2da1f9baafa9cab8d06a57ef50dbd84120887325ff28e06e7a07a6f308db9f5f

Sharing

Copy URL

Twitter E-mail

General

Target

2da1f9baafa9cab8d06a57ef50dbd84120887325ff28e06e7a07a6f308db9f5f
Size

599KB
MD5

6095296f764f4ef9020fb8483e1812b9
SHA1

ac422fc077bceed2dad8f342057ea9c98d0baf54
SHA256

2da1f9baafa9cab8d06a57ef50dbd84120887325ff28e06e7a07a6f308db9f5f
SHA512

acabaa63362e0c96584a7f4c03b4ff590da937181d18d7824617c5447f704196c0d7e89d1aa051a353057a97c5d546a42fa09ec470c11f8a604678c29ae7f3ae
SSDEEP

12288:qN/LVK/pRinnPT6up1ndAUhzFJozjDwCoffY5MQg8XAtKe+fBbw6ILn+iXcW:qtLRWSU+ffQbg8QtKeGkfLdh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2da1f9baafa9cab8d06a57ef50dbd84120887325ff28e06e7a07a6f308db9f5f

Files

2da1f9baafa9cab8d06a57ef50dbd84120887325ff28e06e7a07a6f308db9f5f
.exe windows:5 windows x86 arch:x86

5e983c28ba039e4d74a854a35659bd3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\quicksee\update\Release\360wpup.pdb

Imports

kernel32

OpenProcess
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
WideCharToMultiByte
WritePrivateProfileStringW
GetTempPathW
GetWindowsDirectoryW
RemoveDirectoryW
MultiByteToWideChar
GetFileAttributesW
CopyFileW
MoveFileW
MoveFileExW
CreateMutexW
CloseHandle
Sleep
LeaveCriticalSection
EnterCriticalSection
GetLongPathNameW
FindResourceExW
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
FindResourceW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryW
lstrlenW
lstrcpynW
SizeofResource
LoadResource
GetCurrentProcess
GetProcAddress
FreeLibrary
LockResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
InitializeCriticalSection
DeleteFileW
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetFileAttributesW
IsDebuggerPresent
OutputDebugStringW
GetStringTypeW
FormatMessageW
EncodePointer
SetLastError
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
LocalFree
GetCurrentThreadId
ReleaseMutex
InterlockedIncrement
InterlockedDecrement
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
DeviceIoControl
lstrcmpA
lstrcmpiA
GetSystemDirectoryW
CreateFileA
InterlockedCompareExchange
FreeResource
LoadLibraryExW
GetSystemWindowsDirectoryW
GetVersionExW
CreateFileW
GetFileSizeEx
WriteFile
ReadFile
FindClose
FindNextFileW
RtlUnwind
GetFileType
SetFilePointerEx
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
ReadConsoleW
SetStdHandle
SetEndOfFile
WriteConsoleW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
DecodePointer

user32

wsprintfW

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
AdjustTokenPrivileges
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
GetTokenInformation
RegCreateKeyExW
RegEnumKeyExW
RegGetValueW
LookupPrivilegeValueW
RegCloseKey

shell32

ord165
SHGetSpecialFolderPathW
ShellExecuteExW
SHFileOperationW

ole32

CoCreateGuid

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAppendW
PathCombineW
PathIsDirectoryW
StrCmpIW
StrStrIA
StrTrimA
StrCmpNIW
SHSetValueA
StrStrIW
SHGetValueA

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleFileNameExW
EnumProcesses

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

crypt32

CertGetNameStringW

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

Sections

.text
Size: 389KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5e983c28ba039e4d74a854a35659bd3b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

version

psapi

wininet

iphlpapi

crypt32

urlmon

wintrust

Sections

.text Size: 389KB - Virtual size: 388KB

.rdata Size: 103KB - Virtual size: 103KB

.data Size: 10KB - Virtual size: 27KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 86KB - Virtual size: 88KB

.text
Size: 389KB - Virtual size: 388KB

.rdata
Size: 103KB - Virtual size: 103KB

.data
Size: 10KB - Virtual size: 27KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 86KB - Virtual size: 88KB