9192851af3102e864ed7c79ca95a46067f8eb1685b6af119cdc1d636f3f74157

Sharing

Copy URL

Twitter E-mail

General

Target

9192851af3102e864ed7c79ca95a46067f8eb1685b6af119cdc1d636f3f74157
Size

3.9MB
MD5

b3921389a4578beb51b2cade8a6755c3
SHA1

eddcf182aead3e7006fc79dbc96888b6994570ff
SHA256

9192851af3102e864ed7c79ca95a46067f8eb1685b6af119cdc1d636f3f74157
SHA512

224b6d6cd427de6e45b32b1ed6adf8212a6923420e054e869ec825afbd19b6c2bee336b6507750318fd2b7e0a68089dd156419ae0f70e220fe457cb2dddb8f7f
SSDEEP

49152:26kI89pEh+tIK0riPPDU/CkfFX5pASGdpUUfl/N0McADjX2foqsBTQV:ZkI202ciPPkFXIPdjfl/dcAHX2foqsq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9192851af3102e864ed7c79ca95a46067f8eb1685b6af119cdc1d636f3f74157

Files

9192851af3102e864ed7c79ca95a46067f8eb1685b6af119cdc1d636f3f74157
.exe windows:6 windows x86 arch:x86

89354e1ba26ec8ecb2e7dedb72dbc1eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\slave\workspace\YHClient\Release\DrvAnti.pdb

Imports

iocptcp

TcpSetLinkAttr
TcpSend
TcpConnect
TcpDestroy
TcpCreate
TcpUninit
TcpInit
TcpGetLinkAddr

iocpudp

UdpSendTo
UdpUninit
UdpCreate
UdpDestroy
UdpInit

kernel32

GetProfileIntA
SearchPathA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
CreateEventW
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetUserDefaultLCID
GetTempFileNameA
SetThreadContext
FlushInstructionCache
GetThreadContext
GetCurrentDirectoryW
VerifyVersionInfoA
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindFirstFileExA
SetFilePointerEx
ReadConsoleW
GetDriveTypeW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
WriteConsoleW
GetStdHandle
ExitProcess
GetFileType
SetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
GetCommandLineW
GetCommandLineA
VirtualQuery
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
LCMapStringW
GetStringTypeW
VerSetConditionMask
FindResourceExW
GetCurrentDirectoryA
FlushFileBuffers
GetACP
GetCPInfo
SetEnvironmentVariableA
GetOEMCP
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
CreateFileMappingA
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
CloseHandle
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
FindClose
FindFirstFileA
FindNextFileA
SetFileAttributesA
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
OpenProcess
GetVersionExA
GetModuleFileNameA
LoadResource
LockResource
SizeofResource
FindResourceW
GetTimeZoneInformation
GetPrivateProfileStringA
WritePrivateProfileStringA
SetEvent
CreateEventA
OpenEventA
GetLocalTime
OpenFileMappingA
TerminateProcess
RaiseException
CreateThread
OpenThread
TerminateThread
ReleaseMutex
CreateMutexA
OpenMutexA
GetSystemDirectoryA
CreateDirectoryA
CreateDirectoryW
FindFirstFileW
GetFileAttributesExA
GetFileTime
GetVolumeInformationW
SetFileAttributesW
lstrcpynW
lstrcpyW
lstrlenA
lstrlenW
CopyFileA
MoveFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExpandEnvironmentStringsA
VirtualAlloc
WriteProcessMemory
GetModuleHandleA
lstrcmpiA
DeviceIoControl
GetPrivateProfileIntA
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
FindResourceA
GetWindowsDirectoryA
CopyFileW
GetEnvironmentVariableA
lstrcpyA
lstrcatA
GetLogicalDriveStringsA
QueryDosDeviceA
GetComputerNameA
CreateToolhelp32Snapshot
Process32First
Process32Next
Module32First
SetLastError
DecodePointer
GlobalSize
GlobalFree
DuplicateHandle
GetModuleFileNameW
GetModuleHandleW
MoveFileA
GetVolumeInformationA
GetThreadLocale
FileTimeToLocalFileTime
lstrcmpA
GetFileSizeEx
EncodePointer
GetSystemDirectoryW
LoadLibraryExW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomA
GlobalFindAtomA
GlobalGetAtomNameA
CompareStringA
SetThreadPriority
ResumeThread
GetCurrentThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
SetErrorMode

user32

AdjustWindowRectEx
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
ScrollWindow
ValidateRect
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
GetClassInfoExA
GetClassInfoA
RegisterClassA
DefWindowProcA
GetMessageTime
GetMessagePos
IsDialogMessageA
GetWindowTextLengthA
SetWindowTextA
IsWindowEnabled
SetFocus
GetDlgCtrlID
SendDlgItemMessageA
CheckDlgButton
EndDialog
GetNextDlgTabItem
GetActiveWindow
MessageBoxA
IntersectRect
DestroyMenu
GetDlgItem
MoveWindow
ShowWindow
SetMenuItemInfoA
GetMenuCheckMarkDimensions
MapWindowPoints
CheckMenuItem
EndPaint
BeginPaint
CharUpperA
RemoveMenu
InsertMenuA
GetMenuStringA
GetWindowThreadProcessId
DrawEdge
GetIconInfo
WindowFromPoint
RedrawWindow
SetScrollPos
BringWindowToTop
GetMonitorInfoA
MonitorFromWindow
GetWindow
GetForegroundWindow
IsRectEmpty
SetMenuDefaultItem
UnregisterClassA
EnumWindows
GetWindowTextA
ExitWindowsEx
LoadIconW
PostQuitMessage
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
GetSysColorBrush
RealChildWindowFromPoint
GetAsyncKeyState
IsClipboardFormatAvailable
MessageBeep
LoadImageW
DeleteMenu
WaitMessage
LoadCursorW
CharNextA
AppendMenuA
CreatePopupMenu
FindWindowA
CallWindowProcA
SetRectEmpty
DrawFocusRect
SystemParametersInfoA
DrawIconEx
SetWindowLongA
ClientToScreen
SetForegroundWindow
IsZoomed
SetWindowPos
IsWindow
FillRect
DestroyIcon
GetClassNameA
EqualRect
GetClassLongA
GetTopWindow
GetLastActivePopup
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
LoadIconA
SetScrollInfo
GetScrollInfo
WinHelpA
CreateDialogIndirectParamA
GetKeyNameTextA
MapVirtualKeyA
SetMenuItemBitmaps
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
GetUpdateRect
CharUpperBuffA
GetDoubleClickTime
CopyAcceleratorTableA
GetNextDlgGroupItem
wsprintfA
GetMessageA
TranslateMessage
LockWindowUpdate
DispatchMessageA
PeekMessageA
EnableWindow
FindWindowExA
CharUpperW
GetKeyState
SendMessageA
SetCapture
ReleaseCapture
GetDC
ReleaseDC
InvalidateRect
GetClientRect
GetWindowRect
OffsetRect
PtInRect
SetRect
DrawTextA
DrawTextExA
GrayStringA
TabbedTextOutA
SetWindowRgn
GetParent
UpdateWindow
GetDesktopWindow
RegisterWindowMessageA
PostMessageA
GetFocus
SetTimer
KillTimer
InvalidateRgn
SetCursor
GetSysColor
GetWindowLongA
LoadCursorA
DestroyCursor
GetMenuState
EnableMenuItem
GetSubMenu
GetMenuItemID
GetMenuItemCount
ModifyMenuA
GetMenuItemInfoA
CopyRect
LoadBitmapW
CopyImage
IsWindowVisible
TrackMouseEvent
GetCursorPos
ScreenToClient
GetWindowRgn
GetWindowDC
InflateRect
GetMenuDefaultItem
LoadImageA
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
CreateWindowExA
IsIconic
GetSystemMetrics
DrawIcon
FrameRect
EnumChildWindows
SetLayeredWindowAttributes
EnumDisplayMonitors
DestroyAcceleratorTable
CreateAcceleratorTableA
LoadAcceleratorsW
ToAsciiEx
SetClassLongA
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateA
DrawFrameControl
LoadMenuW
GetSystemMenu
SetCursorPos
CopyIcon
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
InsertMenuItemA
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatA
UnionRect
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
PostThreadMessageA
GetKeyboardLayout
IsCharLowerA
MapVirtualKeyExA
GetKeyboardState

gdi32

TextOutA
RectVisible
PtVisible
OffsetRgn
Escape
DeleteObject
CreateRectRgn
CreateFontA
GetObjectA
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CombineRgn
GetTextFaceA
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
GetBoundsRect
RoundRect
LPtoDP
Polyline
Polygon
Ellipse
SetDIBColorTable
CreateDIBSection
SetPixel
GetTextCharsetInfo
EnumFontFamiliesA
CreateDIBitmap
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExA
GetRgnBox
GetTextColor
GetBkColor
GetTextMetricsA
DPtoLP
SetRectRgn
GetMapMode
PatBlt
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
MoveToEx
SetTextAlign
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SaveDC
RestoreDC
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
ExcludeClipRect
CreateHatchBrush
CreateDCA
CopyMetaFileA
CreatePolygonRgn
FrameRgn
FillRgn
SetWindowOrgEx
ExtSelectClipRgn
GetClipBox
GetStockObject
CreateRoundRectRgn
SelectClipRgn
PtInRegion
GetCurrentObject
CreatePatternBrush
CreateEllipticRgn
SetBitmapBits
GetBitmapBits
StretchBlt
SelectPalette
RealizePalette
GetDIBits
ExtCreateRegion
DeleteDC
CreateICA
CreateBitmap
Rectangle
CreateSolidBrush
CreatePen
GetTextExtentPoint32A
CreateRectRgnIndirect
CreateFontIndirectA
GetDeviceCaps
ExtTextOutA
BitBlt

msimg32

AlphaBlend
TransparentBlt

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
QueryServiceStatus
StartServiceA
RegOpenKeyExW
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegQueryValueA
RegEnumValueA
RegEnumKeyExA
RegQueryValueExW

shell32

DragFinish
DragQueryFileA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFileInfoA
Shell_NotifyIconA
SHAppBarMessage
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA

comctl32

ImageList_Draw
FlatSB_EnableScrollBar
InitializeFlatSB
ord17
ImageList_GetImageInfo
ImageList_SetBkColor
ImageList_GetBkColor

shlwapi

StrFormatKBSizeA
PathRemoveFileSpecW
PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathIsUNCA
SHDeleteKeyA
SHGetValueA
PathStripToRootW
PathIsUNCW
PathFileExistsA

uxtheme

DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemeSysColor
GetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetCurrentThemeName
GetThemeColor
DrawThemeBackground

ole32

IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
CoRegisterMessageFilter
CoRevokeClassObject
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoCreateGuid
CoCreateInstance
CoInitializeEx
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal

oleaut32

VarBstrFromDate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
LoadTypeLi
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocStringByteLen
SysFreeString
OleLoadPicture
OleCreateFontIndirect
SysAllocString

oledlg

ord8

gdiplus

GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipSetInterpolationMode
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipFree
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipDrawImageRectI

ws2_32

ntohs
htons
ntohl
htonl

psapi

GetProcessImageFileNameA
GetProcessMemoryInfo

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

iphlpapi

GetPerAdapterInfo
GetNumberOfInterfaces
CreateIpNetEntry
GetAdaptersInfo

winmm

PlaySoundA

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

log

GenericLogImpl

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 599KB - Virtual size: 598KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89354e1ba26ec8ecb2e7dedb72dbc1eb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iocptcp

iocpudp

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

ws2_32

psapi

version

iphlpapi

winmm

oleacc

imm32

log

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 599KB - Virtual size: 598KB

.data Size: 85KB - Virtual size: 116KB

.gfids Size: 102KB - Virtual size: 102KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 74KB - Virtual size: 74KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 599KB - Virtual size: 598KB

.data
Size: 85KB - Virtual size: 116KB

.gfids
Size: 102KB - Virtual size: 102KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 74KB - Virtual size: 74KB