ba128e3e3c7bd76536aa1aab51b543136b73dd7541ce226f2ba297f6a7bafe11

Sharing

Copy URL Twitter E-mail

General

Target

ba128e3e3c7bd76536aa1aab51b543136b73dd7541ce226f2ba297f6a7bafe11
Size

1.4MB
MD5

031c9e0a86ee88df839e3eb1fa1a19e1
SHA1

8fdf8356774c8cc0545fd47b5271782467bc3508
SHA256

ba128e3e3c7bd76536aa1aab51b543136b73dd7541ce226f2ba297f6a7bafe11
SHA512

7a216c358eab6d3a9060ca3ca2cf864f07521639a731cb65354df0d853d6b0ec0ae2216d7b3e86f9ded0657854d7b42375431d4db072772aa335a0997376e89a
SSDEEP

24576:86J5CF0WyJ1k64XFHd8MItvWWCKDgJ1VmCRerEAgkhAiQYMpvM:wyw64XFHd8MMvbfymCR8VrivM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba128e3e3c7bd76536aa1aab51b543136b73dd7541ce226f2ba297f6a7bafe11

Files

ba128e3e3c7bd76536aa1aab51b543136b73dd7541ce226f2ba297f6a7bafe11
.exe windows:6 windows x86 arch:x86

faad60a29779726bf8a2656c9c38eea5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\project\DiDaMouse\pdb\uninstaller\Release\uninstall.pdb

Imports

kernel32

Process32NextW
LoadLibraryA
Process32FirstW
CreateProcessW
GetModuleHandleW
CreateEventW
IsWow64Process
SizeofResource
FreeResource
LockResource
GetNativeSystemInfo
LoadResource
FindResourceW
GetTickCount
GetTickCount64
GlobalFree
SetFilePointerEx
OpenFileMappingW
InitializeCriticalSectionAndSpinCount
GetCurrentDirectoryW
GetErrorMode
SetErrorMode
GetACP
FreeLibrary
SystemTimeToFileTime
GetFileType
DosDateTimeToFileTime
MulDiv
WaitForMultipleObjects
SetEvent
ReleaseSemaphore
FindResourceExW
CreateSemaphoreW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
CreateToolhelp32Snapshot
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetStdHandle
ExitThread
GetModuleHandleExW
ExitProcess
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
LocalFree
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
ResetEvent
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetLocaleInfoW
LCMapStringW
GetCPInfo
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
QueryPerformanceCounter
GetExitCodeThread
WaitForSingleObjectEx
TryEnterCriticalSection
GetStringTypeW
OpenProcess
GetModuleHandleA
DuplicateHandle
WaitForSingleObject
SetUnhandledExceptionFilter
GetCurrentProcessId
GetProcAddress
LoadLibraryW
GetCurrentThread
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
TerminateProcess
EnterCriticalSection
VerifyVersionInfoW
WideCharToMultiByte
GetProcessHeap
VerSetConditionMask
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
DeleteFileW
GetLastError
Sleep
MultiByteToWideChar
HeapSize
GetFileAttributesW
CreateFileW
FindClose
InitializeCriticalSectionEx
SetFilePointer
RemoveDirectoryW
WriteFile
FindNextFileW
SetLastError
HeapFree
FindFirstFileW
ReadFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CloseHandle
OutputDebugStringW
UnmapViewOfFile
OutputDebugStringA
GetCurrentProcess

user32

IsWindow
AttachThreadInput
GetForegroundWindow
SetForegroundWindow
InvalidateRect
LoadStringW
wsprintfW
SendMessageW
PostQuitMessage
PostMessageW
ReleaseDC
DestroyWindow
GetDC
GetClientRect
MonitorFromWindow
GetMonitorInfoW
GetSystemMetrics
SetWindowTextW
GetWindowLongW
ShowWindow
SetWindowPos
SetWindowLongW
CharNextW
GetKeyState
IsRectEmpty
IsIconic
GetWindow
SetFocus
GetUpdateRect
BeginPaint
EndPaint
CreateWindowExW
GetCursorPos
GetWindowRect
InflateRect
PtInRect
ScreenToClient
IsWindowVisible
PeekMessageW
TranslateMessage
FillRect
GetGUIThreadInfo
GetPropW
DispatchMessageW
MsgWaitForMultipleObjectsEx
GetFocus
SetTimer
EnumChildWindows
EnumThreadWindows
SetPropW
KillTimer
SetCapture
ReleaseCapture
GetClassNameW
MessageBoxA
MapWindowPoints
GetParent
IsWindowEnabled
DefWindowProcW
LoadCursorW
RegisterClassW
CallWindowProcW
GetWindowPlacement
SetCursor
IsZoomed
CreatePopupMenu
AppendMenuW
TrackPopupMenu
DestroyMenu
MessageBoxW
MonitorFromPoint
UpdateLayeredWindowIndirect
OffsetRect
GetWindowThreadProcessId
SetRect
CharPrevW
RegisterClassExW
MoveWindow
UpdateLayeredWindow
GetWindowRgn
ClientToScreen
GetSysColor
GetCaretBlinkTime

gdi32

CreateRoundRectRgn
DeleteDC
CreateCompatibleDC
CreateDIBSection
GetTextExtentPoint32W
GetCharABCWidthsW
SetBkColor
SetTextColor
SetBkMode
GetTextMetricsW
PtInRegion
GetObjectA
SelectClipRgn
CreateRectRgnIndirect
SetWorldTransform
SetGraphicsMode
CreateFontIndirectW
GetStockObject
GetObjectW
GetDeviceCaps
DeleteObject
CreatePen
BitBlt
SelectObject
GetRgnBox

advapi32

RegQueryInfoKeyW
OpenProcessToken
RegCloseKey
RegDeleteKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenThreadToken

shell32

SHGetFolderPathW
DragAcceptFiles
ShellExecuteA
ShellExecuteExW
Shell_NotifyIconW
DragQueryFileW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ExtractIconW

ole32

PropVariantClear
CLSIDFromString
RevokeDragDrop
RegisterDragDrop
ReleaseStgMedium
CLSIDFromProgID
OleLockRunning
OleUninitialize
CoCreateInstance
CoUninitialize
CoInitialize
OleInitialize

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shlwapi

ord12
PathAppendW
PathIsRelativeW
PathFindFileNameW
PathFileExistsW
PathAddBackslashW
PathRemoveFileSpecW

ws2_32

inet_pton

iphlpapi

GetAdaptersInfo
GetBestInterface

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpConnect
WinHttpQueryOption
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpReceiveResponse

crypt32

CertFreeCertificateContext
CertGetCertificateContextProperty

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

comctl32

ord17
_TrackMouseEvent

d2d1

ord1

dwrite

DWriteCreateFactory

gdiplus

GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateSolidFill
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCloneBrush
GdipCreateBitmapFromStream
GdipSetSmoothingMode
GdipDrawString
GdipBitmapUnlockBits
GdipSetTextRenderingHint
GdipDrawImage
GdipGetDC
GdipGetImageGraphicsContext
GdipDeleteBrush
GdipReleaseDC
GdiplusShutdown
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipDrawLineI
GdipBitmapLockBits
GdipCreatePen1
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageI
GdipDeleteFont
GdiplusStartup
GdipDeletePen

imm32

ImmSetCompositionFontW
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

dwmapi

DwmIsCompositionEnabled

Sections

.text
Size: 1017KB - Virtual size: 1016KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

faad60a29779726bf8a2656c9c38eea5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

shlwapi

ws2_32

iphlpapi

winhttp

crypt32

winmm

comctl32

d2d1

dwrite

gdiplus

imm32

dwmapi

Sections

.text Size: 1017KB - Virtual size: 1016KB

.rdata Size: 195KB - Virtual size: 194KB

.data Size: 22KB - Virtual size: 29KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 123KB - Virtual size: 123KB

.reloc Size: 56KB - Virtual size: 55KB

.text
Size: 1017KB - Virtual size: 1016KB

.rdata
Size: 195KB - Virtual size: 194KB

.data
Size: 22KB - Virtual size: 29KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 123KB - Virtual size: 123KB

.reloc
Size: 56KB - Virtual size: 55KB