85900b9e822cc854c86c2244e263e1bc7f0f6d8ebe567b44d2de3a107d59cddb

Sharing

Copy URL Twitter E-mail

General

Target

85900b9e822cc854c86c2244e263e1bc7f0f6d8ebe567b44d2de3a107d59cddb
Size

5.5MB
MD5

1f6c664df9076df365f05af7114a3bd9
SHA1

4c4d01ec02eaffffac24687cb7e3c63c2f55fa97
SHA256

85900b9e822cc854c86c2244e263e1bc7f0f6d8ebe567b44d2de3a107d59cddb
SHA512

69d5ba15a72de224ee6e5a85e7bcda12c4dcc5f6d9cf01ac3932da5a71eb7c84b35a2bfc6306435926c248de11837f4432357eb84c5445dadf21bfbb603bc504
SSDEEP

49152:PhXS1fcJSBimdjRYLLeLXGqPnJwVAOL0tqgCNijm9zqBA9FEOtPbWp6Ex46c+Ye:PhX2f4XuLAwtqgCwCzqAEOZWN4L5e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85900b9e822cc854c86c2244e263e1bc7f0f6d8ebe567b44d2de3a107d59cddb

Files

85900b9e822cc854c86c2244e263e1bc7f0f6d8ebe567b44d2de3a107d59cddb
.exe windows:6 windows x86 arch:x86

4c7d2f482b6e810107b4394e5e4224a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\landun\pinyin_agent\workspace\p-f93f0d74ed8a49278e11882bf2562c5a\src\bin\Release_Win32\crashrpt.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoSizeA

kernel32

FindFirstFileW
SetLastError
FindNextFileW
RemoveDirectoryW
GetTempPathW
FindClose
GetFileAttributesW
GetSystemDirectoryW
SetFileAttributesW
GetLogicalDriveStringsW
Process32NextW
GlobalSize
FileTimeToSystemTime
GlobalAlloc
Process32FirstW
GlobalLock
MoveFileExW
GetTempFileNameW
GlobalUnlock
GetCommandLineW
OpenMutexW
CreateDirectoryW
SetFileTime
GetProcessId
WaitForSingleObject
GetFileAttributesExW
DeleteFileW
GlobalFree
SystemTimeToFileTime
CopyFileW
GetFileTime
GetExitCodeProcess
DuplicateHandle
ExitThread
CreateEventW
CreateThread
LocalFree
InitializeCriticalSectionAndSpinCount
GetVersionExW
LoadLibraryExW
GetWindowsDirectoryW
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
HeapFree
GetFullPathNameW
lstrlenA
LocalAlloc
OutputDebugStringW
HeapAlloc
GetProcessHeap
DebugBreak
CreateMutexW
ReleaseMutex
VirtualFree
VirtualAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
InitializeCriticalSection
SetEvent
OpenFileMappingW
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingW
MapViewOfFile
FormatMessageA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetLocaleInfoEx
EncodePointer
LCMapStringEx
SetFileInformationByHandle
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitOnceExecuteOnce
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
CreateEventExW
CreateSemaphoreExW
lstrcatW
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetFileInformationByHandleEx
CreateSymbolicLinkW
GetStringTypeW
CompareStringEx
QueryDosDeviceW
RaiseException
UnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
InitializeSListHead
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCommandLineA
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetCurrentThread
ExitProcess
GetStdHandle
HeapSize
HeapReAlloc
GetFileType
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
SetStdHandle
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
SetConsoleCtrlHandler
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
SetEndOfFile
GetEnvironmentVariableW
WaitForMultipleObjects
HeapUnlock
HeapWalk
HeapLock
SwitchToThread
IsWow64Process
FindResourceW
LoadResource
LockResource
SizeofResource
UnregisterWaitEx
RegisterWaitForSingleObject
RtlCaptureStackBackTrace
GetSystemInfo
GetProcessIoCounters
GetProcessTimes
HeapSetInformation
GetUserDefaultLangID
ExpandEnvironmentStringsW
GetDiskFreeSpaceExW
GetPriorityClass
SetPriorityClass
GetNativeSystemInfo
GetThreadId
SystemTimeToTzSpecificLocalTime
GetThreadPriority
TzSpecificLocalTimeToSystemTime
QueryThreadCycleTime
SetThreadPriority
UnlockFile
GetFileInformationByHandle
LockFile
MoveFileW
ReplaceFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetVolumePathNameW
GetLongPathNameW
GetVolumeInformationW
FormatMessageW
GetCurrentThreadId
CreateFileW
SetFilePointer
GetModuleFileNameW
TerminateProcess
WriteFile
lstrlenW
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualQuery
GetTickCount
lstrcpyW
GetModuleHandleW
CreateProcessW
GetCurrentProcessId
GetLocalTime
IsBadWritePtr
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
SetConsoleMode
ReadConsoleA
SetInformationJobObject
GetCPInfo
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
LoadLibraryW
GetModuleHandleExA
TerminateThread
OpenMutexA
CreateMutexA
OutputDebugStringA
FreeLibrary
MultiByteToWideChar
GetSystemDirectoryA
Sleep
ReadFile
GetFileSize
CreateFileA
GlobalMemoryStatusEx
Process32Next
Process32First
CreateToolhelp32Snapshot
WideCharToMultiByte
CopyFileA
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
ReadProcessMemory
OpenProcess
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
CloseHandle
DecodePointer
GetFileAttributesA
CreateDirectoryA
FlushProcessWriteBuffers
PeekNamedPipe
DeleteFiber
SwitchToFiber
VerifyVersionInfoW
VerSetConditionMask
GetDriveTypeW

user32

DefWindowProcW
DestroyWindow
LoadStringW
RegisterClassExW
SetWindowLongW
PostMessageW
CreateWindowExW
CharNextW
TranslateMessage
SetTimer
GetQueueStatus
WindowFromPoint
UnregisterClassW
GetFocus
SetRectEmpty
GetGUIThreadInfo
MsgWaitForMultipleObjectsEx
GetWindowLongW
GetWindowThreadProcessId
PeekMessageW
FindWindowExW
DispatchMessageW
SendMessageTimeoutW
GetDC
IsWindowVisible
SetWindowPos
keybd_event
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
ShowWindow
IsWindow
OpenClipboard
GetMonitorInfoW
CloseClipboard
EmptyClipboard
AttachThreadInput
GetForegroundWindow
EnumClipboardFormats
EnumWindows
GetClipboardData
GetClassNameW
SetClipboardData
GetDesktopWindow
SystemParametersInfoW
GetParent
SetForegroundWindow
IsIconic
ReleaseDC
wvsprintfW
wsprintfW
GetProcessWindowStation
GetUserObjectInformationW
GetWindowRect
UnregisterClassA
MonitorFromPoint
MessageBoxW
KillTimer

advapi32

RegCloseKey
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
RegNotifyChangeKeyValue
GetSidSubAuthority
GetSidSubAuthorityCount
EventUnregister
ReportEventW
RegisterEventSourceW
DeregisterEventSource
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetFileSecurityW
GetAclInformation
GetAce
EqualSid
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetSecurityDescriptorSacl
AddAce
GetFileSecurityW
InitializeSecurityDescriptor
InitializeAcl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
AddAccessAllowedAceEx
GetLengthSid
AddAccessAllowedAce
LookupAccountNameW
LookupAccountSidW
RegEnumKeyW
CryptCreateHash
SystemFunction036
RegOpenKeyExW
RegQueryValueExA
EventRegister
RegQueryInfoKeyW
RegFlushKey
CryptExportKey
CryptGetUserKey
RegCreateKeyExW
CryptGetProvParam
RegDeleteValueW
RegEnumValueW
RegDeleteKeyW
CryptSetHashParam
CryptAcquireContextW
CryptDecrypt
CryptSetKeyParam
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext
RegEnumKeyExW
OpenProcessToken
GetTokenInformation
RegSetValueExW
RegOpenKeyW
RegQueryValueExW
EventWrite

imm32

ImmDisableIME

psapi

QueryWorkingSetEx
GetProcessMemoryInfo
GetModuleFileNameExW
GetModuleInformation
GetPerformanceInfo
GetMappedFileNameW

wininet

HttpOpenRequestW
InternetConnectW
InternetOpenA
InternetCloseHandle
HttpAddRequestHeadersW
InternetConnectA
InternetOpenUrlA
InternetReadFile
InternetQueryOptionA
InternetSetOptionA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetSetOptionW
HttpSendRequestExW
HttpEndRequestW
HttpQueryInfoW
InternetOpenW
InternetCrackUrlA
InternetWriteFile
InternetQueryOptionW
HttpEndRequestA
HttpQueryInfoA

gdi32

CreateCompatibleDC
DeleteDC
BitBlt
SelectObject
CreateDIBSection
DeleteObject
StretchBlt
GetDeviceCaps

shell32

SHFileOperationW
CommandLineToArgvW
SHGetKnownFolderPath
ShellExecuteExW
SHGetFolderPathW
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx
CoTaskMemFree

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

dbghelp

SymFromAddr
SymSetOptions
StackWalk64
SymGetSearchPathW
SymInitialize
SymGetModuleBase64
SymSetSearchPathW
SymGetLineFromAddr64
SymFunctionTableAccess64

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod

shlwapi

PathMatchSpecW

ws2_32

listen
connect
closesocket
bind
accept
getsockopt
send
recv
getnameinfo
freeaddrinfo
setsockopt
socket
getaddrinfo
WSAGetLastError
WSASetLastError
WSACleanup
ioctlsocket
WSAStartup
gethostbyname
getsockname
ntohs

winhttp

WinHttpGetProxyForUrl
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpQueryOption
WinHttpOpenRequest
WinHttpConnect
WinHttpSetTimeouts
WinHttpOpen
WinHttpWriteData
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpCrackUrl
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetOption

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

bcrypt

BCryptGenRandom

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 856KB - Virtual size: 856KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 55KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4c7d2f482b6e810107b4394e5e4224a6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

imm32

psapi

wininet

gdi32

shell32

ole32

oleaut32

dbghelp

winmm

shlwapi

ws2_32

winhttp

crypt32

bcrypt

Exports

Exports

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.rdata Size: 856KB - Virtual size: 856KB

.data Size: 55KB - Virtual size: 214KB

.rsrc Size: 88KB - Virtual size: 88KB

.text
Size: 4.5MB - Virtual size: 4.5MB

.rdata
Size: 856KB - Virtual size: 856KB

.data
Size: 55KB - Virtual size: 214KB

.rsrc
Size: 88KB - Virtual size: 88KB