0b2bb47682a128bfab48466118569518c6ae8954b6ee78f320b90cc89bc99cc2

Sharing

Copy URL Twitter E-mail

General

Target

0b2bb47682a128bfab48466118569518c6ae8954b6ee78f320b90cc89bc99cc2
Size

4.5MB
MD5

14fe587c201a82000cecd4d2f751e3d7
SHA1

c15cad32308496a0e4fd32e6e0c297d37898f3ed
SHA256

0b2bb47682a128bfab48466118569518c6ae8954b6ee78f320b90cc89bc99cc2
SHA512

1b26a64afde8f99d3907494f2e09f7515066b11df8b12a3c1ec705beeb2c3f140c665f165a7ff71a3ad820ec6802f0ee183f103e9187bb8067472b8f058048de
SSDEEP

98304:gFSeftatK0lUtHISGX+CbVIgJC/A56z+1+xZs5p1C5UkCIw42muWeIY4t:1tK/HlCbVIS1+xZs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b2bb47682a128bfab48466118569518c6ae8954b6ee78f320b90cc89bc99cc2

Files

0b2bb47682a128bfab48466118569518c6ae8954b6ee78f320b90cc89bc99cc2
.exe windows:5 windows x86 arch:x86

9c823c1026b66a46c72c3e32ef69b905

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Git200\THLog\THLog 1.8\THLog 1.8 vc修正\Release\LOGGER.pdb

Imports

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

kernel32

InitializeSListHead
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindFirstFileExA
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetDriveTypeW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetStringTypeW
GetStdHandle
ExitProcess
GetFileType
SetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
GetCommandLineW
GetCommandLineA
GetFullPathNameW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualQuery
VirtualAlloc
GetSystemInfo
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
OutputDebugStringW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
LockResource
LoadResource
SizeofResource
CloseHandle
FindResourceW
WideCharToMultiByte
GetLastError
CreateFileA
GetVersionExA
Sleep
GetModuleFileNameA
LocalFree
TerminateThread
SuspendThread
ResumeThread
WriteFile
ReadFile
ClearCommError
SetupComm
GetCommMask
GetCommState
GetCommTimeouts
PurgeComm
SetCommMask
SetCommState
SetCommTimeouts
WaitCommEvent
FormatMessageA
DecodePointer
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
LocalAlloc
SetLastError
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
CreateEventW
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalUnlock
LocalLock
SearchPathA
GetProfileIntA
GetTempPathA
GetTickCount
VerifyVersionInfoA
VerSetConditionMask
GetWindowsDirectoryA
FindResourceExW
GetCurrentDirectoryA
CopyFileA
MultiByteToWideChar
OutputDebugStringA
SetErrorMode
SetFileAttributesA
LocalFileTimeToFileTime
GetFileSizeEx
GetFileAttributesExA
lstrcpyA
GetACP
GetCPInfo
GetOEMCP
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
GetAtomNameA
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetUserDefaultLCID
ReplaceFileA
GetTempFileNameA
SetFileTime
GetFileTime
GetFileAttributesA
GetDiskFreeSpaceA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
SystemTimeToTzSpecificLocalTime
FindNextFileA
FileTimeToLocalFileTime
SystemTimeToFileTime
FileTimeToSystemTime
GetStringTypeExA
GetThreadLocale
GetVolumeInformationA
MoveFileA
lstrcmpiA
GetShortPathNameA
LoadLibraryExA
GetCurrentProcess
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
FindFirstFileA
FindClose
DeleteFileA
SetThreadPriority
CreateEventA
WaitForSingleObject
SetEvent
LeaveCriticalSection
EnterCriticalSection
lstrcmpA
GetCurrentProcessId
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
FindResourceA
LoadLibraryW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
FreeResource
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
WriteConsoleW

user32

FrameRect
CopyIcon
SetCursorPos
DrawFrameControl
DrawEdge
DrawStateA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetClassLongA
EnumDisplayMonitors
SetLayeredWindowAttributes
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetIconInfo
DrawIconEx
DrawFocusRect
GetMenuDefaultItem
CreateMenu
PostThreadMessageA
WindowFromDC
InSendMessage
GetTabbedTextExtentW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
LockWindowUpdate
GetDCEx
WindowFromPoint
LoadImageW
TrackMouseEvent
UnionRect
GetDialogBaseUnits
GetAsyncKeyState
CopyImage
GetMenuItemInfoA
RealChildWindowFromPoint
GetSysColorBrush
DestroyCursor
LoadCursorA
SetRect
MapDialogRect
SetWindowContextHelpId
LoadMenuW
LoadAcceleratorsW
ShowOwnedPopups
PostQuitMessage
InflateRect
IsZoomed
SetParent
DeleteMenu
GetSystemMenu
MapVirtualKeyA
GetKeyNameTextA
CharUpperA
SystemParametersInfoA
IsRectEmpty
SetWindowRgn
DrawIcon
SetCapture
RegisterClipboardFormatA
GetMessageA
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
ReuseDDElParam
UnpackDDElParam
GetMenuBarInfo
DestroyIcon
OffsetRect
IntersectRect
SetRectEmpty
InsertMenuItemA
DestroyMenu
CreatePopupMenu
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
ReleaseCapture
BringWindowToTop
GetWindowThreadProcessId
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
IsDialogMessageA
SetWindowTextA
ScrollWindowEx
IsWindowEnabled
SendDlgItemMessageA
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
SendMessageA
EnableWindow
GetClientRect
GetWindowRect
FillRect
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconA
CallNextHookEx
SetWindowsHookExA
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongA
SetWindowLongA
GetWindowLongA
PtInRect
EqualRect
CopyRect
WaitMessage
IsClipboardFormatAvailable
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
GetKeyboardLayout
IsCharLowerA
MapVirtualKeyExA
GetKeyboardState
ToAsciiEx
CreateAcceleratorTableA
DestroyAcceleratorTable
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuA
MapWindowPoints
AdjustWindowRectEx
CharUpperBuffA
GetUpdateRect
SendNotifyMessageA
EnumChildWindows
SubtractRect
MonitorFromRect
GetWindowRgn
TranslateMessage
LoadBitmapW
LoadBitmapA
SetTimer
KillTimer
PostMessageA
UpdateWindow
GetDC
ReleaseDC
InvalidateRect
GetParent
LoadIconW
LoadImageA
GetSystemMetrics
GetCursorPos
MessageBoxA
UnregisterClassA
SetCursor
LoadCursorW
GetMenuStringA
GetTabbedTextExtentA
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuA
AppendMenuA
RemoveMenu
UnhookWindowsHookEx
DrawTextA
DrawTextExA
GrayStringA
TabbedTextOutA
GetWindowDC
BeginPaint
EndPaint
ClientToScreen
ScreenToClient
GetSysColor
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
RegisterWindowMessageA
DispatchMessageA
PeekMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
CallWindowProcA
RegisterClassA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
IsWindow
IsMenu
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
GetDlgItem
GetDlgCtrlID
SetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
TrackPopupMenu
TrackPopupMenuEx
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
ValidateRect
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropA
GetPropA
RemovePropA
GetWindowTextA
GetWindowTextLengthA

gdi32

CreateDCA
CreateBitmap
CreateDIBPatternBrushPt
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
DeleteDC
Escape
ExcludeClipRect
GetClipBox
GetClipRgn
GetCurrentPositionEx
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
OffsetClipRgn
PlayMetaFile
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkColor
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
MoveToEx
TextOutA
ExtTextOutA
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
CopyMetaFileA
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateEllipticRgn
Ellipse
CreateDIBSection
DPtoLP
LPtoDP
CreateRectRgnIndirect
PatBlt
GetTextExtentPoint32A
GetTextMetricsA
GetCharWidthA
CombineRgn
CreateFontIndirectA
GetMapMode
SetRectRgn
SetAbortProc
GetViewportOrgEx
GetBkColor
GetTextColor
GetRgnBox
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextExtentPointA
GetTextExtentPoint32W
GetWindowOrgEx
GetTextFaceA
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetPixel
StretchBlt
SetDIBColorTable
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
CloseMetaFile
CreateMetaFileA
DeleteMetaFile
OffsetRgn
GetCurrentObject
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetObjectA
AbortDoc
EndPage
DeleteObject
CreateSolidBrush
CreateFontA
Rectangle
StretchDIBits
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
GetDeviceCaps
GetDIBits
StartDocA
EndDoc
OffsetViewportOrgEx
StartPage

msimg32

TransparentBlt
AlphaBlend

winspool.drv

GetJobA
ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegEnumKeyA
GetFileSecurityA
SetFileSecurityA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegQueryValueA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExW
RegSetValueA
RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA

shell32

SHGetMalloc
SHBrowseForFolderA
DragAcceptFiles
DragQueryFileA
DragFinish
SHGetFileInfoA
SHAddToRecentDocs
ExtractIconA
ShellExecuteExA
SHAppBarMessage
SHGetPathFromIDListA
ShellExecuteA
SHGetDesktopFolder
SHGetSpecialFolderLocation

comctl32

ImageList_ReplaceIcon

shlwapi

PathIsUNCA
PathStripToRootA
PathFindExtensionA
PathFindFileNameA
PathRemoveExtensionA
PathRemoveFileSpecW
PathFileExistsA
StrFormatKBSizeA

uxtheme

GetThemePartSize
GetWindowTheme
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
DrawThemeText
OpenThemeData
CloseThemeData
GetCurrentThemeName
IsAppThemed
GetThemeColor
GetThemeSysColor

ole32

IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleGetClipboard
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
CreateDataAdviseHolder
CreateGenericComposite
CreateItemMoniker
WriteClassStm
OleSaveToStream
CreateOleAdviseHolder
CoLockObjectExternal
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleCreateMenuDescriptor
OleRegEnumVerbs
OleRegGetMiscStatus
CreateStreamOnHGlobal
OleSave
OleSetContainedObject
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
StringFromGUID2
PropVariantCopy
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoCreateGuid
CoCreateInstance
CoInitializeEx
CoUninitialize
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
OleLockRunning
OleGetIconOfClass
GetHGlobalFromILockBytes
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
OleSetMenuDescriptor
OleQueryLinkFromData
OleQueryCreateFromData
OleRun
WriteClassStg

oleaut32

SysAllocStringByteLen
SysAllocStringLen
VariantInit
VariantClear
VariantChangeType
VarDateFromStr
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
SysStringLen
SysReAllocStringLen
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetDim
SysStringByteLen
SafeArrayGetUBound
SystemTimeToVariantTime
SafeArrayLock
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SafeArrayPtrOfIndex
VariantCopy
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
SysFreeString
VarBstrFromDec
VarDecFromStr
OleCreateFontIndirect
SysAllocString
VarUdateFromDate
SafeArrayGetElemsize
VariantTimeToSystemTime
SafeArrayGetLBound

oledlg

ord8

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipDrawImageRectI
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromStreamICM

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 581KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1000KB - Virtual size: 999KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c823c1026b66a46c72c3e32ef69b905

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 581KB - Virtual size: 580KB

.data Size: 32KB - Virtual size: 6.9MB

.gfids Size: 137KB - Virtual size: 136KB

.giats Size: 512B - Virtual size: 28B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1000KB - Virtual size: 999KB

.reloc Size: 199KB - Virtual size: 198KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 581KB - Virtual size: 580KB

.data
Size: 32KB - Virtual size: 6.9MB

.gfids
Size: 137KB - Virtual size: 136KB

.giats
Size: 512B - Virtual size: 28B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1000KB - Virtual size: 999KB

.reloc
Size: 199KB - Virtual size: 198KB