857a7da0b61c93ae603b0588225e30d97031514517107681ebcd527275884408

Sharing

Copy URL

Twitter E-mail

General

Target

857a7da0b61c93ae603b0588225e30d97031514517107681ebcd527275884408
Size

1.7MB
MD5

297f05898da0af383f9c331ad8769006
SHA1

81900b4c721a7d4c768feb9ee486ab6b5c475a5a
SHA256

857a7da0b61c93ae603b0588225e30d97031514517107681ebcd527275884408
SHA512

f963d5ed295e461c55387c14cad494f69d6145c1f5b8dc422710feeaa14420eb1c981cbdfe128e1a049a687258a14c0777377bd21d1c022f5bcfdb49366feec1
SSDEEP

49152:Yh6eMHp+AFyTSDLboJhzDxWsxbn8Jajciqg:Yh6eMHZRbwFxbn8Jajcbg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
857a7da0b61c93ae603b0588225e30d97031514517107681ebcd527275884408

Files

857a7da0b61c93ae603b0588225e30d97031514517107681ebcd527275884408
.exe windows:4 windows x86 arch:x86

96fecf6f011b0eb50780eaf74c516775

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\kisengine\kis_update_sdk_fb\product\win32\dbginfo\updateprog.pdb

Imports

kernel32

GetWindowsDirectoryW
GetVersionExW
GlobalAlloc
GlobalFree
GetFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
VirtualFree
VirtualAlloc
SetLastError
CreatePipe
GetStartupInfoW
WritePrivateProfileStringW
GetFirmwareEnvironmentVariableW
GetDiskFreeSpaceExW
InterlockedIncrement
GetExitCodeThread
InterlockedExchange
GlobalLock
GlobalUnlock
OutputDebugStringW
SetEnvironmentVariableW
SleepEx
DuplicateHandle
ReleaseMutex
TerminateThread
FormatMessageW
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
CloseHandle
SystemTimeToFileTime
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
WaitForMultipleObjects
RaiseException
LocalFree
SetFilePointer
LocalAlloc
ResetEvent
CreateThread
CreateEventW
GetCurrentProcessId
WideCharToMultiByte
ExpandEnvironmentStringsW
Module32NextW
Module32FirstW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MultiByteToWideChar
lstrlenA
lstrlenW
GetExitCodeProcess
CreateProcessW
MoveFileExW
CopyFileW
GetSystemDirectoryW
GetPrivateProfileIntW
SetFileAttributesW
GetCurrentThreadId
FreeResource
SetEvent
OpenEventW
Sleep
QueryDosDeviceW
GetLogicalDriveStringsW
GetPrivateProfileStringW
CreateDirectoryW
GetFileAttributesW
TerminateProcess
WaitForSingleObject
GetCurrentProcess
MoveFileW
DeleteFileW
GetFileSize
WriteFile
ReadFile
CreateFileW
SetErrorMode
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLocalTime
GetTickCount
FindResourceExW
CreateMutexW
GetCommandLineW
GetModuleHandleW
LockResource
LoadResource
SizeofResource
FindResourceW
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW
GetLastError
FlushInstructionCache

user32

TranslateMessage
PeekMessageW
PostThreadMessageW
DispatchMessageW
DrawTextW
InvalidateRect
GetWindowRect
SendMessageW
FindWindowExW
FindWindowW
GetDesktopWindow
ExitWindowsEx
SetForegroundWindow
BringWindowToTop
AttachThreadInput
GetWindowThreadProcessId
UnregisterClassA
GetForegroundWindow
PostMessageW
RegisterWindowMessageW
GetMessageW
ScreenToClient
IntersectRect
ClientToScreen
SetWindowLongW
GetScrollPos
WindowFromPoint
GetKeyState
MonitorFromWindow
GetNextDlgTabItem
SetFocus
GetMonitorInfoW
MonitorFromPoint
DestroyMenu
IsDialogMessageW
IsChild
GetFocus
GetWindow
BeginPaint
EndPaint
AppendMenuW
TrackPopupMenuEx
CreatePopupMenu
SetActiveWindow
SystemParametersInfoW
EnableWindow
ShowWindow
IsWindowVisible
GetPropW
EnumWindows
MapWindowPoints
GetDC
ReleaseDC
CreateWindowExW
DefWindowProcW
LoadCursorW
RegisterClassExW
LoadBitmapW
LoadImageW
IsWindow
UpdateLayeredWindow
SetRectEmpty
SetCursor
PtInRect
SetRect
GetDlgCtrlID
EqualRect
SetWindowPos
GetDlgItem
DestroyIcon
GetParent
OffsetRect
GetWindowLongW
DestroyWindow
MoveWindow
SetCapture
ReleaseCapture
InflateRect
LoadIconW
IsWindowEnabled
SetTimer
KillTimer
GetClientRect
CopyRect
GetSystemMenu
DeleteMenu
PostQuitMessage
GetCursorPos
SetWindowTextW
CallWindowProcW
DrawIconEx
GetClassInfoExW
GetActiveWindow

gdi32

SetViewportOrgEx
GetViewportOrgEx
RectInRegion
CreateRoundRectRgn
CreateRectRgnIndirect
GetTextExtentPoint32W
TextOutW
RoundRect
Rectangle
GetClipRgn
SetStretchBltMode
GetTextColor
RestoreDC
SaveDC
GetCurrentObject
SelectClipRgn
ExtSelectClipRgn
LineTo
MoveToEx
CreatePen
SetTextColor
SelectObject
DeleteDC
GetDeviceCaps
DeleteObject
GetObjectW
GetStockObject
CreateFontIndirectW
CreateCompatibleDC
SetBkColor
ExtTextOutW
BitBlt
StretchBlt
OffsetRgn
SetBkMode
CreateRectRgn
CombineRgn
CreateDIBSection
CreateCompatibleBitmap
CreateBitmap

advapi32

GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW
RegOpenKeyW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegDeleteKeyW
RegDeleteValueW
SetSecurityDescriptorSacl

shell32

ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
Shell_NotifyIconW

ole32

CreateStreamOnHGlobal
CLSIDFromString

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime

shlwapi

PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathFindFileNameW
StrCmpNIW
PathRemoveBackslashW
StrToIntW
StrToIntA
PathAddBackslashW
PathIsDirectoryW
SHDeleteValueW
PathFindExtensionW

msvcp80

??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?endl@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AAV21@@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??_D?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipGraphicsClear
GdipFillRectangleI
GdipDrawString
GdipMeasureString
GdipDrawImageRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDrawImagePointsRectI
GdipSetClipPath
GdipSetClipHrgn
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipNewPrivateFontCollection
GdipDeletePrivateFontCollection
GdipGetImageHeight
GdipCreateFontFromLogfontW
GdipGetImageWidth
GdipCloneImage
GdipDrawLinesI
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipFree
GdipAddPathPieI
GdipAddPathRectangleI
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePen
GdipCreatePen1
GdipCreateLineBrushI
GdipDisposeImage
GdipCreateSolidFill
GdipCloneBrush
GdipCreateFont
GdipDeleteFont
GdipGetImagePixelFormat
GdipImageRotateFlip
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapArea
GdiplusStartup
GdipDeleteBrush
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipLoadImageFromFile
GdipAlloc
GdipDeleteFontFamily
GdipPrivateAddFontFile
GdipGetFontSize
GdipGetFamily
GdipDrawImageI
GdipFillPath
GdipFillRectangle
GdipDrawPath
GdipDrawRectangleI
GdipDrawLine
GdipSetPixelOffsetMode
GdipSetCompositingQuality
GdipAddPathStringI
GdipAddPathArcI
GdipSetPenDashStyle
GdipSetPenMode
GdipSetPenEndCap
GdipSetPenStartCap
GdiplusShutdown
GdipLoadImageFromStream

msvcr80

_wtoi
_local_unwind4
__CxxFrameHandler3
_strdup
_wcslwr
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_wfullpath
_wmakepath_s
_wsplitpath_s
__sys_nerr
strerror
getenv
fflush
_gmtime64
_errno
sprintf
fputs
fgets
memchr
_strtoi64
isdigit
strncpy
isxdigit
sscanf
strstr
strtoul
__iob_func
fopen
strrchr
_stat64
realloc
towupper
_wcsupr_s
_mbsicmp
floor
_mbscmp
wcscspn
wcsspn
__RTDynamicCast
labs
abs
_wtof
_mbschr
memmove
_wtoi64
strncmp
strchr
isalnum
isalpha
isspace
_vsnprintf_s
_stricmp
fputc
fprintf
atoi
strcmp
_time64
_mktime64
swscanf_s
_beginthreadex
swprintf_s
wcstok
wcsncpy
_wtol
tolower
wcspbrk
memcmp
_wfopen
setlocale
strlen
iswspace
_purecall
wcsnlen
wcscmp
calloc
wcstol
vsprintf_s
_vscprintf
_recalloc
rand
srand
fread
_wrename
wcscpy_s
ceil
_waccess
ftell
fseek
fwrite
fclose
_wfopen_s
_wcsnicmp
wcschr
malloc
free
memcpy
strtol
wcsncpy_s
_invalid_parameter_noinfo
vswprintf_s
_CxxThrowException
_time32
_wcsicmp
_vswprintf
_vscwprintf
memset
wcsrchr
wcscat_s
wcscat
wcsstr
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
memmove_s
wcslen
_wcslwr_s
??2@YAPAXI@Z
??_V@YAXPAX@Z
memcpy_s
??3@YAXPAX@Z

ws2_32

socket
ntohs
closesocket
ioctlsocket
select
__WSAFDIsSet
WSASetLastError
connect
setsockopt
getsockopt
htons
bind
getsockname
send
recv
WSAGetLastError
ntohl
inet_addr
inet_ntoa
WSACleanup
gethostbyname
WSAStartup

psapi

GetModuleFileNameExW

iphlpapi

GetNetworkParams
IcmpCloseHandle
IcmpSendEcho
IcmpCreateFile
GetAdaptersInfo

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 548KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024KB - Virtual size: 1024KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

96fecf6f011b0eb50780eaf74c516775

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp80

comctl32

msimg32

gdiplus

msvcr80

ws2_32

psapi

iphlpapi

version

Sections

.text Size: 548KB - Virtual size: 544KB

.rdata Size: 164KB - Virtual size: 161KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 1024KB - Virtual size: 1024KB

.text
Size: 548KB - Virtual size: 544KB

.rdata
Size: 164KB - Virtual size: 161KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 1024KB - Virtual size: 1024KB