125bf2dc48aea2f321effb4e376fc2bba3c156d3ea5951cc39c2fede085747a1

Sharing

Copy URL Twitter E-mail

General

Target

125bf2dc48aea2f321effb4e376fc2bba3c156d3ea5951cc39c2fede085747a1
Size

699KB
MD5

7f773a921d0eb0fce4e266a5c3df94c3
SHA1

c1d68f7e5253d0ad841c8711daee85ea6094175c
SHA256

125bf2dc48aea2f321effb4e376fc2bba3c156d3ea5951cc39c2fede085747a1
SHA512

56e7297814602d037d31e4e346b6d538d9dd0f04c8203e5be91c19f5e3783ad1bfe213a23e446cabb3c9fdca136f9389b7613de2eccd5ee545535fb57c5eb5b2
SSDEEP

12288:B2rBs4JynNOgy2UjaloLEGBsIEePjwaoJmMMbD5dRRx4wcCDYKZEJWpCz+K:B2rSxNOgybDI6sIEePjw3mMMzmwcCDYP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
125bf2dc48aea2f321effb4e376fc2bba3c156d3ea5951cc39c2fede085747a1

Files

125bf2dc48aea2f321effb4e376fc2bba3c156d3ea5951cc39c2fede085747a1
.exe windows:6 windows x86 arch:x86

60c9788bcd23dbbb6e20e26fa3ec2880

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Anakage\Project_AnakageNext\Projects\Demo\HondaCars\AnakageNext\Player\IAssistHelper\Release\IAssistHelperN.pdb

Imports

kernel32

MultiByteToWideChar
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetModuleFileNameW
CreateDirectoryW
CopyFileW
SetComputerNameExW
AllocConsole
InitializeCriticalSectionEx
RaiseException
DeleteCriticalSection
CreateFileW
LocalFree
GetTempPathW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFullPathNameW
MoveFileW
GlobalMemoryStatusEx
GetFileTime
GetFileSize
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
CreateEventW
LocalSize
LocalAlloc
FormatMessageW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
lstrlenW
GetCurrentProcess
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
RemoveDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
ReadFile
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
SetHandleInformation
CreatePipe
SearchPathW
Sleep
WideCharToMultiByte
DeleteFileW
GetLastError
GetFileAttributesW
FindNextFileW
FindFirstFileW
WriteFile
FindClose
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
IsDebuggerPresent

user32

wsprintfW
FindWindowA
ShowWindow

winmm

timeGetTime

advapi32

CryptDestroyKey
CryptDecrypt
CryptDeriveKey
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
RegOpenKeyExA
RegOpenKeyW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ControlService
QueryServiceStatus
StartServiceW
OpenServiceA
OpenSCManagerW
GetUserNameW

shell32

ShellExecuteW
SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteExW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

wininet

DeleteUrlCacheEntryW
FindCloseUrlCache
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW

shlwapi

PathFindExtensionW
PathRemoveFileSpecW

msvcp140

??1_Facet_base@std@@UAE@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??1facet@locale@std@@MAE@XZ
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
??1codecvt_base@std@@UAE@XZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xbad_alloc@std@@YAXXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Xlength_error@std@@YAXPBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??_7_Facet_base@std@@6B@
??_7facet@locale@std@@6B@
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
??_7codecvt_base@std@@6B@
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?id@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?get@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AAVios_base@2@AAHPAUtm@@PBD4@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ

urlmon

URLDownloadToFileW

vcruntime140

memcpy
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
wcsstr
wcsrchr
wcschr
memmove
memset
_CxxThrowException
_except_handler4_common
memchr

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_errno
_invalid_parameter_noinfo
_controlfp_s
terminate
_register_thread_local_exe_atexit_callback
_set_errno
_c_exit
__p___wargv
_exit
exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_initialize_onexit_table
_register_onexit_function
__p___argc

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
_set_new_mode
free
_recalloc
calloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
_wfopen
__acrt_iob_func
setvbuf
__stdio_common_vswprintf
ungetc
fgets
fputs
__stdio_common_vfwprintf
fflush
_set_fmode
fgetwc
fputwc
_wfopen_s
fgetws
fsetpos
_fseeki64
__p__commode
fputc
fclose
ungetwc
_get_stream_buffer_pointers
fgetpos
fgetc
fwrite
fread
__stdio_common_vswprintf_s

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
rename
_chmod

api-ms-win-crt-convert-l1-1-0

_wtoi
wcstombs_s
mbstowcs_s

api-ms-win-crt-string-l1-1-0

wcsnlen
_wcslwr_s
wcscpy_s
wmemcpy_s
iswspace
isprint

api-ms-win-crt-time-l1-1-0

_time64
_mktime64
_localtime64_s
wcsftime

api-ms-win-crt-math-l1-1-0

__setusermatherr
ceil
_except1

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60c9788bcd23dbbb6e20e26fa3ec2880

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

winmm

advapi32

shell32

ole32

wininet

shlwapi

msvcp140

urlmon

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 440KB - Virtual size: 440KB

.rdata Size: 167KB - Virtual size: 166KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 53KB - Virtual size: 52KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 440KB - Virtual size: 440KB

.rdata
Size: 167KB - Virtual size: 166KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 53KB - Virtual size: 52KB

.reloc
Size: 36KB - Virtual size: 35KB