b0cedc7addbe13fd8d6e0cd9815801a2b3b721fbf034829e8fddf2a788e3d9d8

Sharing

Copy URL Twitter E-mail

General

Target

b0cedc7addbe13fd8d6e0cd9815801a2b3b721fbf034829e8fddf2a788e3d9d8
Size

3.6MB
MD5

1d52f495624a8d50cf1d4fe0826ea0fe
SHA1

ef30e8dfff883094341baa5613f046edea0cf511
SHA256

b0cedc7addbe13fd8d6e0cd9815801a2b3b721fbf034829e8fddf2a788e3d9d8
SHA512

7a31de0d9dc16bd8763ae7d6956b60940f1d02450635e3fb6963012c129625e4cfddeaadadb331597a736caa91f97f5eeccd7253b4317bf79bd9f9ed71a0bdce
SSDEEP

98304:6JTvHMIxaTV2XL0aBI4MGUKxorU/x5sQu3EtIabhRoFLOAkGkzdnEVomFHKnPN:62TPrU/xKQubabroFLOyomFHKnPN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0cedc7addbe13fd8d6e0cd9815801a2b3b721fbf034829e8fddf2a788e3d9d8

Files

b0cedc7addbe13fd8d6e0cd9815801a2b3b721fbf034829e8fddf2a788e3d9d8
.exe windows:5 windows x86 arch:x86

aed1646a8f795bfb0b37d67bf74b5e3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\workspace\xianling\tools\Lwsj\Release\Lwsj_vn.pdb

Imports

kernel32

SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
GetDriveTypeW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetStringTypeW
LCMapStringW
GetACP
ExitProcess
GetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
GetFileType
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
VirtualQuery
VirtualAlloc
GetSystemInfo
RtlUnwind
OutputDebugStringW
WriteConsoleW
GlobalAddAtomW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
SizeofResource
LockResource
LoadResource
FindResourceW
InterlockedExchange
WinExec
MultiByteToWideChar
GetModuleFileNameW
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
lstrcmpW
Process32NextW
CloseHandle
GetTickCount
DeleteFileW
HeapFree
HeapSize
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
GetProcessHeap
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
GlobalFree
WideCharToMultiByte
UnmapViewOfFile
CreateFileW
CreateDirectoryW
ReadFile
WriteFile
SetFileTime
SetFilePointer
GetFileAttributesW
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
GetThreadLocale
OutputDebugStringA
EncodePointer
SetLastError
GetCurrentThreadId
GetSystemDirectoryW
FreeLibrary
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryExW
GlobalDeleteAtom
LoadLibraryA
LoadLibraryW
GlobalFindAtomW
GetCurrentProcessId
GlobalSize
LocalFree
MulDiv
FormatMessageW
CopyFileW
GetCurrentThread
GetVersionExW
lstrcmpA
lstrcpyW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
VerSetConditionMask
VerifyVersionInfoW
SetEvent
WaitForSingleObject
CreateEventW
SetThreadPriority
SuspendThread
ResumeThread
FileTimeToLocalFileTime
FindClose
FindFirstFileW
FindNextFileW
SystemTimeToTzSpecificLocalTime
GlobalGetAtomNameW
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
VirtualProtect
GetTempFileNameW
GetTempPathW
FlushFileBuffers
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
GetCurrentProcess
lstrcmpiW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
FindResourceExW
GetWindowsDirectoryW
SearchPathW
GetProfileIntW
Sleep
SetErrorMode
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW

user32

CharUpperW
IsZoomed
TrackMouseEvent
GetAsyncKeyState
RealChildWindowFromPoint
CopyImage
GetMenuItemInfoW
DestroyMenu
IntersectRect
SetRect
InvalidateRgn
CopyAcceleratorTableW
ReleaseCapture
SetCapture
SendDlgItemMessageA
MapVirtualKeyW
GetKeyNameTextW
SetCursor
ShowOwnedPopups
TranslateMessage
GetMessageW
EnumDisplayMonitors
SystemParametersInfoW
LoadCursorW
SetRectEmpty
DrawIconEx
IsRectEmpty
InflateRect
DrawFocusRect
GetSysColorBrush
SetWindowRgn
GetSystemMetrics
DrawFrameControl
DrawEdge
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
GetCursorPos
ClientToScreen
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuState
GetMenuStringW
GetWindowThreadProcessId
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
FillRect
DrawStateW
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
SetTimer
CheckDlgButton
ShowWindow
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
CallNextHookEx
BringWindowToTop
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
EqualRect
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxW
AdjustWindowRectEx
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
RemovePropW
LockWindowUpdate
GetDoubleClickTime
GetIconInfo
InvalidateRect
PostMessageW
CharLowerBuffW
MoveWindow
GetClientRect
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
KillTimer
LoadMenuW
GetSystemMenu
DeleteMenu
MessageBeep
WindowFromPoint
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
EnableScrollBar
UnionRect
MonitorFromPoint
WaitMessage
GetNextDlgGroupItem
UpdateWindow
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DestroyIcon
LoadImageW
SetCursorPos
GetDC
UpdateLayeredWindow
UnregisterClassW
ReleaseDC
wsprintfW
GetDesktopWindow
IsWindow
GetDlgItem
GetDlgCtrlID
CharNextW
CopyRect
OffsetRect
PtInRect
GetParent
GetWindow
RegisterWindowMessageW
DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsMenu
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
SetFocus
GetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
TrackPopupMenu
CopyIcon
ModifyMenuW
DestroyAcceleratorTable
SetClassLongW
GetUpdateRect
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
EnableWindow
SendMessageW
GetWindowLongW
SetWindowLongW
SetLayeredWindowAttributes
GetWindowRgn
DestroyCursor
DrawIcon
InvertRect
HideCaret
CreateMenu
GetComboBoxInfo
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
MapVirtualKeyExW
IsCharLowerW
IsClipboardFormatAvailable
SubtractRect
PostThreadMessageW
FrameRect
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
CharUpperBuffW
UnhookWindowsHookEx
RegisterClipboardFormatW

gdi32

GetTextFaceW
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
SetPaletteEntries
ExtFloodFill
LPtoDP
GetSystemPaletteEntries
GetNearestPaletteIndex
EnumFontFamiliesExW
GetPaletteEntries
CreatePalette
RoundRect
OffsetRgn
Rectangle
SetPixel
RealizePalette
CreateRoundRectRgn
DPtoLP
SetRectRgn
GetMapMode
GetRgnBox
GetTextCharsetInfo
EnumFontFamiliesW
CreateFontIndirectW
CreateDIBitmap
GetTextMetricsW
Polyline
Polygon
CreatePolygonRgn
PatBlt
GetTextExtentPoint32W
Ellipse
CreateRectRgnIndirect
CreateEllipticRgn
CombineRgn
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
BitBlt
CreateDCW
CopyMetaFileW
CreateSolidBrush
CreateBitmap
SetTextColor
SetBkColor
GetTextColor
GetStockObject
GetDeviceCaps
GetBkColor
CreateDIBSection
GetObjectW
SetDIBColorTable
CreateCompatibleBitmap
CreateCompatibleDC
GetDIBColorTable
StretchBlt
SelectObject
DeleteDC
DeleteObject

msimg32

AlphaBlend
TransparentBlt

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

SystemFunction036
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW

shell32

DragQueryFileW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
DragFinish
ShellExecuteW
SHGetFileInfoW
SHAppBarMessage

comctl32

InitCommonControlsEx

shlwapi

PathAppendW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
StrFormatKBSizeW

uxtheme

DrawThemeBackground
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetWindowTheme
IsAppThemed
OpenThemeData
CloseThemeData
GetThemeColor
GetCurrentThemeName
DrawThemeParentBackground
DrawThemeText

ole32

OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoInitializeEx
CoRevokeClassObject
CoRegisterMessageFilter
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VarBstrFromDate
LoadTypeLi
SysFreeString
VariantInit
VariantChangeType
VariantClear
OleCreateFontIndirect
SysAllocStringLen

oledlg

OleUIBusyW

urlmon

URLDownloadToFileW

gdiplus

GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDrawImageI
GdipCloneImage
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipLoadImageFromStream
GdipFree

wininet

DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 340KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aed1646a8f795bfb0b37d67bf74b5e3d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

urlmon

gdiplus

wininet

oleacc

imm32

winmm

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 340KB - Virtual size: 340KB

.data Size: 23KB - Virtual size: 48KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 122KB - Virtual size: 121KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 340KB - Virtual size: 340KB

.data
Size: 23KB - Virtual size: 48KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 122KB - Virtual size: 121KB