cbf2ceb3c5ebc6f1d8c09f3098176ded9503800cba77cfefa25ea9e0a8085ae3

Sharing

Copy URL

Twitter E-mail

General

Target

cbf2ceb3c5ebc6f1d8c09f3098176ded9503800cba77cfefa25ea9e0a8085ae3
Size

2.4MB
MD5

cd8fff708a1a99a4d3b5bfec49ae278a
SHA1

367050b2323952b52a11fcb55dd359e59637a884
SHA256

cbf2ceb3c5ebc6f1d8c09f3098176ded9503800cba77cfefa25ea9e0a8085ae3
SHA512

80485ca1ee306b2f9e6b18d747bfc148c3f69f98f58ade8d675babbabff20e4d387a3bb83e1ab05aff166a29df4eefeed8df989d2c8af339e68b4d365064eb68
SSDEEP

49152:fLRISHEkoozx3u4+iTjaipEluOhYBUvqQENPvGzf:fLRZzx3nql1UUSQENPvE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cbf2ceb3c5ebc6f1d8c09f3098176ded9503800cba77cfefa25ea9e0a8085ae3

Files

cbf2ceb3c5ebc6f1d8c09f3098176ded9503800cba77cfefa25ea9e0a8085ae3
.dll windows:6 windows x86 arch:x86

78eac0f670a7972b3b759eeaa4250fb9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\youqu_job\golink_soui3\定制\InstallPackage\souidemo_nsis\setupdll\bin\setupdll.pdb

Imports

kernel32

GetTickCount
GetFullPathNameW
FindResourceW
SizeofResource
LoadResource
SetLastError
LockResource
FreeResource
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
FlushInstructionCache
MulDiv
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
lstrcpyW
SetCurrentDirectoryW
GetCommandLineW
lstrcpynW
lstrcpynA
GlobalFree
lstrcpyA
SetEndOfFile
WriteConsoleW
HeapSize
CreateFileW
FlushFileBuffers
OutputDebugStringA
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
SetStdHandle
ReadConsoleW
GetModuleHandleA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
GetFileType
GetStdHandle
GetModuleHandleExW
ReadFile
LoadLibraryExW
InterlockedFlushSList
RaiseException
RtlUnwind
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
SetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalFree
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
GetStringTypeW
LoadLibraryA
GetVersionExA
GetLocalTime
LoadLibraryW
GetVersionExW
HeapReAlloc
MultiByteToWideChar
TerminateProcess
OpenProcess
GetNativeSystemInfo
ExitProcess
Sleep
OutputDebugStringW
CreateThread
CloseHandle
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WaitForSingleObject
WideCharToMultiByte
CopyFileW
MoveFileExW
FindFirstFileW
FindClose
GetCurrentProcess
GetModuleHandleW
GetProcAddress
WritePrivateProfileStringW
GlobalAlloc
FreeLibrary
GetPrivateProfileStringW
GetModuleFileNameW
GetLastError
GlobalUnlock
GlobalLock
GetProcessHeap
lstrlenA

user32

InflateRect
PtInRect
OffsetRect
SendMessageW
MessageBoxW
IsRectEmpty
CopyRect
UpdateLayeredWindow
GetDesktopWindow
GetCursorPos
IsIconic
PostMessageW
wsprintfW
SetRect
GetActiveWindow
CallWindowProcW
SetWindowLongW
FindWindowExW
SetTimer
KillTimer
SetCursor
IntersectRect
UnionRect
EqualRect
IsWindow
DestroyWindow
LoadCursorW
DestroyCursor
CharNextW
DestroyIcon
DrawIconEx
InvertRect
FillRect
GetIconInfo
DefWindowProcW
UnregisterClassW
RegisterClassExW
CreateWindowExW
SetWindowPos
GetDlgItem
GetClientRect
GetWindowRect
MapWindowPoints
SetActiveWindow
EnableWindow
MapVirtualKeyA
CharLowerBuffW
MsgWaitForMultipleObjects
GetForegroundWindow
ShowWindow
SystemParametersInfoA
DrawTextW
IsWindowVisible
GetSystemMetrics
EnableMenuItem
ClientToScreen
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadIconW
LoadImageW
CreateIconFromResource
LoadBitmapW
GetKeyState
GetFocus
GetSysColor
SetMenuContextHelpId
SetForegroundWindow
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
AppendMenuW
GetMenuItemCount
DestroyMenu
CreatePopupMenu
IsWindowEnabled
IsMenu
GetClassNameW
ScreenToClient
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
UpdateWindow
ReleaseCapture
SetCapture
GetCapture
SetFocus
IsZoomed
SetLayeredWindowAttributes
AnimateWindow
PostQuitMessage
TrackMouseEvent
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
GetWindowLongW

gdi32

GetObjectW
SetBkMode
Rectangle
GetStockObject
GetClipBox
CreateFontIndirectW
SetGraphicsMode
GetDeviceCaps
SelectObject
DeleteDC
CreateCompatibleDC
CreateBitmap
EnumFontsW
BitBlt
CreateRoundRectRgn
DeleteObject
StretchBlt
SetViewportOrgEx
CreateSolidBrush
CreateCompatibleBitmap
Arc
CombineRgn
CreateEllipticRgnIndirect
CreatePen
CreatePatternBrush
CreateRectRgn
CreateRectRgnIndirect
Ellipse
ExcludeClipRect
GetClipRgn
GetRgnBox
GetTextColor
GetTextExtentPoint32W
IntersectClipRect
OffsetRgn
Pie
PtInRegion
RectInRegion
RestoreDC
RoundRect
SaveDC
ExtSelectClipRgn
SetRectRgn
SetTextColor
GetWorldTransform
SetWorldTransform
CreateDIBSection
Polyline
GetCurrentObject
GetViewportOrgEx

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW

shell32

Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderPathW

ole32

CreateBindCtx
CLSIDFromProgID
CLSIDFromString
OleLockRunning
OleInitialize
CoTaskMemFree
OleUninitialize
OleRun
IIDFromString
CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal

oleaut32

GetErrorInfo
SysAllocString
VariantClear
VariantInit
SysFreeString

shlwapi

StrToIntExW

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

gdiplus

GdipSaveImageToFile
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipDrawImageRectI
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipGraphicsClear
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipImageSelectActiveFrame

imm32

ImmReleaseContext
ImmAssociateContext
ImmGetContext

msimg32

AlphaBlend
GradientFill

Exports

Exports

BindControlAndNSISScript
BindingProgress
ClosePage
CloseProcess
FindChildByName
FindProcess
FindStringByName
GetControlProperties
InitWindow
NSISMessageBox
NSISOpenFolderDialog
NSISScriptSendMessage
SetControlProperties
ShowPage

Sections

.text
Size: 805KB - Virtual size: 808KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 258KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78eac0f670a7972b3b759eeaa4250fb9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

version

gdiplus

imm32

msimg32

Exports

Exports

Sections

.text Size: 805KB - Virtual size: 808KB

.rdata Size: 258KB - Virtual size: 260KB

.data Size: 30KB - Virtual size: 100KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 805KB - Virtual size: 808KB

.rdata
Size: 258KB - Virtual size: 260KB

.data
Size: 30KB - Virtual size: 100KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB