f23fc9c6558c521f0452daf1f676a373875d18ccb1fb44e4df64fa219ce2adaf

Sharing

Copy URL

Twitter E-mail

General

Target

f23fc9c6558c521f0452daf1f676a373875d18ccb1fb44e4df64fa219ce2adaf
Size

3.7MB
MD5

06632755161059be23ac54289124980b
SHA1

f95c7c70094f4410f17e4a2fa8f4b6caac70d57b
SHA256

f23fc9c6558c521f0452daf1f676a373875d18ccb1fb44e4df64fa219ce2adaf
SHA512

82e686fc6a14e4f4dbafed2d00d2dffa2e1d86db2d845c3f065e57f02c51efbdf11914587a428c731f7e433ae78c3c5a862feb54080ee7c79ff9147fa880206c
SSDEEP

49152:xKRg+0cSomtyFR/WWtRuGZjVWu2Eysn/lRsFuE01/ZOesNGE1:xKyhj6k4/lRsUE01/e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f23fc9c6558c521f0452daf1f676a373875d18ccb1fb44e4df64fa219ce2adaf

Files

f23fc9c6558c521f0452daf1f676a373875d18ccb1fb44e4df64fa219ce2adaf
.exe windows:6 windows x86 arch:x86

4e9119af2e3883622ddd2700acacab80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\landun\pinyin_agent\workspace\p-f93f0d74ed8a49278e11882bf2562c5a\src\bin\Release_Win32\crashrpt.pdb

Imports

version

VerQueryValueA
VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

CreateFileW
GetCurrentThreadId
FormatMessageW
lstrcatW
LoadLibraryW
GetLocalTime
GetCurrentProcessId
CreateProcessW
GetModuleHandleW
lstrcpyW
GetTickCount
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
QueryDosDeviceW
FindFirstFileW
SetLastError
FindNextFileW
RemoveDirectoryW
GetTempPathW
FindClose
GetFileAttributesW
GetSystemDirectoryW
SetFileAttributesW
GetLogicalDriveStringsW
Process32NextW
GlobalSize
FileTimeToSystemTime
GlobalAlloc
Process32FirstW
GlobalLock
MoveFileExW
GetTempFileNameW
GlobalUnlock
GetCommandLineW
GlobalFree
OpenMutexW
CreateDirectoryW
SetFileTime
GetProcessId
WaitForSingleObject
GetFileAttributesExW
DeleteFileW
SystemTimeToFileTime
CopyFileW
GetFileTime
GetExitCodeProcess
DuplicateHandle
ExitThread
CreateEventW
CreateThread
LocalFree
InitializeCriticalSectionAndSpinCount
GetVersionExW
LoadLibraryExW
GetWindowsDirectoryW
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
HeapFree
GetFullPathNameW
lstrlenA
LocalAlloc
OutputDebugStringW
HeapAlloc
GetProcessHeap
DebugBreak
CreateMutexW
ReleaseMutex
VirtualFree
VirtualAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
InitializeCriticalSection
SetEvent
OpenFileMappingW
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingW
MapViewOfFile
FormatMessageA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetLocaleInfoEx
EncodePointer
LCMapStringEx
SetFileInformationByHandle
FlsAlloc
FlsGetValue
FlsSetValue
SetInformationJobObject
InitOnceExecuteOnce
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
GetTickCount64
SetFilePointer
CreateThreadpoolWork
TerminateProcess
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetFileInformationByHandleEx
CreateSymbolicLinkW
GetStringTypeW
CompareStringEx
GetCPInfo
RaiseException
UnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
InitializeSListHead
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCommandLineA
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetCurrentThread
ExitProcess
GetStdHandle
HeapSize
HeapReAlloc
GetFileType
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
SetStdHandle
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
SetConsoleCtrlHandler
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
SetEndOfFile
GetEnvironmentVariableW
IsWow64Process
FindResourceW
LoadResource
LockResource
SizeofResource
UnregisterWaitEx
RegisterWaitForSingleObject
RtlCaptureStackBackTrace
GetSystemInfo
GetProcessIoCounters
GetProcessTimes
HeapSetInformation
GetUserDefaultLangID
ExpandEnvironmentStringsW
GetDiskFreeSpaceExW
GetPriorityClass
SetPriorityClass
GetNativeSystemInfo
GetThreadId
SystemTimeToTzSpecificLocalTime
GetThreadPriority
TzSpecificLocalTimeToSystemTime
QueryThreadCycleTime
SetThreadPriority
UnlockFile
GetFileInformationByHandle
LockFile
MoveFileW
ReplaceFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetVolumePathNameW
GetLongPathNameW
GetVolumeInformationW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetModuleHandleExA
TerminateThread
GetDriveTypeW
FreeLibraryWhenCallbackReturns
GetModuleFileNameW
WriteFile
OpenMutexA
CreateMutexA
OutputDebugStringA
FreeLibrary
MultiByteToWideChar
lstrlenW
GetCurrentProcess
IsBadWritePtr
SwitchToThread
HeapLock
HeapWalk
HeapUnlock
SubmitThreadpoolWork
WaitForMultipleObjects
GetSystemDirectoryA
Sleep
ReadFile
GetFileSize
CreateFileA
GlobalMemoryStatusEx
Process32Next
Process32First
CreateToolhelp32Snapshot
WideCharToMultiByte
CopyFileA
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
ReadProcessMemory
OpenProcess
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
CloseHandle
DecodePointer
GetFileAttributesA
CreateDirectoryA
FlsFree

user32

UnregisterClassA
GetGUIThreadInfo
SetRectEmpty
GetFocus
UnregisterClassW
WindowFromPoint
CharNextW
LoadStringW
TranslateMessage
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW
wsprintfW
DefWindowProcW
DestroyWindow
CreateWindowExW
RegisterClassExW
SetWindowLongW
PostMessageW
SetTimer
GetQueueStatus
KillTimer
wvsprintfW
ReleaseDC
IsIconic
SetForegroundWindow
GetParent
SystemParametersInfoW
GetDesktopWindow
SetClipboardData
GetClassNameW
GetClipboardData
GetProcessWindowStation
GetUserObjectInformationW
EnumWindows
EnumClipboardFormats
MessageBoxW
GetWindowLongW
GetWindowThreadProcessId
MonitorFromPoint
FindWindowExW
GetWindowRect
SendMessageTimeoutW
GetDC
IsWindowVisible
SetWindowPos
keybd_event
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
ShowWindow
IsWindow
OpenClipboard
GetMonitorInfoW
CloseClipboard
EmptyClipboard
AttachThreadInput
GetForegroundWindow

advapi32

CryptAcquireContextW
CryptDecrypt
CryptSetKeyParam
CryptDestroyKey
AddAce
GetFileSecurityW
InitializeSecurityDescriptor
InitializeAcl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
AddAccessAllowedAceEx
GetLengthSid
AddAccessAllowedAce
LookupAccountNameW
RegEnumKeyW
RegQueryInfoKeyW
RegFlushKey
RegCreateKeyExW
RegDeleteValueW
RegEnumValueW
LookupAccountSidW
RegDeleteKeyW
RegEnumKeyExW
OpenProcessToken
GetTokenInformation
RegSetValueExW
RegOpenKeyW
RegQueryValueExW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
EqualSid
CryptEncrypt
CryptImportKey
CryptReleaseContext
RegCloseKey
RegOpenKeyExW
RegQueryValueExA
GetAce
GetAclInformation
EventWrite
EventRegister
EventUnregister
GetSidSubAuthorityCount
GetSidSubAuthority
RegNotifyChangeKeyValue
SetFileSecurityW
SystemFunction036
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
DeregisterEventSource
RegisterEventSourceW
ReportEventW
SetSecurityDescriptorSacl

imm32

ImmDisableIME

psapi

GetPerformanceInfo
GetMappedFileNameW
GetModuleInformation
GetProcessMemoryInfo
GetModuleFileNameExW
QueryWorkingSetEx

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpAddRequestHeadersW
InternetSetOptionW
HttpSendRequestExW
HttpEndRequestW
HttpQueryInfoW
InternetOpenW
InternetCrackUrlA
HttpAddRequestHeadersA
InternetWriteFile
HttpSendRequestA
HttpEndRequestA
InternetQueryOptionW
HttpQueryInfoA
InternetCloseHandle
InternetConnectA
HttpOpenRequestW
InternetConnectW

gdi32

SelectObject
CreateDIBSection
CreateCompatibleDC
StretchBlt
GetDeviceCaps
DeleteDC
DeleteObject
BitBlt

shell32

SHGetKnownFolderPath
SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteW
SHFileOperationW
ShellExecuteExW
CommandLineToArgvW

ole32

CoInitialize
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoUninitialize

oleaut32

VariantClear
SysAllocString
VariantInit
SysFreeString

dbghelp

SymGetLineFromAddr64
SymSetSearchPathW
SymGetSearchPathW
StackWalk64
SymSetOptions
SymFromAddr
SymInitialize
SymFunctionTableAccess64
SymGetModuleBase64

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod

shlwapi

PathMatchSpecW

ws2_32

ioctlsocket

winhttp

WinHttpReceiveResponse
WinHttpSetOption
WinHttpQueryOption
WinHttpOpenRequest
WinHttpConnect
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpWriteData
WinHttpOpen
WinHttpCrackUrl

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512KB - Virtual size: 511KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 51KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4e9119af2e3883622ddd2700acacab80

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

imm32

psapi

wininet

gdi32

shell32

ole32

oleaut32

dbghelp

winmm

shlwapi

ws2_32

winhttp

Exports

Exports

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 512KB - Virtual size: 511KB

.data Size: 51KB - Virtual size: 196KB

.rsrc Size: 88KB - Virtual size: 88KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 512KB - Virtual size: 511KB

.data
Size: 51KB - Virtual size: 196KB

.rsrc
Size: 88KB - Virtual size: 88KB