e42587af8541cf9f6e5d5c776e97261b6dbc062cfc92667e2eabaa0c144b6660

Sharing

Copy URL Twitter E-mail

General

Target

e42587af8541cf9f6e5d5c776e97261b6dbc062cfc92667e2eabaa0c144b6660
Size

2.5MB
MD5

0e0698567736488c7b458ab47bef889d
SHA1

d8e8289177e4e4057413cb12e2e3154657af4a94
SHA256

e42587af8541cf9f6e5d5c776e97261b6dbc062cfc92667e2eabaa0c144b6660
SHA512

8342eceec1415c41fe269761f4e2a09822c7cb0aec4131d0fa9e8340607897e1f04e3fc3a3bccf7ac4a7595ce8fb39431a68e8234f186b2bfc2edda35ea2a8d0
SSDEEP

49152:Ux8m+N7jRH2gGSK81A5FsqLS5ftnTdEA:UxF+NPRTG9ufVz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e42587af8541cf9f6e5d5c776e97261b6dbc062cfc92667e2eabaa0c144b6660

Files

e42587af8541cf9f6e5d5c776e97261b6dbc062cfc92667e2eabaa0c144b6660
.exe windows:5 windows x86 arch:x86

53f1c4f14a635dd9ea1c191f17966fd4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\PCProject\work\WorkKit\Trunk\App\Bundles\ZhongHua\Temp\Release\Utility.pdb

Imports

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcessModules

crypt32

CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CryptMsgGetParam
CertCloseStore
CryptMsgClose
CertFindCertificateInStore

advapi32

ImpersonateLoggedOnUser
DuplicateTokenEx
LookupAccountSidW
GetTokenInformation
StartServiceW
OpenServiceW
OpenSCManagerW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RevertToSelf
OpenProcessToken
EqualSid
GetLengthSid
InitializeAcl
GetAclInformation
AddAce
GetAce
AddAccessAllowedAce
InitializeSecurityDescriptor
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetFileSecurityW
GetFileSecurityW
LookupAccountNameW
RegDeleteKeyW
RegQueryValueExW
RegEnumKeyW
RegOpenKeyW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService

ole32

CoInitialize
CoUninitialize
CoCreateInstance

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFolderPathW

shlwapi

PathFileExistsW
SHDeleteKeyW

user32

wsprintfA
wsprintfW

kernel32

PeekNamedPipe
WaitForMultipleObjects
GetSystemDirectoryA
SleepEx
ResetEvent
GetPrivateProfileStringW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
GetProcAddress
DeviceIoControl
CloseHandle
LoadLibraryW
GetSystemDirectoryW
CreateFileW
GetLastError
ReleaseMutex
WaitForSingleObject
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
OpenFileMappingW
CreateThread
TerminateThread
GetExitCodeThread
SetEvent
Sleep
CreateEventW
WritePrivateProfileStringW
lstrlenW
GetModuleFileNameW
GetDriveTypeW
LocalFree
VirtualAlloc
VirtualFree
OpenProcess
GetCurrentProcessId
GetLogicalDriveStringsW
GetModuleHandleW
QueryDosDeviceW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
FindClose
FindFirstFileW
FindNextFileW
lstrcpyW
DeleteFileW
WriteFile
ExitThread
CopyFileW
ExpandEnvironmentStringsW
GetLocalTime
GetFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetPrivateProfileIntW
GetTempPathW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GlobalAlloc
GlobalFree
ReadProcessMemory
CreateProcessW
DecodePointer
HeapReAlloc
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
GetFileSize
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GetLongPathNameW
GetVolumeInformationW
GetSystemInfo
FormatMessageW
SetFileAttributesW
GetFileAttributesW
RemoveDirectoryW
GetTickCount
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
VirtualProtect
SetLastError
GetNativeSystemInfo
LoadLibraryA
IsBadReadPtr
GetWindowsDirectoryW
SetErrorMode
OutputDebugStringA
SetPriorityClass
MoveFileExW
GetTempFileNameW
FreeLibraryAndExitThread
CreateDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
LocalAlloc
GetVersionExW
SetEndOfFile
WriteConsoleW
FlushFileBuffers
GetTimeZoneInformation
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
SetStdHandle
WaitForSingleObjectEx
OutputDebugStringW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetFileType
GetStringTypeW
GetACP
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
EncodePointer

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToFileW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

getsockname
getsockopt
inet_addr
htons
ntohs
setsockopt
WSASetLastError
gethostname
WSAStartup
gethostbyaddr
gethostbyname
getservbyport
getservbyname
__WSAFDIsSet
select
recvfrom
sendto
accept
WSACleanup
recv
send
WSAGetLastError
closesocket
socket
bind
connect
inet_ntoa
getpeername
listen
ioctlsocket
htonl

wininet

HttpQueryInfoW
InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetSetOptionW
InternetOpenW

Sections

.text
Size: 717KB - Virtual size: 717KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 575KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

53f1c4f14a635dd9ea1c191f17966fd4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

crypt32

advapi32

ole32

shell32

shlwapi

user32

kernel32

iphlpapi

urlmon

version

ws2_32

wininet

Sections

.text Size: 717KB - Virtual size: 717KB

.rdata Size: 150KB - Virtual size: 149KB

.data Size: 7KB - Virtual size: 22KB

.gfids Size: 512B - Virtual size: 444B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 575KB - Virtual size: 576KB

.text
Size: 717KB - Virtual size: 717KB

.rdata
Size: 150KB - Virtual size: 149KB

.data
Size: 7KB - Virtual size: 22KB

.gfids
Size: 512B - Virtual size: 444B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 575KB - Virtual size: 576KB