c189548b14d5a4d6b4e5878a5aa9e84d62ebd9d20d9866e99e3123fec0fa0753

Sharing

Copy URL Twitter E-mail

General

Target

c189548b14d5a4d6b4e5878a5aa9e84d62ebd9d20d9866e99e3123fec0fa0753
Size

3.5MB
MD5

779c30b02ddb6d60f0f19b632d83808a
SHA1

de055f34b87f476a96def89b66619cd429c71ff6
SHA256

c189548b14d5a4d6b4e5878a5aa9e84d62ebd9d20d9866e99e3123fec0fa0753
SHA512

599b23451652419948416aa730e5865e059bb32638f57ccdfcb71f5ad171ea3d71b92b3ed4eeecbd3722e1fdb93def4fe62760148e5ae39b846868417452f076
SSDEEP

98304:6PwxbZX56SGNROU4tM7fdvGRswgua2dVrlyH:64R56SGNWm7fd8K2jo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c189548b14d5a4d6b4e5878a5aa9e84d62ebd9d20d9866e99e3123fec0fa0753

Files

c189548b14d5a4d6b4e5878a5aa9e84d62ebd9d20d9866e99e3123fec0fa0753
.exe windows:5 windows x86 arch:x86

a8daf9852ef818b8475d16c48c6d8166

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\ToolCode\svn\mycode\X_X5InjectBlackTool\Release\DuilibInject.pdb

Imports

ws2_32

WSCGetProviderPath
WSCDeinstallProvider
WSCInstallProvider
WSCEnumProtocols
WSCWriteProviderOrder
ioctlsocket
recv
inet_ntoa
ntohs
socket
send
getsockname
inet_addr
getpeername
listen
shutdown
select
closesocket
bind
accept
__WSAFDIsSet
getsockopt
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSASetLastError
WSAStartup
WSACleanup
htons
setsockopt
WSAIoctl
connect
htonl
getaddrinfo
freeaddrinfo
recvfrom
sendto
gethostname
WSAGetLastError

advapi32

RegOpenKeyExA
CryptReleaseContext
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
CryptAcquireContextA
RegCloseKey
RegOpenKeyA
RegFlushKey
RegEnumValueA
RegDeleteValueA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptGenRandom

kernel32

QueryPerformanceCounter
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
QueryPerformanceFrequency
MultiByteToWideChar
WideCharToMultiByte
SetLastError
FormatMessageW
MoveFileExA
WaitForSingleObject
GetEnvironmentVariableA
WaitForMultipleObjects
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
SleepEx
VerSetConditionMask
VerifyVersionInfoW
lstrlenW
FindFirstFileW
FindNextFileW
CreateEventA
WriteProcessMemory
GetVersionExW
VirtualAllocEx
GetModuleHandleW
CreateRemoteThread
VirtualFreeEx
WaitNamedPipeA
GetSystemTimeAsFileTime
GetModuleFileNameA
GetCurrentProcess
GetModuleFileNameW
GetVolumeInformationA
CreateFileA
LockResource
Process32FirstW
VirtualProtect
CreateNamedPipeA
WriteFileEx
DisconnectNamedPipe
CreateEventW
SetEvent
WaitForSingleObjectEx
ReadFileEx
GetOverlappedResult
ConnectNamedPipe
ExpandEnvironmentStringsW
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
GetACP
ExitProcess
GetFileSize
SetFilePointer
SetFileTime
DuplicateHandle
SystemTimeToFileTime
DosDateTimeToFileTime
CreateDirectoryA
MulDiv
GetLocalTime
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentProcessId
LocalFree
GetLastError
WriteFile
GetTempPathA
GetCurrentThreadId
GetCurrentThread
CreateToolhelp32Snapshot
Thread32First
Thread32Next
Process32NextW
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
TryEnterCriticalSection
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
VirtualAlloc
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
RaiseException
CreateFileW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
CopyFileA
Sleep
ReleaseMutex
CreateMutexA
FindClose
FindNextFileA
GetCommandLineW
FindFirstFileA
GetTickCount
LoadResource
CloseHandle
DeleteFileA
OpenProcess
FreeResource
FindResourceA
SizeofResource
GetModuleHandleExW
SetFilePointerEx
WriteConsoleW
HeapAlloc
HeapFree
HeapReAlloc
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
MoveFileExW
FlushFileBuffers
GetFileAttributesExW
SetStdHandle
SetEndOfFile
GetCurrentDirectoryW
GetFullPathNameW
GetProcessHeap
GetTimeZoneInformation
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
DeleteFileW
HeapSize
GetCurrentDirectoryA

user32

SetWindowTextA
LoadImageA
GetPropA
SetPropA
EnableWindow
ShowWindow
GetClassInfoExA
RegisterClassExA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetWindowTextLengthA
GetCaretBlinkTime
GetCaretPos
CharPrevA
DrawTextA
FillRect
SetRect
CreateCaret
OffsetRect
wvsprintfA
LoadCursorA
SetCursor
GetWindow
PtInRect
IsRectEmpty
HideCaret
ShowCaret
SetCaretPos
ClientToScreen
GetSysColor
CreateAcceleratorTableA
UnionRect
IntersectRect
InvalidateRgn
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
SetFocus
CharNextA
DestroyWindow
IsWindow
CreateWindowExA
TranslateMessage
GetMessageA
GetSystemMetrics
PostMessageW
LoadKeyboardLayoutA
UnloadKeyboardLayout
ActivateKeyboardLayout
SystemParametersInfoW
GetWindowThreadProcessId
GetWindowTextA
SendMessageA
EnumThreadWindows
MessageBoxW
FindWindowA
IsWindowVisible
SetWindowPos
MonitorFromWindow
SetWindowRgn
PostMessageA
ScreenToClient
CreatePopupMenu
TrackPopupMenu
SetWindowLongA
GetWindowLongA
MessageBoxA
GetMonitorInfoA
DestroyMenu
LoadIconA
AppendMenuA
GetClientRect
GetGUIThreadInfo
MapWindowPoints
IsZoomed
PostQuitMessage
SetForegroundWindow
IsIconic
GetCursorPos
GetWindowRect
MoveWindow
GetParent
DispatchMessageA

gdi32

ExtSelectClipRgn
SetBkColor
StretchBlt
SetStretchBltMode
CreateDIBSection
SelectClipRgn
TextOutA
ExtTextOutA
RoundRect
GetObjectA
CombineRgn
GdiFlush
GetDeviceCaps
DeleteObject
CreateRoundRectRgn
CreateRectRgnIndirect
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectA
CreatePen
DeleteDC
GetStockObject
Rectangle
RestoreDC
SaveDC
SelectObject
GetTextMetricsA
SetWindowOrgEx
CreatePatternBrush
CreateSolidBrush
SetBkMode
SetTextColor
CreatePenIndirect
GetCharABCWidthsA
GetClipBox
MoveToEx
LineTo
GetTextExtentPoint32A

shell32

CommandLineToArgvW
ShellExecuteA
Shell_NotifyIconA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteExA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal
CoCreateGuid

oleaut32

SysAllocStringLen
SysFreeString
VariantClear
VariantInit
SysAllocString

gdiplus

GdiplusStartup
GdipFree
GdiplusShutdown
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushI
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipGraphicsClear
GdipDrawImage
GdipDrawImageRectI
GdipDeleteFontFamily
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFamily
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipAlloc

imm32

ImmIsIME
ImmGetContext
ImmReleaseContext
ImmSetCompositionFontA
ImmSetCompositionWindow
ImmInstallIMEW

shlwapi

PathFileExistsA

comctl32

ord17
_TrackMouseEvent

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 361KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8daf9852ef818b8475d16c48c6d8166

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

advapi32

kernel32

user32

gdi32

shell32

ole32

oleaut32

gdiplus

imm32

shlwapi

comctl32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 361KB - Virtual size: 360KB

.data Size: 21KB - Virtual size: 37KB

.gfids Size: 3KB - Virtual size: 2KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 64KB - Virtual size: 63KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 361KB - Virtual size: 360KB

.data
Size: 21KB - Virtual size: 37KB

.gfids
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 64KB - Virtual size: 63KB