7adf74053bda56e9be64bed62de9e60f0d8f6c298dae6c0d626127517a545211

Sharing

Copy URL

Twitter E-mail

General

Target

7adf74053bda56e9be64bed62de9e60f0d8f6c298dae6c0d626127517a545211
Size

676KB
MD5

fe41c25bd34192b8374bd35fabdd4399
SHA1

445954ccb26cbb10ee51d4d3b454d389a76ead3f
SHA256

7adf74053bda56e9be64bed62de9e60f0d8f6c298dae6c0d626127517a545211
SHA512

be08e2b7c80908d0d10d0ac907d880540cd94da91f6f7352fc6e66a7d07964527a0f68ad49bb66a45456e4bada5129bf776fa315c3b541dbd92389d6efb34df6
SSDEEP

6144:T19iD5E+twhShUxwlaWqCASGnlzCw9ncG/z0X0enxQX/9qLhfCaha0K:T5hSWxwlSplv9ncG/z0kenxQX/eZL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7adf74053bda56e9be64bed62de9e60f0d8f6c298dae6c0d626127517a545211

Files

7adf74053bda56e9be64bed62de9e60f0d8f6c298dae6c0d626127517a545211
.exe windows:5 windows x86 arch:x86

aba5a38631700d7ac228d522f0311054

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\workspace\ci.wangwang.manual\develop\SourceCode\IMClient-RV\symbol\Release\AliFileCheck.pdb

Imports

baselib

?Decrypt@DesUtil@@SA_NPBDPAE1JPAJ@Z

kernel32

FindResourceExW
WaitForSingleObject
MoveFileExW
DeleteFileW
CreateFileW
GetFileSize
ReadFile
SetFilePointer
WriteFile
SetEndOfFile
GetFileAttributesW
SetFileAttributesW
LeaveCriticalSection
RaiseException
EnterCriticalSection
GetCurrentProcessId
GetStartupInfoW
HeapSetInformation
DecodePointer
EncodePointer
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
CloseHandle
IsDebuggerPresent
ExitProcess
GetStdHandle
HeapCreate
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
RtlUnwind
LoadLibraryW
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
CreateThread
CreateEventW
Sleep
InitializeCriticalSectionAndSpinCount
GetLastError
GetCommandLineW
SetEvent
DeleteCriticalSection
SetLastError
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetProcAddress
GetCurrentThreadId
GlobalUnlock
GlobalLock
GlobalFree
GetACP
GetOEMCP
IsValidCodePage
GlobalAlloc
LoadResource
LockResource
SizeofResource
FindResourceW
lstrlenW
FlushInstructionCache
GetCurrentProcess
GetStringTypeW
FlushFileBuffers
UnhandledExceptionFilter
MultiByteToWideChar
SetUnhandledExceptionFilter
SetStdHandle
WriteConsoleW
LCMapStringW

user32

EndDialog
SetDlgItemTextW
DrawIconEx
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
BringWindowToTop
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetWindowTextW
UnregisterClassA
GetWindow
LoadCursorW
GetClassInfoExW
DispatchMessageW
TranslateMessage
GetMessageW
CharUpperW
CharNextW
PostMessageW
SetWindowRgn
GetSystemMetrics
KillTimer
ClientToScreen
ReleaseCapture
GetDlgCtrlID
SetTimer
SystemParametersInfoW
SetCapture
UpdateWindow
EndPaint
BeginPaint
PostThreadMessageW
DestroyIcon
DialogBoxParamW
CreateWindowExW
GetActiveWindow
GetDlgItem
RegisterClassExW
GetCapture
InvalidateRect
DestroyWindow
DrawTextW
GetWindowTextW
IsWindowEnabled
SendMessageW
ScreenToClient
GetWindowRect
GetClientRect
AdjustWindowRectEx
GetMenu
SetWindowPos
IsWindow
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
GetParent
OffsetRect
PtInRect
LoadIconW

gdi32

SetViewportOrgEx
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
DeleteDC
BitBlt
GetStockObject
SetBkMode
SetTextColor
CreateRoundRectRgn

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

CommandLineToArgvW
SHFileOperationW

ole32

CoReleaseServerProcess
CoInitialize
CoUninitialize
CoCreateInstance
CoAddRefServerProcess
CreateStreamOnHGlobal

oleaut32

RegisterTypeLi
SysFreeString
SysStringLen
UnRegisterTypeLi

atl100

ord61
ord43
ord23
ord44
ord20
ord17
ord49
ord56
ord68
ord67
ord64

shlwapi

PathIsDirectoryW
PathFileExistsW

comctl32

_TrackMouseEvent
ImageList_Destroy
ImageList_GetIconSize

gdiplus

GdipMeasureString
GdipDrawString
GdipStringFormatGetGenericTypographic
GdipSetStringFormatTrimming
GdipGetStringFormatFlags
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCloneStringFormat
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipDrawImageI
GdiplusStartup
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipLoadImageFromStream
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipAlloc
GdipFree
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdiplusShutdown

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 530KB - Virtual size: 529KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aba5a38631700d7ac228d522f0311054

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

baselib

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

atl100

shlwapi

comctl32

gdiplus

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 530KB - Virtual size: 529KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 530KB - Virtual size: 529KB

.reloc
Size: 12KB - Virtual size: 12KB