0ee1ec33d15dcf826906dd8b567ad573ead4698ed46042b3424fe90733d627d7

Sharing

Copy URL Twitter E-mail

General

Target

0ee1ec33d15dcf826906dd8b567ad573ead4698ed46042b3424fe90733d627d7
Size

2.8MB
MD5

27c455637c6c822eb5395c212f56be12
SHA1

eae6b3c73f77d31f06c1bfa8b69e18883df20190
SHA256

0ee1ec33d15dcf826906dd8b567ad573ead4698ed46042b3424fe90733d627d7
SHA512

435ec3b4ebca849df92aa3ead6fbf21faba1a1e264bcb05bcac46ff314d52fa9cc0d50d26b246a38b6892d2747dee01a66408f5bec616b6bc65c3c08a611929e
SSDEEP

49152:GphCOnxp++yU90TIOoEj72K0mBKo3fTXUcP4Cqz6qtkgq7RYyJdU:GqOa+ymi2K0mBp341CqeqIU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ee1ec33d15dcf826906dd8b567ad573ead4698ed46042b3424fe90733d627d7

Files

0ee1ec33d15dcf826906dd8b567ad573ead4698ed46042b3424fe90733d627d7
.exe windows:5 windows x86 arch:x86

31645e9ebeadbd035353def7c3ec43af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\baidu\netdisk\pc-yunbrowser\output\AutoUpdate\output\pdb\Autoupdate.pdb

Imports

kernel32

FlushFileBuffers
GetFileInformationByHandle
GetLogicalDrives
GetVolumeInformationW
DuplicateHandle
GetExitCodeThread
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
RemoveDirectoryW
GetTempFileNameW
SetFilePointerEx
SetFileTime
GetModuleHandleA
GlobalUnlock
GlobalLock
FileTimeToSystemTime
Module32NextW
Module32FirstW
ReadDirectoryChangesW
SetConsoleCtrlHandler
SetFilePointer
lstrlenW
FreeResource
SetEndOfFile
EncodePointer
OutputDebugStringW
AllocConsole
GetStdHandle
GetConsoleScreenBufferInfo
FreeConsole
SetConsoleTextAttribute
WriteConsoleW
InitializeCriticalSection
GetPrivateProfileIntW
GetCurrentProcessId
CreateMutexW
ReleaseMutex
VerSetConditionMask
VerifyVersionInfoW
GetTempPathW
SetThreadPriority
TerminateThread
WaitForMultipleObjects
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LoadLibraryA
GetCurrentProcess
FindClose
FindNextFileW
FindFirstFileW
OpenEventW
ResetEvent
ExitProcess
HeapDestroy
GetCommandLineW
OpenProcess
DecodePointer
LoadLibraryExW
lstrcmpiW
GetPrivateProfileSectionW
GetSystemTime
SystemTimeToFileTime
WritePrivateProfileStringW
MoveFileW
SetEvent
CreateEventW
GetVersionExW
CopyFileW
MoveFileExW
FormatMessageW
LocalFree
Sleep
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetPrivateProfileStringW
GetModuleHandleW
GetTickCount
FreeLibrary
GetProcAddress
MulDiv
HeapCreate
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
GetEnvironmentVariableW
ConvertFiberToThread
DeleteFiber
GetFileType
GetModuleHandleExW
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryW
WriteFile
CreateDirectoryW
ReadFile
GetFileSize
CreateFileW
WideCharToMultiByte
WaitForSingleObject
DeleteFileW
CloseHandle
MultiByteToWideChar
SetLastError
RaiseException
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindNextFileA
FindFirstFileExA
GetOEMCP
HeapReAlloc
HeapSize
GlobalAlloc
IsValidCodePage
GetTimeZoneInformation
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetModuleFileNameA
GetACP
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
WaitForSingleObjectEx
CreateThread
GetFileAttributesExW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
IsDebuggerPresent
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlUnwind

user32

CharLowerBuffW
PostThreadMessageW
MessageBoxW
PostMessageW
PostQuitMessage
GetMessageW
CharNextW
DispatchMessageW
TranslateMessage
PeekMessageW
SetForegroundWindow
ShowWindow
GetProcessWindowStation
GetUserObjectInformationW
GetDlgItem
GetParent
TrackMouseEvent
AnimateWindow
UpdateLayeredWindow
PrintWindow
SetLayeredWindowAttributes
MoveWindow
SetWindowPos
IsWindowVisible
IsIconic
IsZoomed
SetFocus
GetActiveWindow
SetCapture
ReleaseCapture
EnableWindow
IsWindowEnabled
GetSystemMetrics
EndMenu
UpdateWindow
SetActiveWindow
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
SendMessageW
GetWindowRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
SetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
CopyRect
InflateRect
IntersectRect
IsRectEmpty
GetDesktopWindow
EnumChildWindows
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetKeyState
SetCursor
PtInRect
EqualRect
LoadBitmapW
LoadImageW
DrawTextW
OffsetRect
DestroyIcon
DrawIconEx
FillRect
SetRect
MapVirtualKeyA
EnableMenuItem
GetSysColor
FindWindowExW
UnionRect
SetRectEmpty
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
MessageBeep
CreatePopupMenu
DestroyMenu
LoadIconW
TrackPopupMenu
GetMenuItemInfoW
SetWindowTextW
CallWindowProcW
GetWindowLongW
SetWindowLongW
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
DestroyWindow
IsWindow
KillTimer
SetTimer
DefWindowProcW
GetClientRect
AppendMenuW

gdi32

CreateDIBSection
ExtCreatePen
MoveToEx
TextOutW
GetClipBox
GetTextColor
RoundRect
CreateBitmap
CreateDIBitmap
LineTo
GetViewportOrgEx
CreateSolidBrush
GetObjectA
CreateFontIndirectW
GetDeviceCaps
GetTextExtentPoint32W
GetTextExtentPointW
RemoveFontMemResourceEx
AddFontMemResourceEx
OffsetViewportOrgEx
ExtSelectClipRgn
SaveDC
RestoreDC
Rectangle
RectInRegion
GetStockObject
DeleteObject
DeleteDC
GetObjectType
GetClipRgn
ExcludeClipRect
CreateRectRgn
CreatePen
SetViewportOrgEx
ExtTextOutW
GetObjectW
SetTextColor
StretchBlt
SetBkMode
SetBkColor
SelectObject
SelectClipRgn
GetRgnBox
GetCurrentObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
CombineRgn
GetTextMetricsW

advapi32

CheckTokenMembership
CreateProcessAsUserW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExA
RegOpenKeyExA
CreateWellKnownSid
GetTokenInformation
RegQueryValueExW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
OpenProcessToken
DuplicateTokenEx

shell32

ShellExecuteW
SHGetFolderPathW
ord680
ShellExecuteExW
SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

CreateStreamOnHGlobal
OleLockRunning
CLSIDFromProgID
CoCreateInstance
CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CLSIDFromString
CoLoadLibrary
StringFromGUID2
StgCreateStorageEx
StgOpenStorageEx
CreateBindCtx

oleaut32

SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreate
VariantCopy
VarUI4FromStr
LoadTypeLi
SafeArrayUnlock
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VarBstrCmp
SysStringLen
VariantClear
SysAllocString
SysFreeString
VarCmp
LoadRegTypeLi
GetErrorInfo

shlwapi

StrToIntW
StrToIntExA

wininet

InternetQueryDataAvailable
HttpQueryInfoA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetSetOptionA
InternetOpenA
InternetReadFile
InternetCloseHandle
InternetConnectW
InternetReadFileExA
InternetQueryOptionA
InternetSetOptionW
InternetSetStatusCallbackW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpEndRequestW
HttpQueryInfoW

setupapi

SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupIterateCabinetW
SetupDiGetClassDevsW

bcrypt

BCryptGenRandom

imm32

ImmReleaseContext
ImmGetContext

dwmapi

DwmGetWindowAttribute

gdiplus

GdipLoadImageFromFileICM
GdipLoadImageFromStreamICM
GdipLoadImageFromFile
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesWrapMode
GdipCreateFromHDC
GdipFillRectangleI
GdipCloneImage
GdipLoadImageFromStream
GdipCreateTexture2I
GdipDeleteBrush
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRectI
GdipDisposeImage
GdipCloneBrush
GdipDeleteGraphics

msimg32

GradientFill
AlphaBlend

ws2_32

WSASetLastError
send
recv
WSAGetLastError
WSACleanup
closesocket

crypt32

CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertCloseStore
CertOpenStore

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 764KB - Virtual size: 763KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 46KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 179KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

31645e9ebeadbd035353def7c3ec43af

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

setupapi

bcrypt

imm32

dwmapi

gdiplus

msimg32

ws2_32

crypt32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 764KB - Virtual size: 763KB

.data Size: 46KB - Virtual size: 127KB

.gfids Size: 1024B - Virtual size: 560B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 69KB - Virtual size: 69KB

.reloc Size: 179KB - Virtual size: 180KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 764KB - Virtual size: 763KB

.data
Size: 46KB - Virtual size: 127KB

.gfids
Size: 1024B - Virtual size: 560B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 69KB - Virtual size: 69KB

.reloc
Size: 179KB - Virtual size: 180KB