgn
GetRgnBox
CreateRectRgnIndirect
RectVisible
SaveDC
IntersectClipRect
RestoreDC
ModifyWorldTransform

advapi32

RegOpenKeyExW
RegCreateKeyA
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
RegSetKeySecurity
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
CheckTokenMembership
DuplicateTokenEx
GetTokenInformation
FreeSid
SetNamedSecurityInfoW
AllocateAndInitializeSid
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegQueryValueExA

shell32

ShellExecuteW
SHGetFolderPathW
SHChangeNotify
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetPathFromIDListW
SHFileOperationW
SHGetSpecialFolderPathA

ole32

PropVariantClear
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
OleUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
RegisterDragDrop
RevokeDragDrop
DoDragDrop
CoTaskMemFree
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize

oleaut32

CreateStdDispatch
CreateDispTypeInfo
VariantCopy
VarCmp
SysAllocStringLen
LoadTypeLi
VariantChangeType
LoadRegTypeLi
OleCreateFontIndirect
VarUI4FromStr
VarBstrCmp
SysStringLen
SysAllocString
SysFreeString
VariantInit
VariantClear

shlwapi

SHGetValueW
PathFindFileNameW
PathRemoveFileSpecW
PathAppendW
PathIsRootW
StrStrIW
StrCmpIW
StrStrW
StrCmpNW
StrCmpW
SHDeleteKeyW
StrToIntW
SHDeleteEmptyKeyW
PathRemoveBackslashW
SHStrDupW
PathFindExtensionW
SHDeleteValueW
SHSetValueA
PathFileExistsW
SHGetValueA
SHSetValueW

comctl32

InitCommonControlsEx

wintrust

WinVerifyTrust

wininet

InternetErrorDlg
InternetOpenUrlW
InternetCrackUrlW
HttpQueryInfoA
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpAddRequestHeadersA
InternetQueryOptionW
InternetSetOptionW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle

crypt32

CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CertGetNameStringW

netapi32

Netbios

gdiplus

GdiplusStartup
GdiplusShutdown

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

setupapi

SetupIterateCabinetW

Exports

Exports

get_addr

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 567KB - Virtual size: 566KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

064e1df950fb9f79d98f1dbed5177b82

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wintrust

wininet

crypt32

netapi32

gdiplus

version

setupapi

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 218KB - Virtual size: 217KB

.data Size: 51KB - Virtual size: 87KB

.rsrc Size: 567KB - Virtual size: 566KB

.reloc Size: 85KB - Virtual size: 84KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 218KB - Virtual size: 217KB

.data
Size: 51KB - Virtual size: 87KB

.rsrc
Size: 567KB - Virtual size: 566KB

.reloc
Size: 85KB - Virtual size: 84KB