71aaf2e975b8a4db7c5cf9151a2c0e6b4d6bbf6743ce65354f98ce3dc5630506

Sharing

Copy URL Twitter E-mail

General

Target

71aaf2e975b8a4db7c5cf9151a2c0e6b4d6bbf6743ce65354f98ce3dc5630506
Size

1.5MB
MD5

3c963e344332202b01fdd59f76aef55f
SHA1

b4e2600e302fe7406a3a412d5e1c88e5abe82633
SHA256

71aaf2e975b8a4db7c5cf9151a2c0e6b4d6bbf6743ce65354f98ce3dc5630506
SHA512

7f52de8d493688cf5fe5aca647151500b6012e124a1daf1e25b4396ed394a0ee87d07975a0642bd6a593bbebc4478eba85fd18b10bba52af17b7f481a1263348
SSDEEP

24576:24tajg6LiHO1BcP+Wu7kXD2JNBg9Z3IWggggM0qTp6MGrMehBPqXbdGaD+lk0cQG:24I8BLmf4XKXBgXggggMUZ4eTUbdGa6a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71aaf2e975b8a4db7c5cf9151a2c0e6b4d6bbf6743ce65354f98ce3dc5630506

Files

71aaf2e975b8a4db7c5cf9151a2c0e6b4d6bbf6743ce65354f98ce3dc5630506
.exe windows:5 windows x86 arch:x86

db616ee32dde5e9457b4ed96b6372d00

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\hudson\jobs\changlian_1.0.1.113\workspace\ChanglianWifi\Software\ChanglianWifi\Bin\Release\AboutUI.pdb

Imports

kernel32

VirtualFree
VirtualProtect
SetLastError
GetNativeSystemInfo
LoadLibraryA
IsBadReadPtr
GlobalFree
DeviceIoControl
GetSystemDirectoryA
FlushFileBuffers
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
WriteConsoleW
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ReadConsoleW
GetStdHandle
GetModuleHandleExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetFileType
GetTimeZoneInformation
RtlUnwind
CreateTimerQueue
UnregisterWaitEx
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
QueryPerformanceCounter
GetStringTypeW
TryEnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
VirtualAlloc
GetVersionExW
QueryDepthSList
TerminateProcess
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
VirtualQuery
FindNextFileW
FindClose
GetCurrentProcess
DeleteFileW
CreateFileA
Sleep
GetCurrentThreadId
GetModuleHandleA
lstrcpyW
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
lstrcpynW
GetLocalTime
GlobalAlloc
MulDiv
GetCurrentProcessId
OpenProcess
FormatMessageW
LocalFree
GetFileAttributesW
CreateDirectoryW
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFilePointer
WriteFile
MultiByteToWideChar
GetACP
ExitProcess
WideCharToMultiByte
CreateFileW
GetCurrentDirectoryW
GetModuleHandleW
lstrlenW
GetTickCount
CloseHandle
ReadFile
GetFileSize
FindResourceW
GlobalUnlock
GlobalLock
DeleteCriticalSection
GetProcessHeap
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
GetCommandLineW
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleFileNameW
FreeResource
LockResource
SizeofResource
LoadResource
InterlockedFlushSList

user32

DrawIconEx
DestroyIcon
PrivateExtractIconsW
MapVirtualKeyExW
PostMessageW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PostQuitMessage
DestroyWindow
GetKeyboardLayout
SetForegroundWindow
GetGUIThreadInfo
InvalidateRgn
GetKeyNameTextW
CreateAcceleratorTableW
DrawTextA
wsprintfA
IsWindowEnabled
CreateWindowExW
SetWindowPos
IsWindowVisible
IsIconic
IsZoomed
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetWindowRect
GetCursorPos
ScreenToClient
MapWindowPoints
GetSysColor
IntersectRect
UnionRect
OffsetRect
IsRectEmpty
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
LoadImageW
MonitorFromWindow
GetMonitorInfoW
wsprintfW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
ShowWindow
EnableWindow
GetSystemMetrics
SetPropW
GetPropW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
EqualRect
LoadCursorW
SetWindowRgn
ClientToScreen
IsWindow
MessageBoxW
SetCursor
InflateRect
UpdateLayeredWindow
MoveWindow
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
UpdateWindow
GetCaretPos

gdi32

GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
CreateDIBSection
GetClipBox
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetTextExtentPoint32W
LineTo
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
GetObjectA
MoveToEx
TextOutW
CreatePatternBrush
GetTextExtentPointA
GetBitmapBits
SetBitmapBits
PtInRegion
GdiFlush

advapi32

OpenProcessToken
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
GetUserNameW
RegOpenKeyExW
RegSetValueExW
LookupAccountSidW
GetTokenInformation

shell32

SHGetFileInfoW
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW
DragQueryFileW

ole32

OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
CoInitializeEx
OleDuplicateData
DoDragDrop
RegisterDragDrop
CoCreateInstance
CoUninitialize
ReleaseStgMedium

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

shlwapi

PathCombineW
PathFindFileNameW
PathIsDirectoryW
PathAddBackslashW
PathFileExistsW
PathRemoveFileSpecW

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

gdiplus

GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdiplusStartup
GdipGetImageWidth
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipGetImageHeight
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
ord1
GdipAddPathLine
GdipDeletePath
GdipCreatePath
GdipFree
GdipAlloc
GdiplusShutdown
GdipDrawString

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

ws2_32

gethostname
WSAStartup
gethostbyname

psapi

GetProcessImageFileNameW
EnumProcesses

winhttp

WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpAddRequestHeaders
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl
WinHttpWriteData

Sections

.text
Size: 1004KB - Virtual size: 1004KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 111KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

db616ee32dde5e9457b4ed96b6372d00

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

imm32

ws2_32

psapi

winhttp

Sections

.text Size: 1004KB - Virtual size: 1004KB

.rdata Size: 190KB - Virtual size: 189KB

.data Size: 14KB - Virtual size: 29KB

.rsrc Size: 183KB - Virtual size: 183KB

.reloc Size: 111KB - Virtual size: 112KB

.text
Size: 1004KB - Virtual size: 1004KB

.rdata
Size: 190KB - Virtual size: 189KB

.data
Size: 14KB - Virtual size: 29KB

.rsrc
Size: 183KB - Virtual size: 183KB

.reloc
Size: 111KB - Virtual size: 112KB