d85e610e13fd14c8c0cd6d2a661ec2b4dae98e9c1e58ef2ed5e437a45d9abea8

Sharing

Copy URL

Twitter E-mail

General

Target

d85e610e13fd14c8c0cd6d2a661ec2b4dae98e9c1e58ef2ed5e437a45d9abea8
Size

2.3MB
MD5

c247bf233ffc6aeb5ebcdca23b217d4a
SHA1

fd56d232541299b54bd26642cfae8feb35ad3b81
SHA256

d85e610e13fd14c8c0cd6d2a661ec2b4dae98e9c1e58ef2ed5e437a45d9abea8
SHA512

1e85d242a4c40d3f449d80a1a1ffd45699013b5be264b91008ba03f5440ceec93fb91487d8c2a2f034211e75d95dc0736f73d03fd5ff9626b3a6a2bd8cd301f4
SSDEEP

49152:mGmqr7Iio14J/2ns+Vz6DG6oiAjF8SdiTXk2YVWqC7S:Bzr7A4Mn3V+K6oi88Sgq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d85e610e13fd14c8c0cd6d2a661ec2b4dae98e9c1e58ef2ed5e437a45d9abea8

Files

d85e610e13fd14c8c0cd6d2a661ec2b4dae98e9c1e58ef2ed5e437a45d9abea8
.exe windows:6 windows x86 arch:x86

5a713bb7dbe4c7696a5ecb5d12b6b341

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\project\sogouime\dev_11.1_pc_modify\Bin\SogouPdb\SogouInput\userNetSchedule.pdb

Imports

wininet

InternetOpenW
InternetCloseHandle
InternetSetOptionW
HttpQueryInfoW
InternetReadFile
HttpOpenRequestA
InternetWriteFile
InternetCrackUrlA
InternetOpenUrlW
HttpSendRequestExW
InternetConnectA
HttpAddRequestHeadersW
InternetCanonicalizeUrlW
InternetGetConnectedState
HttpOpenRequestW
InternetQueryOptionW
HttpSendRequestW
InternetConnectW
HttpEndRequestW

kernel32

GetSystemDirectoryA
FormatMessageA
WaitForMultipleObjects
LoadLibraryA
SleepEx
GetModuleHandleW
GetProcAddress
Sleep
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
GetCurrentProcessId
WideCharToMultiByte
ReadFile
WriteFile
SetFilePointer
GetTempPathW
CreateFileW
GetFileAttributesW
SetFileAttributesW
GetDiskFreeSpaceExW
CloseHandle
MoveFileExW
GetFileSize
CopyFileW
GetTempFileNameW
GetSystemTime
FlushFileBuffers
GetModuleFileNameW
InterlockedCompareExchange
GetTickCount
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
WaitForSingleObject
LocalAlloc
GetSystemDirectoryW
LoadLibraryW
LocalFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateMutexW
ReleaseMutex
OpenMutexW
InterlockedIncrement
SwitchToThread
GetModuleHandleA
MultiByteToWideChar
SetLastError
GetCurrentProcess
GetCurrentThreadId
DuplicateHandle
ExitThread
CreateEventW
FormatMessageW
CreateThread
CreateDirectoryW
GetProcessId
GetFileAttributesExW
FileTimeToSystemTime
CreateProcessW
GetFileTime
GetExitCodeProcess
GetCommandLineW
RemoveDirectoryW
OpenProcess
OutputDebugStringW
SetPriorityClass
TlsSetValue
TlsGetValue
OpenEventW
LoadLibraryExW
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersionExW
SetEvent
VirtualAlloc
TlsAlloc
TlsFree
lstrlenW
TerminateProcess
lstrcatW
GetLocalTime
lstrcpyW
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
GetACP
WaitNamedPipeW
GetSystemTimeAsFileTime
WaitForSingleObjectEx
GetQueuedCompletionStatus
TransactNamedPipe
CreateIoCompletionPort
SetNamedPipeHandleState
ResetEvent
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlUnwind
GetTimeZoneInformation
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
ExitProcess
GetStdHandle
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetProcessHeap
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
IsValidCodePage
GetOEMCP
GetConsoleCP
SetFilePointerEx
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
FindFirstFileExW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
SetEndOfFile
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
FreeLibrary
GetUserDefaultLCID

user32

SetRectEmpty
wsprintfW
wvsprintfW
FindWindowW
GetSystemMetrics
LoadIconW
CreateWindowExW
DestroyWindow
PostMessageW

gdi32

DeleteObject
DeleteDC
CreateCompatibleDC
SelectObject
GetFontData
CreateFontIndirectW

advapi32

RegSetValueExW
GetTokenInformation
LookupAccountSidW
OpenProcessToken
RegOpenKeyW
RegCreateKeyExW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetLengthSid
AddAccessAllowedAceEx
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SetSecurityInfo
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
CryptAcquireContextW
CryptDecrypt
CryptSetKeyParam
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext

shell32

SHGetFolderPathW
SHFileOperationW
Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW

imm32

ImmDisableIME

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetProcessMemoryInfo

ws2_32

ioctlsocket
listen
closesocket
WSACleanup
WSAStartup
gethostname
accept
sendto
recvfrom
select
__WSAFDIsSet
WSASetLastError
getservbyname
getservbyport
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
htonl
WSAGetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
send
recv

wldap32

ord211
ord46
ord79
ord60
ord50
ord41
ord22
ord26
ord301
ord200
ord30
ord143
ord35
ord33
ord32
ord27

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 683KB - Virtual size: 683KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a713bb7dbe4c7696a5ecb5d12b6b341

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

imm32

version

psapi

ws2_32

wldap32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 683KB - Virtual size: 683KB

.data Size: 34KB - Virtual size: 133KB

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 86KB - Virtual size: 86KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 683KB - Virtual size: 683KB

.data
Size: 34KB - Virtual size: 133KB

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 86KB - Virtual size: 86KB