f98e3c1a66ae0887d9d0c61666f5136001605ee96fd5b7d7c3042e86e8843a7f

Sharing

Copy URL Twitter E-mail

General

Target

f98e3c1a66ae0887d9d0c61666f5136001605ee96fd5b7d7c3042e86e8843a7f
Size

1.8MB
MD5

168dd8c382ca8a7edfe145ce768bd747
SHA1

8b396bfa30f62823e6b84d5b7d79864aa3ce077c
SHA256

f98e3c1a66ae0887d9d0c61666f5136001605ee96fd5b7d7c3042e86e8843a7f
SHA512

b0980d75ffe9dc94232751c096ee556903403388b0ddaff6bcc8e28fb97000711106f167339a5d97881629fb6794c8b01edf1648ee0e6c26d26650cbf310cdeb
SSDEEP

49152:nNL8fQkrpTnKqixsjOJ8FWjBU1FZPXtP8Cp1U6qk:nNL8okJK5xsiJ8FWjBU1FZPdP8Cp17

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f98e3c1a66ae0887d9d0c61666f5136001605ee96fd5b7d7c3042e86e8843a7f

Files

f98e3c1a66ae0887d9d0c61666f5136001605ee96fd5b7d7c3042e86e8843a7f
.dll windows:5 windows x86 arch:x86

9d42541777756f9b5493b5a8996f383a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\aliyunClientCode\Bin\Win32\Release\waitingAdvertising.pdb

Imports

common

?instance@CThreadPool@@SAPAV1@XZ
?removeTask@CThreadPool@@QAE_NI@Z

kernel32

SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindFirstFileExA
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetTimeZoneInformation
GetDriveTypeW
GetStdHandle
LCMapStringW
CompareStringW
ExitProcess
GetFileType
SetStdHandle
QueryPerformanceFrequency
GetCommandLineW
GetCommandLineA
HeapQueryInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualQuery
VirtualAlloc
GetSystemInfo
InterlockedFlushSList
RtlUnwind
OutputDebugStringW
GetCurrentDirectoryW
WriteConsoleW
HeapFree
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
SizeofResource
LockResource
lstrcmpA
LoadResource
FindResourceW
GetModuleFileNameA
InterlockedExchange
MultiByteToWideChar
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
LocalFree
MulDiv
FormatMessageA
CopyFileA
SetLastError
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindNextFileA
GetModuleHandleA
GetProcAddress
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
OutputDebugStringA
FreeResource
GetModuleFileNameW
GetModuleHandleW
LoadLibraryW
FindResourceA
ReleaseMutex
CreateMutexA
EncodePointer
GetCurrentThreadId
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
LoadLibraryA
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomA
GlobalFindAtomA
GlobalGetAtomNameA
CompareStringA
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GetCurrentProcessId
CreateFileW
GetACP
CloseHandle
SetEvent
WaitForSingleObject
SetThreadPriority
ResumeThread
GlobalFlags
GetVersionExA
GetUserDefaultUILanguage
VirtualProtect
GetOEMCP
GetCPInfo
lstrcpyA
CreateFileA
FlushFileBuffers
GetFileSize
GetFullPathNameA
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
DuplicateHandle
GetCurrentProcess
lstrcmpiA
GetVolumeInformationA
GetWindowsDirectoryA
GetCurrentDirectoryA
FindResourceExW
VerSetConditionMask
VerifyVersionInfoA
GetFileAttributesA
GetFileAttributesExA
GetFileSizeEx
GetFileTime
GetTempPathA
GetTickCount
GetProfileIntA
SearchPathA
Sleep
GetTempFileNameA
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead

user32

MapVirtualKeyA
NotifyWinEvent
LoadCursorW
InvertRect
HideCaret
EnableScrollBar
MessageBeep
GetIconInfo
DrawIconEx
LoadImageA
IsRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
KillTimer
DeleteMenu
SetCursor
ShowOwnedPopups
GetMenuDefaultItem
CreatePopupMenu
CharUpperA
IntersectRect
LoadImageW
DestroyIcon
InvalidateRect
TrackMouseEvent
MapDialogRect
GetAsyncKeyState
PostQuitMessage
CopyImage
RealChildWindowFromPoint
GetCursorPos
TranslateMessage
GetMessageA
GetWindowThreadProcessId
LoadCursorA
GetSysColorBrush
FillRect
ClientToScreen
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
SystemParametersInfoA
InflateRect
GetMenuItemInfoA
DestroyMenu
OffsetRect
SetRectEmpty
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconW
LoadIconA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongA
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxA
AdjustWindowRectEx
RemovePropA
GetPropA
SetPropA
SetLayeredWindowAttributes
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
IsWindowVisible
EndDeferWindowPos
EnumDisplayMonitors
SetClassLongA
SetWindowRgn
GetClientRect
DrawIcon
GetWindowRect
GetDC
ReleaseDC
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
PostMessageA
GetMessageTime
GetMessagePos
PeekMessageA
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateA
DrawEdge
DrawFrameControl
IsZoomed
LoadMenuW
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
UnionRect
UpdateLayeredWindow
MonitorFromPoint
LoadAcceleratorsA
TranslateAcceleratorA
GetKeyboardLayout
LoadMenuA
InsertMenuItemA
GetKeyNameTextA
GetMenuStringA
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuA
RemoveMenu
IsWindow
ShowWindow
MoveWindow
SetWindowPos
GetDlgItem
CheckDlgButton
SendDlgItemMessageA
GetDlgCtrlID
SetFocus
GetFocus
IsWindowEnabled
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
GetWindowLongA
SetWindowLongA
GetParent
GetWindow
IsDialogMessageA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetActiveWindow
SetActiveWindow
GetDesktopWindow
RegisterWindowMessageA
DispatchMessageA
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageA
WaitMessage
EnableWindow
GetSystemMenu
AppendMenuA
SetTimer
IsIconic
GetSystemMetrics
DestroyCursor
GetWindowRgn
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffA
RegisterClipboardFormatA
ModifyMenuA
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
SetRect
CopyAcceleratorTableA
DestroyAcceleratorTable
CreateAcceleratorTableA
LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
ShowScrollBar
SendMessageA

gdi32

GetTextFaceA
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
OffsetRgn
GetRgnBox
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetPixel
GetTextCharsetInfo
EnumFontFamiliesA
CreateDIBitmap
CreateCompatibleBitmap
GetBkColor
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExA
DPtoLP
SetRectRgn
PatBlt
CreateRectRgnIndirect
CombineRgn
GetTextMetricsA
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
TextOutA
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
ExtTextOutA
GetTextExtentPoint32A
CreateFontIndirectA
BitBlt
CreateBitmap
SetTextColor
SetBkColor
GetDeviceCaps
CreateDCA
CopyMetaFileA
GetDIBColorTable
StretchBlt
SetStretchBltMode
CreateDIBSection
GetObjectA
CreateCompatibleDC
SetDIBColorTable
SelectObject
DeleteObject
DeleteDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHAppBarMessage
DragFinish
DragQueryFileA
SHBrowseForFolderA
ShellExecuteA

shlwapi

PathIsDirectoryA
PathFileExistsA
PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecW
PathStripToRootA
StrFormatKBSizeA
PathIsUNCA

uxtheme

GetThemePartSize
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetWindowTheme
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName

ole32

OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CreateStreamOnHGlobal
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
LoadTypeLi
VariantCopy
VarBstrFromDate
SysAllocString
SysAllocStringByteLen
VariantChangeType
VariantClear
VariantInit
SysFreeString

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromStream
GdiplusStartup
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundA

Exports

Exports

??0ICwaitingAdvertisingApp@@QAE@$$QAV0@@Z
??0ICwaitingAdvertisingApp@@QAE@ABV0@@Z
??0ICwaitingAdvertisingApp@@QAE@XZ
??4ICwaitingAdvertisingApp@@QAEAAV0@$$QAV0@@Z
??4ICwaitingAdvertisingApp@@QAEAAV0@ABV0@@Z
??_7ICwaitingAdvertisingApp@@6B@
?instance@ICwaitingAdvertisingApp@@SAPAV1@XZ

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d42541777756f9b5493b5a8996f383a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

common

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

oleacc

imm32

winmm

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 292KB - Virtual size: 291KB

.data Size: 20KB - Virtual size: 36KB

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 129KB - Virtual size: 129KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 292KB - Virtual size: 291KB

.data
Size: 20KB - Virtual size: 36KB

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 129KB - Virtual size: 129KB