6dd3cb351a7b16a53644a603a01b6ffab93a52c4ba06f169e6bcbdbdf12bdfac

Sharing

Copy URL

Twitter E-mail

General

Target

6dd3cb351a7b16a53644a603a01b6ffab93a52c4ba06f169e6bcbdbdf12bdfac
Size

1.3MB
MD5

2d4ab7b6d6c93fea082afa4de1a265c0
SHA1

5dccbde54ae9a38c78169a4837915530909b4573
SHA256

6dd3cb351a7b16a53644a603a01b6ffab93a52c4ba06f169e6bcbdbdf12bdfac
SHA512

721333a078332dc26f2b4f41269b15304392d0b8aa55b8f5dddeb64f9beab13df75b3e3d249e7a3c2e48fb9ba72431b0750cf87081134dea68d18a57196fa472
SSDEEP

12288:SOJDzh12OF+sJ6W1bLRYzI497XMSQU29Zuu9ZuphEFb:jhoOF+k6WNNY04RM021GhEx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6dd3cb351a7b16a53644a603a01b6ffab93a52c4ba06f169e6bcbdbdf12bdfac

Files

6dd3cb351a7b16a53644a603a01b6ffab93a52c4ba06f169e6bcbdbdf12bdfac
.exe windows:5 windows x86 arch:x86

13dd8b67cf401314a10b9ecda828d5b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\build\trunk_cn_9.0build\simulator\bin\ldnews.pdb

Imports

kernel32

GetVersionExW
GlobalFree
GlobalAlloc
Sleep
FreeLibrary
LoadLibraryExW
lstrcmpiW
GetModuleFileNameW
DecodePointer
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GetProcAddress
FindResourceW
VirtualFree
SizeofResource
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
CreateThread
HeapFree
HeapAlloc
GetProcessHeap
CreateMutexW
WriteFile
SetLastError
lstrcmpW
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
WaitForSingleObject
CreateEventW
InitializeCriticalSection
WideCharToMultiByte
GlobalUnlock
GlobalLock
MulDiv
GetPrivateProfileStringW
LoadLibraryW
LockResource
FreeResource
GetTickCount
CloseHandle
ReadFile
GetFileSize
FindFirstFileW
FindClose
CreateFileW
ExitProcess
LoadResource
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetLocalTime
VirtualAlloc
MultiByteToWideChar

user32

GetWindowLongW
SetWindowLongW
ScreenToClient
MessageBoxW
SetWindowRgn
GetClientRect
GetWindowRect
GetSystemMetrics
MoveWindow
TranslateMessage
DispatchMessageW
GetMessageW
ShowWindow
UnregisterClassW
CharNextW
wsprintfW
IsZoomed
IsIconic
SetWindowPos
ClientToScreen
MonitorFromWindow
GetMonitorInfoW
wvsprintfW
SetCursor
UnionRect
GetForegroundWindow
GetShellWindow
CopyRect
RegisterWindowMessageW
GetDesktopWindow
DestroyAcceleratorTable
GetDlgItem
IsChild
RedrawWindow
GetClassNameW
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetSysColor
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
SetRect
FillRect
DrawTextW
CharPrevW
GetPropW
SetPropW
EnableWindow
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetWindow
GetParent
PtInRect
IsRectEmpty
IntersectRect
MapWindowPoints
GetCursorPos
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
SetFocus
IsWindowVisible
DestroyWindow
IsWindow
CreateWindowExW
PostMessageW
SendMessageW
LoadCursorW
OffsetRect

advapi32

RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW

shell32

ShellExecuteW
ShellExecuteExW
ord165
SHGetFolderPathW

ole32

CoInitializeSecurity
OleUninitialize
OleInitialize
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal
StringFromGUID2
CoGetClassObject

oleaut32

OleCreateFontIndirect
LoadTypeLi
SysStringLen
SysAllocStringLen
LoadRegTypeLi
VarUI4FromStr
SysFreeString
SysAllocString
VariantInit
VariantClear

ws2_32

WSAStartup

msvcp120

?_Future_error_map@std@@YAPBDH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Throw_future_error@std@@YAXABVerror_code@1@@Z
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xbad_function_call@std@@YAXXZ
_Mtx_destroy
_Cnd_destroy
_Cnd_broadcast
_Cnd_init
_Mtx_unlock
_Mtx_lock
_Mtx_init
?_Throw_C_error@std@@YAXH@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_BADOFF@std@@3_JB
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Make_dir@sys@tr2@std@@YAHPB_W@Z
?_Stat@sys@tr2@std@@YA?AW4file_type@123@PB_WAAH@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??0_Pad@std@@QAE@XZ
?_Release@_Pad@std@@QAEXXZ
??1_Pad@std@@QAE@XZ
?_Launch@_Pad@std@@QAEXPAU_Thrd_imp_t@@@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??Bios_base@std@@QBE_NXZ
_Thrd_equal
_Thrd_current
?_Throw_Cpp_error@std@@YAXH@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?width@ios_base@std@@QAE_J_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Open_dir@sys@tr2@std@@YAPAXAAY0BAE@_WPB_WAAHAAW4file_type@123@@Z
?_Close_dir@sys@tr2@std@@YAXPAX@Z
?_Read_dir@sys@tr2@std@@YAPA_WAAY0BAE@_WPAXAAW4file_type@123@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
_Xtime_get_ticks
_Thrd_join
_Cnd_timedwait
_Mtx_current_owns
?_Xbad_alloc@std@@YAXXZ

msvcr120

swprintf_s
_purecall
memmove
_time64
??_V@YAXPAX@Z
rand
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
malloc
free
memcpy_s
wcsncpy_s
wcsstr
_recalloc
realloc
_wtoi
_localtime64_s
longjmp
_snwprintf_s
_snprintf_s
?terminate@@YAXXZ
sprintf_s
_wcsicmp
_CxxThrowException
__CxxFrameHandler3
memcpy
memset
wcschr
wcsncpy
wcsrchr
_wcslwr
wcstol
isdigit
isalnum
toupper
_itow
wcstoul
wcstod
_wtof
iswalnum
wcsncmp
fputc
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
_unlock_file
ungetc
fgetpos
_fseeki64
fflush
fgetc
fsetpos
setvbuf
_lock_file
fwrite
fclose
srand
vswprintf_s
??8type_info@@QBE_NABV0@@Z
tolower
_vswprintf_c_l
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
_except1
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_setjmp3
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
__crtTerminateProcess
??3@YAXPAX@Z
__crtUnhandledException
_crt_debugger_hook
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
_beginthreadex
vsprintf_s
_wcsnicmp

shlwapi

PathFileExistsW

iphlpapi

GetAdaptersInfo

comctl32

_TrackMouseEvent
ord17

imm32

ImmSetCompositionWindow
ImmSetCompositionFontW
ImmReleaseContext
ImmGetContext
ImmGetVirtualKey

wininet

InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetReadFile
HttpQueryInfoW
InternetCloseHandle

gdi32

GetStockObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
Rectangle
GetClipBox
SetWindowOrgEx
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
GetObjectA
RestoreDC
SaveDC
SelectObject
GetTextMetricsW
CreateRoundRectRgn
GetObjectW
CreatePatternBrush
GetDeviceCaps
GdiFlush
ExtTextOutW
TextOutW
MoveToEx
CreateDIBSection
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
RoundRect
LineTo
GetTextExtentPoint32W

gdiplus

GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipLoadImageFromStream
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipDeleteStringFormat
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipDrawString
GdipGetFamily
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipImageGetFrameDimensionsList
GdipDeleteFont
GdipCreateStringFormat
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushI
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipGraphicsClear
GdipDrawImage
GdipDrawImageRectI
GdipDeleteFontFamily
GdipCreateFontFromDC
GdipCreateFontFromLogfontA

Sections

.text
Size: 567KB - Virtual size: 566KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 583KB - Virtual size: 582KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13dd8b67cf401314a10b9ecda828d5b8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

msvcp120

msvcr120

shlwapi

iphlpapi

comctl32

imm32

wininet

gdi32

gdiplus

Sections

.text Size: 567KB - Virtual size: 566KB

.rdata Size: 150KB - Virtual size: 149KB

.data Size: 11KB - Virtual size: 30KB

.rsrc Size: 583KB - Virtual size: 582KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 567KB - Virtual size: 566KB

.rdata
Size: 150KB - Virtual size: 149KB

.data
Size: 11KB - Virtual size: 30KB

.rsrc
Size: 583KB - Virtual size: 582KB

.reloc
Size: 36KB - Virtual size: 35KB