05eed08d701839cf0b2ccf5b1b33376af52ea2102933c418785b7379d93a749c

Sharing

Copy URL Twitter E-mail

General

Target

05eed08d701839cf0b2ccf5b1b33376af52ea2102933c418785b7379d93a749c
Size

422KB
MD5

d023cf8ae56cc4995606d37151627f6d
SHA1

33a1bbfff2de82066d32d944b66042e5ef51d1cf
SHA256

05eed08d701839cf0b2ccf5b1b33376af52ea2102933c418785b7379d93a749c
SHA512

0fb183788a9624ce21f1e9ec3c9e733903b2282bb84cab760fb7896675f4088ed3a81a5b3335f719de04b3511c2cd487a782383e92f4f8d924e197fb19f03d2f
SSDEEP

6144:b7EvudapKYqSMbsxzK5Dazs9cR2Pp/7QoBV+UdvrEFp7hKZQny:bwvudapKXSM6zKJazOHRrBjvrEH7Hy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05eed08d701839cf0b2ccf5b1b33376af52ea2102933c418785b7379d93a749c

Files

05eed08d701839cf0b2ccf5b1b33376af52ea2102933c418785b7379d93a749c
.dll windows:5 windows x86 arch:x86

43bb2f759402ed3c1a585e1693ce648e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\当前项目2008\release\gsapp.pdb

Imports

kernel32

SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GlobalSize
WriteFile
CreateFileA
CloseHandle
GetFileSize
ReadFile
GlobalReAlloc
SetFilePointer
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
Beep
HeapDestroy
GetTickCount
HeapCreate
HeapAlloc
HeapFree
WideCharToMultiByte
InitializeCriticalSection
FindResourceExA
LoadResource
LockResource
SizeofResource
FindResourceA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
RtlUnwind
RaiseException
GetLastError
GetCurrentThreadId
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleA
VirtualFree
VirtualAlloc
HeapReAlloc
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
LoadLibraryA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetProcessHeap

user32

FillRect
MessageBoxA
DrawTextA
GetSysColor
ScreenToClient
GetWindowRect
GetClientRect
ClientToScreen
IsRectEmpty
LoadCursorA
SetCursor
GetDC
ReleaseDC

gdi32

SetBkColor
GetNearestPaletteIndex
SetSystemPaletteUse
ResizePalette
SetPaletteEntries
GetPaletteEntries
DPtoLP
CreateBitmap
GetMapMode
SetStretchBltMode
StretchDIBits
CreateDCA
GetDIBColorTable
SetDIBColorTable
GdiFlush
GetStockObject
GetDIBits
SelectPalette
RealizePalette
CreateDIBitmap
CreatePalette
GetDeviceCaps
GetSystemPaletteEntries
Arc
Ellipse
Rectangle
LineTo
MoveToEx
SetTextColor
GetROP2
GetCurrentObject
GetObjectA
CreateFontIndirectA
SetBkMode
CreateCompatibleBitmap
SetPixel
SetROP2
CreateDIBSection
SetMapMode
GetWindowExtEx
SetWindowExtEx
SetWindowOrgEx
BitBlt
DeleteObject
CreateSolidBrush
DeleteDC
StretchBlt
SelectObject
CreateCompatibleDC
CreatePatternBrush
CreatePen
Polyline
Polygon

gsio

?DeleteDrawing@CDrawing@@SAXPAV1@@Z
Free
?CreateDrawing@CDrawing@@SAPAV1@W4CDRAWING_SERVER@@@Z

Exports

Exports

??0Application@GsApp@@QAE@ABV01@@Z
??0Application@GsApp@@QAE@XZ
??0Database@GsApp@@QAE@ABV01@@Z
??0Database@GsApp@@QAE@XZ
??0Document@GsApp@@QAE@ABV01@@Z
??0Document@GsApp@@QAE@XZ
??0Graphy@GsApp@@QAE@ABV01@@Z
??0Graphy@GsApp@@QAE@XZ
??0MessageProcess@GsApp@@QAE@ABV01@@Z
??0MessageProcess@GsApp@@QAE@XZ
??1Application@GsApp@@UAE@XZ
??1Database@GsApp@@UAE@XZ
??1Document@GsApp@@UAE@XZ
??1Graphy@GsApp@@UAE@XZ
??1MessageProcess@GsApp@@UAE@XZ
??4Application@GsApp@@QAEAAV01@ABV01@@Z
??4Database@GsApp@@QAEAAV01@ABV01@@Z
??4Document@GsApp@@QAEAAV01@ABV01@@Z
??4Graphy@GsApp@@QAEAAV01@ABV01@@Z
??4MessageProcess@GsApp@@QAEAAV01@ABV01@@Z
??_7Application@GsApp@@6B@
??_7Database@GsApp@@6B@
??_7Document@GsApp@@6B@
??_7Graphy@GsApp@@6B@
??_7MessageProcess@GsApp@@6B@
?clear@Graphy@GsApp@@UAEXXZ
?create@Document@GsApp@@SAPAV12@XZ
?create@Graphy@GsApp@@SAPAV12@XZ
?create@MessageProcess@GsApp@@SAPAV12@W4MsgProcType@2@@Z
?release@Document@GsApp@@SAXPAV12@@Z
?release@Graphy@GsApp@@SAXPAV12@@Z
?release@MessageProcess@GsApp@@SAXPAV12@@Z
callBreak
create
createWGS
draw
getTextInfoBuffer
getTextInfoLength
getWGSBuffer
getWGSBufferLength
release
releaseWGS

Sections

.text
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43bb2f759402ed3c1a585e1693ce648e

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

gsio

Exports

Exports

Sections

.text Size: 276KB - Virtual size: 275KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 276KB - Virtual size: 275KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 13KB - Virtual size: 13KB