2eab30c8e2b461e067e10bc07d8c555b607aad367480ea259888394f86a4b5f4

Sharing

Copy URL Twitter E-mail

General

Target

2eab30c8e2b461e067e10bc07d8c555b607aad367480ea259888394f86a4b5f4
Size

128KB
MD5

0e37088777beca36e96bac9a3bae88d3
SHA1

86de498af9ff20ee9afbd74b65af66b05bc6ad9d
SHA256

2eab30c8e2b461e067e10bc07d8c555b607aad367480ea259888394f86a4b5f4
SHA512

ec5a6bde0e383d1d65a93799a05b6bfd35f88167ed7e4ba5f089e5977843a145a7f5d28f656ab7eca39cf70a5392e2c8969e955407a0064a37563b819a266c85
SSDEEP

3072:CqW9iGtrm82nVYCVGN4plIc/g/J/h5uVRr:CqQrmlVYC3Ec/g/J/v+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2eab30c8e2b461e067e10bc07d8c555b607aad367480ea259888394f86a4b5f4

Files

2eab30c8e2b461e067e10bc07d8c555b607aad367480ea259888394f86a4b5f4
.exe windows:4 windows x86 arch:x86

405cfefdba16f9e60f626ee963beef86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\DailyBuild\b95_ent_zh\dianji\ring\client\bin\Release\uninlava.pdb

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetPrivateProfileIntW
WritePrivateProfileStringW
lstrcpyW
GetModuleFileNameW
lstrcatW
GetPrivateProfileStringW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateProcessW
lstrlenW
ReadFile
SetFilePointer
CreateFileW
MoveFileExW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetSystemDefaultLangID
DeleteFileW
LoadLibraryW
GetDriveTypeW
lstrcpynW
RemoveDirectoryW
SearchPathW
CreateDirectoryW
CopyFileW
WinExec
GetDiskFreeSpaceExW
WaitForSingleObject
DuplicateHandle
GetCurrentProcess
CreatePipe
GetStdHandle
GetShortPathNameW
FreeLibrary
GetTempPathW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetOEMCP
SetEndOfFile
GetDriveTypeA
GetStringTypeW
GetStringTypeA
CreateFileA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
GetCPInfo
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
TerminateProcess
Process32NextW
CloseHandle
GetProcAddress
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStartupInfoA
GetFileType
SetHandleCount
WriteFile
IsBadWritePtr
VirtualFree
HeapCreate
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
GetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocalTime
GetModuleHandleA
GetStartupInfoW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetModuleFileNameA
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetFullPathNameW
GetCurrentDirectoryA

user32

EndDialog
GetDlgItem
SendMessageW
KillTimer
RegisterWindowMessageW
MessageBoxW
LoadStringW
IsDlgButtonChecked
CheckDlgButton
ShowWindow
DialogBoxParamW
SetWindowTextW
SetTimer
SetDlgItemTextW
PostMessageW

advapi32

RegDeleteValueW
RegDeleteKeyW
RegCreateKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHChangeNotify

ole32

CoInitialize
CoUninitialize
CoCreateInstance

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

405cfefdba16f9e60f626ee963beef86

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 36KB - Virtual size: 32KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 36KB - Virtual size: 32KB