29710fc86d2bef49779a9b0e7876a89b4121d42efec2e5e83db2ffeec675b227

Sharing

Copy URL Twitter E-mail

General

Target

29710fc86d2bef49779a9b0e7876a89b4121d42efec2e5e83db2ffeec675b227
Size

5.3MB
MD5

bfc1134d547968b586b82b0296f43402
SHA1

32fba8e44dd3004822b5190bb9953d3a468734e1
SHA256

29710fc86d2bef49779a9b0e7876a89b4121d42efec2e5e83db2ffeec675b227
SHA512

4b83c390a3ef03df47a11e9782df68e40e83020acf2d2cc58861e5d21082c11e5865311ddc82759d672bc40276de690703b5329c144a1320a3e5df2849672805
SSDEEP

98304:5Y6afnl/ZlCZxu3DC01yLxmmvTBs3WVM4q7NszWAxZIxkLRmsF:iPNCZxPXmmvTBs3WVMQzzxqgRmsF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29710fc86d2bef49779a9b0e7876a89b4121d42efec2e5e83db2ffeec675b227

Files

29710fc86d2bef49779a9b0e7876a89b4121d42efec2e5e83db2ffeec675b227
.dll windows:6 windows x86 arch:x86

adbe7dd51c9584cf5e043cdbe66cd2b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\KK_Work\Git\Documents\windowssdk\lib\x86\ReleaseLib\CloudClinkAPI.pdb

Imports

gdiplus

GdipReleaseDC
GdipGetImageHeight
GdiplusShutdown
GdiplusStartup
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromHBITMAP
GdipSetInterpolationMode
GdipDrawImageRectI
GdipAlloc
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipFree
GdipCreateFromHDC
GdipDrawImagePointsI
GdipDeleteGraphics
GdipGetImageWidth
GdipDrawImageI
GdipCloneImage

iphlpapi

GetExtendedTcpTable
GetAdaptersInfo

kernel32

ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
TryEnterCriticalSection
QueryPerformanceFrequency
LCMapStringW
GetStringTypeW
GetCPInfo
OpenEventA
GetLogicalProcessorInformation
CreateWaitableTimerA
FormatMessageA
OutputDebugStringW
GetUserDefaultLCID
SearchPathW
GetProfileIntW
GetTempFileNameW
FindResourceExW
ReleaseSemaphore
CreateWaitableTimerW
EnterCriticalSection
GetSystemTime
FlushConsoleInputBuffer
GlobalMemoryStatus
SetLastError
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
VirtualFree
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
SystemTimeToTzSpecificLocalTime
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SwitchToThread
SignalObjectAndWait
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetTimeZoneInformation
GetStdHandle
GetACP
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
SetStdHandle
VirtualQuery
VirtualAlloc
HeapQueryInformation
GetCommandLineW
GetCommandLineA
ExitProcess
SetConsoleCtrlHandler
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
GetVersionExA
SetEnvironmentVariableA
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
lstrcpyW
GetWindowsDirectoryW
SystemTimeToFileTime
FileTimeToSystemTime
VirtualProtect
GlobalGetAtomNameW
lstrcmpiW
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryW
GlobalFlags
CopyFileW
GlobalSize
SetErrorMode
LocalFree
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
MulDiv
GlobalFindAtomW
LoadLibraryA
EncodePointer
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcmpW
lstrcmpA
GlobalDeleteAtom
LoadLibraryExW
GetVersionExW
GetCurrentThread
ResumeThread
SetThreadPriority
GetCurrentThreadId
GlobalFree
LockResource
OutputDebugStringA
FreeResource
GlobalUnlock
GlobalLock
FindResourceW
LoadResource
GlobalAlloc
SizeofResource
MoveFileW
GetSystemInfo
GetModuleHandleA
GetSystemDirectoryW
CreateFileW
ReleaseMutex
CreateMutexA
GetTickCount
DeleteFileW
InitializeCriticalSection
GetPrivateProfileIntW
GetModuleFileNameA
CreateDirectoryW
Module32NextW
WideCharToMultiByte
FreeLibrary
GetModuleHandleW
GetProcAddress
Module32FirstW
LoadLibraryW
WritePrivateProfileStringA
GetNativeSystemInfo
Process32FirstW
CreateFileA
Process32NextW
CreateToolhelp32Snapshot
DeviceIoControl
GetCurrentProcess
GetModuleFileNameW
GetPrivateProfileStringA
CreateIoCompletionPort
CreateEventA
CreateSemaphoreA
TlsFree
GetSystemTimeAsFileTime
TlsGetValue
VerifyVersionInfoW
SleepEx
GetProcessHeap
GetCurrentProcessId
VerSetConditionMask
DeleteCriticalSection
DecodePointer
QueueUserAPC
HeapAlloc
RaiseException
CloseHandle
HeapReAlloc
TlsAlloc
WaitForSingleObjectEx
TerminateThread
SetEvent
OpenMutexA
GetLastError
Sleep
MultiByteToWideChar
CreateEventW
PostQueuedCompletionStatus
HeapSize
OpenProcess
WaitForSingleObject
WaitForMultipleObjectsEx
InitializeCriticalSectionEx
GetTempPathW
GetQueuedCompletionStatus
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
HeapFree
TlsSetValue
SetWaitableTimer
WaitForMultipleObjects
DeleteTimerQueueTimer
TerminateProcess
ReadConsoleInputA
SetConsoleMode
GetDriveTypeW
PeekNamedPipe
CreateTimerQueue

user32

SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgCtrlID
SetFocus
GetCapture
GetMenu
SetMenu
GetSubMenu
GetMenuItemID
GetMessagePos
RegisterWindowMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
UnhookWindowsHookEx
GetLastActivePopup
GetWindowThreadProcessId
MessageBoxW
SetCursor
ShowOwnedPopups
PostQuitMessage
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
IsChild
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetParent
GetDesktopWindow
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
PostMessageW
GetWindowRect
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
GetDC
SendMessageW
GetSystemMetrics
DrawIcon
SetTimer
SetWindowLongW
GetClientRect
KillTimer
IsIconic
ReleaseDC
EnableWindow
wsprintfW
UnregisterClassW
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
IsWindowVisible
GetMessageTime
GetMenuItemCount
TrackPopupMenu
UpdateWindow
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
CreateMenu
GetWindowRgn
DestroyCursor
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetWindowTextLengthW
AdjustWindowRectEx
ScreenToClient
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffW
RegisterClipboardFormatW
ModifyMenuW
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
SetRect
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
PostThreadMessageW
GetComboBoxInfo
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
MonitorFromPoint
UpdateLayeredWindow
UnionRect
FrameRect
CopyIcon
SetCursorPos
BringWindowToTop
GetSystemMenu
IsZoomed
DrawFrameControl
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetParent
SetWindowRgn
SetClassLongW
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadMenuW
GetKeyNameTextW
MapVirtualKeyW
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
MessageBeep
GetIconInfo
DrawIconEx
IsRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
LoadImageW
TrackMouseEvent
GetMenuDefaultItem
CreatePopupMenu
IntersectRect
MapDialogRect
GetAsyncKeyState
InflateRect
GetMenuItemInfoW
DestroyMenu
CharUpperW
DestroyIcon
LoadCursorW
GetSysColorBrush
InvalidateRect
DeleteMenu
SystemParametersInfoW
CopyImage
RealChildWindowFromPoint
OffsetRect
SetRectEmpty
SendDlgItemMessageA
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuState
GetMenuStringW
FillRect
ClientToScreen
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetWindow
GetTopWindow
GetClassNameW
GetClassLongW
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints

advapi32

RegCloseKey
RegQueryValueW
RegOpenKeyExW
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
RegQueryValueExW
CreateServiceW
CloseServiceHandle
OpenSCManagerW
DeleteService
StartServiceW
OpenServiceW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
DeregisterEventSource
RegisterEventSourceA
ReportEventA

ole32

OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CoInitializeEx
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateGuid

shell32

SHAppBarMessage
DragFinish
DragQueryFileW
SHBrowseForFolderW
ShellExecuteW
SHGetDesktopFolder
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation

oleaut32

VarBstrFromDate
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
LoadTypeLi
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
SysAllocString

shlwapi

StrFormatKBSizeW
PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW

ws2_32

WSARecv
shutdown
freeaddrinfo
getaddrinfo
listen
getsockopt
connect
getsockname
WSAIoctl
accept
WSACleanup
bind
closesocket
WSASend
select
ntohl
WSASetLastError
WSAStringToAddressW
__WSAFDIsSet
WSASocketW
WSAStartup
ntohs
inet_ntoa
htonl
htons
ioctlsocket
setsockopt
WSAGetLastError
inet_addr
getpeername
recv
recvfrom
send
sendto
socket

mswsock

AcceptEx
GetAcceptExSockaddrs

gdi32

SetBkColor
SetTextColor
GetObjectW
BitBlt
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
Escape
ExcludeClipRect
GetClipBox
GetDeviceCaps
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
CreateBitmap
CopyMetaFileW
CreateDCW
CreateFontIndirectW
GetTextExtentPoint32W
GetTextMetricsW
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteDC
DeleteObject
ScaleWindowExtEx

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

uxtheme

DrawThemeBackground
DrawThemeParentBackground
GetThemePartSize
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetWindowTheme
GetCurrentThemeName
GetThemeColor
OpenThemeData
CloseThemeData
DrawThemeText

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

crypt32

CertFreeCertificateContext

Exports

Exports

YJSClinkStart
YJSClinkStop
YJSGetLocalIp

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 805KB - Virtual size: 805KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

adbe7dd51c9584cf5e043cdbe66cd2b6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

iphlpapi

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

ws2_32

mswsock

gdi32

msimg32

winspool.drv

uxtheme

oleacc

imm32

winmm

crypt32

Exports

Exports

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 805KB - Virtual size: 805KB

.data Size: 79KB - Virtual size: 121KB

.gfids Size: 107KB - Virtual size: 107KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 201KB - Virtual size: 201KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 805KB - Virtual size: 805KB

.data
Size: 79KB - Virtual size: 121KB

.gfids
Size: 107KB - Virtual size: 107KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 201KB - Virtual size: 201KB