19cd44fcb972b51b52d1270668393c5f1577cef636bb8e262934c69162cfffe5

Sharing

Copy URL Twitter E-mail

General

Target

19cd44fcb972b51b52d1270668393c5f1577cef636bb8e262934c69162cfffe5
Size

3.4MB
MD5

4ca3d9e4f9a8a2290066f60b62fecadc
SHA1

9fb549497c9d4da0fd1f8a694bc8c5f4f6485952
SHA256

19cd44fcb972b51b52d1270668393c5f1577cef636bb8e262934c69162cfffe5
SHA512

e7cea3bc1327a1d06b0fa328aca979beb6705ac639b9885f5d052b06d40273fa1fb70413120341417bb65b256d06d24aad229993d4137eb277908c6fee086c30
SSDEEP

98304:wTqn+RNjESZIU51hbiTXOMxtqQD527BWG:wT5aaIU4XOMxtRVQBWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19cd44fcb972b51b52d1270668393c5f1577cef636bb8e262934c69162cfffe5

Files

19cd44fcb972b51b52d1270668393c5f1577cef636bb8e262934c69162cfffe5
.exe windows:6 windows x86 arch:x86

24af89e6e4db63505b14bcc1635033e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\GaoMan\Apps\GMV15\Out\release\Uninstall.pdb

Imports

kernel32

GetTimeZoneInformation
GetStdHandle
SetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
SetFilePointerEx
FreeLibraryAndExitThread
CreateThread
GetCommandLineA
VirtualQuery
VirtualAlloc
RtlUnwind
GetACP
GetCPInfo
GetStringTypeW
LCMapStringW
OutputDebugStringW
GetDriveTypeW
GetConsoleCP
GetConsoleMode
ExitThread
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
SearchPathW
GetProfileIntW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
FindResourceExW
lstrcpyW
VirtualProtect
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
SetErrorMode
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalGetAtomNameW
InitializeCriticalSectionAndSpinCount
GlobalFindAtomW
EncodePointer
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpW
lstrcmpA
GlobalDeleteAtom
GetCurrentThreadId
GetThreadLocale
LoadLibraryExW
GetModuleHandleA
OutputDebugStringA
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
SetLastError
MulDiv
LoadLibraryW
Sleep
lstrcatW
GetTickCount
FileTimeToSystemTime
DosDateTimeToFileTime
GetFileType
GetProcessHeap
DecodePointer
GetCurrentDirectoryW
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
DuplicateHandle
SetFilePointer
SetFileTime
HeapFree
ResetEvent
SetEvent
ReleaseSemaphore
WaitForMultipleObjects
ResumeThread
InitializeCriticalSection
CreateSemaphoreW
CreateEventW
GetUserDefaultUILanguage
FreeLibrary
LoadLibraryA
SetCurrentDirectoryW
LocalAlloc
lstrcmpiW
GetSystemInfo
GetVersionExW
TerminateProcess
OpenProcess
GetModuleHandleW
GetProcAddress
GetCurrentProcessId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetLocalTime
ExitProcess
GetCurrentThread
SetThreadPriority
GetCurrentProcess
SetPriorityClass
GetTempPathW
GetWindowsDirectoryW
GetSystemDirectoryW
GetCommandLineW
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
FlushFileBuffers
WriteFile
ReadFile
GetFileSize
GlobalSize
InitializeCriticalSectionEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetFileAttributesW
LocalFree
FormatMessageW
FindClose
FindNextFileW
FindFirstFileW
CloseHandle
CreateFileW
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
RemoveDirectoryW
CreateDirectoryW
DeleteFileW
CopyFileW
GetLastError
FreeResource
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
SystemTimeToFileTime
QueryPerformanceCounter
GetModuleHandleExW

user32

OffsetRect
CharNextW
InvalidateRect
KillTimer
SetTimer
DeleteMenu
SystemParametersInfoW
CopyImage
WindowFromPoint
ReleaseCapture
SetCapture
WaitMessage
RealChildWindowFromPoint
GetSysColorBrush
IsDialogMessageW
SetWindowTextW
CheckDlgButton
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetTopWindow
GetClassNameW
GetClassLongW
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetForegroundWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
CopyAcceleratorTableW
GetWindowPlacement
IsChild
IsMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
GetMessageTime
GetSystemMenu
SetParent
PostThreadMessageW
GetMessagePos
RegisterWindowMessageW
DrawFocusRect
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
SetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
NotifyWinEvent
ShowOwnedPopups
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
PeekMessageW
DispatchMessageW
TrackMouseEvent
GetMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
MapDialogRect
SetWindowContextHelpId
IntersectRect
CopyRect
UnhookWindowsHookEx
GetLastActivePopup
MessageBoxW
IsWindowEnabled
GetSysColor
ClientToScreen
EndPaint
BeginPaint
GetDC
TabbedTextOutW
InvalidateRgn
SetRect
IsRectEmpty
GetNextDlgGroupItem
MessageBeep
DestroyIcon
SendDlgItemMessageA
SetRectEmpty
DestroyMenu
GetMenuItemInfoW
GetAsyncKeyState
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
LoadMenuW
GrayStringW
DrawTextExW
CreatePopupMenu
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatW
SetWindowPlacement
GetMenuDefaultItem
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongW
SetWindowRgn
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
SetCursorPos
CopyIcon
PtInRect
GetWindowDC
ReleaseDC
LoadImageW
DrawTextW
SetCaretPos
ShowCaret
CreateCaret
CharPrevW
wvsprintfW
FillRect
wsprintfW
GetWindowThreadProcessId
PostMessageW
SendMessageW
GetSystemMetrics
FrameRect
GetPropW
GetWindow
GetDesktopWindow
IsWindow
GetForegroundWindow
DrawIconEx
ShowWindow
InflateRect
UnregisterClassW
PostQuitMessage
LoadIconW
IsIconic
GetClientRect
DrawIcon
EnableWindow
ScreenToClient
IsZoomed
GetWindowLongW
SetWindowLongW
RegisterClassExW
LoadCursorW
DefWindowProcW
GetParent
MoveWindow
GetWindowRgn
GetWindowRect
DestroyWindow
SetWindowPos
CreateWindowExW
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
LockWindowUpdate
UpdateLayeredWindow
MonitorFromPoint
GetKeyNameTextW
MapVirtualKeyW
TranslateMessage
UnionRect
GetComboBoxInfo
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
CharUpperW
DestroyAcceleratorTable
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
DestroyCursor
SetCursor

gdi32

GetViewportExtEx
GetWindowExtEx
IntersectClipRect
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetTextAlign
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
CreateRectRgnIndirect
GetMapMode
PatBlt
SetRectRgn
DPtoLP
GetStockObject
GetTextColor
GetTextMetricsW
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
GetBkColor
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreatePatternBrush
CreateHatchBrush
CreateBitmap
GetDeviceCaps
CopyMetaFileW
PtInRegion
GetObjectA
CreateCompatibleBitmap
CreateDCW
CombineRgn
CreateRectRgn
CreateSolidBrush
LineTo
MoveToEx
SetROP2
CreatePen
TextOutW
SetBkColor
SetTextColor
SetPixel
GetPixel
SetStretchBltMode
StretchBlt
SetDIBColorTable
DeleteDC
DeleteObject
GetCharABCWidthsW
CreatePenIndirect
BitBlt
CreateCompatibleDC
CreateDIBSection
GetObjectW
GetTextExtentPoint32W
SelectObject
GetRgnBox
SetBkMode

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegEnumKeyExW
RegQueryValueW
RegOpenKeyW
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegQueryInfoKeyW
RegDeleteKeyExW
RegEnumKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW

shell32

DragQueryFileW
SHGetPathFromIDListW
SHBrowseForFolderW
SHChangeNotify
ShellExecuteW
SHGetSpecialFolderPathW
SHAppBarMessage
SHGetDesktopFolder
DragFinish
SHGetSpecialFolderLocation
SHGetFileInfoW
ShellExecuteExW

comctl32

ord17
_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW
StrFormatKBSizeW

uxtheme

GetThemeColor
OpenThemeData
CloseThemeData
DrawThemeText
DrawThemeBackground
GetCurrentThemeName
GetThemePartSize
IsAppThemed
GetWindowTheme
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
DrawThemeParentBackground

ole32

CoLockObjectExternal
CoCreateGuid
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CLSIDFromString
OleGetClipboard
DoDragDrop
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoInitializeEx
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString
SafeArrayDestroy
SysAllocStringLen
VariantInit
VariantClear
VariantChangeType
SysStringLen
SystemTimeToVariantTime
VariantCopy
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
VariantTimeToSystemTime

oledlg

OleUIBusyW

winmm

PlaySoundW

gdiplus

GdipCreateLineBrushI
GdipSetInterpolationMode
GdipFillEllipse
GdipScaleTextureTransform
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromHBITMAP
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdipSetSmoothingMode
GdipDrawImageRectI
GdipDeleteFont
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdipDeleteBrush
GdipCloneBrush
GdipDrawString
GdipCreateBitmapFromFile
GdipCreateFromHDC
GdipLoadImageFromStream
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCreateTexture
GdipSetTextureWrapMode
GdipTranslateTextureTransform

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 411KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 708KB - Virtual size: 712KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

24af89e6e4db63505b14bcc1635033e8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

winmm

gdiplus

imm32

version

oleacc

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 411KB - Virtual size: 410KB

.data Size: 26KB - Virtual size: 54KB

.gfids Size: 106KB - Virtual size: 106KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 386KB - Virtual size: 386KB

.reloc Size: 708KB - Virtual size: 712KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 411KB - Virtual size: 410KB

.data
Size: 26KB - Virtual size: 54KB

.gfids
Size: 106KB - Virtual size: 106KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 386KB - Virtual size: 386KB

.reloc
Size: 708KB - Virtual size: 712KB