80c2a61e56c2db846c5e6ca3a31bcddc345655f67ea6323e25a9e3621d80cbb7

Sharing

Copy URL Twitter E-mail

General

Target

80c2a61e56c2db846c5e6ca3a31bcddc345655f67ea6323e25a9e3621d80cbb7
Size

1.3MB
MD5

138f13c773beef9879ece7d2758eb405
SHA1

1061d66a286c3d0d2046f26a923c138fd9e4ea7f
SHA256

80c2a61e56c2db846c5e6ca3a31bcddc345655f67ea6323e25a9e3621d80cbb7
SHA512

e90c7b62200ba1932c4adc8079fbb83ca5b2a5eebd35aad44e9c0e402c1f266a322f631df69bcb0017329863b5913a0c3ec5e34d6aab9fd886fa685321a0fc9d
SSDEEP

24576:QVVF5NaoWeEepsH3EGKbVn1eMgPrpzeh39p5nznzcmR3tpvTBtK:KNRpm3EVbd1eMgPrpiLp5nrFfFTa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
80c2a61e56c2db846c5e6ca3a31bcddc345655f67ea6323e25a9e3621d80cbb7

Files

80c2a61e56c2db846c5e6ca3a31bcddc345655f67ea6323e25a9e3621d80cbb7
.exe windows:6 windows x86 arch:x86

0c2808b3135ad37b76d39699520e44ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\project\sogouime\dev_11.8_pc_modify\Bin\SogouPdb\SogouInput\crashrpt.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

CreateMutexA
OutputDebugStringA
FreeLibrary
MultiByteToWideChar
GetSystemDirectoryA
Sleep
ReadFile
GetFileSize
CreateFileA
GlobalMemoryStatusEx
Process32Next
IsBadWritePtr
GetCurrentProcess
lstrlenW
WriteFile
TerminateProcess
GetModuleFileNameW
SetFilePointer
CreateFileW
GetCurrentThreadId
FormatMessageW
lstrcatW
LoadLibraryW
GetLocalTime
GetCurrentProcessId
CreateProcessW
GetModuleHandleW
lstrcpyW
GetTickCount
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
EncodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
OutputDebugStringW
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
OpenMutexA
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
LoadLibraryExW
InterlockedPushEntrySList
Process32First
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetModuleHandleExW
GetStdHandle
GetACP
GetCurrentThread
HeapSize
GetFileType
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
SetStdHandle
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
WriteConsoleW
GetProcessHeap
SetConsoleCtrlHandler
GetTimeZoneInformation
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
TerminateThread
CreateThread
SetEndOfFile
CreateToolhelp32Snapshot
WideCharToMultiByte
CopyFileA
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
ReadProcessMemory
OpenProcess
DeleteCriticalSection
GetStartupInfoW
GetTempPathW
GetSystemDirectoryW
Process32NextW
GlobalAlloc
Process32FirstW
GlobalFree
OpenMutexW
CreateDirectoryW
SetFileTime
GetProcessId
WaitForSingleObject
GetFileAttributesW
SetFileAttributesW
GetFileAttributesExW
FileTimeToSystemTime
DeleteFileW
MoveFileExW
SystemTimeToFileTime
CopyFileW
GetTempFileNameW
GetFileTime
GetExitCodeProcess
DuplicateHandle
ExitThread
LocalFree
QueryDosDeviceW
FindFirstFileW
RemoveDirectoryW
GetLogicalDriveStringsW
LocalAlloc
CreateMutexW
ReleaseMutex
GetVersionExW
GetWindowsDirectoryW
VirtualAlloc
QueryPerformanceFrequency
InitializeCriticalSection
OpenFileMappingW
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingW
MapViewOfFile
ResumeThread
FreeLibraryAndExitThread
InitializeCriticalSectionEx
GetLastError
RaiseException
CloseHandle
DecodePointer
CreateDirectoryA
InterlockedFlushSList
SetEnvironmentVariableW

user32

FindWindowExW
MonitorFromPoint
GetWindowLongW
UnregisterClassW
WindowFromPoint
TranslateMessage
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW
SendMessageTimeoutW
IsIconic
ReleaseDC
GetWindowThreadProcessId
GetFocus
GetForegroundWindow
GetSystemMetrics
SetRectEmpty
MessageBoxW
GetDC
IsWindowVisible
SetWindowPos
UnregisterClassA
MonitorFromRect
MonitorFromWindow
ShowWindow
wvsprintfW
GetMonitorInfoW
AttachThreadInput
EnumWindows
GetClassNameW
GetDesktopWindow
GetWindowRect
SystemParametersInfoW
GetParent
wsprintfW
SetForegroundWindow

advapi32

RegEnumValueW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
RegOpenKeyExA
RegCloseKey
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
SetSecurityDescriptorSacl
GetTokenInformation
LookupAccountSidW
OpenProcessToken
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyW
RegQueryValueExW
RegQueryValueExA
InitializeSecurityDescriptor
RegDeleteValueW
RegCreateKeyExW
RegFlushKey
RegQueryInfoKeyW
RegEnumKeyW
GetLengthSid
AddAccessAllowedAceEx
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
InitializeAcl

imm32

ImmDisableIME

wininet

InternetCloseHandle
InternetConnectA
InternetOpenUrlA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpEndRequestA
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
HttpQueryInfoA

psapi

GetModuleInformation
GetProcessMemoryInfo
GetModuleFileNameExW

gdi32

SelectObject
CreateDIBSection
CreateCompatibleDC
StretchBlt
GetDeviceCaps
BitBlt
DeleteDC
DeleteObject

shell32

SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderPathW
SHFileOperationW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0c2808b3135ad37b76d39699520e44ac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

imm32

wininet

psapi

gdi32

shell32

ole32

oleaut32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 181KB - Virtual size: 180KB

.data Size: 14KB - Virtual size: 150KB

.rsrc Size: 92KB - Virtual size: 92KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 181KB - Virtual size: 180KB

.data
Size: 14KB - Virtual size: 150KB

.rsrc
Size: 92KB - Virtual size: 92KB