6d29f742132d9d9918b583cdaf182f680410973d969442730860ba5c83bec735

Sharing

Copy URL Twitter E-mail

General

Target

6d29f742132d9d9918b583cdaf182f680410973d969442730860ba5c83bec735
Size

472KB
MD5

150726268a253185e450cd1695dc2a89
SHA1

dd51f403826b15d43cc34cebf792acbad409566f
SHA256

6d29f742132d9d9918b583cdaf182f680410973d969442730860ba5c83bec735
SHA512

9fb66ccf03d50b0356f01ec875f1d94e36be155e5d0b5318f15c8bec123ac7fdd3bc28b9750dc998ae2fe691223fb78cedb082f42d18efbde2a1675faaeb302d
SSDEEP

6144:Nh5b35tjncIfYUWMVgJ9qS3LrgemdnSXiUG52AOdnKuramW/p9SQsN0Z+1iM:JbjncAYLMUn3PHXiUG52nvGTp4KZu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6d29f742132d9d9918b583cdaf182f680410973d969442730860ba5c83bec735

Files

6d29f742132d9d9918b583cdaf182f680410973d969442730860ba5c83bec735
.exe windows:5 windows x86 arch:x86

104e4f6fb9b7c32b365a39203c672367

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\project\wubi\WB_5_2\bin\SogouPdb\SogouWubi\ErrorReport.pdb

Imports

kernel32

CreateFileW
GetCurrentThreadId
ExitThread
CreateEventW
FormatMessageW
GlobalAlloc
GlobalFree
CreateThread
LocalFree
GetFileSize
CreateProcessW
MultiByteToWideChar
WideCharToMultiByte
OpenEventW
Sleep
HeapFree
GetCommandLineW
GetTempPathW
HeapAlloc
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
GlobalLock
GlobalUnlock
FindNextFileW
FindClose
GetFileAttributesW
GetSystemDirectoryW
SetFileAttributesW
DeleteFileW
LoadLibraryW
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
CreateDirectoryW
LocalAlloc
GetModuleFileNameW
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection
CreateMutexW
ReleaseMutex
OpenMutexW
FreeLibrary
FlushFileBuffers
GetStringTypeW
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
UnhandledExceptionFilter
InterlockedIncrement
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
RaiseException
LoadLibraryExW
FindFirstFileExW
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
HeapReAlloc
ExitProcess
GetStdHandle
GetACP
GetDateFormatW
GetTimeFormatW
GetFileType
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
GetConsoleCP
GetConsoleMode
HeapSize
SetFilePointerEx
WriteConsoleW
WriteFile
GetCurrentProcess
SetLastError
ReadFile
QueryPerformanceCounter
CloseHandle
ResetEvent
SetEvent
WaitForSingleObject
GetLastError
InterlockedDecrement
GetProcessHeap
SetUnhandledExceptionFilter

advapi32

RegOpenKeyExW
GetTokenInformation
LookupAccountSidW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
OpenProcessToken
BuildExplicitAccessWithNameW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
SetSecurityInfo
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAceEx

imm32

ImmDisableIME

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

GetWindowThreadProcessId
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
GetSystemMetrics
SetRectEmpty
MessageBoxW
IsWindowVisible
GetClassNameW

shell32

ShellExecuteW
SHGetFolderPathW

Sections

.text
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 19KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

104e4f6fb9b7c32b365a39203c672367

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

imm32

version

user32

shell32

Sections

.text Size: 227KB - Virtual size: 227KB

.rdata Size: 118KB - Virtual size: 117KB

.data Size: 19KB - Virtual size: 39KB

.rsrc Size: 93KB - Virtual size: 96KB

.text
Size: 227KB - Virtual size: 227KB

.rdata
Size: 118KB - Virtual size: 117KB

.data
Size: 19KB - Virtual size: 39KB

.rsrc
Size: 93KB - Virtual size: 96KB