512fa710987f813889d77ffaabea92bd26d671e4766b715a13b614a1bf3a5790

Sharing

Copy URL Twitter E-mail

General

Target

512fa710987f813889d77ffaabea92bd26d671e4766b715a13b614a1bf3a5790
Size

2.0MB
MD5

2f4a70db7d782fdc60d820aec28adcd2
SHA1

e1672d70003e01bf1dc25acd23cd9d0ab446e497
SHA256

512fa710987f813889d77ffaabea92bd26d671e4766b715a13b614a1bf3a5790
SHA512

4b2437ba675174813bda3bae0044137a94981ddcbe98d53e5cdb00548a5d11edf9cd892068b608f44d3d5dbac5599f3ab51dee8d1f403bb3ed3737f8ab8903ed
SSDEEP

49152:jm4YYLEULsN3pUEKyUvoz8Gc+J7NroTcPF9N8:TbLEN3prKyUvy8Gci7NroT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
512fa710987f813889d77ffaabea92bd26d671e4766b715a13b614a1bf3a5790

Files

512fa710987f813889d77ffaabea92bd26d671e4766b715a13b614a1bf3a5790
.exe windows:6 windows x86 arch:x86

3a656eb4b8f7dfab4b1ec1dfece8a775

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\youqu_job\SuperBrowser\wirevpnLauncher\7zip\AllAutoBind\bin\Release\up7zupdate.pdb

Imports

ws2_32

getpeername
getsockopt
connect
closesocket
getservbyname
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
socket
WSAGetLastError
WSACleanup
shutdown
htonl
gethostbyname
getsockname
htons
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSAIoctl
setsockopt
ntohs
WSAStartup

wldap32

ord26
ord33
ord27
ord32
ord79
ord200
ord301
ord22
ord143
ord41
ord50
ord60
ord211
ord35
ord46
ord217
ord30

kernel32

GetFileAttributesW
MultiByteToWideChar
LocalFileTimeToFileTime
CloseHandle
GetCurrentDirectoryW
SystemTimeToFileTime
WideCharToMultiByte
GetCurrentProcess
Sleep
MoveFileExA
DeleteFileA
CreateThread
GetProcAddress
GetModuleHandleW
GetACP
FormatMessageW
GetLastError
FindFirstFileW
FindNextFileW
TerminateProcess
GetModuleFileNameW
CreatePipe
FindClose
WaitForSingleObject
DeleteFileW
MoveFileExW
GetModuleFileNameA
FindFirstFileExW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
EnterCriticalSection
GetFullPathNameW
GetStdHandle
OutputDebugStringA
LeaveCriticalSection
InitializeCriticalSection
GetTempPathA
GetWindowsDirectoryA
DeleteCriticalSection
GetComputerNameA
GetCurrentThreadId
RtlCaptureStackBackTrace
GetSystemTimeAsFileTime
SetLastError
FormatMessageA
InitializeCriticalSectionEx
SleepEx
GetTickCount64
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetFileType
PeekNamedPipe
WaitForMultipleObjects
FreeLibrary
VerSetConditionMask
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
FlushConsoleInputBuffer
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount
GlobalMemoryStatus
GetSystemTime
SetConsoleCtrlHandler
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetConsoleMode
SetFilePointer
SetFileTime
WriteFile
ReadFile
CreateDirectoryW
CreateFileW
SetFilePointerEx
GetConsoleCP
ExitProcess
GetCommandLineA
GetCommandLineW
ReadConsoleW
HeapAlloc
HeapFree
GetFileSizeEx
FlushFileBuffers
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetExitCodeProcess
GetFileAttributesExW
SetStdHandle
SetEndOfFile
GetTimeZoneInformation
HeapReAlloc
SetConsoleMode
ReadConsoleInputW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetConsoleOutputCP
CreateProcessW
DuplicateHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
RtlUnwind
GetCPInfo
GetStringTypeW
HeapSize
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
EncodePointer
DecodePointer
LocalFree
LCMapStringEx

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation

advapi32

CryptEnumProvidersA
RegisterServiceCtrlHandlerW
SetServiceStatus
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
ControlService
StartServiceW
OpenServiceW
RegCloseKey
StartServiceCtrlDispatcherW

shell32

SHCreateDirectoryExA
SHFileOperationW

ole32

StringFromGUID2
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoCreateGuid
CoInitializeEx

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

shlwapi

PathFileExistsW
PathStripPathA
PathRemoveFileSpecA

wininet

HttpQueryInfoW
InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle

dbghelp

UnDecorateSymbolName
SymFromAddr
SymSetOptions
SymInitialize
SymCleanup

crypt32

CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertCloseStore

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 450KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a656eb4b8f7dfab4b1ec1dfece8a775

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wldap32

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

dbghelp

crypt32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 450KB - Virtual size: 449KB

.data Size: 46KB - Virtual size: 123KB

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 73KB - Virtual size: 72KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 450KB - Virtual size: 449KB

.data
Size: 46KB - Virtual size: 123KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 73KB - Virtual size: 72KB