7433931e9bf3f2fb9afef76e42fc5c445c2d5da8ef2e76be4215cdf2b677e26c

Sharing

Copy URL

Twitter E-mail

General

Target

7433931e9bf3f2fb9afef76e42fc5c445c2d5da8ef2e76be4215cdf2b677e26c
Size

263KB
MD5

709873e84aee4a23527ec6ad2ce0b976
SHA1

8c560e3efd4fceb1f92bd2b02e61f96e71dce742
SHA256

7433931e9bf3f2fb9afef76e42fc5c445c2d5da8ef2e76be4215cdf2b677e26c
SHA512

a4e62e97a21815e2b8dbcf814c0221386e48856adbde2e6b57ecc71ad74a90f532d634dcff2a33cc0b2e68ebd1b1383cc9a10048495ee640b6331403b1730ce3
SSDEEP

6144:Ghc2AY1YlWPClS8ZRBxxcZiO+6fi22T8NbP:ymlWPh8ZRBPcZGCh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7433931e9bf3f2fb9afef76e42fc5c445c2d5da8ef2e76be4215cdf2b677e26c

Files

7433931e9bf3f2fb9afef76e42fc5c445c2d5da8ef2e76be4215cdf2b677e26c
.exe windows:4 windows x86 arch:x86

e107406244e4a61b8ec744029b53460b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\kfree\ksafe_released_4.6.0_rb\product\win32\KSafeSvc.pdb

Imports

kernel32

GetSystemWindowsDirectoryW
OutputDebugStringW
SetProcessWorkingSetSize
GetProcessHeap
SetThreadPriority
WaitNamedPipeW
DuplicateHandle
TryEnterCriticalSection
WritePrivateProfileStringW
GetSystemTime
GetFileAttributesExW
CompareFileTime
TlsAlloc
TlsFree
TlsSetValue
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
CreateEventW
GetCommandLineW
GetPrivateProfileIntW
MoveFileW
CopyFileW
CreateMutexW
CreateProcessW
WaitForSingleObject
LoadLibraryExW
SetEvent
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GetTickCount
Sleep
GetProcessTimes
GetPrivateProfileStringW
RaiseException
GetSystemDirectoryW
LocalAlloc
InitializeCriticalSectionAndSpinCount
GetFileSize
lstrlenA
MultiByteToWideChar
SetFilePointer
ReadFile
GetCurrentProcess
Process32NextW
Process32FirstW
OpenProcess
LoadLibraryW
CreateToolhelp32Snapshot
GetProcAddress
FreeLibrary
CreateDirectoryW
SetFileAttributesW
LocalFree
GetLongPathNameW
GetModuleFileNameW
SetLastError
GetVersionExW
GetFileAttributesW
ExpandEnvironmentStringsW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLocalTime
GetCurrentThreadId
lstrlenW
WideCharToMultiByte
DeleteFileW
WriteFile
CreateFileW
InterlockedExchange
lstrcmpiW
TerminateThread
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
GetLastError

user32

UnregisterClassA
CharNextW
LoadStringW
MessageBoxW
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
wsprintfW

advapi32

GetSecurityDescriptorSacl
IsValidSid
CopySid
AddAce
InitializeAcl
SetNamedSecurityInfoW
FreeSid
EqualSid
AllocateAndInitializeSid
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
ChangeServiceConfigW
ChangeServiceConfig2W
SetSecurityDescriptorDacl
RegEnumKeyExW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
SetServiceStatus
DeleteService
CreateServiceW
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
StartServiceW
CloseServiceHandle
CreateWellKnownSid
SetEntriesInAclW
GetSecurityDescriptorLength
MakeSelfRelativeSD
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetLengthSid
MakeAbsoluteSD
GetSecurityDescriptorControl
ControlTraceW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
CreateProcessAsUserW
OpenProcessToken
GetTokenInformation
DuplicateTokenEx
SetTokenInformation
GetNamedSecurityInfoW
GetAclInformation
GetAce
GetSidLengthRequired
InitializeSid
GetSidSubAuthority

shell32

SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CoCreateInstance
CoCreateGuid
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitializeEx
CoUninitialize
StringFromGUID2

oleaut32

SysFreeString
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen

shlwapi

StrCpyNW
StrRChrW
PathAppendW
PathFindFileNameW
StrStrIA
PathRemoveFileSpecW
PathFileExistsW
SHDeleteKeyW
StrStrIW
SHGetValueW
PathAddBackslashW
StrCmpNIW
StrCmpNW

msvcp80

?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBDI@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??_D?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z

psapi

GetProcessMemoryInfo

msvcr80

_time64
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
wcsftime
??3@YAXPAX@Z
strlen
memcpy_s
free
_vscprintf
vsprintf_s
_CxxThrowException
memset
_vscwprintf
vswprintf_s
calloc
_recalloc
__CxxFrameHandler3
_purecall
memmove_s
wcschr
memcpy
memmove
wcslen
_wcslwr_s
malloc
??2@YAPAXI@Z
_wcsicmp
??_V@YAXPAX@Z
wcscmp
memcmp
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
wprintf
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
wcsrchr
wcscpy_s
wcsncpy_s
wcscat_s
_waccess
wcsstr
printf
_putws
_vsnwprintf_s
fputs
fclose
_wfopen
tolower
wcscat
_endthreadex
_beginthreadex
_snwprintf
_localtime64_s
swprintf_s
_vsnwprintf

iphlpapi

GetAdaptersInfo

json

??0Reader@Json@@QAE@XZ
??1FastWriter@Json@@UAE@XZ
?parse@Reader@Json@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVValue@2@_N@Z
??4Value@Json@@QAEAAV01@ABV01@@Z
??0StyledWriter@Json@@QAE@XZ
??1StyledWriter@Json@@UAE@XZ
?asCString@Value@Json@@QBEPBDXZ
??0Value@Json@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?isString@Value@Json@@QBE_NXZ
?empty@Value@Json@@QBE_NXZ
??0Value@Json@@QAE@W4ValueType@1@@Z
?getMemberNames@Value@Json@@QBE?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ
?isMember@Value@Json@@QBE_NPBD@Z
?isObject@Value@Json@@QBE_NXZ
??1Reader@Json@@QAE@XZ
??0FastWriter@Json@@QAE@XZ
??AValue@Json@@QAEAAV01@PBD@Z
??0Value@Json@@QAE@PBD@Z
?asString@Value@Json@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??1Value@Json@@QAE@XZ

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 78KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e107406244e4a61b8ec744029b53460b

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp80

psapi

msvcr80

iphlpapi

json

wtsapi32

Sections

.text Size: 142KB - Virtual size: 142KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 78KB - Virtual size: 80KB

.text
Size: 142KB - Virtual size: 142KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 78KB - Virtual size: 80KB