beec13112f43934c332363311287d573ec6c1066d7d4eb252557b7d9d1a01e39

Sharing

Copy URL Twitter E-mail

General

Target

beec13112f43934c332363311287d573ec6c1066d7d4eb252557b7d9d1a01e39
Size

10.3MB
MD5

615badb7b88f9d5e3433e44995f6b596
SHA1

0b1295784ceb82a3a6edf7a765ea68cb0717b726
SHA256

beec13112f43934c332363311287d573ec6c1066d7d4eb252557b7d9d1a01e39
SHA512

dfad03fb900d8c2ab1f9c76686cfadc2566520d1b629eb5abdcee6989762c5a5f31e872064115415e0a0323b0ac5632b52c2da41ae246badfa9595f60d3c6525
SSDEEP

196608:OsedPkHASvoAXzDo1+wtZEyapVEUfnwkL+8zkkmF8jj:O5OvvZXfmjvUfLzkmX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
beec13112f43934c332363311287d573ec6c1066d7d4eb252557b7d9d1a01e39

Files

beec13112f43934c332363311287d573ec6c1066d7d4eb252557b7d9d1a01e39
.dll windows:6 windows x86 arch:x86

3c18fbe72640dd92c7351792302a79d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\landun\pinyin_agent\workspace\p-f93f0d74ed8a49278e11882bf2562c5a\src\bin\Release_Win32\SogouPy.pdb

Imports

kernel32

OpenMutexW
CreateFileMappingW
CreateThread
ReleaseMutex
WaitForSingleObject
GetProcAddress
DecodePointer
WaitNamedPipeW
GetSystemTimeAsFileTime
CreateFileW
WriteFile
SetNamedPipeHandleState
ReadFile
GetACP
MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
GlobalUnlock
TlsGetValue
DeleteCriticalSection
InitializeCriticalSectionEx
SetThreadPriority
GetCurrentThread
QueryPerformanceFrequency
LCMapStringW
QueryPerformanceCounter
GetTickCount64
CreateEventW
OutputDebugStringW
OpenWaitableTimerW
SetWaitableTimer
CreateWaitableTimerW
GetLocalTime
SetEvent
OpenThread
ReleaseSemaphore
CreateSemaphoreW
LoadLibraryW
FreeLibrary
DeleteFileW
GlobalLock
GlobalFree
GlobalAlloc
InitializeCriticalSection
LeaveCriticalSection
GetCommandLineW
EnterCriticalSection
TlsSetValue
GetModuleFileNameA
GlobalAddAtomW
GlobalGetAtomNameW
OpenEventW
DebugBreak
GetTickCount
ResumeThread
VirtualFreeEx
GetModuleHandleW
GetCurrentProcessId
ReadProcessMemory
VirtualAllocEx
CloseHandle
OpenProcess
GetCurrentThreadId
GetCurrentProcess
HeapWalk
DuplicateHandle
HeapValidate
GetProcessHeaps
SetFileAttributesW
VirtualQuery
GetSystemWow64DirectoryW
SetLastError
GetCurrentDirectoryW
GetSystemInfo
LocalFree
LocalAlloc
CreateMutexW
GetStartupInfoW
MoveFileExW
CopyFileW
GetSystemTime
SetFilePointer
GetTempFileNameW
GetFileSize
GetFileAttributesW
GetDiskFreeSpaceExW
FlushFileBuffers
FindNextFileW
FindFirstFileW
FindClose
GetModuleHandleA
GlobalHandle
LoadLibraryA
ReadConsoleA
SetConsoleMode
ConvertFiberToThread
DeleteFiber
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
HeapSize
SetConsoleCtrlHandler
GetStdHandle
EnumSystemLocalesW
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryW
GetTempPathW
GetLastError
Sleep
WideCharToMultiByte
MultiByteToWideChar
SwitchToThread
RaiseException
VirtualProtect
LoadLibraryExA
ExitThread
FormatMessageW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
QueryDosDeviceW
RemoveDirectoryW
GetLogicalDriveStringsW
FileTimeToSystemTime
CreateDirectoryW
GetProcessId
GetFileAttributesExW
CreateProcessW
GetFileTime
GetExitCodeProcess
lstrlenW
TlsAlloc
TlsFree
SizeofResource
LockResource
LoadResource
FindResourceW
HeapFree
GetFullPathNameW
lstrlenA
HeapAlloc
GetProcessHeap
LoadLibraryExW
GetVersionExW
GetWindowsDirectoryW
VirtualFree
VirtualAlloc
TerminateProcess
IsProcessorFeaturePresent
PeekNamedPipe
ExpandEnvironmentStringsW
WaitForSingleObjectEx
GetQueuedCompletionStatus
TransactNamedPipe
CreateIoCompletionPort
OutputDebugStringA
MulDiv
ReleaseSRWLockExclusive
FindFirstFileExW
IsDebuggerPresent
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
SystemTimeToTzSpecificLocalTime
GetFileSizeEx
SetEndOfFile
GetFileInformationByHandle
SetFilePointerEx
SetEnvironmentVariableW
GetEnvironmentVariableW
GetNativeSystemInfo
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
ResetEvent
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
SleepConditionVariableSRW
lstrcatW
lstrcpyW
GlobalReAlloc
GetWindowsDirectoryA
CreateFileA
CreateFileMappingA
OpenFileMappingA
InitializeSRWLock
GetExitCodeThread
InitOnceBeginInitialize
InitOnceComplete
GetStringTypeW
GetLocaleInfoEx
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
UnhandledExceptionFilter
InitializeSListHead
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetDriveTypeW
GetFileType
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetTimeZoneInformation
SetStdHandle
HeapReAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
GetModuleFileNameW

user32

GetWindowTextW
GetWindowThreadProcessId
GetWindowLongW
GetDesktopWindow
GetTopWindow
GetGUIThreadInfo
SetRectEmpty
ReleaseDC
IsIconic
SetClipboardData
EmptyClipboard
CloseClipboard
GetMonitorInfoW
OpenClipboard
MonitorFromWindow
SetWindowPos
GetDC
MonitorFromPoint
CharNextW
LoadStringW
WindowFromPoint
wsprintfW
MsgWaitForMultipleObjectsEx
SetPropW
ReplyMessage
LoadCursorW
RegisterClassW
GetClassInfoW
RemovePropW
CreateWindowExW
DefWindowProcW
EnableWindow
EndPaint
BeginPaint
ReleaseCapture
AppendMenuW
GetClientRect
SetCursor
SetCapture
IsWindowEnabled
TrackMouseEvent
SetMenuItemInfoW
TrackPopupMenu
GetWindowPlacement
RegisterClassExW
CreatePopupMenu
ScreenToClient
InsertMenuItemW
CallWindowProcW
DrawTextW
UpdateLayeredWindow
IntersectRect
SubtractRect
SetCaretPos
wvsprintfW
FillRect
OffsetRect
DestroyIcon
GetKeyboardLayoutList
GetProcessWindowStation
GetUserObjectInformationW
GetClassLongW
RedrawWindow
SetClassLongW
GetCursor
SetWindowRgn
SetCursorPos
InflateRect
CopyRect
DialogBoxParamW
CreateDialogParamW
GetClassInfoExW
SetScrollInfo
EqualRect
IsRectEmpty
DrawIconEx
PostQuitMessage
IsWindowVisible
GetKeyState
SendInput
GetAncestor
SetWindowsHookExW
UnhookWindowsHookEx
GetForegroundWindow
GetAsyncKeyState
GetSystemMetrics
CallNextHookEx
UnhookWinEvent
RegisterWindowMessageW
GetParent
SetWinEventHook
SetRect
GetClassNameW
FindWindowW
IsWindow
NotifyWinEvent
GetMenuItemID
SendMessageW
mouse_event
GetWindowRect
GetWindow
keybd_event
LoadImageW
SystemParametersInfoW
EndDialog
LoadIconW
SetForegroundWindow
FindWindowExW
GetCaretPos
GetPropW
ClientToScreen
PtInRect
SendMessageTimeoutW
EnumWindows
DispatchMessageW
TranslateMessage
DestroyMenu
GetCursorPos
UnregisterClassW
GetMessageW
SetTimer
PeekMessageW
PostThreadMessageW
MessageBoxW
GetKeyboardState
SetWindowLongW
UnregisterHotKey
RegisterHotKey
KillTimer
DestroyWindow
InvalidateRect
ShowWindow
MoveWindow
GetMessageExtraInfo
PostMessageW
GetFocus
GetWindowTextLengthW

gdi32

GetTextExtentExPointW
GetDeviceCaps
StretchBlt
BitBlt
CreateDCW
SetTextCharacterExtra
SetBkMode
SetTextColor
CreateFontIndirectW
GetFontData
GetTextMetricsW
GetTextExtentPointW
CreateSolidBrush
MoveToEx
LineTo
GetStockObject
SelectClipRgn
CreatePen
CreateRectRgn
GetClipRgn
SelectObject
CreateDIBSection
CreateCompatibleDC
GetPixel
DeleteDC
GetObjectW
DeleteObject
SetBkColor
GetFontUnicodeRanges
CreateCompatibleBitmap
Rectangle
CombineRgn
OffsetRgn
ExtCreateRegion
GetCharABCWidthsFloatW
GetTextExtentPoint32W
StretchDIBits
SetMapMode
CreateFontW

advapi32

CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
SetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorSacl
GetLengthSid
AddAccessAllowedAceEx
EqualSid
AllocateAndInitializeSid
OpenProcessToken
FreeSid
GetTokenInformation
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
LookupAccountSidW
RegOpenKeyW
RegDeleteKeyW
RegEnumValueW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyW
CryptReleaseContext
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptSetKeyParam
CryptDecrypt
CryptAcquireContextW
RegisterEventSourceW
RegQueryValueW
DeregisterEventSource
CryptEnumProvidersW

imm32

ImmUnlockIMC
ImmAssociateContextEx
ImmUnlockIMCC
ImmDisableIME
ImmLockIMC
ImmLockIMCC
ImmGetHotKey
ImmNotifyIME
ImmGetIMCCSize
ImmReSizeIMCC
ImmGenerateMessage
ImmCreateIMCC

shlwapi

PathMatchSpecW

msimg32

TransparentBlt
AlphaBlend
GradientFill

ws2_32

closesocket
WSASetLastError
WSAGetLastError
recv
send
WSACleanup

oleacc

LresultFromObject
AccessibleObjectFromPoint
AccessibleObjectFromEvent
AccessibleObjectFromWindow

winhttp

WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpWriteData
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpQueryOption
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpConnect
WinHttpOpen

winmm

timeGetTime

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

bcrypt

BCryptGenRandom

Exports

Exports

GetHandleVerifier
ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeExtension
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME
NotifyIMEComMsg

Sections

.text
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 253KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 633KB - Virtual size: 633KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 378KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c18fbe72640dd92c7351792302a79d2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

imm32

shlwapi

msimg32

ws2_32

oleacc

winhttp

winmm

crypt32

bcrypt

Exports

Exports

Sections

.text Size: 7.6MB - Virtual size: 7.6MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 253KB - Virtual size: 464KB

.rsrc Size: 633KB - Virtual size: 633KB

.reloc Size: 378KB - Virtual size: 378KB

.text
Size: 7.6MB - Virtual size: 7.6MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 253KB - Virtual size: 464KB

.rsrc
Size: 633KB - Virtual size: 633KB

.reloc
Size: 378KB - Virtual size: 378KB