21e0863bce610746f3e48b89c313d756473a25ee52d36883351bc95ecd63f2c8

Sharing

Copy URL Twitter E-mail

General

Target

21e0863bce610746f3e48b89c313d756473a25ee52d36883351bc95ecd63f2c8
Size

3.3MB
MD5

a49a737c644ddd00af4252f623688913
SHA1

fb09b3abd101485b6a6699cebd9909ef9938cfee
SHA256

21e0863bce610746f3e48b89c313d756473a25ee52d36883351bc95ecd63f2c8
SHA512

70c126989be7a767000bf5f6e88f44427abe2c6fa1f8825159e01481048a2277150a9d759ec33715a246cc28eddf6cb44e611b54fe402c65024954711dde728c
SSDEEP

49152:vJg/skwT9p/UELQKhsMgeCNHE5aRY3vu9NtkJqNpJZBADtey:vJgBwpaiQKhsPnSlP4FEh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21e0863bce610746f3e48b89c313d756473a25ee52d36883351bc95ecd63f2c8

Files

21e0863bce610746f3e48b89c313d756473a25ee52d36883351bc95ecd63f2c8
.exe windows:6 windows x86 arch:x86

0d83d005220fa7628b015fb821ffbbb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\landun\pinyin_agent\workspace\p-f93f0d74ed8a49278e11882bf2562c5a\src\bin\Release_Win32\sgfeedbackhelper.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

FindResourceW
LockResource
Sleep
FreeResource
SizeofResource
GetModuleHandleW
GetCurrentProcessId
GetProcAddress
CloseHandle
OpenMutexW
LoadResource
GetModuleFileNameW
WaitForSingleObject
GetEnvironmentVariableW
WriteConsoleW
SetEndOfFile
HeapSize
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
GetOEMCP
IsValidCodePage
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleOutputCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCurrentProcess
lstrlenW
WriteFile
TerminateProcess
SetFilePointer
CreateFileW
GetCurrentThreadId
FormatMessageW
lstrcatW
LoadLibraryW
GetLocalTime
CreateProcessW
lstrcpyW
GetTickCount
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
WriteConsoleA
GetFileAttributesW
GetConsoleMode
GetTimeZoneInformation
GetLastError
WideCharToMultiByte
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
CreateEventW
SetEvent
ResetEvent
TerminateThread
RaiseException
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
LocalFileTimeToFileTime
FileTimeToSystemTime
QueryPerformanceFrequency
SystemTimeToFileTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
MultiByteToWideChar
GetACP
FreeLibrary
LoadLibraryExW
MulDiv
VerSetConditionMask
OpenProcess
GetModuleHandleA
VerifyVersionInfoW
GetCurrentDirectoryW
GetFileSize
ReadFile
GetVersionExW
GlobalUnlock
GlobalLock
ExitProcess
GlobalAlloc
CreateDirectoryW
SetFileTime
LocalFree
DecodePointer
lstrcmpiW
lstrcpynW
GetCommandLineW
GetTempPathW
GetSystemDirectoryW
GlobalFree
GetExitCodeProcess
SetLastError
DuplicateHandle
ExitThread
CreateThread
GetProcessId
SetFileAttributesW
DeleteFileW
MoveFileExW
CopyFileW
GetFileTime
FindNextFileW
FindClose
OpenEventW
HeapFree
LocalAlloc
OutputDebugStringW
HeapAlloc
GetProcessHeap
FlushFileBuffers
CreateMutexW
ReleaseMutex
VirtualFree
VirtualAlloc
InitializeCriticalSection
WaitForSingleObjectEx
TransactNamedPipe
SetNamedPipeHandleState
WaitNamedPipeW
GetStringTypeW
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeCriticalSectionEx
EncodePointer
LCMapStringEx
GetCPInfo
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetFileType
HeapReAlloc
GetDateFormatW
GetTimeFormatW

user32

MsgWaitForMultipleObjectsEx
PeekMessageW
SetTimer
DispatchMessageW
RegisterClassExW
WaitMessage
UnregisterClassW
CharNextW
SetCursor
InflateRect
UnionRect
OffsetRect
IsZoomed
GetFocus
ReleaseCapture
GetCursorPos
ScreenToClient
PtInRect
GetWindowLongW
GetAncestor
GetDC
ReleaseDC
MessageBoxW
MonitorFromPoint
SetFocus
GetActiveWindow
GetKeyState
SetCapture
IsWindowEnabled
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
MapWindowPoints
GetSysColor
IntersectRect
SetWindowLongW
GetParent
LoadImageW
MonitorFromWindow
GetMonitorInfoW
NotifyWinEvent
GetWindowPlacement
CreatePopupMenu
AppendMenuW
TrackPopupMenu
InsertMenuItemW
SetMenuItemInfoW
SetWindowRgn
EqualRect
wsprintfW
CallWindowProcW
GetClassInfoExW
EnableWindow
CallMsgFilterW
SetPropW
GetPropW
CharPrevW
DrawTextW
FillRect
SetRect
UpdateLayeredWindow
MoveWindow
GetWindowRgn
DestroyMenu
EnableMenuItem
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
UpdateWindow
CopyRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
wsprintfA
DrawTextA
SetForegroundWindow
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
SetRectEmpty
GetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetQueueStatus
TranslateMessage
KillTimer
wvsprintfW
IsWindow
PostQuitMessage
LoadCursorW
LoadIconW
RegisterClassW
ShowWindow
SendMessageW
CreateWindowExW
DestroyWindow
DefWindowProcW
IsIconic
GetClientRect
FindWindowW
SetWindowPos
IsWindowVisible
IsRectEmpty
GetWindowRect
GetWindow
PostMessageW
RegisterWindowMessageW
GetSystemMetrics

gdi32

CreateCompatibleDC
CreateDIBitmap
CreateFontIndirectW
CreatePen
DeleteDC
CreateCompatibleBitmap
GetFontData
AddFontMemResourceEx
RemoveFontMemResourceEx
Rectangle
RestoreDC
SaveDC
GetDeviceCaps
GetStockObject
DeleteObject
CreateDIBSection
SelectObject
CloseEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
SetBitmapBits
GetBitmapBits
GetTextExtentPointA
CreatePatternBrush
CreateDCW
PtInRegion
CreateRectRgn
GdiFlush
TextOutW
MoveToEx
BitBlt
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
LineTo
GetTextExtentPoint32W
GetDIBits
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn

advapi32

RegOpenKeyW
RegSetValueExW
GetTokenInformation
LookupAccountSidW
OpenProcessToken
RegCreateKeyExW
GetLengthSid
RegCloseKey
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
InitializeAcl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
AddAccessAllowedAceEx
RegOpenKeyExW
RegQueryValueExW

ole32

ReleaseStgMedium
CreateStreamOnHGlobal
OleDuplicateData
CLSIDFromString
CLSIDFromProgID
DoDragDrop
CoCreateInstance
CoInitialize
CoUninitialize
OleLockRunning

psapi

GetProcessMemoryInfo

imm32

ImmDisableIME
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow

comctl32

ord17
_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetPenDashStyle
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathArc
GdipAddPathLine
GdipDeletePath
GdipCreatePath
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRectI
GdipSetClipRectI
GdipResetClip
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipFillPath
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipCreateLineBrushFromRect
GdipSetLineBlend
GdipCreatePen2
GdipImageRotateFlip
GdipSetWorldTransform
GdipDrawArc
GdipDrawImageRect

msimg32

AlphaBlend

winmm

timeKillEvent
timeGetTime
timeSetEvent

oleacc

LresultFromObject

shlwapi

StrToIntW

shell32

ShellExecuteExW
SHGetFolderPathW
ShellExecuteW
DragQueryFileW

oleaut32

SysAllocString
VariantClear
SysFreeString
VariantInit

ws2_32

gethostname
WSAStartup
gethostbyname

imagemagik

ImageMagickEx_SVGToPNGBufferByDpi
ImageMagickEx_FreePNGBuffer

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 31KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 132KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0d83d005220fa7628b015fb821ffbbb5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

advapi32

ole32

psapi

imm32

comctl32

gdiplus

msimg32

winmm

oleacc

shlwapi

shell32

oleaut32

ws2_32

imagemagik

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 266KB - Virtual size: 265KB

.data Size: 31KB - Virtual size: 90KB

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 132KB - Virtual size: 136KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 266KB - Virtual size: 265KB

.data
Size: 31KB - Virtual size: 90KB

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 132KB - Virtual size: 136KB