2ae01a6926bf844ea86d9e6c8f9e1d445f2ce31f5f5adefefb5c6f47074476d0

Sharing

Copy URL

Twitter E-mail

General

Target

2ae01a6926bf844ea86d9e6c8f9e1d445f2ce31f5f5adefefb5c6f47074476d0
Size

700KB
MD5

9cc78fd92f888ad421565102e0a647a8
SHA1

f9df5db4185870fd50a5fb7132049bbcd1487125
SHA256

2ae01a6926bf844ea86d9e6c8f9e1d445f2ce31f5f5adefefb5c6f47074476d0
SHA512

168cb2f00a3ac0576fb6cefd44d6dc86eaa9982aec42c925de09e0133dfece42aec2d9a49e1402a15cb5a21605258eb58a0d3d7c1dcade1378034ab9c93e13dc
SSDEEP

12288:VRSFhnvJTjAPC37ov8gTxTAyBzq8NZOOeVTkeE:VgnFu8kFAPVTkj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ae01a6926bf844ea86d9e6c8f9e1d445f2ce31f5f5adefefb5c6f47074476d0

Files

2ae01a6926bf844ea86d9e6c8f9e1d445f2ce31f5f5adefefb5c6f47074476d0
.dll windows:4 windows x86 arch:x86

6e021d9d84e9ec1b9abd20a1539509d2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\jk_9\workspace\Module_NPAPI_W_WebPages_package\code_path\Main\Bin\Win32\Win_x86_32\pdb\ScenicSpot.pdb

Imports

shlwapi

PathIsUNCA
PathStripToRootA
PathRemoveExtensionA
PathFindExtensionA
PathFindFileNameA

kernel32

FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GetShortPathNameA
CreateFileA
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileAttributesA
GetFileTime
CreateMutexA
ReleaseMutex
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoW
GetCurrentProcess
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetACP
GetStdHandle
Sleep
VirtualFree
HeapCreate
HeapDestroy
FatalAppExitA
ExitProcess
HeapSize
CreateThread
ExitThread
RtlUnwind
RaiseException
GetProcessHeap
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapFree
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapAlloc
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
MoveFileA
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
SystemTimeToFileTime
FileTimeToSystemTime
GetThreadLocale
GetAtomNameA
GetOEMCP
GetCPInfo
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GlobalFlags
lstrcmpA
InterlockedIncrement
SetErrorMode
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
CloseHandle
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
GetModuleFileNameA
InterlockedDecrement
GetModuleFileNameW
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
LoadLibraryA
lstrcmpW
GetProcAddress
GetVersionExA
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
SetLastError
SizeofResource
LockResource
LoadResource
FindResourceA
IsDBCSLeadByte
GetModuleHandleA
OutputDebugStringA
MultiByteToWideChar
lstrcmpiW
CompareStringW
GetEnvironmentVariableA
lstrcmpiA
GetEnvironmentVariableW
GetStringTypeExW
InterlockedExchange
lstrlenA
GetStringTypeExA
CompareStringA
lstrlenW
GetVersion
GetLastError
WideCharToMultiByte
GetTimeZoneInformation
InterlockedCompareExchange

user32

DestroyIcon
DeleteMenu
ShowOwnedPopups
GetDialogBaseUnits
PostQuitMessage
DestroyMenu
GetMenuItemInfoA
LoadCursorA
GetSysColorBrush
UnregisterClassA
GetMessageA
ValidateRect
GetWindowThreadProcessId
InflateRect
MapVirtualKeyA
GetKeyNameTextA
EndPaint
BeginPaint
GetWindowDC
GrayStringA
TabbedTextOutA
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CharLowerA
CharLowerW
CharUpperW
CharUpperA
DrawTextA
GetClientRect
CheckMenuItem
GetActiveWindow
CreateDialogIndirectParamA
IsWindowEnabled
GetNextDlgTabItem
EndDialog
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
FillRect
RedrawWindow
ReleaseDC
EnableWindow
SendMessageA
GetWindowRect
GetDC
IsWindowVisible
LoadBitmapA
InvalidateRect
WindowFromPoint
ReleaseCapture
DrawEdge
SetCursor
ClientToScreen
LoadImageA
DestroyCursor
DrawFocusRect
GetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetMenu
PostMessageA
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetParent
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
PtInRect
SetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
CopyRect
TranslateMessage
GetDesktopWindow
GetSysColor
GetCapture
GetCursorPos
SetWindowRgn
DrawTextExA

gdi32

ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
CreateDIBPatternBrushPt
PtVisible
CreatePatternBrush
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
CreateFontIndirectA
SetRectRgn
GetMapMode
DPtoLP
GetTextExtentPoint32A
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
SetMapperFlags
SetArcDirection
SetColorAdjustment
GetClipRgn
StartDocA
GetWindowExtEx
DeleteObject
SetTextColor
CreateSolidBrush
CreateFontA
SelectObject
BitBlt
SetBkColor
CreateBitmap
CreateCompatibleDC
ExtTextOutA
SelectClipRgn
CreateCompatibleBitmap
GetObjectA
GetPixel
CreateRectRgn
StretchBlt
GetTextMetricsA
CombineRgn
GetStockObject
DeleteDC
GetDeviceCaps
CopyMetaFileA
CreateDCA
GetDCOrgEx
GetClipBox
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
LineTo
SelectClipPath
GetViewportExtEx
MoveToEx
SetTextAlign
SetTextJustification
SetTextCharacterExtra
RectVisible

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comdlg32

GetFileTitleA

advapi32

RegDeleteValueA
RegSetValueA
RegCreateKeyA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA

shell32

ExtractIconA
SHGetFileInfoA

ole32

ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
CoTaskMemAlloc
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CoDisconnectObject
OleDuplicateData
CoCreateInstance
StringFromGUID2
CLSIDFromString
ReadFmtUserTypeStg

oleaut32

VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy
VariantClear
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
VarBstrFromDate
SafeArrayAllocData

comctl32

_TrackMouseEvent

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

Exports

Exports

CheckModule
ClearModule
InitModule
LoadImplObjects

Sections

.text
Size: 512KB - Virtual size: 509KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e021d9d84e9ec1b9abd20a1539509d2

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

oleacc

Exports

Exports

Sections

.text Size: 512KB - Virtual size: 509KB

.rdata Size: 108KB - Virtual size: 104KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 24KB - Virtual size: 21KB

.reloc Size: 36KB - Virtual size: 33KB

.text
Size: 512KB - Virtual size: 509KB

.rdata
Size: 108KB - Virtual size: 104KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 24KB - Virtual size: 21KB

.reloc
Size: 36KB - Virtual size: 33KB