269ee7850309df134daf8af0caa4a087ffd5e8eacd8be9c179fc6cf6d2046bfa

Sharing

Copy URL Twitter E-mail

General

Target

269ee7850309df134daf8af0caa4a087ffd5e8eacd8be9c179fc6cf6d2046bfa
Size

2.1MB
MD5

ad5768855df78ca3fbc6ededeb9fe4f0
SHA1

8f9cdb131885ac0d9b4498b3eb6667152e850c6a
SHA256

269ee7850309df134daf8af0caa4a087ffd5e8eacd8be9c179fc6cf6d2046bfa
SHA512

7b347b109d80b85ac3e16b6c54c19192a2dcf7e2e263d2d5504abd225159900cf86e62f5cf52f59eb07c3dffc62112d3c85cd3bdc9d6e9e9724dad9c383fbac8
SSDEEP

49152:op+pj0rrw3WIVYeQ1kVwTo2ZB1JTk+bE2SEYTFVXO:oFrw3xVYeQ1sF2foEY6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
269ee7850309df134daf8af0caa4a087ffd5e8eacd8be9c179fc6cf6d2046bfa

Files

269ee7850309df134daf8af0caa4a087ffd5e8eacd8be9c179fc6cf6d2046bfa
.exe windows:5 windows x86 arch:x86

a4d59f23855c920b4b4effe1446c979e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\baidu\netdisk\pc-yunbrowser\output\AutoUpdate\output\pdb\Autoupdate.pdb

Imports

kernel32

ReleaseMutex
CreateMutexW
GetCurrentProcessId
GetPrivateProfileIntW
InitializeCriticalSection
WriteConsoleW
SetConsoleTextAttribute
FreeConsole
GetConsoleScreenBufferInfo
GetStdHandle
AllocConsole
OutputDebugStringW
EncodePointer
SetEndOfFile
SetFilePointer
SetConsoleCtrlHandler
ReadDirectoryChangesW
Module32FirstW
Module32NextW
FileTimeToSystemTime
FlushFileBuffers
GetFileInformationByHandle
GetLogicalDrives
GetVolumeInformationW
DuplicateHandle
GetExitCodeThread
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
RemoveDirectoryW
GetTempFileNameW
SetFilePointerEx
SetFileTime
VerifyVersionInfoW
GetTempPathW
SetThreadPriority
TerminateThread
WaitForMultipleObjects
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LoadLibraryA
GetCurrentProcess
FindClose
FindNextFileW
FindFirstFileW
OpenEventW
ResetEvent
ExitProcess
GetCommandLineW
OpenProcess
DecodePointer
LoadLibraryExW
lstrcmpiW
GetPrivateProfileSectionW
GetSystemTime
SystemTimeToFileTime
WritePrivateProfileStringW
MoveFileW
SetEvent
CreateEventW
GetVersionExW
CopyFileW
MoveFileExW
FormatMessageW
LocalFree
Sleep
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetPrivateProfileStringW
GetModuleHandleW
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryW
WriteFile
CreateDirectoryW
ReadFile
GetFileSize
CreateFileW
WideCharToMultiByte
WaitForSingleObject
DeleteFileW
CloseHandle
MultiByteToWideChar
SetLastError
RaiseException
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindNextFileA
FindFirstFileExA
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
GetConsoleCP
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
GetModuleFileNameA
GetACP
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetFileAttributesExW
RtlUnwind
GetModuleHandleA
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrlenW
FreeResource
HeapCreate
FlushConsoleInputBuffer
GlobalMemoryStatus
GetFileType
HeapSize
VerSetConditionMask
HeapDestroy
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
IsDebuggerPresent
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead

user32

CharLowerBuffW
PostThreadMessageW
MessageBoxW
PostMessageW
GetMessageW
MoveWindow
GetMenuItemInfoW
CharNextW
DispatchMessageW
TranslateMessage
PeekMessageW
SetForegroundWindow
SetWindowTextW
CallWindowProcW
GetWindowLongW
SetWindowLongW
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
DestroyWindow
IsWindow
KillTimer
SetTimer
DefWindowProcW
ShowWindow
SendMessageW
LoadIconW
PostQuitMessage
TrackPopupMenu
AppendMenuW
GetProcessWindowStation
GetUserObjectInformationW
GetDesktopWindow
GetDlgItem
GetParent
TrackMouseEvent
AnimateWindow
UpdateLayeredWindow
PrintWindow
SetLayeredWindowAttributes
SetWindowPos
IsWindowVisible
IsIconic
IsZoomed
SetFocus
GetActiveWindow
SetCapture
ReleaseCapture
EnableWindow
IsWindowEnabled
EndMenu
UpdateWindow
SetActiveWindow
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
GetClientRect
GetWindowRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
SetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
CopyRect
InflateRect
IntersectRect
IsRectEmpty
EnumChildWindows
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetKeyState
SetCursor
PtInRect
EqualRect
LoadBitmapW
LoadImageW
DrawTextW
OffsetRect
DestroyIcon
DrawIconEx
FillRect
SetRect
GetSystemMetrics
MapVirtualKeyA
EnableMenuItem
GetSysColor
UnionRect
SetRectEmpty
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
MessageBeep
CreatePopupMenu
DestroyMenu

gdi32

SetViewportOrgEx
ExtTextOutW
SetTextColor
StretchBlt
SetBkMode
SetBkColor
SelectClipRgn
GetRgnBox
GetCurrentObject
CreateRectRgnIndirect
CombineRgn
GetObjectW
SelectObject
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
DeleteObject
DeleteDC
CreatePen
CreateRectRgn
ExcludeClipRect
GetClipRgn
RectInRegion
Rectangle
RestoreDC
SaveDC
ExtSelectClipRgn
OffsetViewportOrgEx
GetTextExtentPointW
GetTextExtentPoint32W
CreateFontIndirectW
GetObjectA
CreateSolidBrush
GetViewportOrgEx
LineTo
RoundRect
CreateDIBSection
ExtCreatePen
MoveToEx
BitBlt
GetClipBox
GetTextColor
GetTextMetricsW
CreateBitmap
CreateDIBitmap
TextOutW

advapi32

RegQueryInfoKeyW
RegisterEventSourceW
DeregisterEventSource
RegDeleteKeyW
RegCloseKey
ReportEventW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
OpenProcessToken
DuplicateTokenEx
GetTokenInformation
CreateWellKnownSid
CheckTokenMembership
RegOpenKeyExA
RegQueryValueExA
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateProcessAsUserW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW
ord680

ole32

CoCreateInstance
CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoTaskMemRealloc
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal
CreateBindCtx
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CLSIDFromString
CoLoadLibrary
StringFromGUID2
StgCreateStorageEx
StgOpenStorageEx

oleaut32

GetErrorInfo
SysAllocString
VariantClear
SysStringLen
VarBstrCmp
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
VariantInit
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VariantCopy
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
VarCmp
SysFreeString

shlwapi

StrToIntExA
StrToIntW

wininet

HttpSendRequestW
InternetOpenA
InternetSetOptionA
HttpQueryInfoW
HttpEndRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetSetStatusCallbackW
InternetSetOptionW
InternetQueryOptionA
InternetReadFileExA
InternetConnectW
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
HttpQueryInfoA

setupapi

SetupIterateCabinetW

imm32

ImmGetContext
ImmReleaseContext

gdiplus

GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipCloneImage
GdipSetImageAttributesWrapMode
GdipCreateFromHDC
GdipFillRectangleI
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipLoadImageFromFileICM
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneBrush
GdipDeleteBrush
GdipCreateTexture2I
GdipLoadImageFromStream
GdipLoadImageFromFile
GdipLoadImageFromStreamICM

msimg32

GradientFill
AlphaBlend

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 542KB - Virtual size: 542KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 46KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 154KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a4d59f23855c920b4b4effe1446c979e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

setupapi

imm32

gdiplus

msimg32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 542KB - Virtual size: 542KB

.data Size: 46KB - Virtual size: 124KB

.gfids Size: 1024B - Virtual size: 564B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 69KB - Virtual size: 69KB

.reloc Size: 154KB - Virtual size: 156KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 542KB - Virtual size: 542KB

.data
Size: 46KB - Virtual size: 124KB

.gfids
Size: 1024B - Virtual size: 564B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 69KB - Virtual size: 69KB

.reloc
Size: 154KB - Virtual size: 156KB