9ec2727614d4c1141f31cc4b900b9a68e44beb2c751026432d47210cb5c6866d

Sharing

Copy URL Twitter E-mail

General

Target

9ec2727614d4c1141f31cc4b900b9a68e44beb2c751026432d47210cb5c6866d
Size

3.4MB
MD5

ec11ad838982bd3e4b3c78c14b3f1869
SHA1

e6a7135c74905e119773da2fb105b546898b7a40
SHA256

9ec2727614d4c1141f31cc4b900b9a68e44beb2c751026432d47210cb5c6866d
SHA512

529655ef721551f36565bcb30d7ddb85402ebcc52d8a4f4a99156f916db504dacc930516668da4517ed7cda14da461c0a9fc5cd205fde343c45e10428acdcd18
SSDEEP

49152:5tXfbUhrov6fcWFdSwj96LXcSPiOsGDSEIVhpU1yIVftPO6VNELAe+M2L:5tXDUBdfSPi6yhpUJfk6IA1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ec2727614d4c1141f31cc4b900b9a68e44beb2c751026432d47210cb5c6866d

Files

9ec2727614d4c1141f31cc4b900b9a68e44beb2c751026432d47210cb5c6866d
.exe windows:6 windows x86 arch:x86

b91491f75fceae0d85d86b5e77e97c4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\landun\pinyin_agent\workspace\p-f93f0d74ed8a49278e11882bf2562c5a\src\bin\Release_Win32\SogouComMgr.pdb

Imports

kernel32

VerifyVersionInfoW
DeleteFiber
ConvertFiberToThread
SetConsoleMode
ReadConsoleA
LoadLibraryA
MoveFileW
VerSetConditionMask
UnmapViewOfFile
DeleteFileW
GetTempPathW
FindClose
CreateSemaphoreW
TerminateThread
InitializeCriticalSection
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
GetExitCodeProcess
GetTickCount
GetTempFileNameW
DebugBreak
GetCurrentProcessId
DeleteCriticalSection
DecodePointer
CloseHandle
GetLastError
Sleep
WaitForSingleObject
InitializeCriticalSectionEx
FindNextFileW
FindFirstFileW
GlobalFree
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
GlobalHandle
WriteConsoleW
HeapSize
SetConsoleCtrlHandler
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapReAlloc
GetStdHandle
PeekNamedPipe
GetDriveTypeW
ExitProcess
GetConsoleMode
GetConsoleOutputCP
GetFileType
SetStdHandle
GetTimeZoneInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
RtlUnwind
GetCPInfo
GetStringTypeW
OutputDebugStringA
GetFileAttributesW
OutputDebugStringW
QueryPerformanceFrequency
GlobalLock
QueryPerformanceCounter
GlobalUnlock
GetVersionExW
GetCommandLineW
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
GetProcAddress
FreeLibrary
ReadFile
SetLastError
GetCurrentProcess
WriteFile
SetFilePointer
CreateFileW
GetCurrentThreadId
DuplicateHandle
ExitThread
CreateEventW
FormatMessageW
CreateThread
LocalFree
GetFileSize
GetSystemDirectoryW
LoadLibraryW
GetModuleHandleW
OpenMutexW
LoadLibraryExW
RemoveDirectoryW
SetFileAttributesW
FileTimeToSystemTime
MoveFileExW
CreateDirectoryW
GetProcessId
CreateProcessW
CopyFileW
GetFileTime
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
OpenEventW
lstrlenW
HeapFree
GetFullPathNameW
lstrlenA
LocalAlloc
HeapAlloc
GetProcessHeap
CreateMutexW
ReleaseMutex
GetWindowsDirectoryW
FlushFileBuffers
VirtualFree
VirtualAlloc
SetEvent
GetCurrentDirectoryW
ReleaseSRWLockExclusive
GetLocalTime
FindFirstFileExW
GetFileSizeEx
SetEndOfFile
GetFileInformationByHandle
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
IsDebuggerPresent
RaiseException
SetEnvironmentVariableW
GetEnvironmentVariableW
GetNativeSystemInfo
TerminateProcess
VirtualQuery
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
ResetEvent
GetQueuedCompletionStatus
CreateIoCompletionPort
lstrcatW
lstrcpyW
WaitForSingleObjectEx
TransactNamedPipe
SetNamedPipeHandleState
WaitNamedPipeW
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
InitializeSRWLock
EncodePointer
LCMapStringEx

user32

MessageBoxW
GetMessageW
DestroyWindow
MoveWindow
GetWindowRect
LoadCursorW
RegisterClassExW
EndPaint
BeginPaint
ReleaseDC
IsIconic
ReleaseCapture
GetParent
KillTimer
AppendMenuW
SetCursor
SetCapture
SetPropW
DestroyMenu
IsWindowEnabled
TrackMouseEvent
SetMenuItemInfoW
ClientToScreen
SetTimer
CreateWindowExW
GetWindowPlacement
SetWindowPos
CreatePopupMenu
GetSystemMetrics
GetPropW
IsWindowVisible
InsertMenuItemW
CallWindowProcW
GetKeyState
PtInRect
GetDesktopWindow
DrawTextW
UpdateLayeredWindow
GetFocus
IntersectRect
GetMonitorInfoW
MonitorFromPoint
SubtractRect
SetRectEmpty
CharNextW
LoadStringW
DefWindowProcW
wsprintfW
wvsprintfW
GetProcessWindowStation
GetUserObjectInformationW
ScreenToClient
GetDC
PostQuitMessage
SystemParametersInfoW
GetCursorPos
SendMessageW
ShowWindow
NotifyWinEvent
EnableWindow
TrackPopupMenu
IsWindow
DispatchMessageW
TranslateMessage
LoadIconW
FindWindowW
RegisterWindowMessageW
SetForegroundWindow
GetWindowTextW
GetWindowLongW
GetClientRect
SetWindowLongW
PostMessageW

advapi32

RegCloseKey
GetAce
GetAclInformation
SetFileSecurityW
BuildExplicitAccessWithNameW
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
LookupAccountSidW
GetTokenInformation
OpenProcessToken
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
LookupAccountNameW
AddAccessAllowedAce
GetLengthSid
AddAccessAllowedAceEx
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptAcquireContextW
CryptDecrypt
CryptSetKeyParam
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
InitializeAcl
InitializeSecurityDescriptor
GetFileSecurityW
AddAce
SetSecurityDescriptorSacl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegDeleteValueW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
EqualSid

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
OleCreate
OleSetContainedObject

oleaut32

SysAllocString
VariantInit
SysFreeString
VariantClear

imm32

ImmDisableIME

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetProcessMemoryInfo

msimg32

AlphaBlend

oleacc

AccessibleObjectFromWindow
LresultFromObject

wininet

HttpEndRequestW
HttpSendRequestExW
InternetConnectA
HttpAddRequestHeadersW
InternetCrackUrlA
InternetQueryOptionW
InternetReadFile
InternetSetOptionW
InternetCloseHandle
HttpQueryInfoW
InternetOpenW
InternetOpenUrlW
HttpOpenRequestA
InternetWriteFile

ws2_32

closesocket
WSASetLastError
send
WSAGetLastError
WSACleanup
recv

shell32

SHGetKnownFolderPath
CommandLineToArgvW
SHChangeNotify
SHFileOperationW
ShellExecuteExW
ShellExecuteW
SHGetFolderPathW

shlwapi

PathMatchSpecW

winmm

timeGetTime

gdi32

GetFontData
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
SetTextColor
SetBkMode
SetTextCharacterExtra
CreateDIBSection
GetObjectW
DeleteObject
CreateFontIndirectW

winhttp

WinHttpReadData
WinHttpWriteData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpen
WinHttpSetOption
WinHttpConnect
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpenRequest
WinHttpQueryOption
WinHttpAddRequestHeaders
WinHttpCrackUrl
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpSetTimeouts
WinHttpQueryDataAvailable
WinHttpCloseHandle

crypt32

CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateContext
CertGetCertificateContextProperty

bcrypt

BCryptGenRandom

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 678KB - Virtual size: 678KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 53KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 199KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b91491f75fceae0d85d86b5e77e97c4f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

imm32

version

psapi

msimg32

oleacc

wininet

ws2_32

shell32

shlwapi

winmm

gdi32

winhttp

crypt32

bcrypt

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 678KB - Virtual size: 678KB

.data Size: 53KB - Virtual size: 129KB

.rsrc Size: 164KB - Virtual size: 164KB

.reloc Size: 199KB - Virtual size: 200KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 678KB - Virtual size: 678KB

.data
Size: 53KB - Virtual size: 129KB

.rsrc
Size: 164KB - Virtual size: 164KB

.reloc
Size: 199KB - Virtual size: 200KB