dc3173557927a608b4a0833de4521a46f29b03bf004b191b856dac4cbbcb3531

Sharing

Copy URL Twitter E-mail

General

Target

dc3173557927a608b4a0833de4521a46f29b03bf004b191b856dac4cbbcb3531
Size

2.5MB
MD5

4748212585abbe45598186738c8c111e
SHA1

6eab36d73c9ec4844a63a7b71a315ba33200ab19
SHA256

dc3173557927a608b4a0833de4521a46f29b03bf004b191b856dac4cbbcb3531
SHA512

e8fb8a10bc4aa94b17d72fa49ebb8298111a5e22e2e57b58cb31822356501c5daf317704c127771e028e27bf725e5f9d5ca64f7f02fc7edb40561fc20f1a56af
SSDEEP

49152:nsHmQUzT/6aog0CVYiEocvNTeMmigkNw9OmCRaM:SmlVog0CVYiEocvVedQwFC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc3173557927a608b4a0833de4521a46f29b03bf004b191b856dac4cbbcb3531

Files

dc3173557927a608b4a0833de4521a46f29b03bf004b191b856dac4cbbcb3531
.exe windows:6 windows x86 arch:x86

1448e254c79cec103b624f7cfa0022c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\landun\pinyin_agent\workspace\p-f93f0d74ed8a49278e11882bf2562c5a\src\bin\Release_Win32\SogouCloud.pdb

Imports

ws2_32

recv
send
WSASetLastError
WSACleanup
WSAStartup
connect
socket
shutdown
setsockopt
closesocket
gethostbyname
inet_addr
gethostbyaddr
getservbyport
ntohs
inet_ntoa
getservbyname
htonl
htons
WSAGetLastError

wininet

InternetConnectW
InternetGetConnectedState
HttpOpenRequestA
InternetWriteFile
HttpOpenRequestW
InternetCrackUrlA
InternetOpenW
HttpEndRequestW
HttpSendRequestExW
InternetCloseHandle
InternetConnectA
InternetReadFile
HttpAddRequestHeadersW
InternetQueryOptionW
HttpAddRequestHeadersA
InternetSetOptionW

shlwapi

PathMatchSpecW
SHDeleteKeyW

kernel32

GetTempFileNameW
ReadFile
SetFileAttributesW
SetFilePointer
WriteFile
GetTempPathW
GetSystemTime
CopyFileW
MoveFileExW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetStartupInfoW
GetLocalTime
QueryPerformanceCounter
FlushFileBuffers
CreateMutexW
OpenMutexW
LocalAlloc
LocalFree
GetSystemInfo
GetCurrentDirectoryW
SetLastError
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
GetFileSize
GetSystemTimeAsFileTime
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
GetCurrentThreadId
GetSystemDirectoryW
GlobalUnlock
FreeLibrary
GetCurrentProcessId
GlobalLock
ResetEvent
LoadLibraryA
GetSystemDirectoryA
GlobalSize
Sleep
GetModuleFileNameW
GetProcAddress
InitializeCriticalSectionAndSpinCount
DecodePointer
GetVersion
InitializeCriticalSectionEx
lstrlenW
GetModuleHandleW
DeleteCriticalSection
SetEvent
GetLastError
CreateEventW
OpenEventW
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTickCount
CloseHandle
OutputDebugStringW
GetFileAttributesW
RtlCaptureStackBackTrace
CreateFileW
GetDiskFreeSpaceExW
ReleaseMutex
CreateDirectoryW
GetCommandLineW
GetCurrentProcess
CreateToolhelp32Snapshot
GlobalAlloc
GlobalFree
GetFileAttributesExW
FileTimeToSystemTime
CreateProcessW
GetFileTime
ExitThread
FormatMessageW
CreateThread
Thread32Next
Thread32First
GetThreadTimes
OpenThread
RemoveDirectoryW
OpenProcess
HeapFree
GetFullPathNameW
HeapAlloc
GetProcessHeap
LoadLibraryExW
GetModuleFileNameA
OutputDebugStringA
GetEnvironmentVariableW
GetEnvironmentVariableA
SuspendThread
GetCurrentDirectoryA
ResumeThread
GetVersionExA
GetThreadContext
GetThreadId
ReadProcessMemory
VirtualQuery
GetProcessTimes
GetVersionExW
GetWindowsDirectoryW
VirtualFree
VirtualAlloc
QueryPerformanceFrequency
HeapSize
HeapReAlloc
TerminateProcess
lstrcatW
lstrcpyW
IsDebuggerPresent
SetUnhandledExceptionFilter
ExpandEnvironmentStringsW
SetWaitableTimer
CreateNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe
GetOverlappedResult
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
GetExitCodeThread
GetNativeSystemInfo
WriteConsoleW
InitOnceBeginInitialize
InitOnceComplete
GetStringTypeW
EncodePointer
LCMapStringEx
GetCPInfo
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
RaiseException
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
FindFirstFileExW
GetDriveTypeW
SetEnvironmentVariableW
GetFileType
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetTimeZoneInformation
GetStdHandle
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
GetFileSizeEx
SetStdHandle
SetEndOfFile
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

LoadStringW
wsprintfW
wvsprintfW
DestroyIcon
UnloadKeyboardLayout
LoadKeyboardLayoutW
GetKeyboardLayoutList
KillTimer
PostThreadMessageW
TranslateMessage
SetTimer
DispatchMessageW
CreateWindowExW
DefWindowProcW
GetMessageW
IsClipboardFormatAvailable
GetClipboardData
PostMessageW
SetClipboardViewer
SendMessageW
RegisterClassExW
IsWindow
OpenClipboard
SystemParametersInfoW
GetSystemMetrics
SetRectEmpty
PeekMessageW
CloseClipboard
ChangeClipboardChain
IsDialogMessageW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptReleaseContext
GetTokenInformation
LookupAccountSidW
OpenProcessToken
RegEnumValueW
RegSetValueExW
RegFlushKey
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyW
RegOpenKeyW
CryptDestroyKey
CryptSetKeyParam
CryptDecrypt
CryptAcquireContextW
GetUserNameA
CryptImportKey
RegQueryValueExW
BuildExplicitAccessWithNameW
SetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorSacl
GetLengthSid
AddAccessAllowedAceEx
RegNotifyChangeKeyValue
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
CryptEncrypt

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoUninitialize

oleaut32

SysAllocString
SysFreeString

imm32

ImmDisableIME

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoW

psapi

GetProcessMemoryInfo

shell32

SHGetSpecialFolderPathW
SHGetKnownFolderPath
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
SHFileOperationW

winhttp

WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpQueryOption
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpConnect
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpCrackUrl
WinHttpOpen
WinHttpWriteData
WinHttpReadData
WinHttpReceiveResponse

winmm

timeGetTime

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 430KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 88KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 190KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1448e254c79cec103b624f7cfa0022c5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wininet

shlwapi

kernel32

user32

advapi32

ole32

oleaut32

imm32

version

psapi

shell32

winhttp

winmm

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 430KB - Virtual size: 429KB

.data Size: 88KB - Virtual size: 250KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 190KB - Virtual size: 192KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 430KB - Virtual size: 429KB

.data
Size: 88KB - Virtual size: 250KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 190KB - Virtual size: 192KB