531db3bddca4eab162885c20d12f2c7b6d737e1d8096893b4f772821c25c9a9d

Sharing

Copy URL Twitter E-mail

General

Target

531db3bddca4eab162885c20d12f2c7b6d737e1d8096893b4f772821c25c9a9d
Size

7.8MB
MD5

621f273f54e13cef509520a89282e761
SHA1

fe7381b93f2125fe6dc65a54776f9b0a400ee956
SHA256

531db3bddca4eab162885c20d12f2c7b6d737e1d8096893b4f772821c25c9a9d
SHA512

ed4d831a4aa6be3aeb03cce93a0e428e99530fbb008552cbd8377f71e1c3da89b989146e725ffd138159b4694890359b7714a04c16b938b9c33ca3c6a39d40d8
SSDEEP

196608:+eZ95qFTruHayfIHzVLtvJqnUeG509TFN0gO58gh6wg6/m3bSo3A:+Y5qFT6BK5cQjhi3mUA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
531db3bddca4eab162885c20d12f2c7b6d737e1d8096893b4f772821c25c9a9d

Files

531db3bddca4eab162885c20d12f2c7b6d737e1d8096893b4f772821c25c9a9d
.exe windows:6 windows x86 arch:x86

6e357be8c46f183dd1d1e97ffcce682f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\haimo\湿气模型上下位机\MPFM2000\DAU6.pdb

Imports

opengl32

glVertex2f
glRasterPos2f
glMatrixMode
glLoadIdentity
glLineWidth
glGenLists
glFlush
glEnd
glDeleteLists
glColor4f
glClearDepth
glClearColor
glClear
glCallList
glBegin
wglUseFontBitmapsW
wglUseFontBitmapsA
wglMakeCurrent
wglGetCurrentDC
wglGetCurrentContext
wglCreateContext

kernel32

IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
WriteConsoleW
GetDateFormatW
GetStdHandle
ExitProcess
GetFileType
SetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
GetCommandLineW
WaitForSingleObjectEx
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualQuery
VirtualAlloc
GetSystemInfo
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetStringTypeW
GetLocaleInfoEx
CompareStringEx
LCMapStringEx
OutputDebugStringW
CreateEventW
ResetEvent
IsProcessorFeaturePresent
GetModuleHandleExW
CreateFileW
SetConsoleCtrlHandler
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindNextFileW
FindFirstFileExW
SetUnhandledExceptionFilter
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetLastError
LocalFree
MultiByteToWideChar
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceW
Beep
Sleep
SetCurrentDirectoryA
GetCurrentDirectoryA
GetSystemTime
GetLocalTime
IsDBCSLeadByte
CreateDirectoryA
GetModuleFileNameA
lstrlenA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCommandLineA
DecodePointer
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
CreateMutexA
GetCurrentThreadId
FreeLibrary
UnhandledExceptionFilter
LocalUnlock
LocalLock
SearchPathA
GetProfileIntA
GetTempPathA
VerifyVersionInfoA
VerSetConditionMask
GetWindowsDirectoryA
FindResourceExW
lstrcpyA
GetACP
SetErrorMode
SystemTimeToTzSpecificLocalTime
SetFileAttributesA
LocalFileTimeToFileTime
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
VirtualProtect
FreeResource
GetModuleHandleA
GetModuleHandleW
TerminateProcess
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetAtomNameA
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
ReplaceFileA
GetTempFileNameA
SetFileTime
GetFileTime
GetFileAttributesA
GetDiskFreeSpaceA
GetCurrentThread
GetVersionExA
SystemTimeToFileTime
FileTimeToSystemTime
ResumeThread
SuspendThread
SetThreadPriority
CreateEventA
WaitForSingleObject
SetEvent
GetStringTypeExA
MoveFileA
GetShortPathNameA
GetCurrentProcess
DuplicateHandle
CloseHandle
GetVolumeInformationA
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
FindFirstFileA
FindClose
DeleteFileA
CreateFileA
GetTickCount
lstrcmpA
GetThreadLocale
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryW
LoadLibraryExW
GetModuleFileNameW
GetSystemDirectoryW
EncodePointer
OutputDebugStringA
GetCurrentProcessId
CopyFileA
FormatMessageA
GlobalFree
GlobalLock
GlobalUnlock
GlobalSize
GlobalAlloc
SetLastError
LoadLibraryA
lstrcpynA
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
MulDiv
FindResourceA
lstrcmpiA
LoadLibraryExA
GetProcAddress

user32

LoadMenuW
LoadAcceleratorsW
MessageBeep
GetDialogBaseUnits
LoadImageW
TrackMouseEvent
PostThreadMessageA
InvalidateRgn
CopyAcceleratorTableA
SetParent
DeleteMenu
GetSystemMenu
UnionRect
GetAsyncKeyState
RealChildWindowFromPoint
CopyImage
GetSysColorBrush
LoadBitmapA
WaitMessage
ShowOwnedPopups
PostQuitMessage
IsZoomed
GetMenuItemInfoA
MapDialogRect
SetWindowContextHelpId
MapVirtualKeyA
GetKeyNameTextA
TranslateMessage
GetMessageA
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
CharUpperA
WindowFromPoint
RegisterClipboardFormatA
GetWindowDC
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
ReuseDDElParam
UnpackDDElParam
GetMenuBarInfo
LoadImageA
DestroyIcon
OffsetRect
IntersectRect
SetRectEmpty
InsertMenuItemA
DestroyMenu
CreatePopupMenu
TranslateAcceleratorA
GetActiveWindow
IsDialogMessageA
SetWindowTextA
ScrollWindowEx
SendDlgItemMessageA
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
MoveWindow
ShowWindow
SetMenuItemInfoA
GetDCEx
SetMenuItemBitmaps
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetTopWindow
GetClassLongA
SetWindowLongA
MapVirtualKeyExA
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
GetScrollRange
SetScrollRange
GetScrollPos
ScrollWindow
ValidateRect
EndPaint
BeginPaint
GetForegroundWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetKeyState
SetFocus
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetKeyboardState
ToAsciiEx
MessageBoxW
CreateAcceleratorTableA
DestroyAcceleratorTable
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
CallWindowProcA
GetMessageTime
PeekMessageA
DispatchMessageA
GetLastActivePopup
GetWindowThreadProcessId
IsWindowEnabled
RemoveMenu
AppendMenuA
DrawIconEx
EnableScrollBar
HideCaret
InvertRect
LoadCursorW
NotifyWinEvent
GetMenuDefaultItem
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
SetClassLongA
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetMenuStringA
SetWindowRgn
SetCursorPos
CopyIcon
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
GetKeyboardLayout
GetMenuCheckMarkDimensions
SetMenuDefaultItem
GetDoubleClickTime
CharUpperBuffA
IsClipboardFormatAvailable
GetUpdateRect
EnumChildWindows
SubtractRect
SendNotifyMessageA
MonitorFromRect
InSendMessage
CreateMenu
WindowFromDC
GetWindowRgn
DestroyCursor
GetTabbedTextExtentA
GetTabbedTextExtentW
IsCharLowerA
SendMessageA
EnableWindow
LoadCursorA
InvalidateRect
GetClientRect
LoadBitmapW
GetMessagePos
SetScrollPos
SetTimer
KillTimer
ScreenToClient
PtInRect
DrawEdge
DefWindowProcA
GetClassInfoA
IsWindow
SetCapture
ReleaseCapture
DrawTextA
DrawTextExA
GrayStringA
TabbedTextOutA
SetCursor
GetCursorPos
FillRect
GetParent
IsWindowVisible
UpdateWindow
MessageBoxA
GetWindowRect
GetFocus
IsIconic
EqualRect
GetSystemMetrics
DrawIcon
LockWindowUpdate
GetDC
ReleaseDC
GetSysColor
LoadIconW
SetRect
BringWindowToTop
SetActiveWindow
ClientToScreen
wsprintfA
GetNextDlgGroupItem
GetCapture
DrawStateA
RedrawWindow
DrawFocusRect
FrameRect
CopyRect
InflateRect
GetWindowLongA
GetIconInfo
GetMenuState
DrawMenuBar
CheckMenuItem
EnableMenuItem
GetSubMenu
ModifyMenuA
CharNextA
CharNextW
keybd_event
LoadAcceleratorsA
LoadMenuA
GetDlgCtrlID
GetClassNameA
GetWindow
UnregisterClassA
RegisterWindowMessageA
IsRectEmpty
DrawFrameControl
PostMessageA
GetDesktopWindow
SetForegroundWindow
ShowScrollBar
SystemParametersInfoA

gdi32

SetPixelFormat
SwapBuffers
CreateDIBitmap
CreatePatternBrush
DeleteObject
RoundRect
SetPixel
CreateDCA
GetDeviceCaps
StartDocA
EndDoc
StartPage
EndPage
DeleteDC
CreateRectRgn
GetBkColor
GetTextMetricsA
CopyMetaFileA
CreateBitmap
CreateDIBPatternBrushPt
CreateHatchBrush
ExcludeClipRect
GetClipBox
GetClipRgn
GetCurrentPositionEx
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
OffsetClipRgn
PlayMetaFile
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
ExtCreatePen
DescribePixelFormat
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextColor
CreateRectRgnIndirect
PatBlt
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
GetCharWidthA
StretchDIBits
GetRgnBox
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
EnumFontFamiliesA
GetTextCharsetInfo
GetDIBits
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
OffsetRgn
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
CloseMetaFile
CreateMetaFileA
DeleteMetaFile
AbortDoc
SetAbortProc
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextExtentPointA
GetTextExtentPoint32W
GetTextFaceA
ChoosePixelFormat
SelectObject
CreateFontA
ExtTextOutA
TextOutA
Rectangle
RectVisible
PtVisible
GetTextExtentPoint32A
GetCurrentObject
Escape
Ellipse
CreatePen
CreateFontIndirectA
CreateCompatibleBitmap
BitBlt
SetTextColor
SetBkColor
GetObjectA
StretchBlt
MoveToEx
CreateSolidBrush
CreateCompatibleDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

GetJobA
ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegEnumKeyA
RegQueryValueExA
RegOpenKeyExW
RegCloseKey
RegSetValueExA
RegQueryInfoKeyW
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA

shell32

SHBrowseForFolderA
SHGetMalloc
SHGetSpecialFolderLocation
DragQueryFileA
DragFinish
SHGetFileInfoA
SHAddToRecentDocs
ExtractIconA
ShellExecuteExA
SHAppBarMessage
SHGetDesktopFolder
ShellExecuteA
SHGetPathFromIDListA

comctl32

ImageList_GetBkColor
ImageList_GetImageInfo
ImageList_SetBkColor

shlwapi

PathFindExtensionA
PathIsUNCA
PathRemoveExtensionA
PathRemoveFileSpecW
StrFormatKBSizeA
PathFindFileNameA
PathStripToRootA

uxtheme

GetThemePartSize
GetCurrentThemeName
GetThemeSysColor
DrawThemeText
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemeColor
IsAppThemed
GetWindowTheme

ole32

CreateStreamOnHGlobal
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
CoTaskMemRealloc
RevokeDragDrop
OleSetMenuDescriptor
OleLockRunning
StgCreateDocfile
StgOpenStorage
CoRegisterMessageFilter
CreateFileMoniker
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleRegGetMiscStatus
OleRegEnumVerbs
WriteClassStm
GetHGlobalFromILockBytes
CreateGenericComposite
CreateItemMoniker
OleCreate
StgIsStorageFile
OleCreateFromData
OleCreateLinkFromData
OleFlushClipboard
OleSetClipboard
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
PropVariantCopy
CoCreateGuid
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CreateBindCtx
CoTreatAsClass
WriteClassStg
ReadClassStg
StringFromCLSID
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
OleRun
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoUninitialize
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
OleIsCurrentClipboard

oleaut32

VariantCopy
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
VarUdateFromDate
SysStringLen
VariantTimeToSystemTime
VarDateFromStr
SystemTimeToVariantTime
SysAllocString
VariantChangeType
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
SysAllocStringLen
OleCreateFontIndirect
SysReAllocStringLen
SafeArrayAllocDescriptor
VariantClear
SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SafeArrayPtrOfIndex
VarCyFromStr
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
CreateErrorInfo
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
VariantInit
SysFreeString
SafeArrayAllocData
GetErrorInfo
SetErrorInfo
VarBstrFromCy

oledlg

ord8

ws2_32

recvfrom
ntohs
gethostbyname
htonl
getsockname
getpeername
bind
accept
WSAAsyncSelect
WSAGetLastError
WSACleanup
WSAStartup
socket
send
WSASetLastError
select
recv
inet_addr
htons
ioctlsocket
connect
closesocket
sendto
inet_ntoa

gdiplus

GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageHeight
GdipGetImageGraphicsContext

winmm

PlaySoundA

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 752KB - Virtual size: 752KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e357be8c46f183dd1d1e97ffcce682f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

opengl32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

ws2_32

gdiplus

winmm

oleacc

imm32

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 752KB - Virtual size: 752KB

.data Size: 47KB - Virtual size: 211KB

.rsrc Size: 2.8MB - Virtual size: 2.8MB

.reloc Size: 278KB - Virtual size: 278KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 752KB - Virtual size: 752KB

.data
Size: 47KB - Virtual size: 211KB

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

.reloc
Size: 278KB - Virtual size: 278KB