LedFan[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

LedFan.exe
Size

2.3MB
MD5

49ac6bd7f675e027aad49b9c4f52f656
SHA1

e4497493efcc8754b7dc397ed2130255d1de5bc9
SHA256

a353700775da04c10afb972b750244d0b7f262874a77bfaca1d208539017fd0d
SHA512

4c49ece3b2c38fe77eb447d2932579b8c314ca9dc6662857a237dd56f9bd5bf9ace0857f2a22c0dbb5efe74918f8e34418ac16199480c338f28f0bd599694db5
SSDEEP

49152:rke7f487TcIstwRxHZ5XIcA4D6ts7tUpAXJMtTJ:rs8XU+Z5XIcA42tsxrXJMJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
LedFan.exe

Files

LedFan.exe
.exe windows:5 windows x86 arch:x86

e4a7e0b50cc28baf2d5a8db36707c135

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\Administrator\桌面\风扇\声达英文版\LedFanshengda_tongyong\BIN\LedFan.pdb

Imports

kernel32

WriteConsoleW
CreateFileA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
LCMapStringA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
VirtualFree
SizeofResource
HeapCreate
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
SetUnhandledExceptionFilter
GetConsoleOutputCP
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
GetSystemTimeAsFileTime
HeapSize
ExitProcess
CreateThread
ExitThread
HeapReAlloc
RaiseException
RtlUnwind
HeapFree
HeapAlloc
GetStartupInfoW
FindResourceExW
VirtualProtect
SearchPathW
GetProfileIntW
SetErrorMode
GetCurrentDirectoryW
GetTempPathW
GetTempFileNameW
GlobalGetAtomNameW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
WriteConsoleA
GetFileType
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GlobalFlags
GetFileTime
GetFileSizeEx
GetFileAttributesW
GetFileAttributesExW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetThreadLocale
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpA
WaitForSingleObject
ResumeThread
SetThreadPriority
InterlockedDecrement
GetCurrentProcessId
GetModuleHandleA
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
CopyFileW
FormatMessageW
LocalFree
GlobalFree
MulDiv
GetTickCount
GetSystemDefaultUILanguage
WideCharToMultiByte
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
GetModuleFileNameW
GlobalSize
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpyW
Sleep
CloseHandle
WriteFile
CreateFileW
lstrcmpiW
lstrlenW
FreeResource
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetLastError
GetCPInfo
MultiByteToWideChar
lstrlenA
GetVersionExW
GetVersion
FindResourceW
LoadResource
LockResource
SetEnvironmentVariableA

user32

DefFrameProcW
UnionRect
GetNextDlgGroupItem
InvalidateRgn
CharNextW
CopyImage
EnumChildWindows
PostThreadMessageW
WaitMessage
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
DrawFrameControl
SetClassLongW
GetAsyncKeyState
NotifyWinEvent
DestroyAcceleratorTable
SetWindowRgn
SetParent
UnregisterClassW
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
ShowOwnedPopups
CharUpperW
SetWindowContextHelpId
MapDialogRect
MessageBeep
IsZoomed
PostQuitMessage
GetMessageW
GetCursorPos
ValidateRect
DestroyMenu
MapVirtualKeyW
GetKeyNameTextW
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
ScrollWindow
TrackPopupMenu
SetMenu
DefMDIChildProcW
GetScrollRange
SetForegroundWindow
ShowScrollBar
CreateWindowExW
GetClassInfoExW
RegisterClassW
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowTextLengthW
GetWindowTextW
GetScrollPos
GetWindow
SetFocus
GetMenuStringW
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
EndDialog
IsRectEmpty
UpdateWindow
AdjustWindowRectEx
wvsprintfW
IsWindowVisible
DispatchMessageW
TranslateMessage
DrawIcon
IsIconic
MapWindowPoints
GetSystemMenu
LoadIconW
wsprintfW
MessageBoxW
SetScrollPos
LoadMenuW
RegisterClipboardFormatW
DragDetect
RedrawWindow
DefWindowProcW
GetClassInfoW
IsWindow
LoadCursorW
CheckMenuItem
EnableMenuItem
ScreenToClient
GetClipboardData
IsClipboardFormatAvailable
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetKeyState
GetCursor
EqualRect
HideCaret
ReleaseCapture
SetRectEmpty
SetCapture
GetFocus
ShowCaret
SetCaretPos
PtInRect
CreateCaret
DestroyCaret
KillTimer
SetTimer
GetWindowRgn
SubtractRect
MapVirtualKeyExW
IsCharLowerW
GetDoubleClickTime
CharUpperBuffW
CopyIcon
GetMenuDefaultItem
GetUpdateRect
LoadImageW
GetIconInfo
DrawStateW
GetClientRect
DrawFocusRect
OffsetRect
InflateRect
FrameRect
PostMessageW
GetWindowRect
GetActiveWindow
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
TranslateMDISysAccel
SetScrollRange
DrawMenuBar
WindowFromPoint
ClientToScreen
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
IsMenu
SendMessageW
GetWindowLongW
DestroyCursor
GrayStringW
DrawTextExW
TabbedTextOutW
GetSubMenu
DeleteMenu
RemoveMenu
LoadBitmapW
GetSysColorBrush
CreatePopupMenu
CreateMenu
GetMenuItemID
GetMenuState
ModifyMenuW
InsertMenuW
GetMenuItemCount
AppendMenuW
ReleaseDC
GetDC
GetDesktopWindow
GetSystemMetrics
DestroyIcon
DrawIconEx
SystemParametersInfoW
DrawTextW
GetMenuItemInfoW
SetRect
DrawEdge
FillRect
GetSysColor
CopyRect
EnableWindow
IsChild

gdi32

ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
CreateDIBitmap
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Polygon
OffsetRgn
GetRgnBox
SetViewportExtEx
SetViewportOrgEx
RealizePalette
RoundRect
CreatePalette
GetPaletteEntries
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
GetTextFaceW
SetPixelV
GetClipBox
GetDCOrgEx
SetDIBColorTable
OffsetViewportOrgEx
CopyMetaFileW
GetWindowExtEx
GetViewportExtEx
GetCharWidthW
CreateRectRgn
SelectClipRgn
SetTextAlign
IntersectClipRect
ExcludeClipRect
SetMapMode
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetDIBits
CreateCompatibleDC
LPtoDP
DPtoLP
GetTextColor
LineTo
MoveToEx
CreateFontW
GetBkColor
EnumFontFamiliesExW
LineDDA
SetROP2
FloodFill
StretchBlt
SetTextColor
SetBkColor
CreateBitmap
GetStockObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
Rectangle
CreateHatchBrush
PatBlt
SetPixel
GetPixel
GetObjectW
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
Ellipse
GetTextExtentPoint32W
CreateFontIndirectW
GetBkMode
CreatePen
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
StretchDIBits

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyW
RegEnumKeyW
RegQueryValueW
RegOpenKeyExW
RegEnumKeyExW

shell32

SHBrowseForFolderW
SHAppBarMessage
SHGetFileInfoW
DragFinish
DragQueryFileW
ShellExecuteW
ShellExecuteExW
SHGetPathFromIDListW

comctl32

ImageList_GetIconSize
_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
StrCmpIW
PathRemoveFileSpecW

oledlg

OleUIBusyW

ole32

OleCreateMenuDescriptor
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
OleGetClipboard
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
DoDragDrop
OleLockRunning
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoInitializeEx
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor

oleaut32

SysStringLen
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocString
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCloneImage

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 556KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4a7e0b50cc28baf2d5a8db36707c135

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

imm32

winmm

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 297KB - Virtual size: 296KB

.data Size: 44KB - Virtual size: 83KB

.rsrc Size: 556KB - Virtual size: 556KB

.reloc Size: 151KB - Virtual size: 151KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 297KB - Virtual size: 296KB

.data
Size: 44KB - Virtual size: 83KB

.rsrc
Size: 556KB - Virtual size: 556KB

.reloc
Size: 151KB - Virtual size: 151KB