69a0ae945bc946395086bb3eafce3aaa79d41e9ada9ee2b4e12dbbbb46bf9878

Sharing

Copy URL Twitter E-mail

General

Target

69a0ae945bc946395086bb3eafce3aaa79d41e9ada9ee2b4e12dbbbb46bf9878
Size

130KB
MD5

45233fb9d625cbe5eb817e396c875b42
SHA1

8b24f693dc2b6d7a13bd239e66720620c493b304
SHA256

69a0ae945bc946395086bb3eafce3aaa79d41e9ada9ee2b4e12dbbbb46bf9878
SHA512

4383bdf24c93a758e14ffeba8cedd6c8c344a447d3032d3f5963e25ab96964b1fd0d0081d7f15d1b40d3550d8589b2f1d24f6438f9dc40e1c58dc38e37a30626
SSDEEP

1536:13giodSkNiVvcNA2XIucDVdN8+c7Vmv3hq0Ks5LB6vGVG5nbmV3DGvWus:1QdPC4XmLTvz8GVkbmV6vm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69a0ae945bc946395086bb3eafce3aaa79d41e9ada9ee2b4e12dbbbb46bf9878

Files

69a0ae945bc946395086bb3eafce3aaa79d41e9ada9ee2b4e12dbbbb46bf9878
.dll windows:5 windows x86 arch:x86

1d7580d6b2de109aeb909506058fa310

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

I:\Desktop\RealTimeChart\Release\PlugTouch.pdb

Imports

mfc140

ord12074
ord3351
ord3231
ord6774
ord1403
ord4227
ord3250
ord9092
ord6806
ord1443
ord3689
ord5937
ord2210
ord8031
ord13574
ord4468
ord9373
ord501
ord1141
ord4085
ord6290
ord8713
ord5561
ord12706
ord2263
ord2370
ord485
ord10202
ord6469
ord853
ord12828
ord1372
ord12469
ord852
ord7791
ord842
ord1366
ord11028
ord12808
ord13230
ord13966
ord12894
ord1389
ord890
ord11850
ord10379
ord6855
ord4068
ord2612
ord1067
ord1692
ord4490
ord2560
ord2241
ord14291
ord3953
ord2524
ord3924
ord6581
ord4218
ord8705
ord2860
ord13584
ord5792
ord2242
ord2472
ord3949
ord8326
ord8770
ord13027
ord6768
ord898
ord4639
ord6853
ord5814
ord6946
ord13582
ord8026
ord4457
ord8732
ord13321
ord5204
ord12505
ord8997
ord9089
ord4216
ord7475
ord7134
ord13028
ord6533
ord8776
ord12969
ord13278
ord5155
ord5398
ord6463
ord358
ord13011
ord2520
ord6540
ord3874
ord2298
ord6460
ord2518
ord1106
ord450
ord1066
ord362
ord3177
ord3005
ord5898
ord305
ord4868
ord3166
ord2986
ord2383
ord2387
ord310
ord4866
ord4865
ord9422
ord11339
ord14149
ord13475
ord5095
ord1068
ord6471
ord9085
ord3142
ord4213
ord8703
ord2988
ord462
ord4870
ord3825
ord7619
ord7094
ord1131
ord1000
ord1472
ord9166
ord10207
ord8182
ord5388
ord7677
ord7688
ord7687
ord6104
ord5210
ord5390
ord5231
ord5769
ord5504
ord10963
ord11343
ord10421
ord4084
ord3396
ord3395
ord3159
ord6193
ord13677
ord2758
ord12116
ord9192
ord9167
ord7461
ord1111
ord1178
ord1109
ord9305
ord5739
ord5528
ord5228
ord12111
ord3258
ord3363
ord3364
ord3933
ord12067
ord2680
ord5911
ord13628
ord11663
ord6848
ord14508
ord7887
ord14510
ord3050
ord4485
ord9647
ord4493
ord4972
ord4911
ord4896
ord4958
ord5003
ord4926
ord4981
ord4997
ord4938
ord4944
ord4950
ord4932
ord4987
ord4920
ord1772
ord1751
ord1765
ord1739
ord1717
ord12201
ord12205
ord13798
ord3259
ord9213
ord10950
ord6947
ord12163
ord8922
ord14502
ord11881
ord3830
ord12032
ord9096
ord11672
ord11671
ord5631
ord10240
ord10236
ord10238
ord10239
ord10237
ord14699
ord2759
ord8173
ord3295
ord3298
ord13681
ord6195
ord6942
ord14054
ord5826
ord8735
ord5648
ord1526
ord6724
ord12291
ord2376
ord6836
ord3856
ord14518
ord3230
ord12583
ord12554
ord12348
ord14571
ord4841
ord7078
ord2381
ord2001
ord265
ord266
ord1411
ord929
ord1169
ord540
ord1696
ord1693
ord3864
ord7997
ord5059
ord11310
ord11159
ord11164
ord11169
ord5757
ord8965
ord12245
ord5759
ord4807
ord9479
ord9943
ord1507
ord7783
ord5760
ord1529
ord1044
ord316
ord5401
ord1509

kernel32

RaiseException
VerSetConditionMask
FreeLibrary
lstrcpynA
GlobalFree
Sleep
CopyFileA
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
DebugBreak
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
CloseHandle
GetModuleHandleW
DeleteCriticalSection
GetCurrentThreadId
GlobalUnlock
GlobalLock
GlobalAlloc
IsProcessorFeaturePresent
GetLastError
OutputDebugStringW
GetProcAddress
LoadLibraryA
TerminateProcess
VerifyVersionInfoA

user32

GetDC
PostMessageA
GetFocus
GetParent
EnableWindow
UpdateWindow
InvalidateRect
GetSystemMetrics
GetClientRect
SendMessageA
SetForegroundWindow
SetWindowPos
ShowWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetClipboardData
CloseClipboard
EmptyClipboard
InflateRect
GetWindowRect
GetDesktopWindow
GetSysColor
GetKeyState
GetMessagePos
ScreenToClient
AppendMenuA
CreatePopupMenu
GetMenuItemCount
DrawTextA
EqualRect
CopyRect
DrawFocusRect
GetClassInfoA
DefWindowProcA
LoadCursorA
RegisterClassA
SystemParametersInfoA
SetTimer
KillTimer
LoadMenuW
EnableMenuItem
LoadImageA
PtInRect
OpenClipboard
FillRect

gdi32

CreateSolidBrush
BitBlt
GetStockObject
DeleteObject
CreateFontIndirectA
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectA

shell32

ShellExecuteA

comctl32

ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_AddMasked

gdiplus

GdipDrawRectangleI
GdipFillRectangleI
GdipDeletePen
GdipCreatePen1
GdipDrawEllipseI
GdipDeleteBrush
GdipCreateSolidFill
GdipFillEllipseI
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?uncaught_exception@std@@YA_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Xlength_error@std@@YAXPBD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ

vcruntime140

__CxxFrameHandler3
__std_terminate
__std_exception_destroy
__std_exception_copy
_purecall
memset
_except_handler4_common
__std_type_info_destroy_list
memmove
_CxxThrowException
memchr
memcpy

api-ms-win-crt-convert-l1-1-0

atoi
mbstowcs_s

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
terminate
_invalid_parameter_noinfo
_execute_onexit_table
_errno
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

fgetc
fputc
fclose
_get_stream_buffer_pointers
fread
fwrite
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
ungetc

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-time-l1-1-0

strftime
_time64
_localtime64_s

api-ms-win-crt-string-l1-1-0

strcpy_s

api-ms-win-crt-heap-l1-1-0

_recalloc
free
calloc

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp
_mbsnbicmp

api-ms-win-crt-math-l1-1-0

ceil

Exports

Exports

ZhiHe_Plug

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d7580d6b2de109aeb909506058fa310

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140

kernel32

user32

gdi32

shell32

comctl32

gdiplus

msvcp140

vcruntime140

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 83KB - Virtual size: 82KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 83KB - Virtual size: 82KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 10KB - Virtual size: 9KB