d5c5609d57eb71853560d2514f232d36fb0eb20d9a6b94a1bc3734a2cfb026bb

Sharing

Copy URL Twitter E-mail

General

Target

d5c5609d57eb71853560d2514f232d36fb0eb20d9a6b94a1bc3734a2cfb026bb
Size

2.3MB
MD5

b5570c7a34067bf999f3acf70b211766
SHA1

be582325aff3b84b61bbef6e02419e6992175d78
SHA256

d5c5609d57eb71853560d2514f232d36fb0eb20d9a6b94a1bc3734a2cfb026bb
SHA512

c6873088e95b978a4a8801d29d971860ee8bc30dc590f6581c872b40a4c1e629bbeaffa3abf93cd99ddf970117b7741a1bcf64bd5bd87f87f498b7be3c002d98
SSDEEP

49152:+dG/73CtAiMovvseUj+VuSjZpbkIH0Dy47JTY+Y7LSkkDRh:+27gAiMov07Mn1pIIHcwZSksRh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5c5609d57eb71853560d2514f232d36fb0eb20d9a6b94a1bc3734a2cfb026bb

Files

d5c5609d57eb71853560d2514f232d36fb0eb20d9a6b94a1bc3734a2cfb026bb
.exe windows:5 windows x86 arch:x86

da7b7ff2b14c64eb58b90a54e7df16c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\project\sogouime\dev_10.1_compskin_modify_dog_big\Bin\SogouPdb\SogouInput\userNetSchedule.pdb

Imports

wininet

InternetOpenW
InternetCloseHandle
HttpQueryInfoW
InternetReadFile
HttpOpenRequestA
InternetWriteFile
InternetCrackUrlA
InternetOpenUrlW
HttpSendRequestExW
InternetConnectA
HttpAddRequestHeadersW
InternetSetOptionW
InternetCanonicalizeUrlW
InternetGetConnectedState
HttpOpenRequestW
InternetQueryOptionW
HttpSendRequestW
InternetConnectW
HttpEndRequestW

kernel32

LoadLibraryA
FormatMessageA
WaitForMultipleObjects
GetSystemDirectoryA
SleepEx
GetModuleHandleW
GetProcAddress
Sleep
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
ReadFile
WriteFile
SetFilePointer
GetTempPathW
CreateFileW
GetFileAttributesW
SetFileAttributesW
GetDiskFreeSpaceExW
CloseHandle
MoveFileExW
GetFileSize
CopyFileW
GetTempFileNameW
GetSystemTime
FlushFileBuffers
GetModuleFileNameW
InterlockedCompareExchange
GetTickCount
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
WaitForSingleObject
LocalAlloc
GetSystemDirectoryW
LoadLibraryW
LocalFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateMutexW
ReleaseMutex
OpenMutexW
InterlockedIncrement
SwitchToThread
GetModuleHandleA
FreeLibrary
SetLastError
GetCurrentProcessId
GetCurrentThreadId
DuplicateHandle
ExitThread
CreateEventW
FormatMessageW
CreateThread
CreateDirectoryW
GetProcessId
GetFileAttributesExW
FileTimeToSystemTime
CreateProcessW
GetExitCodeProcess
GetCommandLineW
RemoveDirectoryW
OpenProcess
InterlockedExchange
OutputDebugStringW
InterlockedExchangeAdd
SetPriorityClass
TlsSetValue
TlsGetValue
OpenEventW
QueryPerformanceCounter
GetVersionExW
SetEvent
VirtualAlloc
TlsAlloc
TlsFree
lstrlenW
InterlockedDecrement
TerminateProcess
lstrcatW
GetLocalTime
lstrcpyW
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
GetACP
WaitNamedPipeW
GetSystemTimeAsFileTime
WaitForSingleObjectEx
GetQueuedCompletionStatus
TransactNamedPipe
CreateIoCompletionPort
SetNamedPipeHandleState
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
EncodePointer
LoadLibraryExW
GetTimeZoneInformation
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
ExitProcess
GetStdHandle
GetStringTypeW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WideCharToMultiByte
ReadConsoleW
GetCPInfo
IsValidCodePage
GetOEMCP
GetConsoleCP
SetFilePointerEx
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
FindFirstFileExW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
SetEndOfFile
MultiByteToWideChar
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
GetCurrentProcess
GetConsoleMode

user32

SetRectEmpty
wvsprintfW
wsprintfW
FindWindowW
GetSystemMetrics
LoadIconW
CreateWindowExW
DestroyWindow
PostMessageW

gdi32

DeleteObject
DeleteDC
CreateCompatibleDC
SelectObject
GetFontData
CreateFontIndirectW

advapi32

GetTokenInformation
LookupAccountSidW
OpenProcessToken
RegSetValueExW
RegOpenKeyW
RegCreateKeyExW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
SetEntriesInAclW
GetLengthSid
SetNamedSecurityInfoW
GetNamedSecurityInfoW
AddAccessAllowedAceEx
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
InitializeAcl
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
CryptAcquireContextW
CryptDecrypt
CryptSetKeyParam
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext

shell32

ShellExecuteExW
SHFileOperationW
Shell_NotifyIconW
SHGetFolderPathW
ShellExecuteW

imm32

ImmDisableIME

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetProcessMemoryInfo

ws2_32

closesocket
WSACleanup
WSAStartup
WSASetLastError
ioctlsocket
sendto
recvfrom
listen
accept
select
gethostname
__WSAFDIsSet
getservbyname
getservbyport
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
htonl
WSAGetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
send
recv

wldap32

ord211
ord46
ord35
ord60
ord50
ord41
ord301
ord200
ord30
ord79
ord143
ord33
ord32
ord27
ord26
ord22

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 678KB - Virtual size: 678KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 33KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 156KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

da7b7ff2b14c64eb58b90a54e7df16c3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

imm32

version

psapi

ws2_32

wldap32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 678KB - Virtual size: 678KB

.data Size: 33KB - Virtual size: 110KB

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 156KB - Virtual size: 160KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 678KB - Virtual size: 678KB

.data
Size: 33KB - Virtual size: 110KB

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 156KB - Virtual size: 160KB