d3d59cfe505d36a329295c1886cbff9faacc6c6d1d5911b5c6f143ea04026ed9

Sharing

Copy URL

Twitter E-mail

General

Target

d3d59cfe505d36a329295c1886cbff9faacc6c6d1d5911b5c6f143ea04026ed9
Size

605KB
MD5

bb0674f0527fa3b95287bb07a7373500
SHA1

dd80f0ab407f68ee2a4885b3100484ed3c3afb08
SHA256

d3d59cfe505d36a329295c1886cbff9faacc6c6d1d5911b5c6f143ea04026ed9
SHA512

8ff75de19a714d973b3c280961698737d1a4cc6c116c90efe963216d655b44350cef427ce0f697dfcb2174f7537bcc5cbe698926a6b603b841c1b348bb1aaaf3
SSDEEP

12288:wgGuQz/VfGIP2MSAeDKAZUIupDIJ1BfJJsxWTLdJ0uK:EVP/SAcZapDIJvfJJsxWTvBK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3d59cfe505d36a329295c1886cbff9faacc6c6d1d5911b5c6f143ea04026ed9

Files

d3d59cfe505d36a329295c1886cbff9faacc6c6d1d5911b5c6f143ea04026ed9
.exe windows:5 windows x86 arch:x86

932d8c68c0b372b6d4c84c9c51000392

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\baidu\netdisk\pc-yunbrowser\output\BaiduNetdiskHost.pdb

Imports

bull140u

?AssertOut@BULL@@YAJPB_WH_N0@Z
?XLogV@BULL@@YAXIPB_W0PAD@Z
?MultiByteToWideChar@BULL@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@IPBD@Z
?GetLogController@BULL@@YAJPAPAUILogController@1@@Z
?EnableNamedObject@BULL@@YAJPA_WABU_GUID@@@Z
?CreateObjectNative@BULL@@YAJABU_GUID@@0PAPAX@Z
?WideCharToMultiByte@BULL@@YA?AV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@IPB_W@Z

kernel32

SetUnhandledExceptionFilter
GetCurrentThreadId
GetEnvironmentVariableW
GetVersionExW
GetCurrentProcessId
CreateToolhelp32Snapshot
Thread32First
OpenThread
SuspendThread
CloseHandle
Thread32Next
GetThreadContext
CreateProcessW
WaitForSingleObject
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LoadLibraryW
GetProcAddress
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
RaiseException
DecodePointer
InitializeCriticalSectionAndSpinCount
SetLastError
MultiByteToWideChar
GetTempPathW
SetErrorMode
Sleep
SetEvent
ResetEvent
CreateEventW
WaitForMultipleObjects
QueryPerformanceCounter
GetSystemTimeAsFileTime
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetModuleHandleW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
OpenProcess
CreateMutexW
AllocConsole
GetStdHandle
GetConsoleScreenBufferInfo
FreeConsole
SetConsoleTextAttribute
WriteConsoleW
OutputDebugStringW
GetSystemTime
GetModuleFileNameW
GetPrivateProfileIntW
WideCharToMultiByte
DeleteFileW
CreateFileW
GetFileSize
ReadFile
CreateDirectoryW
WriteFile
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentProcess
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
IsDebuggerPresent
VirtualProtect
WaitForSingleObjectEx
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
DuplicateHandle
ConnectNamedPipe
CreateNamedPipeW
RegisterWaitForSingleObject
UnregisterWaitEx
CancelIo
GetNamedPipeInfo
CreateThread

user32

CallWindowProcW
CreateWindowExW
DefWindowProcW
PostMessageW
IsWindow
GetClassInfoExW
RegisterClassExW
PeekMessageW
TranslateMessage
DispatchMessageW
WaitMessage
PostQuitMessage
CallMsgFilterW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
LoadCursorW
UnregisterClassW
GetWindowLongW
SetWindowLongW
DestroyWindow

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHGetFolderPathW
CommandLineToArgvW

ole32

StringFromCLSID
CoCreateGuid
CoCreateInstance

oleaut32

SysStringByteLen
SysStringLen
SysAllocStringByteLen
SysAllocStringLen
VarBstrCmp
VariantInit
VariantClear
SysAllocString
SysFreeString

msvcp140

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod

wininet

InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetSetOptionA
InternetOpenA

vcruntime140

_except_handler4_common
__std_exception_copy
__std_exception_destroy
__RTDynamicCast
__vcrt_InitializeCriticalSectionEx
strstr
memchr
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
_purecall
wcsstr
wcsrchr
memmove
__std_terminate
wcschr

api-ms-win-crt-string-l1-1-0

wcsnlen
isspace
strcpy_s
_wcslwr_s
_wcsicmp
wcsncpy_s
wcscpy_s
strnlen
wmemcpy_s

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_set_app_type
_cexit
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
exit
_exit
terminate
_c_exit
_register_thread_local_exe_atexit_callback
_crt_atexit
_beginthreadex
_register_onexit_function
_controlfp_s
_invalid_parameter_noinfo_noreturn
_initterm_e
_initialize_onexit_table
_invalid_parameter_noinfo
_errno

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vswprintf_s
__stdio_common_vswprintf
__p__commode
_set_fmode
fflush
__stdio_common_vfwprintf
fclose
_wfsopen
__stdio_common_vsprintf_p
__stdio_common_vsnwprintf_s

api-ms-win-crt-convert-l1-1-0

atoi
_wtoi64
_wtoi

api-ms-win-crt-heap-l1-1-0

malloc
realloc
_set_new_mode
_callnewh
_recalloc
free

api-ms-win-crt-math-l1-1-0

_except1
ceil
__setusermatherr

api-ms-win-crt-time-l1-1-0

_localtime64_s
wcsftime
_time64

api-ms-win-crt-filesystem-l1-1-0

_waccess

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-utility-l1-1-0

rand_s

Sections

.text
Size: 254KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

932d8c68c0b372b6d4c84c9c51000392

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bull140u

kernel32

user32

shell32

ole32

oleaut32

msvcp140

winmm

wininet

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 254KB - Virtual size: 253KB

.rdata Size: 71KB - Virtual size: 70KB

.data Size: 6KB - Virtual size: 10KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 88B

.rsrc Size: 164KB - Virtual size: 164KB

.reloc Size: 88KB - Virtual size: 88KB

.text
Size: 254KB - Virtual size: 253KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 6KB - Virtual size: 10KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 88B

.rsrc
Size: 164KB - Virtual size: 164KB

.reloc
Size: 88KB - Virtual size: 88KB