e5555fd7024ec1cace0c1b9b49b6d50602e20cb929be0c56d102c953a1d882e6

Sharing

Copy URL Twitter E-mail

General

Target

e5555fd7024ec1cace0c1b9b49b6d50602e20cb929be0c56d102c953a1d882e6
Size

2.0MB
MD5

227b3c8676103fdf6bad1a588a632248
SHA1

c459735d94fb62883c912ae6ffd61718be27a8af
SHA256

e5555fd7024ec1cace0c1b9b49b6d50602e20cb929be0c56d102c953a1d882e6
SHA512

1ecbb69b8358d975d45c3bcf252d4af0bac6091b47902ccb7bf5511711430a88d3c0e9da653286d25fa73de9ad9516cea553622f015cc0b20e9056d617be7a0c
SSDEEP

24576:HDGzX3rJqB1Z/GoNhaMIzA1zssgxLN/DPOjFT6:HC3rkBSNMx1zWxbW96

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e5555fd7024ec1cace0c1b9b49b6d50602e20cb929be0c56d102c953a1d882e6

Files

e5555fd7024ec1cace0c1b9b49b6d50602e20cb929be0c56d102c953a1d882e6
.exe windows:5 windows x86 arch:x86

7e13a0af9f87ccfcf3abb265c2a13524

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\Company\网易duilib安装包\NIM_Duilib_Framework-master\examples\Release\InstallPage.pdb

Imports

kernel32

LoadLibraryW
GetProcAddress
CreateProcessW
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
MultiByteToWideChar
GetFileAttributesW
CreateFileW
SetFilePointer
SetFileTime
WriteFile
ReadFile
CreateDirectoryW
CloseHandle
GetSystemInfo
CreateMutexW
MoveFileW
MoveFileExW
SetCurrentDirectoryW
FindResourceW
LoadResource
FindResourceExW
DeleteFileW
LockResource
GetDiskFreeSpaceExW
Sleep
SizeofResource
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
OpenProcess
ReleaseMutex
HeapSize
InitializeCriticalSectionAndSpinCount
SetEndOfFile
WriteConsoleW
SetFilePointerEx
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
ReadConsoleW
GetVersionExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleCP
GetFileType
GetACP
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
SetLastError
EncodePointer
GetEnvironmentVariableW
GetFileSize
GlobalSize
GetCurrentProcessId
GetModuleHandleA
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
GetTickCount
VerSetConditionMask
VerifyVersionInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
InterlockedExchange
TerminateThread
GetCurrentThreadId
SetThreadPriority
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
TlsFree
TlsGetValue
TlsAlloc
TlsSetValue
LeaveCriticalSection
EnterCriticalSection
VirtualQuery
GetStdHandle
GetCurrentProcess
InterlockedCompareExchange
HeapFree
GetTempPathW
GetModuleFileNameW
FindClose
FindFirstFileW

user32

DestroyWindow
PostQuitMessage
GetShellWindow
UnregisterClassW
MsgWaitForMultipleObjectsEx
CallMsgFilterW
GetQueueStatus
TranslateMessage
GetWindowThreadProcessId
GetParent
MapWindowPoints
GetDesktopWindow
FindWindowW
SetClipboardData
EmptyClipboard
wsprintfW
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
GetAsyncKeyState
GetSysColor
ClientToScreen
SetCursor
UnionRect
IsWindowVisible
MessageBoxW
SetWindowRgn
MonitorFromPoint
IsZoomed
CharNextW
PtInRect
UpdateLayeredWindow
IntersectRect
IsRectEmpty
GetClientRect
GetUpdateRect
MoveWindow
EndPaint
BeginPaint
ReleaseCapture
SetCapture
GetFocus
GetCursorPos
GetKeyState
ScreenToClient
InvalidateRect
SetWindowTextW
GetDC
GetPropW
SetPropW
CallWindowProcW
SendMessageW
GetSystemMetrics
LoadImageW
SetWindowPos
IsIconic
SetForegroundWindow
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
ShowWindow
SetFocus
EnableWindow
GetWindow
GetWindowLongW
IsWindow
SetWindowLongW
GetClassInfoExW
RegisterClassW
LoadCursorW
ReleaseDC
OffsetRect
DefWindowProcW
PostMessageW
CreateWindowExW
WaitMessage
RegisterClassExW
DispatchMessageW
SetTimer
PeekMessageW
KillTimer

advapi32

OpenProcessToken
DuplicateTokenEx

shell32

SHGetFolderPathW
ord165
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance

winmm

timeGetTime
timeSetEvent
timeKillEvent

comctl32

ord17
_TrackMouseEvent

gdiplus

GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipImageSelectActiveFrame
GdipCreateHBITMAPFromBitmap
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateMatrix
GdipDeleteMatrix
GdipImageGetFrameCount
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipCreatePen1
GdipDeletePen
GdipDrawArc
GdipCreateLineBrushFromRect
GdipDeleteBrush
GdipCloneBrush
GdipSetLineBlend
GdipCreatePen2
GdipTranslateMatrix
GdipRotateMatrix
GdipSetWorldTransform
GdipDrawImageRect
GdipImageRotateFlip
GdipLoadImageFromFile
GdipClonePen
GdipSetPenWidth
GdipGetPenWidth
GdipSetPenColor
GdipSetPenStartCap
GdipSetPenDashCap197819
GdipGetPenStartCap
GdipGetPenEndCap
GdipGetPenDashCap197819
GdipSetPenLineJoin
GdipGetPenLineJoin
GdipSetPenDashStyle
GdipGetPenDashStyle
GdipCreateSolidFill
GdipCreateBitmapFromHBITMAP
GdipCreateTexture
GdipCreatePath
GdipClonePath
GdipResetPath
GdipSetPathFillMode
GdipGetPathFillMode
GdipStartPathFigure
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathLine2I
GdipAddPathBezierI
GdipAddPathCurveI
GdipAddPathRectangleI
GdipAddPathEllipseI
GdipAddPathArcI
GdipAddPathPieI
GdipAddPathPolygonI
GdipGetPathWorldBoundsI
GdipIsVisiblePathPointI
GdipIsOutlineVisiblePathPointI
GdipTransformPath
GdipDeletePath
GdipFillRectangle
GdipDrawLineI
GdipDrawBezierI
GdipDrawRectangleI
GdipDrawPath
GdipCreateFontFromDC
GdipCreateBitmapFromFile
GdipCreateFontFromLogfontA
GdipImageGetFrameDimensionsCount
GdipSetPenEndCap
GdiplusShutdown
GdiplusStartup
GdipImageGetFrameDimensionsList
GdipDeleteFont
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDrawString
GdipDrawEllipseI
GdipFillEllipseI
GdipFillPath
GdipMeasureString
GdipScaleMatrix
GdipCreateBitmapFromStream

shlwapi

PathFileExistsW
PathIsRelativeW

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

msimg32

AlphaBlend

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

gdi32

DeleteDC
SaveDC
RestoreDC
CreateCompatibleDC
StretchBlt
CreateDIBSection
GetDeviceCaps
CreateRoundRectRgn
BitBlt
SelectObject
DeleteObject
CreateFontIndirectW
GetStockObject
SetWindowOrgEx
SetStretchBltMode
GetObjectA
CreateRectRgnIndirect
ExtSelectClipRgn
GetObjectW
GetWindowOrgEx

Sections

.text
Size: 535KB - Virtual size: 534KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e13a0af9f87ccfcf3abb265c2a13524

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

winmm

comctl32

gdiplus

shlwapi

imm32

msimg32

version

gdi32

Sections

.text Size: 535KB - Virtual size: 534KB

.rdata Size: 204KB - Virtual size: 203KB

.data Size: 14KB - Virtual size: 22KB

.gfids Size: 512B - Virtual size: 440B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 535KB - Virtual size: 534KB

.rdata
Size: 204KB - Virtual size: 203KB

.data
Size: 14KB - Virtual size: 22KB

.gfids
Size: 512B - Virtual size: 440B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 36KB - Virtual size: 35KB