af5d8f3250a0a8ab3da193c4dac6520f4a0cbe6d4716b36a6cf71b0d07655858

Sharing

Copy URL

Twitter E-mail

General

Target

af5d8f3250a0a8ab3da193c4dac6520f4a0cbe6d4716b36a6cf71b0d07655858
Size

47KB
MD5

682b4e755472e5b74b94a385bb2ad851
SHA1

f2d6b19ae09fef7ebcc80b9cbaf3cd69d872894b
SHA256

af5d8f3250a0a8ab3da193c4dac6520f4a0cbe6d4716b36a6cf71b0d07655858
SHA512

9bc195375c134e84a84c03d4be0babff5af07870a4159d12d9e0f83aa11680562e6ad2197f018fe3146ff382ba52bd6d25e3d2b610ad6efdc1e2d008ed2214a0
SSDEEP

768:fbroIeUfqcJ+2g0Za2vWYxYBHVfPlelwODpQkxmzeLeWkC3TaAF/uNpv:veUY0c6AP16wODqkxXLe2TaAdurv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af5d8f3250a0a8ab3da193c4dac6520f4a0cbe6d4716b36a6cf71b0d07655858

Files

af5d8f3250a0a8ab3da193c4dac6520f4a0cbe6d4716b36a6cf71b0d07655858
.exe windows:5 windows x86 arch:x86

90d23a0829acb75ecbe82976ca15d8f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\buildbot\build1\kugou\build\Release\Win32\service.pdb

Imports

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

kernel32

ReadFile
CloseHandle
ConnectNamedPipe
DisconnectNamedPipe
lstrcpyW
lstrcatW
CreateEventW
LoadLibraryW
CreateProcessW
CreateFileW
CreateNamedPipeW
WaitNamedPipeW
WriteFile
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
QueryPerformanceCounter
WaitForSingleObject
InitializeSListHead
SetLastError
LocalFree
LocalAlloc
GlobalFree
GlobalAlloc
InterlockedDecrement
MultiByteToWideChar
FindResourceW
GetCommandLineW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetCurrentThreadId
RaiseException
GetProcAddress
FreeLibrary
InterlockedCompareExchange
InterlockedExchange
UnhandledExceptionFilter
OutputDebugStringW
GetVersionExW
GetCurrentProcessId
GetSystemTimeAsFileTime
IsDebuggerPresent

user32

TranslateMessage
DispatchMessageW
GetMessageW
wsprintfW
LoadStringW
CharNextW
CharUpperW

advapi32

RegisterEventSourceW
StartServiceW
CreateServiceW
ChangeServiceConfig2W
ChangeServiceConfigW
CreateProcessAsUserW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
EqualSid
GetTokenInformation
DuplicateToken
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CloseServiceHandle
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
ReportEventW
DeregisterEventSource

shell32

CommandLineToArgvW

ole32

CoCreateGuid
CoCreateInstance
CoReleaseServerProcess
CoAddRefServerProcess
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VarUI4FromStr

shlwapi

PathRemoveBackslashW
PathRemoveFileSpecW

msvcp140

?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

vcruntime140

__vcrt_InitializeCriticalSectionEx
__std_exception_copy
__std_exception_destroy
_except_handler4_common
memmove
wcsrchr
memcpy
__CxxFrameHandler3
memset
wcsstr
_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_cexit
_seh_filter_exe
_set_app_type
_initialize_onexit_table
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_controlfp_s
_invalid_parameter_noinfo_noreturn
_errno
_invalid_parameter_noinfo
_crt_atexit

api-ms-win-crt-heap-l1-1-0

free
_callnewh
_recalloc
_set_new_mode
malloc

api-ms-win-crt-string-l1-1-0

wcsncpy_s
wcscpy_s

api-ms-win-crt-stdio-l1-1-0

_putws
__p__commode
_set_fmode
__stdio_common_vsnwprintf_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90d23a0829acb75ecbe82976ca15d8f5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

userenv

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 1024B - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 88B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 88B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB