7ca0c85723b3e575dde294e4e4d377adc6a7e981b8632edeb75d9559da7e6176

Sharing

Copy URL Twitter E-mail

General

Target

7ca0c85723b3e575dde294e4e4d377adc6a7e981b8632edeb75d9559da7e6176
Size

6.0MB
MD5

ac6d7431ca7fde9bb34413496dde96c7
SHA1

238f2e747dc875c4e131bf84a14c20b271ff29c6
SHA256

7ca0c85723b3e575dde294e4e4d377adc6a7e981b8632edeb75d9559da7e6176
SHA512

710499bcbe36eaeb4c03a435989f9b5cb6ddbf353ba5f99c07a442936574e29cba0722a1d643e23e20eefa767dff3e401a2c6f02e3dbeaf2a7b53b849737201b
SSDEEP

98304:n/Xlxd8uoE1lCPVHPRpc7E2/OCZ9tC2ZJph0tJKTNkatLS4iveTN:nWuogCPVH3T8e2ZSf94ive

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ca0c85723b3e575dde294e4e4d377adc6a7e981b8632edeb75d9559da7e6176

Files

7ca0c85723b3e575dde294e4e4d377adc6a7e981b8632edeb75d9559da7e6176
.exe windows:6 windows x86 arch:x86

d4f258036de594d19cc8b4a20b9909b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\landun\pinyin_agent\workspace\p-f93f0d74ed8a49278e11882bf2562c5a\src\bin\Release_Win32\SGIGuideHelper.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

InitOnceComplete
PeekNamedPipe
DeleteFiber
ConvertFiberToThread
SetConsoleMode
ReadConsoleA
LoadLibraryA
CreateDirectoryW
ReadFile
SetLastError
GetCurrentProcess
WriteFile
RemoveDirectoryW
GetTempPathW
CreateFileW
GetFileAttributesW
UnmapViewOfFile
SetFileAttributesW
GetLastError
GetFileAttributesExW
DeleteFileW
GetCurrentDirectoryW
MoveFileExW
ReplaceFileW
CopyFileW
CreateFileMappingW
MapViewOfFile
MoveFileW
ReleaseSRWLockExclusive
OutputDebugStringA
GetLocalTime
FormatMessageA
GetTickCount
GetCommandLineW
LocalFree
GetVersionExW
GetNativeSystemInfo
GetModuleHandleA
CreateEventW
GetFileSizeEx
SetFileTime
SetEndOfFile
DuplicateHandle
GetFileInformationByHandle
GetSystemTime
FlushFileBuffers
SetThreadPriority
QueryThreadCycleTime
FileTimeToSystemTime
GetCurrentThread
QueryPerformanceFrequency
GetThreadPriority
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
FindFirstFileExW
FindNextFileW
FindClose
GetProcessId
GetSystemDirectoryW
GetWindowsDirectoryW
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
MultiByteToWideChar
WideCharToMultiByte
GetThreadId
IsDebuggerPresent
RaiseException
CreateThread
GetDiskFreeSpaceExW
TlsGetValue
SetEnvironmentVariableW
GetEnvironmentVariableW
TerminateProcess
OpenProcess
GetExitCodeProcess
VirtualFree
VirtualAlloc
OpenFileMappingW
VirtualQuery
SetEvent
ResetEvent
InitOnceBeginInitialize
GetProcessTimes
TlsSetValue
TlsAlloc
TlsFree
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
SleepConditionVariableSRW
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
LoadLibraryW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
InitializeCriticalSectionAndSpinCount
lstrlenW
SetFilePointer
FormatMessageW
lstrcatW
CreateProcessW
lstrcpyW
FreeLibrary
FindFirstFileW
GetTempFileNameW
GetFileTime
ExitThread
GetFileSize
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LoadLibraryExW
OpenEventW
CreateMutexW
ReleaseMutex
DecodePointer
HeapFree
GetFullPathNameW
LocalAlloc
OutputDebugStringW
HeapAlloc
GetProcessHeap
InitializeCriticalSection
WaitForSingleObjectEx
TransactNamedPipe
SetNamedPipeHandleState
WaitNamedPipeW
GetStdHandle
GetConsoleMode
GetTimeZoneInformation
TerminateThread
LocalFileTimeToFileTime
VerSetConditionMask
MulDiv
VerifyVersionInfoW
ExitProcess
GetACP
lstrcmpiW
lstrcpynW
GetExitCodeThread
InitializeSRWLock
InitializeCriticalSectionEx
EncodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetStdHandle
GetFileType
GetConsoleOutputCP
HeapReAlloc
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
GetDriveTypeW
IsValidCodePage
GetOEMCP
SetConsoleCtrlHandler
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
WriteConsoleW
OpenMutexW
CloseHandle
Sleep
WaitForSingleObject
GetCurrentThreadId
FindResourceW
LoadResource
LockResource
FreeResource
SizeofResource
GetModuleHandleW
GetCurrentProcessId
GetProcAddress
GetModuleFileNameW
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
SetFilePointerEx

user32

UnionRect
OffsetRect
PtInRect
LoadImageW
NotifyWinEvent
GetWindowPlacement
CreatePopupMenu
AppendMenuW
TrackPopupMenu
InsertMenuItemW
SetMenuItemInfoW
SetWindowRgn
EqualRect
SetCursor
InflateRect
CallWindowProcW
GetClassInfoExW
EnableWindow
SetPropW
GetPropW
UpdateLayeredWindow
MoveWindow
GetWindowRgn
RemovePropW
CharPrevW
DrawTextW
FillRect
SetRect
DestroyMenu
EnableMenuItem
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetSysColor
UpdateWindow
CopyRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
GetParent
ReleaseDC
MessageBoxW
wvsprintfW
SendMessageTimeoutW
UnregisterClassW
RegisterClassExW
SetTimer
GetQueueStatus
KillTimer
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
TranslateMessage
MapWindowPoints
ScreenToClient
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
IsWindowEnabled
ReleaseCapture
SetCapture
GetKeyState
GetActiveWindow
SetFocus
IsZoomed
WaitMessage
CallMsgFilterW
wsprintfW
CharNextW
GetFocus
SetRectEmpty
GetGUIThreadInfo
MonitorFromPoint
GetDC
GetProcessWindowStation
GetUserObjectInformationW
PostMessageW
SetClipboardData
EmptyClipboard
MonitorFromWindow
GetSystemMetrics
GetMonitorInfoW
IntersectRect
GetCaretPos
CloseClipboard
GetWindow
GetWindowRect
ClientToScreen
IsRectEmpty
GetCursorPos
IsWindowVisible
IsWindow
FindWindowW
GetClientRect
GetWindowLongW
GetWindowThreadProcessId
DefWindowProcW
DestroyWindow
SetWindowPos
CreateWindowExW
SendMessageW
ShowWindow
RegisterClassW
AttachThreadInput
GetForegroundWindow
LoadIconW
LoadCursorW
SetWindowLongW
PostQuitMessage
SetForegroundWindow
GetAncestor
IsIconic
RegisterWindowMessageW
OpenClipboard

gdi32

SaveDC
GetStockObject
RestoreDC
CreateEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetFontData
CreatePen
CreateDCW
CloseEnhMetaFile
TextOutW
RemoveFontResourceW
GdiFlush
CreatePatternBrush
GetTextExtentPointA
GetBitmapBits
MoveToEx
SetTextColor
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleBitmap
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
StretchBlt
GetDeviceCaps
DeleteDC
DeleteObject
SetStretchBltMode
SetBkMode
AddFontResourceW
SetBitmapBits
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
CreateRectRgn
PtInRegion
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
SetBkColor
ExtSelectClipRgn
SelectClipRgn
LineTo
GetTextExtentPoint32W
GetDIBits
GetClipBox

advapi32

BuildExplicitAccessWithNameW
CryptEnumProvidersW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptReleaseContext
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptSetKeyParam
CryptDecrypt
CryptAcquireContextW
GetSecurityDescriptorSacl
CryptSetHashParam
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
AddAccessAllowedAceEx
GetLengthSid
RegOpenKeyW
EventWrite
EventRegister
EventUnregister
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
RegCreateKeyExW
RegSetValueExW
CryptGetProvParam
CryptGetUserKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptExportKey
RegDeleteValueW
LookupAccountSidW

ole32

CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance
OleLockRunning
DoDragDrop
OleDuplicateData
ReleaseStgMedium
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoTaskMemFree

shlwapi

PathMatchSpecW
StrToIntW

psapi

GetProcessMemoryInfo

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmDisableIME
ImmGetContext
ImmSetCandidateWindow

comctl32

ord17
InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipCreateLineBrushFromRect
GdipSetLineBlend
GdipCreatePen2
GdipImageRotateFlip
GdipResetClip
GdipSetClipRectI
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipImageGetFrameDimensionsList
GdipImageSelectActiveFrame
GdipGetImageHeight
GdipGetImageWidth
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStream
GdipSetPenDashStyle
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipImageGetFrameDimensionsCount
GdipImageGetFrameCount
GdipCreateSolidFill
GdipDeleteBrush
GdipAddPathArc
GdipAddPathLine
GdipDeletePath
GdipCreatePath
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRect
GdipDrawArc
GdipSetWorldTransform

msimg32

AlphaBlend

oleacc

LresultFromObject

shell32

ShellExecuteExW
SHGetKnownFolderPath
CommandLineToArgvW
SHGetFolderPathW
DragQueryFileW
ShellExecuteW
SHFileOperationW

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

winmm

timeSetEvent
timeBeginPeriod
timeGetTime
timeEndPeriod
timeKillEvent

ws2_32

WSACleanup
WSAGetLastError
gethostbyname
gethostname
WSAStartup
recv
send
WSASetLastError
closesocket

imagemagik

ImageMagickEx_FreePNGBuffer
ImageMagickEx_SVGToPNGBufferByDpi

winhttp

WinHttpQueryHeaders
WinHttpSetOption
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpCrackUrl
WinHttpReadData
WinHttpWriteData
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest
WinHttpQueryOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryDataAvailable

wininet

HttpOpenRequestW
InternetOpenUrlW
InternetConnectA
HttpSendRequestExW
HttpEndRequestW
InternetCrackUrlA
InternetWriteFile
HttpOpenRequestA
HttpAddRequestHeadersW
InternetReadFile
InternetSetOptionW
InternetConnectW
InternetCloseHandle
InternetQueryOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetOpenW
HttpQueryInfoA
HttpSendRequestW

crypt32

CertEnumCertificatesInStore
CertFreeCertificateContext
CertCloseStore
CertOpenStore
CertDuplicateCertificateContext
CertFindCertificateInStore
CertGetCertificateContextProperty

bcrypt

BCryptGenRandom

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 928KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4f258036de594d19cc8b4a20b9909b5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

advapi32

ole32

shlwapi

psapi

imm32

comctl32

gdiplus

msimg32

oleacc

shell32

oleaut32

winmm

ws2_32

imagemagik

winhttp

wininet

crypt32

bcrypt

Exports

Exports

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 928KB - Virtual size: 928KB

.data Size: 107KB - Virtual size: 275KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 219KB - Virtual size: 218KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 928KB - Virtual size: 928KB

.data
Size: 107KB - Virtual size: 275KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 219KB - Virtual size: 218KB