9fb7636e1cf71a34a371ee3ad7b78a6efd528997aaf1bba896b6a4346e94f4b4

Sharing

Copy URL Twitter E-mail

General

Target

9fb7636e1cf71a34a371ee3ad7b78a6efd528997aaf1bba896b6a4346e94f4b4
Size

2.7MB
MD5

938031a801735c367fb5a37b6afa8d64
SHA1

cd7182931214261e28cff634c47e01ec60346ca1
SHA256

9fb7636e1cf71a34a371ee3ad7b78a6efd528997aaf1bba896b6a4346e94f4b4
SHA512

3ed86e3b146c07d1ae8c46711b8d6970983283198b63dd8cebf281df53322163c3c20861b9e41bcdd710526d9dd6ed49ee3bdce110d34d8f79ca649c2ebbe98f
SSDEEP

24576:6apHljSscHAKdavEvqA8p71yjYUuVqK0IGNSECaYVbPqb+FRuH1kwff+ZtoR70y7:JXjld1yjYUuOMxPqb+FRuVGUjycaPm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9fb7636e1cf71a34a371ee3ad7b78a6efd528997aaf1bba896b6a4346e94f4b4

Files

9fb7636e1cf71a34a371ee3ad7b78a6efd528997aaf1bba896b6a4346e94f4b4
.exe windows:6 windows x86 arch:x86

7b231a5590bf277b1de0b3f2729613c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\cpp\xubei\InstallWnd\Release\Setup.pdb

Imports

kernel32

TzSpecificLocalTimeToSystemTime
GetDriveTypeW
GetFullPathNameW
GetCurrentProcessId
FindResourceW
LoadResource
LockResource
FreeResource
SizeofResource
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
RaiseException
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryW
FindFirstFileW
FindNextFileW
RemoveDirectoryW
FindClose
GetFileAttributesW
GetFileAttributesExW
DeleteFileW
MoveFileExW
MoveFileW
SetPriorityClass
GetPrivateProfileIntW
SetThreadPriority
GetTempPathW
WaitForSingleObject
Sleep
GetCurrentThread
CloseHandle
FindResourceExW
GetLocalTime
ExitProcess
WideCharToMultiByte
GetExitCodeProcess
GetModuleFileNameA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSection
CreateSemaphoreW
CreateDirectoryA
HeapFree
CreateFileW
UnmapViewOfFile
MultiByteToWideChar
FileTimeToSystemTime
HeapAlloc
GetProcessHeap
CreateFileMappingW
MapViewOfFile
GetSystemDefaultLCID
GetSystemDirectoryW
LoadLibraryW
GetWindowsDirectoryW
GetProcAddress
DeleteFileA
SystemTimeToTzSpecificLocalTime
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
WaitForSingleObjectEx
Process32FirstW
CreateProcessW
FreeLibrary
CopyFileW
LoadLibraryExW
HeapSize
HeapReAlloc
HeapDestroy
ReadFile
VirtualFree
WriteFile
VirtualAlloc
GetFileSize
GetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTickCount
GlobalUnlock
GlobalLock
lstrlenW
GetACP
MulDiv
LocalFileTimeToFileTime
SetFilePointer
SetFileTime
SystemTimeToFileTime
LocalFree
FormatMessageW
InitializeCriticalSectionAndSpinCount
VerSetConditionMask
GlobalAlloc
lstrcpynW
lstrcmpiW
lstrcpyW
RtlUnwind
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetCommandLineW
GetFileType
GetConsoleCP
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CompareStringW
LCMapStringW
SetConsoleCtrlHandler
SetStdHandle
GetStringTypeW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleOutputCP
GetFileSizeEx
SetConsoleMode
ReadConsoleInputW
WriteConsoleW
SetEndOfFile
GetSystemTime
GetModuleHandleA
GetFileInformationByHandle
FileTimeToDosDateTime
DosDateTimeToFileTime
GetTickCount64
SleepEx
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
FormatMessageA
GetSystemDirectoryA
LoadLibraryA
VerifyVersionInfoA
GlobalMemoryStatus
FlushConsoleInputBuffer
DecodePointer
GetLastError
GetPrivateProfileStringW
SetFileAttributesW
InitializeCriticalSectionEx
GetModuleFileNameW
WritePrivateProfileStringW

user32

UnionRect
IsRectEmpty
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
LoadImageW
SetCursor
InflateRect
OffsetRect
LoadCursorW
wsprintfW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
EnableWindow
SetPropW
GetPropW
MonitorFromWindow
GetMonitorInfoW
SetWindowRgn
UpdateLayeredWindow
MoveWindow
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
IntersectRect
TrackPopupMenu
HideCaret
ShowCaret
GetCaretPos
ClientToScreen
IsWindowEnabled
EqualRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
SetForegroundWindow
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
FindWindowExW
GetWindowRect
SendMessageW
FindWindowW
GetSysColor
MapWindowPoints
ScreenToClient
SetCaretPos
GetCaretBlinkTime
CreateCaret
GetCursorPos
MessageBoxW
PostQuitMessage
SetTimer
LoadIconW
ShowWindow
UpdateWindow
GetClientRect
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
KillTimer
ReleaseCapture
SetCapture
CreateWindowExW
GetKeyState
GetFocus
GetActiveWindow
SetFocus
CharNextW
IsZoomed
IsIconic
IsWindowVisible
SetWindowPos
DestroyWindow
IsWindow
AppendMenuW

advapi32

RegQueryValueExW
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
DeregisterEventSource
RegisterEventSourceA
ReportEventA
RegCloseKey
RegOpenKeyExW
RegDeleteValueW

shell32

DragQueryFileW
SHGetSpecialFolderLocation
SHChangeNotify
SHCreateDirectoryExW
ShellExecuteA
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW

ole32

CoUninitialize
CoInitialize
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
DoDragDrop
RegisterDragDrop
CoCreateInstance
CoInitializeEx
CoTaskMemFree

shlwapi

PathFileExistsW
PathRemoveExtensionW
PathStripPathW
PathIsDirectoryA

ws2_32

WSAIoctl
send
__WSAFDIsSet
getaddrinfo
freeaddrinfo
accept
WSASetLastError
socket
setsockopt
select
gethostbyname
gethostname
WSAStartup
WSACleanup
WSAGetLastError
bind
listen
recvfrom
sendto
htonl
ntohl
getservbyname
closesocket
connect
getpeername
shutdown
ioctlsocket
getsockname
getsockopt
htons
ntohs
recv

wldap32

ord45
ord60
ord50
ord301
ord211
ord46
ord143
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord41

normaliz

IdnToAscii

gdi32

SetWindowOrgEx
GetTextMetricsW
CloseEnhMetaFile
SelectObject
SaveDC
PlayEnhMetaFile
GetEnhMetaFileHeader
GetObjectW
CreateEnhMetaFileW
CreateRoundRectRgn
CreateRectRgn
PtInRegion
CreateDIBSection
RestoreDC
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
CreateCompatibleBitmap
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
BitBlt
CombineRgn
SetBitmapBits
GetBitmapBits
GetTextExtentPointA
GdiFlush
TextOutW
MoveToEx
GetObjectA
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
RoundRect
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantInit

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

comctl32

InitCommonControlsEx
ord17
_TrackMouseEvent

gdiplus

GdiplusShutdown
GdipAlloc
GdiplusStartup
GdipSetStringFormatFlags
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipFillRectangleI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipFree
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipTranslateWorldTransform
GdipRotateWorldTransform

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 484KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 346KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b231a5590bf277b1de0b3f2729613c3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

ws2_32

wldap32

normaliz

gdi32

oleaut32

imm32

comctl32

gdiplus

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 484KB - Virtual size: 484KB

.data Size: 44KB - Virtual size: 65KB

.rsrc Size: 346KB - Virtual size: 345KB

.reloc Size: 97KB - Virtual size: 96KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 484KB - Virtual size: 484KB

.data
Size: 44KB - Virtual size: 65KB

.rsrc
Size: 346KB - Virtual size: 345KB

.reloc
Size: 97KB - Virtual size: 96KB