546c10b2f31b9e17e4af90dfaf85035b3677b1136fade4d91f1fa6ee3fcec2e4

Sharing

Copy URL Twitter E-mail

General

Target

546c10b2f31b9e17e4af90dfaf85035b3677b1136fade4d91f1fa6ee3fcec2e4
Size

360KB
MD5

383bf845b34934ccb7701494a1a9fa4a
SHA1

60976e0e790f65d60b750454e9c06157a60c4f10
SHA256

546c10b2f31b9e17e4af90dfaf85035b3677b1136fade4d91f1fa6ee3fcec2e4
SHA512

c85b5a537711e11de6bef571522b9068acb809b455421074b4375597c0655ffedac87326bdb55f3ec40612a74e4a350e7c7159fdb767d8c794842fac63d3a5a7
SSDEEP

6144:RNqyPz56a7Ln8lQK/0CxbxBMhBKElvTb2LHJtKngfBK80P1k3QSGOve1yqM0TH:RQyEU4b8mxyfKwOLHJwsBpWk3A2syX8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/youxiao/youxiao.scr

Files

546c10b2f31b9e17e4af90dfaf85035b3677b1136fade4d91f1fa6ee3fcec2e4
.zip
youxiao/youxiao.scr
.exe windows:5 windows x86 arch:x86

31502f2189adb20a2cacfdc1f03a8d61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\youxiao\yxcalendar\win\YXScrSaver\bin\youxiao.pdb

Imports

kernel32

InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
CompareStringW
LCMapStringW
GetStringTypeW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
ExitProcess
OutputDebugStringA
GetACP
LeaveCriticalSection
GlobalLock
GlobalUnlock
GetFileSize
ReadFile
MulDiv
lstrlenW
GetModuleFileNameW
GetCurrentDirectoryW
CreateFileW
VerSetConditionMask
VerifyVersionInfoW
WriteFile
SetFilePointer
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryW
GetFileAttributesW
SetLastError
RaiseException
GlobalAlloc
GlobalFree
GetLocalTime
lstrcmpiW
lstrcpynW
InterlockedIncrement
InterlockedDecrement
lstrcpyW
RtlUnwind
LoadLibraryExW
HeapAlloc
HeapReAlloc
HeapFree
GetModuleHandleExW
GetStdHandle
GetFileType
GetTimeZoneInformation
GetConsoleMode
ReadConsoleW
GetProcessHeap
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
OutputDebugStringW
SetStdHandle
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
HeapSize
WriteConsoleW
SetEndOfFile
EnterCriticalSection
FormatMessageW
DecodePointer
EncodePointer
LocalFree
DeleteCriticalSection
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceW
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
MultiByteToWideChar
GetLastError
WideCharToMultiByte

user32

GetWindow
LoadImageW
DestroyWindow
IsWindowVisible
CharNextW
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
MapWindowPoints
GetSysColor
IntersectRect
IsRectEmpty
PtInRect
UpdateLayeredWindow
MoveWindow
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
UpdateWindow
EqualRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
IsWindowEnabled
wsprintfA
GetParent
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
SetForegroundWindow
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
EnableWindow
SetFocus
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
wsprintfW
LoadCursorW
UnionRect
InflateRect
MonitorFromWindow
SetWindowLongW
GetWindowLongW
OffsetRect
ScreenToClient
GetClientRect
SetWindowRgn
IsZoomed
IsIconic
PostQuitMessage
KillTimer
SetCursor
SetTimer
GetCursorPos
SetWindowPos
GetWindowRect
InvalidateRect
EnumDisplayMonitors
GetMonitorInfoW
FindWindowW
PostMessageW
MessageBoxW
GetPropW
SetPropW
DrawTextA
ShowWindow

shell32

ShellExecuteW
SHGetSpecialFolderPathW
DragQueryFileW

ole32

CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
DoDragDrop
CoCreateInstance
CoInitialize
CoUninitialize
OleLockRunning

gdiplus

GdipDeleteFontFamily
GdipCreatePath
GdipDeleteStringFormat
GdipCreateStringFormat
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipGetFamily
GdipAddPathString
GdipGetFontSize
GdipGetFontStyle
GdipGetPathWorldBounds
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDeleteFont
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipAddPathLine
ord1
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipDrawImageRectI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipDeletePath

ws2_32

WSAStartup
gethostname
gethostbyname

gdi32

Rectangle
RestoreDC
SaveDC
SelectObject
CloseEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileHeader
RemoveFontMemResourceEx
DeleteObject
BitBlt
CreateCompatibleBitmap
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRectRgn
AddFontMemResourceEx
GetStockObject
PlayEnhMetaFile
CreateRoundRectRgn
CreateCompatibleDC
CreateDIBitmap
CreateFontIndirectW
CreatePen
DeleteDC
SetBitmapBits
GetBitmapBits
GetTextExtentPointA
CreatePatternBrush
GdiFlush
TextOutW
MoveToEx
GetObjectA
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
PtInRegion
CreateDIBSection
GetDeviceCaps

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

comctl32

ord17
InitCommonControlsEx
_TrackMouseEvent

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

Sections

.text
Size: 522KB - Virtual size: 522KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31502f2189adb20a2cacfdc1f03a8d61

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

gdiplus

ws2_32

gdi32

oleaut32

comctl32

imm32

Sections

.text Size: 522KB - Virtual size: 522KB

.rdata Size: 136KB - Virtual size: 135KB

.data Size: 7KB - Virtual size: 13KB

.gfids Size: 512B - Virtual size: 396B

.tls Size: 512B - Virtual size: 21B

.rsrc Size: 95KB - Virtual size: 94KB

.reloc Size: 34KB - Virtual size: 33KB

.text
Size: 522KB - Virtual size: 522KB

.rdata
Size: 136KB - Virtual size: 135KB

.data
Size: 7KB - Virtual size: 13KB

.gfids
Size: 512B - Virtual size: 396B

.tls
Size: 512B - Virtual size: 21B

.rsrc
Size: 95KB - Virtual size: 94KB

.reloc
Size: 34KB - Virtual size: 33KB