ad0f3c2dbd552fb965e09342bb7a2c896a3a6660aabb250f71ebfc7d339e84af

Sharing

Copy URL

Twitter E-mail

General

Target

ad0f3c2dbd552fb965e09342bb7a2c896a3a6660aabb250f71ebfc7d339e84af
Size

4.8MB
MD5

5e62102ab2a9addf049983e4c85a72d4
SHA1

01a625b80baf65857376c0cbaf67ca77f2b2069d
SHA256

ad0f3c2dbd552fb965e09342bb7a2c896a3a6660aabb250f71ebfc7d339e84af
SHA512

0e58352a169e01d497cd23720053c51b2f0542f9b1b0e593119b3468fcc253e9a179ccf148fef4e322fc2894a514106b14cb32e0797151af6e9ef909f0d9e320
SSDEEP

98304:4f4PRNjrLN1vQA3ShFGyMAGqHz5eFny24NAE9bLPF5mLsJUhIOsnLoakfsM/:d5Nj91vQAChEm7eFy2abLP2fhIOsLHGr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad0f3c2dbd552fb965e09342bb7a2c896a3a6660aabb250f71ebfc7d339e84af

Files

ad0f3c2dbd552fb965e09342bb7a2c896a3a6660aabb250f71ebfc7d339e84af
.exe windows:5 windows x86 arch:x86

b88275aa9e12f9643c84e5eafab285cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\Security_group\99安全登陆器\EngSoulDownloader\Release\EngSoulDownloader.pdb

Imports

ws2_32

bind
getpeername
getsockname
getsockopt
ntohs
WSASetLastError
WSAIoctl
accept
htonl
listen
__WSAFDIsSet
getaddrinfo
freeaddrinfo
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
recvfrom
sendto
getnameinfo
WSAGetLastError
send
connect
ioctlsocket
htons
inet_addr
select
socket
gethostbyname
gethostname
setsockopt
WSAStartup
WSACleanup
closesocket
recv
shutdown

advapi32

CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegQueryValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
OpenProcessToken
CreateProcessAsUserW
DuplicateTokenEx
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SetFileSecurityW
RegEnumValueW
RegEnumKeyExW
LookupPrivilegeValueA
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptGenRandom

kernel32

GetUserDefaultLCID
GetCurrentDirectoryW
SetErrorMode
GetWindowsDirectoryW
GetProfileIntW
SearchPathW
WaitForSingleObjectEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetTempFileNameW
lstrcmpiW
DuplicateHandle
GetCurrentProcessId
Sleep
GetPrivateProfileIntW
GetPrivateProfileStringW
LCMapStringW
GetStringTypeW
GetCPInfo
AreFileApisANSI
FindFirstFileA
GetFileAttributesA
GetCurrentDirectoryA
VirtualFree
VirtualAlloc
DosDateTimeToFileTime
FileTimeToDosDateTime
SetConsoleCtrlHandler
FormatMessageA
SetFileAttributesA
RemoveDirectoryA
RemoveDirectoryW
GetTempPathA
GetFileInformationByHandle
ReleaseSemaphore
CreateSemaphoreA
CreateEventA
GetVersionExA
GetProcessAffinityMask
GlobalMemoryStatus
DeviceIoControl
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetCommandLineW
SetFilePointerEx
ExitProcess
SetStdHandle
HeapQueryInformation
VirtualQuery
GetACP
GetConsoleCP
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
FindResourceW
FreeLibrary
GetProcAddress
LoadLibraryW
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FreeResource
WriteFile
FlushFileBuffers
CloseHandle
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
DecodePointer
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
GetOverlappedResult
GetFileSize
ReadFile
SetFilePointer
FindClose
CreateEventW
FindResourceExW
GetDiskFreeSpaceExW
CreateDirectoryW
FindFirstFileW
GetVolumeInformationW
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
GetExitCodeThread
InitializeCriticalSection
SetEvent
WaitForSingleObject
WaitForMultipleObjects
GetTickCount
CreateFileA
DeleteFileA
ResetEvent
GetFileSizeEx
MoveFileA
GetLocalTime
OutputDebugStringW
TerminateThread
OutputDebugStringA
CreateDirectoryA
SetUnhandledExceptionFilter
SetCurrentDirectoryW
GetCurrentProcess
TerminateProcess
GetLogicalDrives
GetSystemInfo
GetLogicalDriveStringsW
WritePrivateProfileStringW
GetDriveTypeW
DeleteFileW
MoveFileW
GetVersionExW
InterlockedExchange
GetCurrentThreadId
GetModuleHandleW
GetTempPathW
SetLastError
FormatMessageW
SleepEx
GetSystemDirectoryW
QueryPerformanceFrequency
QueryPerformanceCounter
MoveFileExW
GetSystemTimeAsFileTime
CompareFileTime
GetEnvironmentVariableA
GetFileType
GetStdHandle
PeekNamedPipe
VerSetConditionMask
VerifyVersionInfoW
GetEnvironmentVariableW
GetConsoleMode
UnlockFile
SetConsoleMode
ReadConsoleA
ReadConsoleW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
FindNextFileW
GetSystemTime
SystemTimeToFileTime
GlobalSize
LocalFree
MulDiv
CopyFileW
EncodePointer
GetModuleHandleA
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
SetThreadPriority
ResumeThread
GetCurrentThread
lstrcmpA
FileTimeToLocalFileTime
GetFileAttributesW
GetFileAttributesExW
GetFileTime
LocalFileTimeToFileTime
SetFileAttributesW
SetFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalGetAtomNameW
GetThreadLocale
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
lstrcpyW
GetFullPathNameW
LockFile
SetEndOfFile

user32

TrackMouseEvent
GetAsyncKeyState
CopyImage
GetMenuItemInfoW
DestroyMenu
RealChildWindowFromPoint
GetSysColorBrush
WindowFromPoint
LoadCursorW
IsRectEmpty
SetWindowRgn
ReleaseCapture
SetCapture
MapDialogRect
SetWindowContextHelpId
SetCursor
ShowOwnedPopups
PostQuitMessage
TranslateMessage
GetMessageW
IntersectRect
InflateRect
OffsetRect
SetRectEmpty
SendDlgItemMessageA
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
LoadMenuW
IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
DestroyIcon
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassLongW
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
CopyAcceleratorTableW
InvalidateRgn
SetRect
ValidateRect
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
DeleteMenu
GetNextDlgGroupItem
MessageBeep
GetMenuDefaultItem
DrawFocusRect
DrawIconEx
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
MapVirtualKeyW
GetKeyNameTextW
SetLayeredWindowAttributes
TrackPopupMenu
LoadImageW
CharUpperW
CharNextW
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
CreatePopupMenu
InsertMenuItemW
UnpackDDElParam
GetScrollInfo
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
EnumDisplayMonitors
SetClassLongW
SetParent
CharPrevExA
CharUpperA
IsChild
IsMenu
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
FillRect
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
GetUserObjectInformationW
GetProcessWindowStation
GetCursorPos
LoadIconW
EnumWindows
PtInRect
DrawIcon
GetSystemMetrics
KillTimer
IsIconic
MessageBoxW
UnregisterClassW
LoadBitmapW
SystemParametersInfoW
AdjustWindowRect
ReleaseDC
SetTimer
SetWindowPos
SetWindowLongW
GetWindowLongW
GetDC
DrawTextW
GetParent
GetWindowRect
GetClientRect
InvalidateRect
EnableWindow
GetWindowThreadProcessId
GetClassNameW
GetWindowTextW
IsWindowEnabled
IsWindowVisible
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
IsZoomed
GetSystemMenu
SetCursorPos
CopyIcon
FrameRect
UnionRect
RegisterClipboardFormatW
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
DestroyCursor
GetWindowRgn
CreateMenu
ReuseDDElParam
PostMessageW
SendMessageW

gdi32

GetTextFaceW
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
OffsetRgn
Rectangle
CreateRoundRectRgn
Polyline
CreatePolygonRgn
StretchBlt
SetPixel
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
GetRgnBox
GetTextColor
GetBkColor
GetTextMetricsW
GetTextExtentPoint32W
LPtoDP
Ellipse
CreateEllipticRgn
DPtoLP
SetRectRgn
PatBlt
GetMapMode
CreateRectRgnIndirect
CombineRgn
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetTextAlign
SetTextColor
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
Polygon
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateBitmap
GetDeviceCaps
CreateDCW
CopyMetaFileW
GetObjectW
SetDIBColorTable
CreateFontIndirectW
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetClipBox

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

shell32

ShellExecuteW
SHGetDesktopFolder
DragQueryFileW
SHGetFileInfoW
SHGetSpecialFolderLocation
Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
SHAppBarMessage
DragFinish

comctl32

InitCommonControlsEx

shlwapi

PathRemoveFileSpecW
StrFormatKBSizeW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW

uxtheme

GetThemeSysColor
GetWindowTheme
IsAppThemed
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
DrawThemeParentBackground
DrawThemeText

ole32

CoInitialize
CreateStreamOnHGlobal
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
CoRegisterMessageFilter
CoRevokeClassObject
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CoInitializeEx
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
OleDraw
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoUninitialize

oleaut32

VarBstrFromDate
VariantCopy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayDestroy
SafeArrayCreate
VariantTimeToSystemTime
OleCreateFontIndirect
SysStringLen
LoadTypeLi
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
SysAllocString
SystemTimeToVariantTime

oledlg

OleUIBusyW

gdiplus

GdipSetInterpolationMode
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdiplusShutdown
GdipDrawImageRectI
GdipDrawImageRectRect
GdipReleaseDC
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipFree
GdipAlloc

dbghelp

MiniDumpWriteDump

iphlpapi

GetAdaptersInfo

winmm

PlaySoundW
timeKillEvent
timeSetEvent

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

wldap32

ord167
ord127
ord142
ord27
ord26
ord79
ord133
ord147
ord117
ord41
ord208
ord216
ord14
ord46
ord219
ord301
ord145

crypt32

CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore
CertOpenSystemStoreW

Exports

Exports

NN_Down_n1
NN_Down_nn
NN_Stop
New_Stop

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 917KB - Virtual size: 916KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 1021KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b88275aa9e12f9643c84e5eafab285cb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

advapi32

kernel32

user32

gdi32

msimg32

winspool.drv

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

dbghelp

iphlpapi

winmm

oleacc

imm32

wldap32

crypt32

Exports

Exports

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 917KB - Virtual size: 916KB

.data Size: 50KB - Virtual size: 1021KB

.gfids Size: 107KB - Virtual size: 106KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 227KB - Virtual size: 227KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 917KB - Virtual size: 916KB

.data
Size: 50KB - Virtual size: 1021KB

.gfids
Size: 107KB - Virtual size: 106KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 227KB - Virtual size: 227KB