980ff245d3deea3b03228b725fe83f930bc15422f6948b4cd5afc8b507048f28

Sharing

Copy URL

Twitter E-mail

General

Target

980ff245d3deea3b03228b725fe83f930bc15422f6948b4cd5afc8b507048f28
Size

2.5MB
MD5

dc8b5b049f795783b2d7704debfb9d1c
SHA1

317f05a07c070dc7b6cd7f27295bbe973abadb64
SHA256

980ff245d3deea3b03228b725fe83f930bc15422f6948b4cd5afc8b507048f28
SHA512

b21105498da54bd98782981c8d9dcd84a6f5c603c2bd2a887007c685781873dce71708dc899bd1853edef483ac6498c1e18edcd5480adec961a5f300cdff9a7a
SSDEEP

49152:0oOxiW3Gg3lYeP3q/8tEQu4D/SXdeBJjDreaIomatA2nLpmIu2Yp7+lumK:0p4W3Gg33aUCcDS8zjDrewLpR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
980ff245d3deea3b03228b725fe83f930bc15422f6948b4cd5afc8b507048f28

Files

980ff245d3deea3b03228b725fe83f930bc15422f6948b4cd5afc8b507048f28
.exe windows:5 windows x86 arch:x86

5568045937935b9faba1c97ba046327f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\178网关源码-v2.0.3\Release\PayClient.pdb

Imports

ws2_32

recvfrom
sendto
getaddrinfo
freeaddrinfo
WSAIoctl
WSASetLastError
getsockname
ntohs
getsockopt
gethostname
WSACleanup
__WSAFDIsSet
accept
bind
closesocket
select
listen
WSAStartup
getpeername
send
socket
connect
inet_ntoa
recv
htons
ioctlsocket
setsockopt
WSAGetLastError

kernel32

EnterCriticalSection
LeaveCriticalSection
GlobalAlloc
GetLocalTime
GlobalLock
SetErrorMode
GetCurrentThreadId
SetUnhandledExceptionFilter
TryEnterCriticalSection
CreateProcessA
GetCurrentProcessId
FindResourceW
FindResourceExW
CreateToolhelp32Snapshot
Module32First
lstrlenA
Module32Next
GetCurrentProcess
GetFileSize
Sleep
CreateDirectoryA
RemoveDirectoryA
LoadResource
DeleteFileA
LockResource
GetFileAttributesA
FreeResource
FindClose
FindResourceA
FindFirstFileA
SizeofResource
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetStdHandle
GetCurrentDirectoryW
CloseHandle
CreateFileA
WaitForSingleObject
WideCharToMultiByte
MultiByteToWideChar
AreFileApisANSI
GetModuleFileNameA
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetDriveTypeW
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
InitializeCriticalSection
GetFileAttributesW
QueryPerformanceFrequency
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindFirstFileExW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
PeekNamedPipe
WaitForMultipleObjects
GetStdHandle
ExpandEnvironmentStringsA
VerSetConditionMask
GetSystemDirectoryA
VerifyVersionInfoA
FormatMessageW
SetLastError
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
EncodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
IsDebuggerPresent
OutputDebugStringW
LoadLibraryA
GetModuleHandleA
GetCurrentDirectoryA
GetACP
ReadFile
MulDiv
GetFileType
WriteFile
SetFilePointer
SetFileTime
DuplicateHandle
SystemTimeToFileTime
DosDateTimeToFileTime
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
ReleaseSemaphore
SetEvent
ResetEvent
CreateSemaphoreA
HeapCreate
GetFullPathNameW
InterlockedCompareExchange
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
CreateFileW
SleepEx
GetVersionExW
UnmapViewOfFile
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesExW
FlushViewOfFile
WaitForSingleObjectEx
GetVersionExA
DeleteFileW
GetSystemInfo
LoadLibraryW
HeapCompact
UnlockFile
CreateFileMappingA
LocalFree
LockFileEx
FreeLibrary
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
FlushFileBuffers

user32

SendMessageA
PostMessageA
KillTimer
SetTimer
SetWindowRgn
GetWindowRect
PtInRect
GetClientRect
ReleaseDC
SetForegroundWindow
GetParent
ScreenToClient
InvalidateRgn
CreateAcceleratorTableA
MoveWindow
GetSysColor
SetCaretPos
ShowCaret
IsIconic
MessageBoxA
EnableWindow
SetWindowLongA
DestroyIcon
LoadIconA
GetGUIThreadInfo
GetWindowLongA
GetCursorPos
HideCaret
GetDC
IsWindowVisible
SetWindowPos
MonitorFromWindow
GetSystemMetrics
ShowWindow
ClientToScreen
GetMonitorInfoA
SetFocus
IsZoomed
UpdateLayeredWindow
PostQuitMessage
GetMessageA
TranslateMessage
DispatchMessageA
CreateWindowExA
IsWindow
DestroyWindow
CharNextA
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
MapWindowPoints
IntersectRect
UnionRect
IsRectEmpty
GetWindow
wvsprintfA
SetCursor
OffsetRect
LoadCursorA
DefWindowProcA
CallWindowProcA
RegisterClassA
RegisterClassExA
GetClassInfoExA
SetPropA
GetPropA
LoadImageA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
GetCaretBlinkTime
GetCaretPos
FindWindowA
CharPrevA
DrawTextA
FillRect
SetRect
CreateCaret

gdi32

ExtSelectClipRgn
GetClipBox
LineTo
SetStretchBltMode
StretchBlt
GetTextExtentPoint32A
SelectClipRgn
MoveToEx
TextOutA
ExtTextOutA
GdiFlush
GetDeviceCaps
RoundRect
SetBkColor
GetCharABCWidthsA
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
CreateRoundRectRgn
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateFontIndirectA
CreatePen
GetStockObject
Rectangle
RestoreDC
SaveDC
GetTextMetricsA
GetObjectA
SetWindowOrgEx
CreatePatternBrush
CreateSolidBrush
SetBkMode
SetTextColor
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect

advapi32

RegOpenKeyExA
CryptDestroyKey
CryptAcquireContextA
CryptEncrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptImportKey
CryptGetHashParam
CryptReleaseContext
OpenProcessToken
RegSetValueExA
LookupPrivilegeValueA
RegCloseKey
AdjustTokenPrivileges
RegDeleteValueA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
Shell_NotifyIconA

ole32

CoUninitialize
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleLockRunning
CLSIDFromProgID
CoInitialize

shlwapi

PathFileExistsA
PathIsDirectoryA

dbghelp

MiniDumpWriteDump

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

comctl32

_TrackMouseEvent
ord17

imm32

ImmReleaseContext
ImmSetCompositionFontA
ImmSetCompositionWindow
ImmGetContext

wldap32

ord32
ord35
ord30
ord50
ord143
ord60
ord41
ord33
ord79
ord200
ord211
ord301
ord22
ord46
ord26
ord27

oleaut32

SysFreeString
SysAllocString
VariantInit
SysAllocStringLen
VariantClear

gdiplus

GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipSetPixelOffsetMode
GdipImageSelectActiveFrame
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushI
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipLoadImageFromStreamICM
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipGraphicsClear
GdipDrawImage
GdipDrawImageRectI
GdipDeleteFontFamily
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFamily
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipLoadImageFromStream
GdipGetImageWidth

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_version
curl_version_info

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5568045937935b9faba1c97ba046327f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

dbghelp

version

comctl32

imm32

wldap32

oleaut32

gdiplus

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 282KB - Virtual size: 282KB

.data Size: 20KB - Virtual size: 29KB

.rsrc Size: 152KB - Virtual size: 151KB

.reloc Size: 85KB - Virtual size: 84KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 282KB - Virtual size: 282KB

.data
Size: 20KB - Virtual size: 29KB

.rsrc
Size: 152KB - Virtual size: 151KB

.reloc
Size: 85KB - Virtual size: 84KB