868562949c68532d549693f0616f3080ec08b6641801c1700bc06bb663350367

Sharing

Copy URL

Twitter E-mail

General

Target

868562949c68532d549693f0616f3080ec08b6641801c1700bc06bb663350367
Size

6.7MB
MD5

39e0f8346b0ec4cd86352eb93170b888
SHA1

8d6efb582ea1335ad291ff4c7d0c1aef623290db
SHA256

868562949c68532d549693f0616f3080ec08b6641801c1700bc06bb663350367
SHA512

41b38baca83c6578c5967d3f2fbac0388c0a1289bc1074696efb0fac01d181cbda3aa00dbaf1e12084c51c4101981cb7070e3f5d44fd0fe9ae2190b6a6df13aa
SSDEEP

98304:hlgNh/zy8cOj7XfAmVz6KQr9kAdmWUgDfJ6oYvA9UGqJkxqQhwM2Ur4fyYot9vjP:hqLyR66z5cC+uUGqJ6qQr2Ur5tljOk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
868562949c68532d549693f0616f3080ec08b6641801c1700bc06bb663350367

Files

868562949c68532d549693f0616f3080ec08b6641801c1700bc06bb663350367
.exe windows:6 windows x86 arch:x86

ac54968ed4ac9aeff7fc90238d9143f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\新22登录器带加密带多按键\Logon\Release\Logon.pdb

Imports

kernel32

WriteConsoleW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetConsoleCtrlHandler
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindNextFileW
FindFirstFileExW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
GetTimeZoneInformation
GetDriveTypeW
GetStringTypeW
GetFileAttributesExW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
GetFullPathNameW
VirtualQuery
VirtualAlloc
GetSystemInfo
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
OutputDebugStringW
FileTimeToSystemTime
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetLocalTime
GetFileInformationByHandle
SystemTimeToFileTime
SetFileTime
SetFilePointer
LocalFileTimeToFileTime
GetFileAttributesA
DeleteCriticalSection
FindResourceW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
WinExec
Process32Next
Process32First
CreateToolhelp32Snapshot
MultiByteToWideChar
MoveFileExA
CopyFileA
FindResourceA
lstrlenA
lstrcpyA
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
GetTickCount
OpenProcess
CreateProcessA
GetExitCodeThread
CreateRemoteThread
CreateThread
GetCurrentProcessId
Sleep
Beep
GetTempPathA
WriteFile
SetFileAttributesA
RemoveDirectoryA
ReadFile
GetFileSize
CreateFileA
CreateDirectoryA
SetCurrentDirectoryA
CreateMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
DeleteFileA
GetCommandLineW
GetModuleFileNameA
GetLogicalDrives
GetDriveTypeA
GetCurrentDirectoryA
GetProcAddress
GetModuleHandleA
GetLastError
WideCharToMultiByte
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
SizeofResource
LockResource
InitializeCriticalSectionEx
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
GlobalFree
LocalFree
MulDiv
FormatMessageA
OutputDebugStringA
EncodePointer
GetCurrentThreadId
GetSystemDirectoryW
FreeLibrary
LoadResource
GetModuleHandleW
LoadLibraryExW
LoadLibraryA
LoadLibraryW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomA
GlobalFindAtomA
GlobalGetAtomNameA
CompareStringA
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindNextFileA
SystemTimeToTzSpecificLocalTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
CreateEventA
SetThreadPriority
SuspendThread
ResumeThread
GetCurrentThread
GetVersionExA
lstrcmpA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GetAtomNameA
GetThreadLocale
GetACP
GlobalFlags
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
GetOEMCP
GetCPInfo
FlushFileBuffers
GetFullPathNameA
LockFile
SetEndOfFile
UnlockFile
GetVolumeInformationA
DuplicateHandle
GetCurrentProcess
LoadLibraryExA
GetShortPathNameA
lstrcmpiA
MoveFileA
GetStringTypeExA
GetDiskFreeSpaceA
GetFileTime
GetTempFileNameA
ReplaceFileA
GetUserDefaultLCID
GetFileAttributesExA
GetFileSizeEx
GetWindowsDirectoryA
VerSetConditionMask
VerifyVersionInfoA
FindResourceExW
SetErrorMode
GetProfileIntA
SearchPathA
LocalLock
LocalUnlock
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent

user32

EndDeferWindowPos
IsWindowVisible
GetDlgItem
GetDlgCtrlID
SetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
BeginPaint
EndPaint
ValidateRect
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropA
GetPropA
RemovePropA
GetWindowTextA
GetWindowTextLengthA
ScreenToClient
MapWindowPoints
EqualRect
PtInRect
GetClassLongA
GetClassNameA
GetTopWindow
GetLastActivePopup
GetWindow
SetWindowsHookExA
UnhookWindowsHookEx
SetScrollInfo
GetScrollInfo
WinHelpA
MonitorFromWindow
GetMonitorInfoA
ShowWindow
MoveWindow
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextA
GetDlgItemTextA
CheckDlgButton
CheckRadioButton
IsDlgButtonChecked
IsWindowEnabled
ScrollWindowEx
SetWindowTextA
IsDialogMessageA
CreateDialogIndirectParamA
EndDialog
IntersectRect
GetWindowThreadProcessId
LoadBitmapA
SetCapture
ReleaseCapture
SetTimer
KillTimer
IsRectEmpty
SystemParametersInfoA
GetMessageA
TranslateMessage
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
GetMenuItemInfoA
WaitMessage
BringWindowToTop
LoadAcceleratorsA
TranslateAcceleratorA
InsertMenuItemA
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
IsZoomed
GetKeyNameTextA
MapVirtualKeyA
GetSysColorBrush
LoadCursorA
TrackMouseEvent
LoadImageW
RealChildWindowFromPoint
CopyImage
GetAsyncKeyState
GetDialogBaseUnits
CharUpperA
CharNextA
CopyAcceleratorTableA
InvalidateRgn
SetRect
DeleteMenu
GetNextDlgGroupItem
MessageBeep
UnionRect
GetSystemMenu
SetParent
DrawIconEx
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
GetMenuDefaultItem
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
GetClassInfoA
SetClassLongA
DrawEdge
DrawFrameControl
SetCursorPos
BeginDeferWindowPos
LoadAcceleratorsW
RegisterClipboardFormatA
GetDCEx
LockWindowUpdate
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
PostThreadMessageA
GetKeyboardLayout
IsCharLowerA
MapVirtualKeyExA
GetKeyboardState
ToAsciiEx
CreateAcceleratorTableA
DestroyAcceleratorTable
GetDoubleClickTime
ModifyMenuA
CharUpperBuffA
IsClipboardFormatAvailable
GetUpdateRect
EnumChildWindows
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
SubtractRect
SendNotifyMessageA
MonitorFromRect
InSendMessage
CreateMenu
WindowFromDC
GetWindowRgn
GetTabbedTextExtentA
GetTabbedTextExtentW
InsertMenuA
GetMenuItemCount
GetMenuState
GetMenuStringA
SendMessageA
SetWindowPos
EnableWindow
PostMessageA
GetWindowDC
ReleaseDC
SetWindowRgn
InvalidateRect
GetClientRect
GetWindowRect
LoadImageA
GetNextDlgTabItem
GetActiveWindow
LoadMenuA
DestroyMenu
GetSubMenu
TrackPopupMenuEx
DrawStateA
GetDC
SetCursor
ClientToScreen
WindowFromPoint
GetSysColor
DrawFocusRect
FillRect
FrameRect
CopyRect
InflateRect
OffsetRect
GetWindowLongA
GetParent
DestroyCursor
DestroyIcon
CreateIconIndirect
GetIconInfo
IsWindow
RedrawWindow
SetWindowLongA
GetFocus
CheckMenuItem
MessageBoxA
AdjustWindowRectEx
wsprintfA
ShowWindowAsync
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
DispatchMessageA
RegisterWindowMessageA
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
IsIconic
GetSystemMetrics
CreatePopupMenu
AppendMenuA
TrackPopupMenu
DrawIcon
SetForegroundWindow
GetCursorPos
FindWindowA
FindWindowExA
CallNextHookEx
LoadCursorW
LoadIconA
LoadIconW
CreateIconFromResource
PeekMessageA
PostQuitMessage
UnregisterClassA
DrawTextA
DrawTextExA
GrayStringA
TabbedTextOutA
LoadMenuW
GetMenuItemID
SetMenuDefaultItem
DeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
CreateWindowExA
CopyIcon
GetDesktopWindow
EnableMenuItem
RemoveMenu
SetRectEmpty
GetClassInfoExA
EmptyClipboard
SendDlgItemMessageA

gdi32

ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocA
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
MoveToEx
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
SaveDC
CreateFontIndirectA
CreateRectRgnIndirect
GetMapMode
PatBlt
SetRectRgn
PlayMetaFile
CreateEllipticRgn
Ellipse
CreateDIBSection
LPtoDP
GetTextExtentPoint32A
GetTextMetricsA
GetTextColor
GetRgnBox
GetCharWidthA
StretchDIBits
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetDIBColorTable
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
EnumFontFamiliesExA
Rectangle
OffsetRgn
GetCurrentObject
RoundRect
FillRgn
SelectClipRgn
ScaleWindowExtEx
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
CloseMetaFile
CreateMetaFileA
RestoreDC
OffsetClipRgn
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetObjectType
ExtTextOutA
TextOutA
RectVisible
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
GetDeviceCaps
CreateDCA
CopyMetaFileA
DPtoLP
GetTextFaceA
GetTextExtentPoint32W
GetTextExtentPointA
GetTextAlign
GetStretchBltMode
GetPolyFillMode
GetNearestColor
GetBkMode
GetROP2
SetAbortProc
AbortDoc
EndPage
StartPage
EndDoc
DeleteMetaFile
BitBlt
CombineRgn
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgn
DeleteObject
GetBkColor
GetDIBits
SelectObject
StretchBlt
GetObjectA
CreateBitmap
DeleteDC
GetPixel
GetStockObject
SetBkColor
SetPixel
SetTextColor
CreateFontA
CreateSolidBrush
Escape
PtVisible

advapi32

RegSetValueA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegQueryValueA
RegOpenKeyExW
SetFileSecurityA
GetFileSecurityA
RegEnumValueA
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
IsTextUnicode

shell32

ShellExecuteA
Shell_NotifyIconA
CommandLineToArgvW
ShellExecuteExA
DragQueryFileA
DragFinish
SHGetFileInfoA
SHAddToRecentDocs
ExtractIconA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc
SHBrowseForFolderA
SHAppBarMessage
SHGetSpecialFolderPathA

ole32

RegisterDragDrop
RevokeDragDrop
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
OleSetMenuDescriptor
OleLockRunning
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleRegGetMiscStatus
OleRegEnumVerbs
WriteClassStm
GetHGlobalFromILockBytes
CreateGenericComposite
CreateItemMoniker
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
OleGetClipboard
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CoInitializeEx
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
OleRun
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
PropVariantCopy
CoDisconnectObject
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
OleDraw
CreateStreamOnHGlobal
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CreateBindCtx
CoTreatAsClass
WriteClassStg
ReadClassStg
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoLockObjectExternal
CoInitialize
CoCreateInstance
DoDragDrop
CoUninitialize

msimg32

TransparentBlt
AlphaBlend

comctl32

_TrackMouseEvent

shlwapi

PathFindFileNameA
PathRemoveExtensionA
PathIsUNCA
PathStripToRootA
StrFormatKBSizeA
PathRemoveFileSpecW
PathFindExtensionA

uxtheme

GetCurrentThemeName
GetThemeSysColor
GetWindowTheme
GetThemeColor
DrawThemeText
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemePartSize
IsAppThemed

oledlg

ord8

urlmon

URLDownloadToFileA

winmm

PlaySoundA

wininet

InternetCloseHandle
DeleteUrlCacheEntry
HttpQueryInfoA
HttpSendRequestA
InternetOpenA
InternetConnectA
InternetOpenUrlA
InternetReadFile
HttpOpenRequestA
InternetSetOptionA

ws2_32

select
recvfrom
recv
send
inet_ntoa
inet_addr
htons
ntohs
accept
bind
closesocket
connect
getpeername
getsockname
sendto
socket
gethostbyname
WSAStartup
WSACleanup
WSASetLastError
WSAGetLastError
WSAAsyncSelect
htonl

gdiplus

GdipDisposeImage
GdipCloneImage
GdipGetImageWidth
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipGetImageHeight

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter
GetJobA

oleaut32

VarBstrFromDec
VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDateFromStr
VariantCopy
SafeArrayPtrOfIndex
VarDecFromStr
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy
OleCreateFontIndirect
SafeArrayCreateVector
SafeArrayCopy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayCreate
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
SysStringLen
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysFreeString

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac54968ed4ac9aeff7fc90238d9143f9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

msimg32

comctl32

shlwapi

uxtheme

oledlg

urlmon

winmm

wininet

ws2_32

gdiplus

oleacc

imm32

winspool.drv

oleaut32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 568KB - Virtual size: 567KB

.data Size: 33KB - Virtual size: 107KB

.rsrc Size: 3.3MB - Virtual size: 3.3MB

.reloc Size: 210KB - Virtual size: 210KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 568KB - Virtual size: 567KB

.data
Size: 33KB - Virtual size: 107KB

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 210KB - Virtual size: 210KB