2151afb350eb53f50b7456df373c55e654c73906d9882f664c8e1d6ed6d9a17d

Sharing

Copy URL Twitter E-mail

General

Target

2151afb350eb53f50b7456df373c55e654c73906d9882f664c8e1d6ed6d9a17d
Size

4.8MB
MD5

983a89632f767a7441b31c5347403a8d
SHA1

77b0d6a091a3b5081decadb6e3b27438dddba3cf
SHA256

2151afb350eb53f50b7456df373c55e654c73906d9882f664c8e1d6ed6d9a17d
SHA512

0355fa46bda303f012632214de1c44fbe740709a8d630070a2d09f9752546ec4586d788132b88dcb5c9d0c08f8791779ebeb983f1e8a5311f2b222bfe6909e03
SSDEEP

98304:PONE1yly09Oy9BbXg4kP2bYYD3TRl8XVtZZ4s9:+I4tx/TRo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2151afb350eb53f50b7456df373c55e654c73906d9882f664c8e1d6ed6d9a17d

Files

2151afb350eb53f50b7456df373c55e654c73906d9882f664c8e1d6ed6d9a17d
.exe windows:5 windows x86 arch:x86

a68a9dfae308a06a1d2c42f72e7db1cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\WorkPlace\AndroidEmulator\7KMarket_Release_Packet\Basic\Client\Output\Binfinal\Update2\TUpdate.pdb

Imports

comctl32

_TrackMouseEvent
InitCommonControlsEx

ws2_32

WSASetLastError
bind
__WSAFDIsSet
getpeername
getsockname
getsockopt
ntohl
ntohs
recvfrom
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
sendto
WSACleanup
WSAEventSelect
getaddrinfo
socket
connect
closesocket
freeaddrinfo
listen
accept
gethostname
gethostbyname
shutdown
select
recv
WSAGetLastError
send
setsockopt
ioctlsocket
htons
WSAStartup
inet_addr
inet_ntoa
WSACreateEvent

kernel32

GetDriveTypeW
GetModuleFileNameW
GetCommandLineW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetFileAttributesExA
DeleteFileA
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetExitCodeProcess
OpenProcess
TerminateProcess
DeleteFileW
GetLocaleInfoW
GetEnvironmentVariableW
GetSystemDirectoryW
GetSystemTime
SystemTimeToFileTime
GetModuleFileNameA
WideCharToMultiByte
GetFileAttributesExW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
FindClose
GetFullPathNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetLocalTime
GetTickCount
InterlockedExchangeAdd
MoveFileW
SetFilePointer
GetCurrentThreadId
WriteFile
FormatMessageW
GetSystemInfo
GlobalMemoryStatusEx
OutputDebugStringW
GetFileAttributesW
MoveFileExW
CopyFileW
VirtualAlloc
VirtualFree
ExpandEnvironmentStringsW
GetLongPathNameW
CreateDirectoryW
GetFileSize
ReadFile
lstrcmpW
LocalFileTimeToFileTime
SetFileTime
FileTimeToSystemTime
InitializeCriticalSection
SearchPathW
lstrcpynW
VirtualQuery
GetCurrentProcessId
WriteProcessMemory
SetUnhandledExceptionFilter
Thread32First
Thread32Next
OpenThread
SuspendThread
DuplicateHandle
Module32FirstW
Module32NextW
SetErrorMode
WaitForMultipleObjects
ReadProcessMemory
VirtualAllocEx
RaiseException
GetTempPathW
GetVersionExW
SetLastError
OutputDebugStringA
GetACP
DecodePointer
FreeResource
PeekNamedPipe
LocalFree
GlobalFree
LoadLibraryA
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
OpenEventW
OpenFileMappingW
GetSystemDefaultLangID
SwitchToThread
SleepEx
FormatMessageA
GetStdHandle
GetFileType
K32GetModuleFileNameExA
CreateDirectoryA
CreateFileA
GetPrivateProfileStringA
GetPrivateProfileIntA
SetEndOfFile
CreateMutexA
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetDiskFreeSpaceW
LockFile
GetFullPathNameA
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
GetVersionExA
HeapCompact
UnlockFile
CreateFileMappingA
LockFileEx
GetSystemTimeAsFileTime
QueryPerformanceCounter
FlushFileBuffers
GetModuleHandleA
GlobalMemoryStatus
FlushConsoleInputBuffer
FlushInstructionCache
SetThreadContext
GetThreadContext
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
SetEnvironmentVariableA
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
ExitProcess
SystemTimeToTzSpecificLocalTime
GetModuleHandleExW
ResumeThread
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
ResetEvent
LCMapStringW
CompareStringW
GetCPInfo
EncodePointer
IsProcessorFeaturePresent
QueueUserWorkItem
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
SetFilePointerEx
FindFirstFileExW
QueryPerformanceFrequency
GetStringTypeW
CreateFileW
ExpandEnvironmentStringsA
DeviceIoControl
OpenMutexW
GetLastError
CloseHandle
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
CreateProcessW
InterlockedCompareExchange
InterlockedExchange
Sleep
SizeofResource
LockResource
GetCurrentProcess
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
UnhandledExceptionFilter
UnmapViewOfFile
MapViewOfFile
WaitForSingleObject
CreateFileMappingW
WaitForSingleObjectEx
ReleaseMutex
CreateMutexW
SetEvent
CreateEventW
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource

user32

PostQuitMessage
SetForegroundWindow
SetRect
SendMessageW
LoadImageW
GetWindowLongW
IsWindow
CallNextHookEx
GetClassInfoW
SetWindowsHookExW
CreateWindowExW
UpdateWindow
DefWindowProcW
DestroyWindow
ReleaseDC
GetDC
GetSystemMetrics
wsprintfW
GetParent
SetWindowLongW
LoadCursorW
RegisterClassExW
PtInRect
SetPropW
GetUserObjectInformationW
SetCapture
ReleaseCapture
GetCapture
GetKeyState
ShowWindow
CallWindowProcW
SendMessageTimeoutW
DispatchMessageW
TranslateMessage
GetMessageW
EnumDisplayDevicesW
FindWindowW
CreateWindowExA
UnhookWindowsHookEx
RegisterClassExA
SetTimer
KillTimer
GetWindow
MapWindowPoints
FillRect
DrawTextW
FindWindowA
GetClientRect
CopyRect
EqualRect
RegisterWindowMessageW
UnionRect
InvalidateRect
IsRectEmpty
BeginPaint
UpdateLayeredWindow
FindWindowExW
IsWindowVisible
GetWindowRect
EndPaint
IsWindowUnicode
SetCursor
SetFocus
ClientToScreen
WindowFromPoint
ScreenToClient
GetCursorPos
GetClassNameW
GetClassInfoExW
DrawIconEx
GetMenuState
GetSystemMenu
GetWindowTextW
GetActiveWindow
SetWindowRgn
SetWindowPos
PostMessageW
IsZoomed
SystemParametersInfoW
GetPropW
RemovePropW
OffsetRect
GetProcessWindowStation
MessageBoxA
IntersectRect

gdi32

SetTextColor
CreateSolidBrush
GetObjectA
CombineRgn
ExtCreateRegion
GetObjectW
Rectangle
CreateRectRgn
ExcludeClipRect
BitBlt
CreateCompatibleBitmap
CreatePen
GetTextExtentPoint32W
SetBkMode
GetStockObject
DeleteDC
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateFontIndirectW
SetPixelFormat
ChoosePixelFormat
GetDeviceCaps

advapi32

CloseServiceHandle
RegOpenKeyExW
RegQueryValueExW
ReportEventA
RegisterEventSourceA
DeregisterEventSource
CryptGenRandom
RegOpenKeyExA
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegCloseKey
DeleteService
ControlService
OpenServiceW
OpenSCManagerW
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueW
LookupPrivilegeNameW
GetTokenInformation
OpenProcessToken
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyW

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteExW
CommandLineToArgvW
ShellExecuteW
SHGetFolderPathA
SHFileOperationW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateGuid

oleaut32

SysAllocString
SysStringLen
VariantInit
VariantClear
SysFreeString

shlwapi

SHGetValueW
PathIsDirectoryW
PathRemoveFileSpecA
SHDeleteKeyW
StrStrIW
PathFileExistsW
PathRemoveFileSpecW
StrStrIA
PathFindFileNameW
wnsprintfW
PathAppendW
SHSetValueW
SHDeleteValueW
PathAddBackslashW

d3d9

Direct3DCreate9

opengl32

wglMakeCurrent
glGetString
wglGetProcAddress
wglDeleteContext
wglCreateContext

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

HttpQueryInfoW
InternetCloseHandle
InternetReadFile
InternetSetOptionW
InternetQueryOptionW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW

psapi

GetModuleFileNameExW

winhttp

WinHttpWriteData
WinHttpCloseHandle
WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

gdiplus

GdipDrawImageRectI
GdipDrawImageRectRectI
GdipCloneImage
GdipCreateBitmapFromFile
GdipSetWorldTransform
GdipRotateMatrix
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipDisposeImage
GdipCreateBitmapFromStream
GdipGraphicsClear
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipFree
GdipAlloc
GdipGetImageWidth
GdipGetImageHeight
GdipDeleteMatrix
GdipTranslateMatrix
GdipImageSelectActiveFrame
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipMeasureString
GdipDrawString
GdipSetTextRenderingHint
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateSolidFill
GdipGetImagePixelFormat
GdipDeleteBrush
GdipCreateMatrix

msimg32

AlphaBlend

netapi32

Netbios

wldap32

ord145
ord118
ord216
ord142
ord41
ord14
ord147
ord79
ord27
ord26
ord127
ord46
ord301
ord133
ord208
ord167

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 663KB - Virtual size: 663KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 66KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMGuid
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 920KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tvm0
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a68a9dfae308a06a1d2c42f72e7db1cf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

d3d9

opengl32

version

wininet

psapi

winhttp

iphlpapi

gdiplus

msimg32

netapi32

wldap32

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 663KB - Virtual size: 663KB

.data Size: 66KB - Virtual size: 95KB

Shared Size: 512B - Virtual size: 16B

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 21B

.QMGuid Size: 512B - Virtual size: 20B

.rsrc Size: 920KB - Virtual size: 920KB

.tvm0 Size: 46KB - Virtual size: 48KB

.reloc Size: 204KB - Virtual size: 204KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 663KB - Virtual size: 663KB

.data
Size: 66KB - Virtual size: 95KB

Shared
Size: 512B - Virtual size: 16B

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 21B

.QMGuid
Size: 512B - Virtual size: 20B

.rsrc
Size: 920KB - Virtual size: 920KB

.tvm0
Size: 46KB - Virtual size: 48KB

.reloc
Size: 204KB - Virtual size: 204KB