77345003b3fcefa7f6d1bc908286877bcf4f832e761b32b995e4280d152d87fa

Sharing

Copy URL Twitter E-mail

General

Target

77345003b3fcefa7f6d1bc908286877bcf4f832e761b32b995e4280d152d87fa
Size

1.3MB
MD5

dcd173183c99f298e73b330b5d629915
SHA1

11feea69ac58d2a7dcbcd1a120b5b7952f0d12be
SHA256

77345003b3fcefa7f6d1bc908286877bcf4f832e761b32b995e4280d152d87fa
SHA512

1d75fef92c870f631e83bf5b81090ce0bf8f09d2924a8c3991d373c12b6312340c03237c54c5d462b54b5b216b22213c62ff94ad601e335a43b06aaaccf67151
SSDEEP

12288:n5Rx5lUByfMmOTcy16r2PNdcRIgbgjHwYqBw2B7k9Zuu9ZuuH21+tI:njyBkMm+ccK0dG1cHHqtk1JH21+t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
77345003b3fcefa7f6d1bc908286877bcf4f832e761b32b995e4280d152d87fa

Files

77345003b3fcefa7f6d1bc908286877bcf4f832e761b32b995e4280d152d87fa
.exe windows:5 windows x86 arch:x86

6342df7938392c68ee3ee1f9ae6bd2c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\build\trunk_cn_5.0_64\simulator\bin\ldnews.pdb

Imports

kernel32

GetVersionExW
GlobalFree
GlobalAlloc
Sleep
FreeLibrary
LoadLibraryExW
lstrcmpiW
GetModuleFileNameW
DecodePointer
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GetProcAddress
FindResourceW
SizeofResource
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
CreateThread
HeapFree
HeapAlloc
GetProcessHeap
CreateMutexW
WriteFile
WideCharToMultiByte
SetLastError
lstrcmpW
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
WaitForSingleObject
CreateEventW
InitializeCriticalSection
GlobalUnlock
GlobalLock
MulDiv
GetPrivateProfileStringW
LoadLibraryW
LockResource
FreeResource
GetTickCount
CloseHandle
ReadFile
GetFileSize
FindFirstFileW
FindClose
CreateFileW
ExitProcess
LoadResource
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
MultiByteToWideChar
VirtualFree
GetLocalTime

user32

SetWindowLongW
GetWindowLongW
ScreenToClient
MessageBoxW
GetClientRect
GetWindowRect
GetSystemMetrics
MoveWindow
TranslateMessage
DispatchMessageW
GetMessageW
ShowWindow
UnregisterClassW
CharNextW
wsprintfW
SetWindowRgn
IsZoomed
IsIconic
SetWindowPos
MonitorFromWindow
GetMonitorInfoW
wvsprintfW
SetCursor
UnionRect
GetForegroundWindow
GetShellWindow
ClientToScreen
CopyRect
RegisterWindowMessageW
GetDesktopWindow
GetDlgItem
IsChild
RedrawWindow
GetClassNameW
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetSysColor
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
SetRect
FillRect
DrawTextW
CharPrevW
GetPropW
SetPropW
EnableWindow
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetWindow
GetParent
PtInRect
IsRectEmpty
IntersectRect
MapWindowPoints
GetCursorPos
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
SetFocus
IsWindowVisible
DestroyWindow
IsWindow
CreateWindowExW
PostMessageW
SendMessageW
LoadCursorW
OffsetRect
DestroyAcceleratorTable

advapi32

RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW

shell32

ord165
ShellExecuteExW
ShellExecuteW
SHGetFolderPathW

ole32

CoInitializeSecurity
OleUninitialize
OleInitialize
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal
StringFromGUID2
CoGetClassObject

oleaut32

OleCreateFontIndirect
LoadTypeLi
SysStringLen
SysAllocStringLen
LoadRegTypeLi
VarUI4FromStr
SysFreeString
SysAllocString
VariantInit
VariantClear

ws2_32

WSAStartup

msvcp120

?_Xbad_function_call@std@@YAXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?in@?$codecvt@_WDH@std@@QBEHAAHPBD1AAPBDPA_W3AAPA_W@Z
??1?$codecvt@_WDH@std@@MAE@XZ
??_7_Facet_base@std@@6B@
??_7facet@locale@std@@6B@
??_7codecvt_base@std@@6B@
??_7?$codecvt@_WDH@std@@6B@
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??0?$codecvt@_WDH@std@@QAE@I@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Throw_future_error@std@@YAXABVerror_code@1@@Z
_Mtx_destroy
_Cnd_destroy
_Cnd_broadcast
_Cnd_init
_Mtx_unlock
_Mtx_lock
_Mtx_init
?_Throw_C_error@std@@YAXH@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_BADOFF@std@@3_JB
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Make_dir@sys@tr2@std@@YAHPB_W@Z
?_Stat@sys@tr2@std@@YA?AW4file_type@123@PB_WAAH@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??0_Pad@std@@QAE@XZ
?_Release@_Pad@std@@QAEXXZ
??1_Pad@std@@QAE@XZ
?_Launch@_Pad@std@@QAEXPAU_Thrd_imp_t@@@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??Bios_base@std@@QBE_NXZ
_Thrd_equal
_Thrd_current
?_Throw_Cpp_error@std@@YAXH@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?out@?$codecvt@_WDH@std@@QBEHAAHPB_W1AAPB_WPAD3AAPAD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?width@ios_base@std@@QAE_J_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Open_dir@sys@tr2@std@@YAPAXAAY0BAE@_WPB_WAAHAAW4file_type@123@@Z
?_Close_dir@sys@tr2@std@@YAXPAX@Z
?_Read_dir@sys@tr2@std@@YAPA_WAAY0BAE@_WPAXAAW4file_type@123@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
_Xtime_get_ticks
_Thrd_join
_Cnd_timedwait
_Mtx_current_owns
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Winerror_map@std@@YAPBDH@Z
?_Future_error_map@std@@YAPBDH@Z

msvcr120

??_V@YAXPAX@Z
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
malloc
free
??3@YAXPAX@Z
memmove
_purecall
swprintf_s
_time64
memcpy_s
wcsncpy_s
wcsstr
_recalloc
realloc
_wtoi
_localtime64_s
longjmp
_snwprintf_s
_snprintf_s
?terminate@@YAXXZ
sprintf_s
_wcsicmp
_CxxThrowException
__CxxFrameHandler3
memcpy
memset
wcschr
wcsncpy
wcsrchr
_wcslwr
wcstol
??_U@YAPAXI@Z
isdigit
isalnum
toupper
_itow
wcstoul
wcstod
_wtof
iswalnum
wcsncmp
fputc
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
_unlock_file
ungetc
fgetpos
_fseeki64
fflush
fgetc
fsetpos
setvbuf
_lock_file
fwrite
fclose
srand
vswprintf_s
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
_except1
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_setjmp3
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
_beginthreadex
vsprintf_s
_wcsnicmp
_vswprintf_c_l
tolower
??8type_info@@QBE_NABV0@@Z
rand

shlwapi

PathFileExistsW

iphlpapi

GetAdaptersInfo

comctl32

_TrackMouseEvent
ord17

imm32

ImmSetCompositionWindow
ImmSetCompositionFontW
ImmReleaseContext
ImmGetContext
ImmGetVirtualKey

wininet

InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetReadFile
HttpQueryInfoW
InternetCloseHandle

gdi32

GetStockObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
Rectangle
GetClipBox
SetWindowOrgEx
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
GetObjectA
RestoreDC
SaveDC
SelectObject
GetTextMetricsW
CreateRoundRectRgn
GetObjectW
CreatePatternBrush
GetDeviceCaps
GdiFlush
ExtTextOutW
TextOutW
MoveToEx
CreateDIBSection
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
RoundRect
LineTo
GetTextExtentPoint32W

gdiplus

GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipLoadImageFromStream
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipDeleteStringFormat
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipDrawString
GdipGetFamily
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipImageGetFrameDimensionsList
GdipDeleteFont
GdipCreateStringFormat
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushI
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipGraphicsClear
GdipDrawImage
GdipDrawImageRectI
GdipDeleteFontFamily
GdipCreateFontFromDC
GdipCreateFontFromLogfontA

Sections

.text
Size: 565KB - Virtual size: 564KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 583KB - Virtual size: 582KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6342df7938392c68ee3ee1f9ae6bd2c2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

msvcp120

msvcr120

shlwapi

iphlpapi

comctl32

imm32

wininet

gdi32

gdiplus

Sections

.text Size: 565KB - Virtual size: 564KB

.rdata Size: 149KB - Virtual size: 149KB

.data Size: 11KB - Virtual size: 29KB

.rsrc Size: 583KB - Virtual size: 582KB

.reloc Size: 35KB - Virtual size: 35KB

.text
Size: 565KB - Virtual size: 564KB

.rdata
Size: 149KB - Virtual size: 149KB

.data
Size: 11KB - Virtual size: 29KB

.rsrc
Size: 583KB - Virtual size: 582KB

.reloc
Size: 35KB - Virtual size: 35KB