19df75a67eb1e5e48ff9c2d5aab49510129b20e67b397757f5ac2dab436c1ebc

Sharing

Copy URL Twitter E-mail

General

Target

19df75a67eb1e5e48ff9c2d5aab49510129b20e67b397757f5ac2dab436c1ebc
Size

6.2MB
MD5

1b010049f5e240b595afd643edce41f0
SHA1

1f2185b4e4f3485a2dda9fad8b2b10d9cca35270
SHA256

19df75a67eb1e5e48ff9c2d5aab49510129b20e67b397757f5ac2dab436c1ebc
SHA512

198ae349876d0ba46d7c144d2fcd01864d88877c75bd94af184b6fbbd92d8c91dd8eb974bea7d9a414eceac5121f8009d5fbcc8632eaf3d671d761d4ce259b96
SSDEEP

98304:Wv3URyhj4d632cjuGaMiuvWQ48xr4qrJOz5iVq5HV8A58n:CERyhj4d6328uG9sqrJOYq5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19df75a67eb1e5e48ff9c2d5aab49510129b20e67b397757f5ac2dab436c1ebc

Files

19df75a67eb1e5e48ff9c2d5aab49510129b20e67b397757f5ac2dab436c1ebc
.exe windows:5 windows x86 arch:x86

fdc60d6d7d2cea652e8260970376a02c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\zanderzhong\pj4\TencentVideoWindows\Setup\PluginSource\Statistics\Release\Statistics.pdb

Imports

kernel32

ResumeThread
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
LocalFree
SetFileTime
FileTimeToLocalFileTime
FormatMessageA
SetFileAttributesW
FormatMessageW
OpenProcess
GetFileAttributesExW
SetUnhandledExceptionFilter
TerminateProcess
FindClose
GetTickCount
lstrcpyW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateThread
GetLocalTime
ConnectNamedPipe
DisconnectNamedPipe
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetModuleHandleExW
OutputDebugStringW
CreateNamedPipeW
GetModuleFileNameW
GetExitCodeProcess
IsDebuggerPresent
CreateMutexW
LoadLibraryA
CreateProcessW
GetTempPathW
GetTempFileNameW
MoveFileW
SleepEx
InterlockedExchange
InterlockedCompareExchange
SwitchToThread
SetEndOfFile
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateDirectoryA
GetFullPathNameW
CreateMutexA
GetVersionExW
FlushFileBuffers
QueryPerformanceCounter
GetSystemTimeAsFileTime
SystemTimeToFileTime
LockFileEx
CreateFileMappingA
UnlockFile
HeapCompact
GetSystemInfo
DeleteFileA
GetVersionExA
WaitForSingleObjectEx
FlushViewOfFile
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnlockFileEx
GetFullPathNameA
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
HeapCreate
AreFileApisANSI
TryEnterCriticalSection
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetEnvironmentVariableW
GetFileType
SwitchToFiber
DeleteFiber
CreateFiber
SetThreadAffinityMask
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InterlockedExchangeAdd
PostQueuedCompletionStatus
QueueUserAPC
WaitForMultipleObjects
VerSetConditionMask
CreateIoCompletionPort
GetQueuedCompletionStatus
CreateWaitableTimerW
SetWaitableTimer
VerifyVersionInfoW
GlobalFree
GetDateFormatW
GetACP
GetModuleFileNameA
GetCurrentDirectoryW
GetCurrentDirectoryA
SetCurrentDirectoryW
SetCurrentDirectoryA
SetEnvironmentVariableW
SetEnvironmentVariableA
SetConsoleCtrlHandler
LoadLibraryExW
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
CreateFileA
ReadFile
GetFileSize
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
MoveFileExW
CopyFileW
SetFilePointerEx
SetFilePointer
WriteFile
InterlockedIncrement
WideCharToMultiByte
GetFileAttributesW
CreateDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetVersion
DeleteFileW
GetPrivateProfileIntW
DecodePointer
Sleep
CreateFileW
GetSystemDirectoryW
GetModuleHandleW
LoadLibraryW
CloseHandle
DeviceIoControl
GetProcAddress
FreeLibrary
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
ExitThread
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
SetProcessAffinityMask
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
RtlCaptureStackBackTrace
QueueUserWorkItem
EncodePointer
CreateHardLinkW
GetFileInformationByHandle
GetDiskFreeSpaceExW
FindFirstFileExW
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
DuplicateHandle
GetStringTypeW
QueryPerformanceFrequency
GetSystemTime
WritePrivateProfileStringW
GetPrivateProfileStringW
ExpandEnvironmentStringsA
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetStdHandle
GetTimeZoneInformation
GetConsoleCP
EnumSystemLocalesW
InterlockedDecrement
MultiByteToWideChar
FindResourceExW
FindResourceW
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
ConvertFiberToThread
IsValidLocale
GetUserDefaultLCID
GetTimeFormatW

user32

EnumDisplayDevicesW
MessageBoxW
IsWindow
DestroyWindow
CreateWindowExW
GetUserObjectInformationW
SetWindowLongW
PostMessageW
LoadCursorW
RegisterClassExW
GetWindowLongW
DefWindowProcW
UnregisterClassW
GetDC
GetProcessWindowStation
SendMessageTimeoutW
LoadStringW
PostThreadMessageW

gdi32

AddFontResourceW
RemoveFontResourceW
GetDeviceCaps

advapi32

CryptSetHashParam
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW
RegOpenKeyW
RegDeleteValueW
RegSetValueExW
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptDestroyKey

shell32

ord680
SHCreateDirectoryExW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFolderPathA
SHGetFolderPathW
CommandLineToArgvW

ole32

CoUninitialize
CLSIDFromString
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoInitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysStringLen
SetErrorInfo
VariantChangeType
VariantInit
GetErrorInfo
VariantClear
SysFreeString
SysAllocString
CreateErrorInfo

shlwapi

PathAppendW
PathFileExistsW
StrToIntW
PathRemoveFileSpecW

ws2_32

WSAStartup
closesocket
WSASocketW
WSARecv
WSASend
listen
bind
accept
WSASetLastError
getnameinfo
freeaddrinfo
getaddrinfo
getsockopt
getsockname
shutdown
setsockopt
send
recv
ioctlsocket
connect
ntohl
htonl
WSAGetLastError
WSACleanup
htons
gethostbyname
socket
sendto
select
getpeername
WSAIoctl
gethostname
WSAStringToAddressA
recvfrom
ntohs
inet_ntoa
inet_addr
__WSAFDIsSet

wininet

HttpSendRequestA
InternetOpenW
DeleteUrlCacheEntryW
InternetOpenUrlW
InternetSetCookieW
InternetCloseHandle
InternetConnectW
InternetSetCookieExW
InternetConnectA
HttpOpenRequestA
HttpQueryInfoW
InternetSetOptionW
HttpSendRequestW
HttpEndRequestW
HttpSendRequestExW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetReadFile
InternetWriteFile

psapi

GetModuleFileNameExW
GetModuleBaseNameW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

urlmon

URLDownloadToFileW

iphlpapi

IcmpCloseHandle
IcmpSendEcho
GetIpForwardTable
IcmpCreateFile

netapi32

NetApiBufferFree
NetWkstaTransportEnum
Netbios

wintrust

WinVerifyTrust

crypt32

CertCreateCertificateContext
CryptMsgGetParam
CertCloseStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CryptMsgClose

dnsapi

DnsQuery_W
DnsFree

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl

wldap32

ord79
ord142
ord167
ord133
ord147
ord208
ord216
ord14
ord46
ord145
ord127
ord27
ord26
ord41
ord118
ord301

Exports

Exports

RunCrashHandler

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMGuid
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdc60d6d7d2cea652e8260970376a02c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

wininet

psapi

version

urlmon

iphlpapi

netapi32

wintrust

crypt32

dnsapi

winhttp

wldap32

Exports

Exports

Sections

.text Size: 4.9MB - Virtual size: 4.9MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 88KB - Virtual size: 154KB

.QMGuid Size: 512B - Virtual size: 20B

.gfids Size: 5KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 187KB - Virtual size: 186KB

.text
Size: 4.9MB - Virtual size: 4.9MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 88KB - Virtual size: 154KB

.QMGuid
Size: 512B - Virtual size: 20B

.gfids
Size: 5KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 187KB - Virtual size: 186KB