169f1eb012483ff1d5482bf466180c29515367432be56687ab527c86f407ccbc

Sharing

Copy URL

Twitter E-mail

General

Target

169f1eb012483ff1d5482bf466180c29515367432be56687ab527c86f407ccbc
Size

2.5MB
MD5

11821cba195ecd9696ebfd2c285334ae
SHA1

3716925bbac520630eda16f354b6e1c2b7fa1225
SHA256

169f1eb012483ff1d5482bf466180c29515367432be56687ab527c86f407ccbc
SHA512

ccd5ab87772a47255ff1e1ae9b8897c5ccc0a59af2bed7aecafce08ac9d7678ed89f84868ff20263a2339560ca30471632f712d77fba730beb62fcfce160fabb
SSDEEP

49152:IGXECusynR6eB4055lsgvsmpg0YfbKJ5cd2D4StFqaqwfMN0k9:IGXVuAeDXy5mpg0YfbKJ502D4StFqC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
169f1eb012483ff1d5482bf466180c29515367432be56687ab527c86f407ccbc

Files

169f1eb012483ff1d5482bf466180c29515367432be56687ab527c86f407ccbc
.exe windows:5 windows x86 arch:x86

ce04a5fcaa107738b9c30e8b50c2bbde

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\ads\code\fs\FeisuTruck\MFC\src\Helper_ADS\Release\FreedomWeb.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
HttpAddRequestHeadersW
GetUrlCacheEntryInfoW
DeleteUrlCacheEntryW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetSetOptionW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetOpenUrlW
InternetCanonicalizeUrlW
InternetCrackUrlW
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW

kernel32

GetACP
ExitProcess
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
GetCommandLineW
GetCommandLineA
IsDebuggerPresent
FreeLibraryAndExitThread
RtlUnwind
OutputDebugStringW
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
WriteConsoleW
SetEnvironmentVariableA
GetWindowsDirectoryW
GetProfileIntW
SearchPathW
FindResourceExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WaitForSingleObjectEx
GetCPInfo
GetStringTypeW
LCMapStringW
GetModuleHandleExW
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetConsoleCP
GetTimeZoneInformation
ReadConsoleW
GetConsoleMode
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
GetSystemDirectoryW
WaitForSingleObject
HeapFree
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
GetStartupInfoW
ReadFile
SizeofResource
GetCurrentProcess
LockResource
GlobalAlloc
GlobalFree
CloseHandle
LoadLibraryW
LoadResource
FindResourceW
SetErrorMode
GetFileTime
GetFileSizeEx
GetFileAttributesExW
VerifyVersionInfoW
lstrcpyW
VerSetConditionMask
GetCurrentDirectoryW
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalGetAtomNameW
lstrcmpiW
DuplicateHandle
UnlockFile
GetProcAddress
GetTickCount
SetFilePointer
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FileTimeToLocalFileTime
GetPrivateProfileIntW
SetThreadPriority
CompareStringA
GetCurrentThread
GetThreadLocale
GetCurrentProcessId
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleA
EncodePointer
OutputDebugStringA
lstrcmpA
SetLastError
FormatMessageW
GlobalSize
MulDiv
CreateSemaphoreW
ReleaseSemaphore
TerminateProcess
ResumeThread
GetCurrentThreadId
ExitThread
WaitForMultipleObjects
GetSystemTimeAsFileTime
CopyFileW
GetVersionExW
GetFileAttributesW
FindClose
WritePrivateProfileStringW
FindFirstFileW
InitializeCriticalSection
WriteFile
CreateFileW
DeleteFileW
GetLocalTime
CreateMutexW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
lstrcmpW
ReleaseMutex
FreeLibrary
InterlockedIncrement
IsBadWritePtr
GetTempFileNameW
GetTempPathW
GetPrivateProfileStringW
GetModuleFileNameW
CreateThread
CreateEventW
Sleep
ResetEvent
SetEvent
FreeResource
GlobalLock
LocalFree
LocalAlloc
GlobalUnlock
GetModuleHandleW

user32

UnionRect
GetKeyNameTextW
GetNextDlgGroupItem
SetClassLongW
LockWindowUpdate
EnumChildWindows
MapVirtualKeyW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
PostThreadMessageW
ModifyMenuW
NotifyWinEvent
SetWindowRgn
GetSystemMenu
TrackMouseEvent
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
MonitorFromPoint
SetParent
ReuseDDElParam
UnpackDDElParam
LoadImageW
DestroyIcon
InsertMenuItemW
CreatePopupMenu
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
WindowFromPoint
WaitMessage
IsRectEmpty
SetRect
CopyAcceleratorTableW
GetAsyncKeyState
RealChildWindowFromPoint
SendDlgItemMessageA
CopyImage
InflateRect
GetMenuItemInfoW
DestroyMenu
GetSysColorBrush
CharUpperW
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
ShowOwnedPopups
GetActiveWindow
TranslateMessage
GetMessageW
RegisterClipboardFormatW
MapDialogRect
SetWindowContextHelpId
MessageBeep
IsZoomed
PostQuitMessage
CharNextW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
ClientToScreen
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
GetMonitorInfoW
IsMenu
IsChild
DrawEdge
GetWindowPlacement
DrawFrameControl
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
EqualRect
GetSysColor
MapWindowPoints
MessageBoxW
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
DrawFocusRect
SetCursorPos
CharUpperBuffW
EnableScrollBar
GetMenuDefaultItem
SetMenuDefaultItem
CopyIcon
FrameRect
IsClipboardFormatAvailable
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
ValidateRect
SetForegroundWindow
GetForegroundWindow
IsCharLowerW
MapVirtualKeyExW
SubtractRect
GetUpdateRect
GetIconInfo
HideCaret
InvertRect
GetDoubleClickTime
CreateMenu
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgItem
GetDlgCtrlID
GetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
UpdateWindow
DestroyCursor
GetComboBoxInfo
GetWindowRgn
UnregisterClassW
LoadCursorW
PostMessageW
GetClientRect
GetWindowLongW
SetWindowLongW
KillTimer
IsWindowVisible
SetWindowPos
SetTimer
CallWindowProcW
EnableWindow
GetWindowRect
GetDC
UpdateLayeredWindow
ReleaseDC
LoadMenuW
GetSubMenu
SetMenuItemInfoW
DeleteMenu
TrackPopupMenu
SendMessageW
LoadIconW
GetDesktopWindow
SystemParametersInfoW
IsIconic
GetSystemMetrics
DrawIcon
CloseWindow
GetCursorPos
ScreenToClient
PtInRect
InvalidateRect
GetParent
wsprintfW
IsWindow
GetWindowThreadProcessId
SetRectEmpty
SetCursor
CopyRect
ReleaseCapture
SetCapture
SetFocus
DefWindowProcW
EndPaint
BeginPaint
DrawIconEx
IntersectRect
CreateAcceleratorTableW
MoveWindow
DestroyAcceleratorTable
SetActiveWindow
RedrawWindow
OffsetRect
InvalidateRgn
ShowWindow
CreateWindowExW
FillRect
DestroyWindow
GetMenuStringW
GetMenuState
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
RegisterWindowMessageW
DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
RegisterClassW
GetClassInfoW
GetClassInfoExW

gdi32

ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetBkColor
GetTextColor
CreateFontIndirectW
GetTextExtentPoint32W
CombineRgn
CreateRectRgnIndirect
GetMapMode
PatBlt
SetRectRgn
DPtoLP
GetRgnBox
CreateDIBitmap
EnumFontFamiliesW
SelectClipRgn
GetTextMetricsW
GetDIBits
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
CreateRoundRectRgn
OffsetRgn
EnumFontFamiliesExW
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
Rectangle
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
LPtoDP
RoundRect
ExtFloodFill
SetPaletteEntries
GetViewportOrgEx
GetWindowOrgEx
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetTextFaceW
SetPixelV
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateDIBSection
SelectObject
DeleteObject
GetDeviceCaps
CopyMetaFileW
CreateDCW
SetBkColor
SetTextColor
GetObjectW
CreateBitmap
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
GetTextCharsetInfo
Escape

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
GetTokenInformation
ConvertSidToStringSidW
OpenProcessToken
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegOpenKeyExW
RegDeleteKeyW

shell32

ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
DragQueryFileW
DragFinish
SHAppBarMessage
SHGetMalloc
SHBrowseForFolderW
SHGetDesktopFolder
ShellExecuteExW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathStripPathW
PathCombineW
PathFileExistsW
PathRenameExtensionW
PathFindExtensionW
PathFindFileNameW
UrlUnescapeW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW

uxtheme

GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
GetThemeColor
IsAppThemed
GetThemePartSize
CloseThemeData
OpenThemeData
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
DrawThemeParentBackground
DrawThemeText

ole32

CoRevokeClassObject
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
DoDragDrop
OleGetClipboard
CoInitializeEx
OleCreateMenuDescriptor
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
OleDestroyMenuDescriptor
OleTranslateAccelerator
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CLSIDFromProgID
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
OleLockRunning
CLSIDFromString
CoTaskMemFree
CoGetMalloc
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoInitialize
IsAccelerator

oleaut32

VariantChangeType
OleCreateFontIndirect
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VarBstrFromDate
LoadTypeLi
SysAllocStringLen
SysFreeString
SysAllocString
VariantInit
VariantClear

oledlg

OleUIBusyW

gdiplus

GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipSetInterpolationMode
GdiplusShutdown
GdipCreateFromHDC
GdipDeleteGraphics
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipFree
GdipAlloc
GdipCloneImage
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipDisposeImage
GdipDrawImageRectRectI
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdiplusStartup
GdipDrawImageRectI
GdipCreateBitmapFromScan0

iphlpapi

IcmpCloseHandle
IcmpSendEcho
GetAdaptersInfo
IcmpCreateFile
GetAdaptersAddresses

netapi32

Netbios

snmpapi

SnmpUtilOidCpy
SnmpUtilOidNCmp
SnmpUtilVarBindFree

ws2_32

select
send
socket
gethostbyname
recv
htons
WSAGetLastError
WSAStartup
closesocket
inet_ntoa
inet_addr
WSACleanup
connect
__WSAFDIsSet

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 420KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce04a5fcaa107738b9c30e8b50c2bbde

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

wininet

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

iphlpapi

netapi32

snmpapi

ws2_32

oleacc

imm32

winmm

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 420KB - Virtual size: 419KB

.data Size: 24KB - Virtual size: 50KB

.gfids Size: 107KB - Virtual size: 106KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 187KB - Virtual size: 186KB

.reloc Size: 130KB - Virtual size: 130KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 420KB - Virtual size: 419KB

.data
Size: 24KB - Virtual size: 50KB

.gfids
Size: 107KB - Virtual size: 106KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 187KB - Virtual size: 186KB

.reloc
Size: 130KB - Virtual size: 130KB