f5d9cd3a1b14ae509f5ebcdf7a109cb98bcc39939ac1ba979be4e47e0f57c710

Sharing

Copy URL Twitter E-mail

General

Target

f5d9cd3a1b14ae509f5ebcdf7a109cb98bcc39939ac1ba979be4e47e0f57c710
Size

5.6MB
MD5

3ff4471cfded91765ba8a7d28371f723
SHA1

8b3a48a72321ec8227e4699199898fe27bb3ed7e
SHA256

f5d9cd3a1b14ae509f5ebcdf7a109cb98bcc39939ac1ba979be4e47e0f57c710
SHA512

f2786f8e3ab5589ab041368b33284f8738b7f7c291d50250109c07954677f31b0f0dd1b869b5c3ef6de6cdabc18a67e9fd1d54037858d2506b9b0f35025b1b03
SSDEEP

98304:PSvlcAR2eA+/1epE0e4SQBlvS1ijmqzle0ww7rBJRBvIk/H0i8ZY:aNcAYo2E0ecBVS1imqzlkwvp0i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5d9cd3a1b14ae509f5ebcdf7a109cb98bcc39939ac1ba979be4e47e0f57c710

Files

f5d9cd3a1b14ae509f5ebcdf7a109cb98bcc39939ac1ba979be4e47e0f57c710
.exe windows:6 windows x86 arch:x86

9c24fe04ca478265c169807222a30438

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Leyan\Src\pddbot\LeyanPdd\Release\Frobot.pdb

Imports

kernel32

CreateSemaphoreA
WaitForMultipleObjects
TlsGetValue
TlsSetValue
GetFullPathNameW
PeekNamedPipe
ReleaseMutex
FileTimeToLocalFileTime
GetDriveTypeW
SetConsoleMode
ReadConsoleInputA
GetSystemTimeAsFileTime
GetModuleHandleA
SetLastError
CreateWaitableTimerW
SetWaitableTimer
SleepEx
QueueUserAPC
ReleaseSemaphore
CreateSemaphoreW
Sleep
SetUnhandledExceptionFilter
FatalAppExitW
CreateDirectoryW
GlobalUnlock
GlobalLock
GlobalAlloc
CreateEventA
GetSystemTimes
GlobalMemoryStatus
FreeResource
LoadLibraryW
CreateMutexW
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetExitCodeThread
GetSystemInfo
CreateFileW
WriteFile
GetQueuedCompletionStatus
CreateIoCompletionPort
TerminateThread
TlsFree
OutputDebugStringW
GetCurrentProcessId
GetCurrentThreadId
PostQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
TlsAlloc
CancelIoEx
GetCurrentProcess
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetModuleHandleW
GetProcAddress
ResetEvent
LocalFree
LocalAlloc
MultiByteToWideChar
GetLocalTime
CreateThread
CloseHandle
CreateEventW
SetEvent
WaitForSingleObject
GetCurrentDirectoryA
GetPrivateProfileStringA
DecodePointer
HeapSize
GetLastError
RaiseException
InitializeCriticalSectionEx
HeapDestroy
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetFileInformationByHandle
InitializeCriticalSection
SystemTimeToFileTime
DosDateTimeToFileTime
SetFileTime
SetFilePointer
FormatMessageW
GetFileSize
lstrcpyW
MulDiv
GetCurrentDirectoryW
FormatMessageA
lstrlenW
lstrlenA
FlushConsoleInputBuffer
LoadLibraryA
SetEnvironmentVariableA
SetEndOfFile
GetStringTypeW
WriteConsoleW
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
ReadFile
SetConsoleCtrlHandler
FindClose
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
LoadLibraryExW
GetCommandLineW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetStdHandle
GetModuleFileNameW
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetTickCount
GetCurrentThread
RtlUnwind
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
GetConsoleCP
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
CreateTimerQueue
DuplicateHandle
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
FindFirstFileExW
FindNextFileW
DeleteFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetTimeZoneInformation
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
FlushFileBuffers

user32

GetWindowRect
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
SetCursor
InflateRect
UnionRect
OffsetRect
LoadCursorW
TranslateMessage
DispatchMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetFocus
EnableWindow
GetSystemMetrics
SetPropW
GetPropW
SetWindowLongW
LoadImageW
DestroyWindow
IsZoomed
CharNextW
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
ShowWindow
GetCaretBlinkTime
GetParent
ScreenToClient
GetSysColor
IntersectRect
IsRectEmpty
PtInRect
SetWindowRgn
LoadIconW
MoveWindow
UpdateLayeredWindow
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
HideCaret
ShowCaret
GetCaretPos
ClientToScreen
IsWindowEnabled
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
GetMonitorInfoW
MonitorFromWindow
GetWindow
SetTimer
GetCursorPos
KillTimer
PostQuitMessage
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
GetClientRect
MapWindowPoints
wsprintfW
GetMessageW
PeekMessageW
PostThreadMessageW
MessageBoxW
FindWindowW
PostMessageW
SetCaretPos
GetWindowLongW
IsIconic
BringWindowToTop
IsWindow
GetWindowThreadProcessId
SetWindowPos
CreateCaret
IsWindowVisible
RegisterHotKey
UnregisterHotKey
SetForegroundWindow

advapi32

LookupPrivilegeValueW
CryptEnumProvidersA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
LookupAccountNameW
GetExplicitEntriesFromAclW
DeleteAce
GetUserNameW
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
AdjustTokenPrivileges
OpenProcessToken

shell32

SHGetPathFromIDListW
DragQueryFileW
Shell_NotifyIconW
SHGetSpecialFolderLocation

ole32

OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
DoDragDrop
RegisterDragDrop
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoInitialize

oleaut32

VariantClear
VariantInit
SysAllocStringLen
SysAllocString
SysFreeString

shlwapi

PathFileExistsW
PathAppendA
PathAppendW

ws2_32

WSAStartup
WSACleanup
closesocket
listen
WSARecv
WSASend
WSASocketW
htons
WSAGetLastError
inet_addr
accept
bind
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
ntohs
WSASetLastError
ioctlsocket
select
setsockopt
WSAAddressToStringA
getaddrinfo
freeaddrinfo
ntohl
htonl
__WSAFDIsSet
connect
getsockopt
getpeername
getsockname
gethostbyname
gethostname
recv
shutdown
send

dbghelp

MiniDumpWriteDump
MakeSureDirectoryPathExists

libcurl

curl_easy_setopt
CRYPTO_thread_setup
curl_easy_reset
curl_global_init
curl_easy_getinfo
curl_slist_append
curl_slist_free_all
curl_easy_init
curl_easy_perform
curl_easy_cleanup

gdi32

GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
CreateDIBSection
PtInRegion
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SaveDC
RestoreDC
GetStockObject
CreatePen
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
MoveToEx
TextOutW
GdiFlush
SetBitmapBits
CreateFontIndirectW
CreateDIBitmap
GetObjectA
SelectObject
GetDeviceCaps
GetBitmapBits
DeleteObject
DeleteDC
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

gdiplus

GdipDrawImageRectI
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipFillRectangleI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 508KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c24fe04ca478265c169807222a30438

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

dbghelp

libcurl

gdi32

comctl32

imm32

gdiplus

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 508KB - Virtual size: 507KB

.data Size: 80KB - Virtual size: 109KB

.rsrc Size: 3.1MB - Virtual size: 3.1MB

.reloc Size: 107KB - Virtual size: 106KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 508KB - Virtual size: 507KB

.data
Size: 80KB - Virtual size: 109KB

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

.reloc
Size: 107KB - Virtual size: 106KB