7905e89d0580f70678a3d38131a76a13c4581bf6afd105a2a87761b6521170c1

Sharing

Copy URL

Twitter E-mail

General

Target

7905e89d0580f70678a3d38131a76a13c4581bf6afd105a2a87761b6521170c1
Size

305KB
MD5

54783bbd10219fa249e5134d620f458c
SHA1

0b863dc0456634d9fc4f3826588d94098118bf24
SHA256

7905e89d0580f70678a3d38131a76a13c4581bf6afd105a2a87761b6521170c1
SHA512

82081676ecb4659a0cc9033e8e881b134c91f0da87a5bea1ddc67599545720a7771a92ad5bcba39a43de47cd0d1839e229d36a1807bfcf98707ba40b3d8ba689
SSDEEP

6144:UKc+uCkhgajsEZbIXSxE6yLTBDvj8ieOubSh5kH42pEbR8:lc+AjrZbWSK60TtvjX84kY4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7905e89d0580f70678a3d38131a76a13c4581bf6afd105a2a87761b6521170c1

Files

7905e89d0580f70678a3d38131a76a13c4581bf6afd105a2a87761b6521170c1
.exe windows:5 windows x86 arch:x86

ab95e824f013e989038e1e074cb58c1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\DUOWAN_BUILD\yypublish_build\console\source\yy\bin\release\BugReport.pdb

Imports

wininet

HttpQueryInfoW
InternetReadFile
HttpSendRequestW
HttpEndRequestW
HttpSendRequestExW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW
InternetCloseHandle

kernel32

InterlockedIncrement
InterlockedDecrement
GetProcAddress
GetModuleHandleW
lstrcmpiW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
FlushInstructionCache
GetCurrentProcess
ExitProcess
CreateProcessW
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
SetLastError
GetVersionExW
WideCharToMultiByte
LocalFree
ExpandEnvironmentStringsW
GetCommandLineW
GetDriveTypeW
GlobalMemoryStatusEx
GetSystemInfo
GetComputerNameA
CopyFileW
DeleteFileW
SetEvent
SetFilePointer
ReadProcessMemory
OpenProcess
LoadLibraryW
lstrcpynW
lstrcpyW
UnmapViewOfFile
lstrlenW
CreateFileMappingW
Module32FirstW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
TerminateProcess
FileTimeToSystemTime
GetFileTime
GetCurrentProcessId
SetUnhandledExceptionFilter
MoveFileW
ResetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetFileAttributesW
CreateEventW
InterlockedExchangeAdd
GetLocalTime
GetFileSizeEx
HeapCreate
HeapAlloc
HeapFree
UnhandledExceptionFilter
GetStartupInfoW
Sleep
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
InterlockedCompareExchange
GetCurrentThreadId
FindFirstFileW
FindNextFileW
FindClose
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetFileSize
ReadFile
GetTempPathW
WriteFile
CloseHandle
GetLastError
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
CreateDirectoryW
MapViewOfFile
CreateFileW
lstrcmpiA

user32

SetWindowTextW
SendMessageW
CreateWindowExW
GetWindowLongW
SetWindowLongW
GetDlgCtrlID
DefWindowProcW
MessageBoxW
DestroyWindow
MsgWaitForMultipleObjects
wsprintfW
DestroyCursor
DrawTextW
PtInRect
SetCursor
CreateDialogParamW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
RegisterWindowMessageW
GetWindowTextLengthW
CreateAcceleratorTableW
GetSystemMetrics
LoadImageW
RegisterClassExW
CharNextW
GetClassInfoExW
GetFocus
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ClientToScreen
GetSysColor
IsWindow
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowPos
IsDialogMessageW
GetDlgItem
SetDlgItemTextW
IsDlgButtonChecked
GetDlgItemTextW
CheckDlgButton
ShowWindow
ScreenToClient
GetWindowRect
MoveWindow
GetWindowTextW
UnregisterClassA
LoadCursorW

gdi32

GetTextExtentPoint32W
CreateSolidBrush
DeleteDC
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
GetObjectW
GetStockObject
SetTextColor
SetBkMode
CreateFontIndirectW

advapi32

RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW

shell32

CommandLineToArgvW
SHFileOperationW
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitializeEx
OleLockRunning
StringFromGUID2
CoGetClassObject
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CLSIDFromProgID
CLSIDFromString

oleaut32

SafeArrayCreate
SafeArrayAccessData
SafeArrayDestroy
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VarUI4FromStr

shlwapi

StrStrIW
PathIsDirectoryW

comctl32

InitCommonControlsEx

msvcp90

??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIABV12@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
?swap@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXAAV12@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXIG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AV?$_String_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AV?$_String_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ

msvcr90

strncpy_s
strncat_s
_snwprintf
_localtime32
_wcsicmp
tolower
isdigit
isalnum
_snprintf
strftime
fopen_s
feof
fread
_fseeki64
fwrite
wcsncmp
_wcsnicmp
strcat
fopen
fgets
strtok
fclose
wcsftime
wcscpy_s
wcsrchr
strrchr
_localtime64
swprintf_s
memcmp
_recalloc
wcsncpy_s
memcpy_s
malloc
free
wcscat
_swprintf
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??2@YAPAXI@Z
_wcstoi64
wcstoul
memset
memmove_s
_snprintf_s
strlen
strncmp
exit
wcscmp
sprintf
_ftelli64
ferror
_beginthreadex
_wcslwr_s
rand
srand
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_filelength
_fileno
??3@YAXPAX@Z
_time64
??_V@YAXPAX@Z
memcpy
wcschr
wcsstr
__CxxFrameHandler3
strstr
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_snwprintf_s
wcslen
wcsncat_s
_purecall

ws2_32

WSAStartup

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetProcessMemoryInfo
EnumProcessModules
GetModuleFileNameExW
GetModuleFileNameExA
GetModuleInformation

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ab95e824f013e989038e1e074cb58c1a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msvcp90

msvcr90

ws2_32

version

psapi

Sections

.text Size: 138KB - Virtual size: 138KB

.rdata Size: 55KB - Virtual size: 55KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 81KB - Virtual size: 84KB

.text
Size: 138KB - Virtual size: 138KB

.rdata
Size: 55KB - Virtual size: 55KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 81KB - Virtual size: 84KB