6f4d6ad56bcc9928695c84141e03762d269db4475c4d5b1dbf502d2108530bba

Sharing

Copy URL Twitter E-mail

General

Target

6f4d6ad56bcc9928695c84141e03762d269db4475c4d5b1dbf502d2108530bba
Size

4.0MB
MD5

60cde27e4fe90f88da05124d217eb913
SHA1

c6a145192a7f1dc1781e095c1bc74b7688c24d07
SHA256

6f4d6ad56bcc9928695c84141e03762d269db4475c4d5b1dbf502d2108530bba
SHA512

1768c408f6bd1285ce6fd604a2e7712701d657566046a55e7dd0de68523600159419e587322d2e17eaa47d4ee434d94b267859f7911a112ec7e6001576422df3
SSDEEP

49152:rmAof/TjgDeYFy+hBZiaOPRW0skoHNwn5ta7d+KP9rYnRW/Pf3ihgIwe1YOGHHES:U6YPRWg87HYkPf7e1T+9UOc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f4d6ad56bcc9928695c84141e03762d269db4475c4d5b1dbf502d2108530bba

Files

6f4d6ad56bcc9928695c84141e03762d269db4475c4d5b1dbf502d2108530bba
.exe windows:6 windows x64 arch:x64

ad889420266107e04f7a4f2a7a0e579e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\ws\workspace\j_16WQX83Y\Account-PC\win_hw_account\bin\x64\Release\HUAWEIAccount.pdb

Imports

shlwapi

ord12
PathAppendW
StrCmpLogicalW
PathRemoveFileSpecA
PathRemoveFileSpecW

kernel32

OutputDebugStringW
GetModuleHandleW
WideCharToMultiByte
GlobalFree
GlobalAlloc
InitializeCriticalSectionAndSpinCount
ProcessIdToSessionId
VerifyVersionInfoW
VerSetConditionMask
SetCurrentDirectoryW
LCIDToLocaleName
GetUserDefaultUILanguage
GetUserDefaultLangID
WriteFile
lstrlenW
TerminateThread
InitializeCriticalSectionEx
Sleep
LocalAlloc
MulDiv
GetTickCount
AddVectoredExceptionHandler
GetCurrentThread
MultiByteToWideChar
GetCurrentThreadId
GetCurrentProcess
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
WaitForSingleObjectEx
ResetEvent
EnumSystemGeoID
EnumSystemLocalesW
GetGeoInfoW
GetCurrentProcessId
DeleteFileW
OpenMutexW
ReleaseMutex
CreateMutexW
SetEvent
CreateEventW
WaitForSingleObject
VirtualQuery
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
GetModuleFileNameW
LocalFree
FreeLibrary
GetFileSize
GetProcAddress
LoadLibraryW
CloseHandle
GetLastError
GetSystemDirectoryW
CreateFileW
VirtualProtect
ReadFile

user32

IsWindowVisible
FindWindowW
DragDetect
SetWindowLongW
GetWindowLongW
AdjustWindowRectEx
GetWindow
GetMenu
GetClientRect
GetParent
GetDC
SetTimer
KillTimer
PtInRect
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
PostQuitMessage
PostMessageW
ShowWindow
IsWindow
SetWindowPos
SetFocus
SetForegroundWindow
LoadIconW
GetForegroundWindow
AttachThreadInput
SendMessageW
GetWindowThreadProcessId
IsIconic
GetDesktopWindow
SetWindowTextW
GetTopWindow
GetSystemMetrics

advapi32

RegOpenKeyExW
RegCreateKeyW
CryptGenRandom
CryptAcquireContextA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptReleaseContext

shell32

ShellExecuteW
SHGetFolderPathA
ShellExecuteA
CommandLineToArgvW

ole32

CoUninitialize
CreateStreamOnHGlobal
CoInitialize

oleaut32

SysStringLen
SysAllocString
SysAllocStringByteLen
VariantInit
VariantCopy
SysFreeString
VariantClear
VariantChangeType

crypt32

CryptUnprotectData

dbghelp

StackWalk64
SymInitialize
SymFunctionTableAccess64
SymGetLineFromAddr64
SymGetModuleBase64
MiniDumpWriteDump
SymGetSymFromAddr64

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

InternetGetConnectedState

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 217KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 966KB - Virtual size: 965KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad889420266107e04f7a4f2a7a0e579e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

crypt32

dbghelp

version

wininet

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 217KB - Virtual size: 255KB

.pdata Size: 109KB - Virtual size: 109KB

.rsrc Size: 966KB - Virtual size: 965KB

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 217KB - Virtual size: 255KB

.pdata
Size: 109KB - Virtual size: 109KB

.rsrc
Size: 966KB - Virtual size: 965KB

.reloc
Size: 23KB - Virtual size: 22KB