786cb72cd52671a8657a4b5d7d11fc24444167015c8308494e34cf5e20185829

Sharing

Copy URL

Twitter E-mail

General

Target

786cb72cd52671a8657a4b5d7d11fc24444167015c8308494e34cf5e20185829
Size

405KB
MD5

1659460f80e6468e524a00c835038852
SHA1

b341462b81b89fb4bb87555222648f657559c07a
SHA256

786cb72cd52671a8657a4b5d7d11fc24444167015c8308494e34cf5e20185829
SHA512

b1c926d8cf921e6d04fcf7e1cf037aa3d64c8ba0d195fa60007b88baf72a983f471af13df7836f80d46f79859a37e806d5e18fb0abbcf2ddaf153dd4b43a1763
SSDEEP

3072:51VRpMxQpeQuxQ8YbEeCfoOFHxZWnKtZAr8CH6+pYTNVnj9PWpceqJ6cfo+m9rG/:gQANQ8aDyAnHt6jBJJxzYV9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
786cb72cd52671a8657a4b5d7d11fc24444167015c8308494e34cf5e20185829

Files

786cb72cd52671a8657a4b5d7d11fc24444167015c8308494e34cf5e20185829
.exe windows:6 windows x86 arch:x86

9aebd6860d338a0cd0d7be2880a101a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Scr\Simba\SPRD_MES_DLL_V2.0\Unisoc_Solution_MES\Unisoc_Solution_MES\Common\Lib\Unisoc_MES_Manage.pdb

Imports

unisoc_solution_mes

MES_GetMesType
MES_Login
MES_Logout
MES_V2_SendDatabase
MES_SendTestData
MES_Handle_Release
MES_V2_GetBatchInfo
MES_V1_CommitTran
MES_V1_RollbackTran
MES_V1_BeginTran
MES_V1_GetBatchInfo
MES_V2_SendTestDataLog
MES_V2_GetUploadDataLogConfig
MES_V2_GetLogUploadUrl
MES_Handle_Create

unisoc_solution_printlog

PLOG_Handle_Create
PLOG_Handle_Release
PLOG_Set_Log_Param
PLOG_Set_Message_Param
PLOG_Print_Detail_Log

mfc140u

ord995
ord1472
ord7997
ord2205
ord952
ord13911
ord6860
ord10250
ord5763
ord12928
ord12219
ord12251
ord10433
ord8217
ord4589
ord12247
ord12239
ord5918
ord3852
ord6349
ord14668
ord6350
ord14669
ord6348
ord14667
ord8000
ord14466
ord11983
ord11982
ord2034
ord7941
ord12947
ord4090
ord4152
ord9398
ord14595
ord7922
ord14589
ord12542
ord12541
ord2486
ord5357
ord8324
ord12865
ord8386
ord8470
ord14131
ord14600
ord8776
ord2865
ord5422
ord8773
ord6812
ord8070
ord3961
ord14377
ord2996
ord2172
ord501
ord1143
ord4093
ord6316
ord7815
ord1526
ord1924
ord4398
ord14120
ord8735
ord13428
ord12602
ord653
ord652
ord1547
ord1998
ord1959
ord6354
ord6976
ord1522
ord503
ord1144
ord4715
ord4735
ord8177
ord5583
ord5586
ord1693
ord4380
ord13462
ord1513
ord1252
ord648
ord1133
ord6549
ord7125
ord12921
ord1142
ord500
ord2246
ord358
ord1068
ord362
ord1066
ord6490
ord9126
ord3145
ord285
ord3009
ord12559
ord8817
ord6973
ord13028
ord14547
ord14234
ord2029
ord4882
ord14137
ord7820
ord7410
ord1462
ord985
ord5109
ord7653
ord3833
ord9468
ord7654
ord1446
ord1002
ord6834
ord6129
ord3941
ord12124
ord11717
ord4974
ord12220
ord14588
ord12089
ord9135
ord3257
ord4236
ord8360
ord8756
ord12884
ord4664
ord4663
ord293
ord5210
ord13022
ord14123
ord13019
ord14112
ord8881
ord14115
ord13694
ord13095
ord12867
ord12953
ord12578
ord12558
ord13775
ord7109
ord6528
ord5841
ord3367
ord13981
ord8992
ord8172
ord12457
ord8339
ord3842
ord4255
ord4285
ord4251
ord4209
ord4113
ord2651
ord11776
ord2626
ord2650
ord6220
ord13756
ord3305
ord3302
ord8210
ord2761
ord14785
ord10285
ord10287
ord10286
ord10284
ord10288
ord5652
ord11725
ord11726
ord9139
ord12078
ord3838
ord11936
ord14578
ord8965
ord12171
ord6978
ord11002
ord9256
ord3266
ord13878
ord12262
ord12258
ord1722
ord1744
ord1770
ord1756
ord1777
ord4936
ord5003
ord4948
ord4966
ord4960
ord4954
ord5013
ord4997
ord4942
ord5019
ord4973
ord4912
ord4927
ord4988
ord4502
ord9693
ord4494
ord3055
ord14590
ord7923
ord14596
ord6877
ord11716
ord13703
ord5935
ord2682
ord12098
ord3939
ord3372
ord3371
ord3265
ord12168
ord5249
ord5549
ord5760
ord9350
ord5525
ord5790
ord5252
ord5411
ord5228
ord6119
ord7722
ord7723
ord7712
ord5409
ord8219
ord10255
ord9209
ord984
ord1460
ord6848
ord6804
ord5921
ord10379
ord13256
ord1985
ord13968
ord13315
ord898
ord2298
ord4648
ord13289
ord3957
ord286
ord8365
ord8811
ord13085
ord1689
ord1687
ord1692
ord2990
ord5954
ord6751
ord14657
ord12405
ord2383
ord14604
ord12348
ord2378
ord2526
ord2215
ord5127
ord2945
ord5824
ord3261
ord3182
ord3869
ord4886
ord2256
ord3864
ord13087
ord1511
ord6559
ord14047
ord13293
ord4171
ord13086
ord1523
ord6795
ord6489
ord4881
ord13963
ord8225
ord4885
ord12641
ord265
ord266
ord3932
ord6607
ord4227
ord8746
ord7183
ord1412
ord928
ord4323
ord1525
ord1171
ord540
ord14127
ord13070
ord2522
ord2520
ord6566
ord3882
ord2385
ord296
ord1045
ord4815
ord2304
ord1663
ord6486
ord1108
ord7642
ord1454
ord9138
ord3260
ord3366
ord4239
ord7418
ord12131
ord9040
ord11396
ord4092
ord3404
ord3403
ord3164
ord6218
ord13752
ord2760
ord12173
ord9235
ord9210
ord1391
ord890
ord13544
ord10472
ord11015
ord14507
ord7495
ord3697
ord3677
ord3816
ord1113
ord1111
ord4179
ord462
ord13261
ord450
ord2409
ord12531

kernel32

GetLocalTime
CreateDirectoryA
CloseHandle
CreateEventW
SetEvent
WaitForSingleObject
ResetEvent
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
GetACP
FreeLibrary
UnhandledExceptionFilter
SetUnhandledExceptionFilter
OutputDebugStringW
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetPrivateProfileIntA
lstrcpynW
ReleaseMutex
CreateMutexW
DeleteCriticalSection
GetLastError
InitializeCriticalSectionEx
WritePrivateProfileStringW
GetModuleFileNameW
GetPrivateProfileStringA
WritePrivateProfileStringA
WideCharToMultiByte
GetModuleFileNameA
VirtualQuery
WinExec
lstrcatW
GetProcAddress
lstrcpyW
GetVersion
LoadLibraryW
GetWindowsDirectoryW
lstrcmpiW
lstrlenW
LockResource
LoadResource
FindResourceW
GetCPInfo
MultiByteToWideChar
GetVersionExW

user32

CopyRect
GetSysColor
FillRect
DrawEdge
PostMessageW
RedrawWindow
SendMessageA
IsWindowVisible
SetForegroundWindow
SetLayeredWindowAttributes
SetWindowLongW
SetWindowRgn
SwitchToThisWindow
FindWindowW
GetDlgCtrlID
LoadIconW
LoadImageW
DestroyCursor
DrawIcon
DrawStateW
KillTimer
PtInRect
GetCursorPos
DrawFocusRect
FrameRect
SetTimer
GetWindowLongW
MessageBeep
CopyIcon
LoadCursorW
InflateRect
GetParent
GetWindowRect
IsWindow
SetCursor
GetClientRect
SendMessageW
InvalidateRect
GrayStringW
DrawTextExW
TabbedTextOutW
EnableWindow
GetSubMenu
LoadBitmapW
GetSysColorBrush
CreatePopupMenu
CreateMenu
GetMenuItemID
GetMenuState
ModifyMenuW
GetMenuItemCount
AppendMenuW
ReleaseDC
GetDC
GetDesktopWindow
GetSystemMetrics
DestroyIcon
DrawIconEx
SystemParametersInfoW
DrawTextW
GetMenuItemInfoW
SetRect

gdi32

CreateRoundRectRgn
GetStockObject
CreateFontW
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
PatBlt
SetPixel
GetPixel
GetObjectW
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
Ellipse
GetTextExtentPoint32W
CreateFontIndirectW
GetBkMode
CreatePen
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueW
RegQueryValueExW

shell32

DragQueryFileW
ShellExecuteW
Shell_NotifyIconW
ShellExecuteA
DragFinish

comctl32

ImageList_ReplaceIcon
ImageList_Draw
ImageList_GetIcon
InitCommonControlsEx
ImageList_GetImageCount
ImageList_AddMasked

shlwapi

PathFileExistsA
PathIsDirectoryA

oleaut32

VariantClear

msvcp140

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?global@locale@std@@SA?AV12@ABV12@@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Xruntime_error@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Getname@_Locinfo@std@@QBEPBDXZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@HPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

wininet

InternetCloseHandle
FtpCreateDirectoryA
FtpPutFileA
InternetOpenA
InternetConnectA
FtpDeleteFileA

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

vcruntime140

_CxxThrowException
memmove
memchr
__RTDynamicCast
__current_exception_context
__current_exception
memset
strchr
__std_exception_destroy
__std_exception_copy
__CxxFrameHandler3
__std_terminate
wcsstr
strstr
_except_handler4_common
memcpy

api-ms-win-crt-heap-l1-1-0

free
realloc
_set_new_mode
malloc

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
_errno
_invalid_parameter_noinfo_noreturn
_controlfp_s
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_set_app_type
_exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
exit

api-ms-win-crt-string-l1-1-0

tolower
strcpy_s
strcat_s
strncpy_s
wcscpy_s

api-ms-win-crt-stdio-l1-1-0

fgets
_get_stream_buffer_pointers
fgetpos
__p__commode
fsetpos
setvbuf
fflush
__stdio_common_vsprintf_s
_fseeki64
ungetc
fgetc
_set_fmode
fclose
fread
fwrite
fputc
fopen_s

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_splitpath_s
rename
remove
_unlock_file

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9aebd6860d338a0cd0d7be2880a101a6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

unisoc_solution_mes

unisoc_solution_printlog

mfc140u

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

oleaut32

msvcp140

wininet

version

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 150KB - Virtual size: 150KB

.rdata Size: 53KB - Virtual size: 52KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 183KB - Virtual size: 182KB

.reloc Size: 15KB - Virtual size: 84KB

.text
Size: 150KB - Virtual size: 150KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 183KB - Virtual size: 182KB

.reloc
Size: 15KB - Virtual size: 84KB