74165a120872c76b26945f36a52b3c4b3ada84d8040dae734faa4108ae98c865

Sharing

Copy URL

Twitter E-mail

General

Target

74165a120872c76b26945f36a52b3c4b3ada84d8040dae734faa4108ae98c865
Size

11.5MB
MD5

3a72c9d612bf7061581e428c8904feca
SHA1

3f9a8dbc8871e07765970127d0ba96dd6d88dd05
SHA256

74165a120872c76b26945f36a52b3c4b3ada84d8040dae734faa4108ae98c865
SHA512

e7a057a9a8f13aef0836dfd2a8c7fee075c0223d43b24bf3001f43592a7b95ffa34e7cf99e4cb772276d1a32ed343f02173d264bb85a1bcbf80f9f9258db4f2e
SSDEEP

196608:9MdS8aSXIyehsliFEwb73kkNIoYIavoGwGgCAgdZGdXAGZC9+04:sY1hvb73kkSjIC1wGuQG22

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74165a120872c76b26945f36a52b3c4b3ada84d8040dae734faa4108ae98c865

Files

74165a120872c76b26945f36a52b3c4b3ada84d8040dae734faa4108ae98c865
.exe windows:6 windows x86 arch:x86

0436d390a6ad4157674af0d0e435cf71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\新22登录器-橘子测试\新22登录器-橘子测试\Logon\Release\Logon.pdb

Imports

kernel32

GetLastError
GetModuleHandleA
WriteConsoleW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetConsoleCtrlHandler
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindNextFileW
FindFirstFileExW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
GetTimeZoneInformation
GetDriveTypeW
GetStringTypeW
GetFileAttributesExW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
GetFullPathNameW
VirtualQuery
VirtualAlloc
GetSystemInfo
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
InterlockedPushEntrySList
FileTimeToSystemTime
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
GetLocalTime
GetFileInformationByHandle
SystemTimeToFileTime
SetFileTime
SetFilePointer
LocalFileTimeToFileTime
GetFileAttributesA
WideCharToMultiByte
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
WinExec
Process32Next
Process32First
CreateToolhelp32Snapshot
MultiByteToWideChar
MoveFileExA
CopyFileA
FindResourceA
lstrlenA
lstrcpyA
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
GetTickCount
OpenProcess
CreateProcessA
GetExitCodeThread
CreateRemoteThread
CreateThread
GetCurrentProcessId
Sleep
Beep
GetTempPathA
WriteFile
SetFileAttributesA
RemoveDirectoryA
ReadFile
GetFileSize
CreateFileA
CreateDirectoryA
SetCurrentDirectoryA
CreateMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
DeleteFileA
GetCommandLineW
GetModuleFileNameA
GetLogicalDrives
GetDriveTypeA
GetCurrentDirectoryA
GetProcAddress
RtlUnwind
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
FindResourceW
SizeofResource
LockResource
DeleteCriticalSection
SetLastError
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
GlobalFree
LocalFree
MulDiv
FormatMessageA
OutputDebugStringA
EncodePointer
GetCurrentThreadId
GetSystemDirectoryW
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
LoadLibraryA
LoadLibraryW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomA
GlobalFindAtomA
GlobalGetAtomNameA
CompareStringA
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FindNextFileA
SystemTimeToTzSpecificLocalTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
CreateEventA
SetThreadPriority
SuspendThread
ResumeThread
GetCurrentThread
GetVersionExA
lstrcmpA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GetAtomNameA
GetThreadLocale
GetACP
GlobalFlags
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
GetOEMCP
GetCPInfo
FlushFileBuffers
GetFullPathNameA
LockFile
SetEndOfFile
UnlockFile
GetVolumeInformationA
DuplicateHandle
GetCurrentProcess
LoadLibraryExA
GetShortPathNameA
lstrcmpiA
MoveFileA
GetStringTypeExA
GetDiskFreeSpaceA
GetFileTime
GetTempFileNameA
ReplaceFileA
GetUserDefaultLCID
GetFileAttributesExA
GetFileSizeEx
GetWindowsDirectoryA
VerSetConditionMask
VerifyVersionInfoA
FindResourceExW
SetErrorMode
GetProfileIntA
SearchPathA
LocalLock
LocalUnlock
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
LoadResource

user32

GetDlgCtrlID
SetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
BeginPaint
EndPaint
ValidateRect
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropA
GetPropA
RemovePropA
GetWindowTextA
GetWindowTextLengthA
ScreenToClient
MapWindowPoints
EqualRect
PtInRect
GetClassLongA
GetClassNameA
GetTopWindow
GetLastActivePopup
GetWindow
SetWindowsHookExA
UnhookWindowsHookEx
SetScrollInfo
GetScrollInfo
WinHelpA
MonitorFromWindow
GetMonitorInfoA
ShowWindow
MoveWindow
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextA
GetDlgItemTextA
CheckDlgButton
CheckRadioButton
IsDlgButtonChecked
IsWindowEnabled
ScrollWindowEx
SetWindowTextA
IsDialogMessageA
CreateDialogIndirectParamA
EndDialog
IntersectRect
GetWindowThreadProcessId
LoadBitmapA
SetCapture
ReleaseCapture
SetTimer
KillTimer
IsRectEmpty
SystemParametersInfoA
GetMessageA
TranslateMessage
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
GetMenuItemInfoA
WaitMessage
BringWindowToTop
LoadAcceleratorsA
TranslateAcceleratorA
InsertMenuItemA
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
IsZoomed
GetKeyNameTextA
MapVirtualKeyA
GetSysColorBrush
LoadCursorA
TrackMouseEvent
LoadImageW
RealChildWindowFromPoint
CopyImage
GetAsyncKeyState
GetDialogBaseUnits
CharUpperA
CharNextA
CopyAcceleratorTableA
InvalidateRgn
SetRect
DeleteMenu
GetNextDlgGroupItem
MessageBeep
UnionRect
GetSystemMenu
SetParent
DrawIconEx
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
GetMenuDefaultItem
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
SetClassLongA
IsChild
DrawFrameControl
SetCursorPos
CopyIcon
LoadAcceleratorsW
RegisterClipboardFormatA
IsWindowVisible
LockWindowUpdate
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
PostThreadMessageA
GetKeyboardLayout
IsCharLowerA
MapVirtualKeyExA
GetKeyboardState
ToAsciiEx
CreateAcceleratorTableA
DestroyAcceleratorTable
GetDoubleClickTime
ModifyMenuA
CharUpperBuffA
IsClipboardFormatAvailable
GetUpdateRect
EnumChildWindows
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
SubtractRect
SendNotifyMessageA
MonitorFromRect
InSendMessage
CreateMenu
WindowFromDC
GetWindowRgn
GetTabbedTextExtentA
GetTabbedTextExtentW
SetRectEmpty
SendDlgItemMessageA
RemoveMenu
InsertMenuA
GetMenuItemCount
GetMenuState
GetMenuStringA
SendMessageA
SetWindowPos
EnableWindow
PostMessageA
GetWindowDC
ReleaseDC
SetWindowRgn
InvalidateRect
GetClientRect
GetWindowRect
LoadImageA
GetNextDlgTabItem
GetActiveWindow
LoadMenuA
DestroyMenu
GetSubMenu
TrackPopupMenuEx
DrawStateA
GetDC
SetCursor
ClientToScreen
WindowFromPoint
GetSysColor
DrawFocusRect
FillRect
FrameRect
CopyRect
InflateRect
OffsetRect
GetWindowLongA
GetParent
DestroyCursor
DestroyIcon
CreateIconIndirect
GetIconInfo
IsWindow
RedrawWindow
SetWindowLongA
SetMenuItemBitmaps
GetFocus
MessageBoxA
AdjustWindowRectEx
wsprintfA
ShowWindowAsync
IsMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
DispatchMessageA
RegisterWindowMessageA
IsIconic
GetSystemMetrics
CreatePopupMenu
AppendMenuA
TrackPopupMenu
DrawIcon
SetForegroundWindow
GetCursorPos
CallNextHookEx
LoadCursorW
LoadIconA
LoadIconW
CreateIconFromResource
PeekMessageA
PostQuitMessage
UnregisterClassA
DrawTextA
DrawTextExA
GrayStringA
TabbedTextOutA
LoadMenuW
GetMenuItemID
SetMenuDefaultItem
GetDesktopWindow
LoadBitmapW
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
GetDCEx
DestroyWindow
SetMenuItemInfoA
GetMenuCheckMarkDimensions
CheckMenuItem
DrawEdge
EnableMenuItem

gdi32

ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
StartDocA
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
MoveToEx
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SaveDC
CreateRectRgnIndirect
GetMapMode
PatBlt
SetRectRgn
PlayMetaFile
CreateEllipticRgn
Ellipse
CreateDIBSection
LPtoDP
GetTextExtentPoint32A
GetTextMetricsA
GetTextColor
GetRgnBox
CreateFontA
GetCharWidthA
StretchDIBits
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetDIBColorTable
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
EnumFontFamiliesExA
Rectangle
OffsetRgn
GetCurrentObject
RoundRect
FillRgn
FrameRgn
GetBoundsRect
SelectClipRgn
CreateFontIndirectA
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
CloseMetaFile
CreateMetaFileA
DeleteMetaFile
EndDoc
RestoreDC
OffsetClipRgn
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
GetDeviceCaps
CreateDCA
CopyMetaFileA
DPtoLP
GetTextFaceA
GetTextExtentPoint32W
GetTextExtentPointA
GetTextAlign
GetStretchBltMode
GetPolyFillMode
GetNearestColor
GetBkMode
GetROP2
SetAbortProc
AbortDoc
EndPage
StartPage
BitBlt
CombineRgn
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgn
DeleteObject
GetBkColor
GetDIBits
SelectObject
StretchBlt
GetObjectA
CreateBitmap
DeleteDC
GetPixel
GetStockObject
SetBkColor
SetPixel
SetTextColor
CreateSolidBrush
Escape
PtVisible
RectVisible
TextOutA
ExtTextOutA

advapi32

RegSetValueA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegQueryValueA
RegOpenKeyExW
SetFileSecurityA
GetFileSecurityA
RegEnumValueA
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
IsTextUnicode

shell32

SHGetSpecialFolderPathA
ShellExecuteA
Shell_NotifyIconA
CommandLineToArgvW
ShellExecuteExA
DragQueryFileA
DragFinish
SHGetFileInfoA
SHAddToRecentDocs
ExtractIconA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc
SHBrowseForFolderA
SHAppBarMessage

ole32

RegisterDragDrop
RevokeDragDrop
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
OleSetMenuDescriptor
OleLockRunning
StgCreateDocfile
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleRegGetMiscStatus
OleRegEnumVerbs
WriteClassStm
GetHGlobalFromILockBytes
CreateGenericComposite
CreateItemMoniker
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
OleGetClipboard
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CoInitializeEx
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
OleRun
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
PropVariantCopy
CoDisconnectObject
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
OleDraw
CreateStreamOnHGlobal
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CreateBindCtx
CoTreatAsClass
WriteClassStg
ReadClassStg
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoLockObjectExternal
CoInitialize
CoCreateInstance
DoDragDrop
CoUninitialize

msimg32

AlphaBlend
TransparentBlt

comctl32

_TrackMouseEvent

shlwapi

PathFindExtensionA
PathRemoveExtensionA
PathIsUNCA
PathStripToRootA
StrFormatKBSizeA
PathRemoveFileSpecW
PathFindFileNameA

uxtheme

GetCurrentThemeName
GetThemeColor
DrawThemeText
GetThemeSysColor
GetWindowTheme
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemePartSize
IsAppThemed

oledlg

ord8

urlmon

URLDownloadToFileA

winmm

PlaySoundA

wininet

InternetCloseHandle
DeleteUrlCacheEntry
HttpQueryInfoA
HttpSendRequestA
InternetOpenA
InternetConnectA
InternetOpenUrlA
InternetReadFile
HttpOpenRequestA
InternetSetOptionA

ws2_32

select
recvfrom
ntohs
send
inet_ntoa
inet_addr
htons
recv
accept
bind
closesocket
connect
getpeername
getsockname
sendto
socket
gethostbyname
WSAStartup
WSACleanup
WSASetLastError
WSAGetLastError
WSAAsyncSelect
htonl

gdiplus

GdipDisposeImage
GdipCloneImage
GdipGetImageWidth
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipGetImageHeight

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter
GetJobA

oleaut32

VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDateFromStr
VariantCopy
SafeArrayPtrOfIndex
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
VarBstrFromDec
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayCreate
VarDecFromStr
OleCreateFontIndirect
SafeArrayCreateVector
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
SysStringLen
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SafeArrayRedim

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 569KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.2MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0436d390a6ad4157674af0d0e435cf71

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

msimg32

comctl32

shlwapi

uxtheme

oledlg

urlmon

winmm

wininet

ws2_32

gdiplus

oleacc

imm32

winspool.drv

oleaut32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 569KB - Virtual size: 568KB

.data Size: 33KB - Virtual size: 107KB

.rsrc Size: 8.2MB - Virtual size: 8.2MB

.reloc Size: 210KB - Virtual size: 209KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 569KB - Virtual size: 568KB

.data
Size: 33KB - Virtual size: 107KB

.rsrc
Size: 8.2MB - Virtual size: 8.2MB

.reloc
Size: 210KB - Virtual size: 209KB