5ac1828f1a0c921154141c83945d8577b9f874a12ffd3164f732e969d675c311

Sharing

Copy URL Twitter E-mail

General

Target

5ac1828f1a0c921154141c83945d8577b9f874a12ffd3164f732e969d675c311
Size

378KB
MD5

16edde15cfeebfb06ca6a68dfcb6af3e
SHA1

900a4a41c7058a95dfeb2cf283ff2499b1ebb00c
SHA256

5ac1828f1a0c921154141c83945d8577b9f874a12ffd3164f732e969d675c311
SHA512

239bbe0cc52cc054180f77d7329d8b17c04ad3d8551e4300ced66604d030e25cb84ffc7663044d63e2cc599aebd9d667e2e8d83b85f5ff7e10bc8f30dd209fb7
SSDEEP

6144:wtTqvgfgY6khKc7dpDLqoGky0epJb6VE1iJB56poz5LE0TJ2yQhB/uw0m:Qq66c7dFWoGkXjEi356po1g0IyQhxd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ac1828f1a0c921154141c83945d8577b9f874a12ffd3164f732e969d675c311

Files

5ac1828f1a0c921154141c83945d8577b9f874a12ffd3164f732e969d675c311
.exe windows:5 windows x86 arch:x86

d92af21f467a097abfd88c2d9b9c88b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime_wb20091221zhangyi\bin\SogouWBInput\SkinReg.pdb

Imports

kernel32

LoadLibraryW
SetEnvironmentVariableA
GetLastError
GetProcessHeap
HeapFree
HeapAlloc
CreateDirectoryW
SetLastError
MapViewOfFile
UnmapViewOfFile
CreateFileW
CreateFileMappingW
OpenFileMappingW
CloseHandle
OutputDebugStringW
GetCommandLineW
GetCurrentProcess
GetModuleHandleW
GetModuleFileNameW
GetTempPathW
GetProcAddress
GetCurrentProcessId
InterlockedIncrement
InterlockedCompareExchange
WideCharToMultiByte
MultiByteToWideChar
CreateProcessW
MoveFileExW
WaitForSingleObject
GlobalAlloc
CopyFileW
GetExitCodeProcess
FileTimeToSystemTime
GlobalFree
GetFileTime
GetCurrentThreadId
DeleteFileW
SetFileAttributesW
SetFilePointer
WriteFile
FormatMessageW
ExitThread
CreateEventW
WaitForMultipleObjects
DuplicateHandle
LocalFree
CreateThread
FindFirstFileW
FindClose
LocalAlloc
FindNextFileW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetSystemDirectoryW
RemoveDirectoryW
CreateMutexW
OpenMutexW
ReleaseMutex
GetFileSize
Sleep
ReadFile
FlushFileBuffers
DeleteFileA
HeapReAlloc
GetSystemTimeAsFileTime
GetStartupInfoW
FileTimeToLocalFileTime
GetDriveTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedDecrement
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetFullPathNameW
GetCurrentDirectoryA
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetModuleHandleA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
FreeLibrary
LoadLibraryA
GetConsoleCP
GetConsoleMode
GetDriveTypeA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
CompareStringW

user32

DefWindowProcW
EndPaint
DestroyWindow
GetWindowRect
GetWindowDC
SetForegroundWindow
DialogBoxParamW
GetParent
TrackMouseEvent
GetClientRect
BeginPaint
SystemParametersInfoW
GetForegroundWindow
GetWindowLongW
GetWindowTextW
ReleaseDC
SetWindowLongW
EndDialog
SetWindowPos
CheckDlgButton
IsDlgButtonChecked
CreateWindowExW
MessageBoxW
SendMessageW
CallWindowProcW
GetSystemMetrics
GetDC
InvalidateRect

gdi32

CreateSolidBrush
GetStockObject
SelectObject
DeleteObject
SetBkMode
CreateFontIndirectW
GetTextExtentPoint32W
GetObjectW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

imm32

ImmDisableIME

comctl32

InitCommonControlsEx

advapi32

RegCloseKey
RegEnumKeyW
RegCreateKeyExW
RegQueryValueExW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
GetSidLengthRequired
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeAcl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAceEx
LookupAccountSidW
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
RegQueryInfoKeyW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteW

Sections

.text
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d92af21f467a097abfd88c2d9b9c88b3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

version

imm32

comctl32

advapi32

shell32

Sections

.text Size: 265KB - Virtual size: 265KB

.rdata Size: 83KB - Virtual size: 83KB

.data Size: 17KB - Virtual size: 28KB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 265KB - Virtual size: 265KB

.rdata
Size: 83KB - Virtual size: 83KB

.data
Size: 17KB - Virtual size: 28KB

.rsrc
Size: 11KB - Virtual size: 10KB