Tongbu3_Installer[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Tongbu3_Installer.exe
Size

1.0MB
MD5

27c3a66f3b0f5bed2f246d6d4c258dd3
SHA1

610190bbe50512c19397fda8999c11bde1217344
SHA256

a8db741e482b1bcd64c4f3a93649affe05e55cfb4b3333681a5df234f8512ead
SHA512

28a754fb5d60abe9403bd177ec6b9e53b411d8c1ae91699f4cebdf12b01f778e7bfa173c552a7a7a600479414af3bcece9140d9011481cf5610e98c151cc5ad5
SSDEEP

12288:Hg85Qmg3rHmGuDso9vquCSzV94MtF5qeQnGZ5A5t9ILaFKNTZOYs777:A85aO9lMyCnGrA5KaoOYOH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Tongbu3_Installer.exe

Files

Tongbu3_Installer.exe
.exe windows:5 windows x86 arch:x86

dc16dc32e3b68198eb7adbd28355a0e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\GitWork\tbinstaller\Release\tbinst.pdb

Imports

kernel32

SystemTimeToFileTime
SetFileTime
UnmapViewOfFile
FileTimeToSystemTime
GetFileInformationByHandle
WriteFile
DeleteFileA
ResumeThread
SetThreadPriority
TerminateThread
GetExitCodeThread
SetEvent
SetErrorMode
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
Process32NextW
TerminateProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
FreeLibrary
GetSystemInfo
LoadLibraryA
WinExec
SetFilePointer
CreateMutexW
FindClose
FindNextFileW
FindFirstFileW
GetLongPathNameW
CopyFileW
GetTempPathW
CreateDirectoryW
CreateEventW
GetModuleFileNameA
GetCurrentThreadId
Sleep
CreateThread
GetLocalTime
GetTickCount
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
ReadFile
GetFileSize
CreateFileA
CloseHandle
WaitForSingleObject
CreateProcessW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetModuleFileNameW
GetProcAddress
LoadLibraryW
GlobalUnlock
GlobalLock
GlobalAlloc
InterlockedDecrement
InterlockedIncrement
DosDateTimeToFileTime
DuplicateHandle
MulDiv
GetCurrentDirectoryW
SetEnvironmentVariableA
SetEndOfFile
ReleaseMutex
WriteConsoleW
SetStdHandle
OutputDebugStringW
LoadLibraryExW
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetTimeZoneInformation
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetFileType
ReadConsoleW
GetConsoleMode
GetOEMCP
IsValidCodePage
GetProcessHeap
GetStdHandle
HeapSize
AreFileApisANSI
GetModuleHandleExW
LocalFree
GetCommandLineW
RemoveDirectoryW
GetLastError
DeleteFileW
EnumResourceNamesW
EnumResourceTypesW
GetModuleHandleW
GetStringTypeW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapAlloc
HeapFree
IsDebuggerPresent
IsProcessorFeaturePresent
GetFileAttributesExW
MoveFileExW
GetSystemTimeAsFileTime
GetACP
RaiseException
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess

user32

SetForegroundWindow
ScreenToClient
IsZoomed
AttachThreadInput
GetDesktopWindow
CharLowerBuffW
GetWindowThreadProcessId
ShowWindow
PostQuitMessage
GetForegroundWindow
FindWindowW
SendMessageW
GetParent
SetWindowLongW
GetMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
IsWindow
DestroyWindow
IsWindowVisible
IsIconic
CharNextW
SetFocus
GetActiveWindow
GetFocus
SetCapture
ReleaseCapture
GetDC
ReleaseDC
GetKeyState
EndPaint
GetUpdateRect
InvalidateRect
GetCursorPos
UnionRect
IsRectEmpty
PtInRect
GetWindow
SetWindowRgn
MessageBoxW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
EnableWindow
GetSystemMetrics
SetPropW
GetPropW
LoadCursorW
LoadImageW
wvsprintfW
SetCursor
OffsetRect
CharPrevW
DrawTextW
FillRect
SetRect
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
GetSysColor
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
SetWindowPos
GetMenu
GetWindowLongW
GetClientRect
ClientToScreen
KillTimer
PostMessageW
SetTimer
BeginPaint
IntersectRect
MoveWindow
MapWindowPoints
GetWindowRect
MonitorFromWindow
GetMonitorInfoW

advapi32

CryptReleaseContext
CryptDestroyKey
CryptAcquireContextW
CryptImportKey
CryptSetKeyParam
CryptEncrypt
CryptGetKeyParam
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegQueryValueW
RegOpenKeyW
RegEnumKeyExW
RegQueryInfoKeyW
CryptDestroyHash

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ShellExecuteW
CommandLineToArgvW

ole32

OleLockRunning
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal

shlwapi

PathFileExistsW
PathFileExistsA
PathFindFileNameW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

wininet

HttpOpenRequestW
HttpSendRequestW
InternetQueryOptionW
InternetOpenA
InternetConnectA
InternetAttemptConnect
InternetCloseHandle
HttpOpenRequestA
InternetSetOptionW
HttpAddRequestHeadersA
HttpSendRequestA
InternetReadFile
HttpQueryInfoW
InternetCrackUrlA
InternetCrackUrlW
InternetOpenW
InternetConnectW

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

comctl32

_TrackMouseEvent
ord17

imm32

ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmGetContext

gdi32

CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
DeleteObject
GetStockObject
GdiFlush
GetDeviceCaps
GetObjectA
SetBkMode
CreatePatternBrush
Rectangle
RestoreDC
SaveDC
SelectObject
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
ExtTextOutW
StretchBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
MoveToEx
TextOutW

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

gdiplus

GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCloneBrush
GdipImageGetFrameDimensionsList
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateLineBrushI
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipGraphicsClear
GdipDrawImage
GdipDrawImageRectI
GdipDeleteFontFamily
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFamily
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipGetImageWidth

Sections

.text
Size: 689KB - Virtual size: 688KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc16dc32e3b68198eb7adbd28355a0e0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

version

iphlpapi

wininet

rpcrt4

comctl32

imm32

gdi32

oleaut32

gdiplus

Sections

.text Size: 689KB - Virtual size: 688KB

.rdata Size: 166KB - Virtual size: 166KB

.data Size: 12KB - Virtual size: 218KB

.rsrc Size: 140KB - Virtual size: 139KB

.reloc Size: 37KB - Virtual size: 37KB

.text
Size: 689KB - Virtual size: 688KB

.rdata
Size: 166KB - Virtual size: 166KB

.data
Size: 12KB - Virtual size: 218KB

.rsrc
Size: 140KB - Virtual size: 139KB

.reloc
Size: 37KB - Virtual size: 37KB