56d47c632d7183a1162a9d8aa527048a73f9affaf804380384d0d1219a1fa10e

Sharing

Copy URL Twitter E-mail

General

Target

56d47c632d7183a1162a9d8aa527048a73f9affaf804380384d0d1219a1fa10e
Size

992KB
MD5

400aed7f00a234dfcc61e8b4d66ba281
SHA1

1561dee93b2331d083f029f707b187e99a2b559d
SHA256

56d47c632d7183a1162a9d8aa527048a73f9affaf804380384d0d1219a1fa10e
SHA512

f6bb5d5519cb1c6c9fac0dffe346c8e633d0edf9831a4393aa31edfb7315e80a6cbc4eee17f552789510ea4caefd23a90957312d21e218b61f0e948f9769038c
SSDEEP

24576:pjKmmfNa246N0dgUvk5T5TENSIbGbsv/bZ48Jb/Jrs:V/mfk2JNSPvk5T5Tbb8bB4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56d47c632d7183a1162a9d8aa527048a73f9affaf804380384d0d1219a1fa10e

Files

56d47c632d7183a1162a9d8aa527048a73f9affaf804380384d0d1219a1fa10e
.exe windows:4 windows x86 arch:x86

a471f3e467bb1cdfc586c72aec7e2fdc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\kisengine_git\kisengine_git\product\win32\dbginfo\kinstuiofficial.pdb

Imports

kernel32

InterlockedCompareExchange
GetSystemInfo
GetTempFileNameW
GetLogicalDriveStringsW
CopyFileW
GetTempPathW
GetCurrentDirectoryW
MoveFileW
SetCurrentDirectoryW
QueryDosDeviceW
SetEndOfFile
FlushFileBuffers
GetSystemTimeAsFileTime
FileTimeToSystemTime
InitializeCriticalSectionAndSpinCount
FileTimeToLocalFileTime
GetUserDefaultLangID
GetComputerNameA
GetSystemDirectoryW
GetStdHandle
WaitForMultipleObjects
VirtualFree
VirtualAlloc
SetEvent
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
CreateEventW
lstrcpyW
lstrcatW
SetFileAttributesW
DeviceIoControl
CreateFileA
LoadLibraryA
OpenMutexW
OpenEventW
OpenSemaphoreW
GetCurrentProcessId
ExpandEnvironmentStringsW
CreateProcessW
GetSystemTime
SetUnhandledExceptionFilter
FormatMessageA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetFullPathNameA
GetDriveTypeA
GetCurrentDirectoryA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
GetModuleFileNameA
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetCPInfo
LCMapStringW
LCMapStringA
ExitProcess
RtlUnwind
GetStartupInfoW
VirtualQuery
GetModuleHandleA
VirtualProtect
GetFileType
SetStdHandle
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
ProcessIdToSessionId
LocalFree
LocalAlloc
OpenProcess
RemoveDirectoryW
FindClose
CreateDirectoryW
GetFileAttributesW
WriteFile
GetTickCount
SetFilePointer
GetCurrentThread
SetThreadPriority
LoadLibraryExW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
DeleteCriticalSection
MapViewOfFileEx
MapViewOfFile
CreateFileMappingW
CreateThread
UnmapViewOfFile
TerminateThread
MoveFileExW
Sleep
GetDiskFreeSpaceExW
GetDriveTypeW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WaitForSingleObject
DeleteFileW
GetPrivateProfileIntW
RaiseException
SetLastError
FlushInstructionCache
InterlockedExchange
GetPrivateProfileStringW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetWindowsDirectoryW
FreeResource
CreateFileW
GetFileSize
ReadFile
GetCurrentThreadId
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetVersionExW
OutputDebugStringW
GetLocalTime
GetModuleFileNameW
FreeLibrary
LoadLibraryW
CloseHandle
GetLastError
GetCurrentProcess
GetModuleHandleW
SleepEx
FindFirstFileA

user32

LoadBitmapW
CharNextW
UpdateWindow
BringWindowToTop
FindWindowExW
DefWindowProcW
FindWindowW
SendMessageW
LoadCursorW
SetWindowLongW
SetCursor
InflateRect
PtInRect
RegisterWindowMessageW
UnregisterClassA
CreateWindowExW
CharUpperW
UpdateLayeredWindow
ShowWindow
ReleaseDC
GetWindowTextW
SetTimer
DrawIconEx
DestroyIcon
DrawFrameControl
KillTimer
IntersectRect
IsRectEmpty
EqualRect
DrawTextW
CharLowerW
IsWindow
IsWindowVisible
SetForegroundWindow
LoadImageW
LoadIconW
DestroyWindow
CallWindowProcW
GetClassInfoExW
PostThreadMessageW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetDlgCtrlID
PostMessageW
GetActiveWindow
GetDesktopWindow
IsWindowEnabled
EnableWindow
GetWindowThreadProcessId
GetForegroundWindow
SystemParametersInfoW
SetWindowPos
AttachThreadInput
SetActiveWindow
GetFocus
IsChild
GetParent
IsDialogMessageW
ClientToScreen
OffsetRect
CopyRect
GetWindow
GetWindowRect
GetWindowLongW
GetClientRect
MapWindowPoints
GetDlgItem
BeginPaint
EndPaint
MonitorFromWindow
GetMonitorInfoW
SetCapture
ReleaseCapture
GetCursorPos
SetFocus
GetNextDlgTabItem
ScreenToClient
MoveWindow
GetKeyState
WindowFromPoint
GetScrollPos
GetDC
InvalidateRect
SetRect
SetWindowTextW
RegisterClassExW
GetSystemMetrics
GetWindowTextLengthW
SetWindowRgn
SetRectEmpty

gdi32

TextOutW
GetTextColor
SelectClipRgn
SetBkMode
GetCurrentObject
GetClipRgn
RestoreDC
OffsetRgn
ExtSelectClipRgn
CombineRgn
CreateRectRgn
GetViewportOrgEx
SaveDC
RectInRegion
LineTo
MoveToEx
CreatePen
GetTextExtentPoint32W
SelectObject
SetViewportOrgEx
DeleteObject
SetTextColor
StretchBlt
CreateBitmap
CreateCompatibleBitmap
BitBlt
SetBkColor
ExtTextOutW
CreateRoundRectRgn
CreateRectRgnIndirect
GetStockObject
GetObjectW
DeleteDC
CreateCompatibleDC
CreateDIBSection
GetDeviceCaps
Rectangle
SetStretchBltMode
GetTextMetricsW
CreateFontW
RoundRect
CreateFontIndirectW

advapi32

RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW

shell32

SHGetSpecialFolderPathW
SHFileOperationW
SHGetFolderPathW
Shell_NotifyIconW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW

ole32

CoUninitialize
CoSetProxyBlanket
CoCreateGuid
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CreateStreamOnHGlobal
CoInitializeEx

oleaut32

SysFreeString
VarUI4FromStr
SysStringLen
VariantInit
VariantCopy
VariantClear
SysAllocString

shlwapi

PathFileExistsW
PathAppendW
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW
PathAddBackslashW
StrToIntW
StrToIntA

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipGetImagePixelFormat
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdipCloneBitmapArea
GdipCreateBitmapFromHBITMAP
GdipFree
GdipBitmapUnlockBits
GdipImageRotateFlip
GdipDrawImagePointsRectI
GdipLoadImageFromStream
GdipPrivateAddFontFile
GdipGetFontCollectionFamilyCount
GdipAlloc
GdipGetFontCollectionFamilyList
GdipDeleteFontFamily
GdipNewPrivateFontCollection
GdipBitmapLockBits
GdipDeletePrivateFontCollection
GdipCloneFontFamily
GdipDrawLinesI
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateSolidFill
GdipFillRectangleI
GdipCreatePen1
GdiplusShutdown
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushI
GdiplusStartup
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipMeasureString
GdipFillRectangle
GdipDeleteFont
GdipCreateFont
GdipCreateFontFromLogfontW
GdipSetStringFormatLineAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipCloneImage
GdipLoadImageFromFile
GdipDisposeImage
GdipGetImageHeight
GdipGetImageWidth
GdipSetInterpolationMode
GdipDrawImageRectI
GdipSetTextRenderingHint
GdipSetCompositingQuality
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipSetPixelOffsetMode
GdipGetFamily
GdipAddPathStringI
GdipGetFontSize
GdipFillPath
GdipGraphicsClear
GdipDrawImageI
GdipAddPathRectangleI
GdipSetPenDashStyle
GdipAddPathPieI
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetClipPath
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipResetWorldTransform
GdipDrawPath
GdipClosePathFigure
GdipAddPathArcI
GdipDeletePath
GdipCreatePath
GdipDrawRectangleI
GdipDrawLine
GdipSetSmoothingMode
GdipSetPenMode
GdipSetPenStartCap
GdipSetPenEndCap
GdipDeletePen
GdipSetStringFormatAlign

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

rasapi32

RasEnumConnectionsW

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile
GetAdaptersInfo

Sections

.text
Size: 768KB - Virtual size: 766KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 668KB - Virtual size: 667KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a471f3e467bb1cdfc586c72aec7e2fdc

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

wtsapi32

psapi

version

rasapi32

iphlpapi

Sections

.text Size: 768KB - Virtual size: 766KB

.rdata Size: 160KB - Virtual size: 159KB

.data Size: 28KB - Virtual size: 46KB

.rsrc Size: 668KB - Virtual size: 667KB

.text
Size: 768KB - Virtual size: 766KB

.rdata
Size: 160KB - Virtual size: 159KB

.data
Size: 28KB - Virtual size: 46KB

.rsrc
Size: 668KB - Virtual size: 667KB