c1fd1cb97bf33449ae759c2114ffeb2fff1051355f03b3fa1f81aa88c9920387

Sharing

Copy URL Twitter E-mail

General

Target

c1fd1cb97bf33449ae759c2114ffeb2fff1051355f03b3fa1f81aa88c9920387
Size

2.4MB
MD5

871e65aa6bec8438c678f32a5a9b0117
SHA1

0d1edf4c7a014c98b8dea4566cc8527dc4ff9446
SHA256

c1fd1cb97bf33449ae759c2114ffeb2fff1051355f03b3fa1f81aa88c9920387
SHA512

72e38047d3840b6226a991a659ec70645a7a4dd4cc156de622c8308a41bd713e03a3bf8c017cac7bcf89c4e7953715ca05bbd7abf35ade43c5fac8a2688a41c4
SSDEEP

49152:/r5t2xU9Onb+zjvQ/qpyr0kajQH22s8K3JPxpG23jigyIfx5TYJuSi:/r5t2dnb+PvQ/qpyr0kajAsd3zV3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1fd1cb97bf33449ae759c2114ffeb2fff1051355f03b3fa1f81aa88c9920387

Files

c1fd1cb97bf33449ae759c2114ffeb2fff1051355f03b3fa1f81aa88c9920387
.exe windows:5 windows x86 arch:x86

8ec44f502bea366e0f16a5a4824b7b28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\svn-230\product2020\EsaSignClient_WebSign(新标准版)\Release\AZTHttp.pdb

Imports

kernel32

GetPrivateProfileStringW
GetTimeZoneInformation
lstrcmpiA
CreateFileA
DeleteFileA
lstrcpynA
lstrcpyA
CreateThread
DeleteFileW
CreateProcessW
Sleep
GetProcessId
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
OpenProcess
ReadProcessMemory
VirtualQueryEx
OutputDebugStringW
VirtualProtectEx
CreateProcessA
TerminateProcess
CreateDirectoryW
WaitForSingleObject
GetExitCodeProcess
GetEnvironmentVariableW
VirtualProtect
VirtualAlloc
VirtualFree
InterlockedCompareExchange
GetThreadContext
SetThreadContext
GetCurrentThread
SuspendThread
VirtualQuery
GetCurrentDirectoryW
SetCurrentDirectoryW
GetTickCount
DeviceIoControl
GetComputerNameA
CreateDirectoryA
GetACP
GetLocalTime
LoadLibraryW
ResumeThread
InterlockedExchange
FreeResource
WriteFile
lstrlenA
ReadFile
GetFileSize
lstrcatW
lstrcpyW
DecodePointer
lstrcmpW
MulDiv
GlobalLock
GlobalUnlock
FlushInstructionCache
SetLastError
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentProcessId
CreateFileW
SystemTimeToFileTime
GetSystemTime
SetConsoleMode
ReadConsoleW
ReadConsoleA
GetConsoleMode
FindNextFileW
FindFirstFileW
FindClose
ConvertThreadToFiber
ConvertFiberToThread
GetSystemTimeAsFileTime
QueryPerformanceCounter
CreateFiber
DeleteFiber
SwitchToFiber
GetFileType
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleHandleExW
lstrlenW
LocalFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
EncodePointer
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
CreateMutexW
GetPrivateProfileStringA
WritePrivateProfileStringA
CloseHandle
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrcpynW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
LoadLibraryExW
MultiByteToWideChar
GetLastError
EnterCriticalSection
RaiseException
LeaveCriticalSection
lstrcmpiW
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GlobalFree
GlobalAlloc
LoadLibraryA
FreeLibrary
InitializeCriticalSection
GetProcAddress

user32

CallWindowProcW
InvalidateRgn
GetUserObjectInformationW
GetProcessWindowStation
GetClientRect
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
GetParent
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
CreateWindowExW
GetClassInfoExW
InvalidateRect
SetWindowPos
GetSysColor
GetClassNameW
IsWindow
GetWindowLongW
GetWindow
SetFocus
GetFocus
IsChild
EndPaint
BeginPaint
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetDC
DestroyAcceleratorTable
ReleaseDC
GetDesktopWindow
RedrawWindow
SetWindowLongW
LoadCursorW
RegisterClassExW
UnregisterClassW
DefWindowProcW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
ShowWindow
SendMessageW
CreateDialogParamW
AllowSetForegroundWindow
GetWindowPlacement
ShowWindowAsync
SetForegroundWindow
SwitchToThisWindow
SetActiveWindow
BringWindowToTop
FindWindowExA
PostMessageW
MessageBoxA
MapWindowPoints
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetSystemMetrics
EnumWindows
GetWindowThreadProcessId
CharNextW
RegisterWindowMessageW
wsprintfA
GetDlgItem
DestroyMenu
RemoveMenu
GetSubMenu
LoadMenuW
LoadBitmapW
KillTimer
FindWindowA
TrackPopupMenu
GetCursorPos
ModifyMenuW
SetMenuItemBitmaps
RegisterDeviceNotificationW
SetTimer
MessageBoxW

gdi32

Polygon
SetDIBColorTable
DeleteObject
GetDeviceCaps
GetObjectW
GetStockObject
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
CreateDIBSection

advapi32

RegQueryValueExW
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
CryptSetHashParam
RegOpenKeyW
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetSpecialFolderPathA
ShellExecuteW
Shell_NotifyIconW
ShellExecuteExA
SHGetSpecialFolderPathW

ole32

CoUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
OleUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CreateStreamOnHGlobal

oleaut32

SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VarUI4FromStr
SysAllocString
SysStringLen
SysFreeString
CreateErrorInfo
VariantChangeType
VariantInit
VariantClear

shlwapi

PathIsDirectoryA
PathFileExistsW
PathFileExistsA

comctl32

InitCommonControlsEx

gdiplus

GdipLoadImageFromStream
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipSaveImageToStream
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromStream
GdiplusStartup
GdipGetImagePalette

dbghelp

MiniDumpWriteDump

ws2_32

WSAGetLastError
WSASetLastError
WSAEnumNetworkEvents
recv
send
listen
bind
htons
socket
WSASetEvent
WSACreateEvent
WSAResetEvent
WSAEventSelect
closesocket
accept
WSAWaitForMultipleEvents
WSAStartup
WSACleanup

wininet

InternetOpenW
InternetSetOptionW
HttpAddRequestHeadersA
InternetReadFile
InternetQueryDataAvailable
HttpSendRequestW
HttpAddRequestHeadersW
InternetCloseHandle
HttpOpenRequestW
InternetConnectW

crypt32

CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertOpenStore
CertCloseStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertCreateCertificateContext

netapi32

Netbios

iphlpapi

GetAdaptersInfo

cryptui

CryptUIDlgViewContext

msvcr120

signal
??1type_info@@UAE@XZ
__dllonexit
_onexit
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
?terminate@@YAXXZ
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_cexit
_configthreadlocale
__setusermatherr
_gmtime64_s
_snwprintf
_stat64i32
getenv
_stricmp
strerror_s
strtoul
_strnicmp
strspn
_setmode
_fileno
fgets
ferror
feof
fprintf
raise
_exit
qsort
_getpid
isspace
_initterm_e
_initterm
__crtInitializeCriticalSectionEx
strcmp
memset
abort
_fsopen
_ismbblead
___mb_cur_max_func
islower
_calloc_crt
__crtLCMapStringA
___lc_codepage_func
___lc_locale_name_func
_wcsdup
isupper
__pctype_func
_unlock
_lock
__uncaught_exception
__CxxFrameHandler3
_CxxThrowException
??0exception@std@@QAE@ABQBDH@Z
memcpy
strftime
__iob_func
floor
strchr
strerror
_errno
_mbclen
strtol
remove
printf
fflush
setvbuf
fsetpos
fgetpos
_fseeki64
_unlock_file
_lock_file
ungetc
fputc
fgetc
strtok
strrchr
_findclose
_findnext64i32
strncat
_findfirst64i32
wcsrchr
_wfopen
_wcmdln
_fmode
_commode
_except_handler4_common
_except1
__crtSetUnhandledExceptionFilter
_invoke_watson
_itoa
tolower
_controlfp_s
_libm_sse2_sqrt_precise
ceil
fputs
??3@YAXPAX@Z
??2@YAPAXI@Z
memmove
malloc
free
realloc
atoi
??_V@YAXPAX@Z
sprintf_s
memmove_s
memcpy_s
_purecall
memchr
_mbsstr
strnlen
_vscprintf
vsprintf_s
swprintf_s
wcsncpy_s
wcsstr
_recalloc
_wcsicmp
wmemcpy_s
_time64
setlocale
strstr
_vscwprintf
vswprintf_s
strncpy
strncmp
_resetstkoflw
_vsnprintf_s
_vsnwprintf_s
srand
rand
_wsplitpath_s
_splitpath_s
fopen
fseek
ftell
fread
fclose
fwrite
wcsnlen
_wtoi
_gmtime64
_localtime64
sscanf
_mktime64
sprintf
wcschr
_mbschr
_mbscmp
_vsnprintf
_vsnwprintf
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
localeconv
strcspn
_aligned_malloc
_aligned_free

Exports

Exports

FreeImage_OutputMessageProc
_FreeImage_AcquireMemory@12
_FreeImage_Allocate@24
_FreeImage_AllocateHeader@28
_FreeImage_AllocateHeaderForBits@36
_FreeImage_AllocateHeaderT@32
_FreeImage_AllocateT@28
_FreeImage_Clone@4
_FreeImage_CloneMetadata@8
_FreeImage_CloneTag@4
_FreeImage_CloseMemory@4
_FreeImage_CreateICCProfile@12
_FreeImage_CreateTag@0
_FreeImage_DeInitialise@0
_FreeImage_DeleteTag@4
_FreeImage_DestroyICCProfile@4
_FreeImage_FIFSupportsExportBPP@8
_FreeImage_FIFSupportsExportType@8
_FreeImage_FIFSupportsICCProfiles@4
_FreeImage_FIFSupportsNoPixels@4
_FreeImage_FIFSupportsReading@4
_FreeImage_FIFSupportsWriting@4
_FreeImage_FindCloseMetadata@4
_FreeImage_FindFirstMetadata@12
_FreeImage_FindNextMetadata@8
_FreeImage_GetBPP@4
_FreeImage_GetBackgroundColor@8
_FreeImage_GetBits@4
_FreeImage_GetBlueMask@4
_FreeImage_GetColorType@4
_FreeImage_GetColorsUsed@4
_FreeImage_GetCopyrightMessage@0
_FreeImage_GetDIBSize@4
_FreeImage_GetDotsPerMeterX@4
_FreeImage_GetDotsPerMeterY@4
_FreeImage_GetFIFCount@0
_FreeImage_GetFIFDescription@4
_FreeImage_GetFIFExtensionList@4
_FreeImage_GetFIFFromFilename@4
_FreeImage_GetFIFFromFilenameU@4
_FreeImage_GetFIFFromFormat@4
_FreeImage_GetFIFFromMime@4
_FreeImage_GetFIFMimeType@4
_FreeImage_GetFIFRegExpr@4
_FreeImage_GetFileType@8
_FreeImage_GetFileTypeFromHandle@12
_FreeImage_GetFileTypeFromMemory@8
_FreeImage_GetFileTypeU@8
_FreeImage_GetFormatFromFIF@4
_FreeImage_GetGreenMask@4
_FreeImage_GetHeight@4
_FreeImage_GetICCProfile@4
_FreeImage_GetImageType@4
_FreeImage_GetInfo@4
_FreeImage_GetInfoHeader@4
_FreeImage_GetLine@4
_FreeImage_GetMemorySize@4
_FreeImage_GetMetadata@16
_FreeImage_GetMetadataCount@8
_FreeImage_GetPalette@4
_FreeImage_GetPitch@4
_FreeImage_GetPixelColor@16
_FreeImage_GetPixelIndex@16
_FreeImage_GetRedMask@4
_FreeImage_GetScanLine@8
_FreeImage_GetTagCount@4
_FreeImage_GetTagDescription@4
_FreeImage_GetTagID@4
_FreeImage_GetTagKey@4
_FreeImage_GetTagLength@4
_FreeImage_GetTagType@4
_FreeImage_GetTagValue@4
_FreeImage_GetThumbnail@4
_FreeImage_GetTransparencyCount@4
_FreeImage_GetTransparencyTable@4
_FreeImage_GetTransparentIndex@4
_FreeImage_GetVersion@0
_FreeImage_GetWidth@4
_FreeImage_HasBackgroundColor@4
_FreeImage_HasPixels@4
_FreeImage_HasRGBMasks@4
_FreeImage_Initialise@4
_FreeImage_IsLittleEndian@0
_FreeImage_IsPluginEnabled@4
_FreeImage_IsTransparent@4
_FreeImage_Load@12
_FreeImage_LoadFromHandle@16
_FreeImage_LoadFromMemory@12
_FreeImage_LoadU@12
_FreeImage_OpenMemory@8
_FreeImage_ReadMemory@16
_FreeImage_RegisterExternalPlugin@20
_FreeImage_RegisterLocalPlugin@20
_FreeImage_Save@16
_FreeImage_SaveToHandle@20
_FreeImage_SaveToMemory@16
_FreeImage_SaveU@16
_FreeImage_SeekMemory@12
_FreeImage_SetBackgroundColor@8
_FreeImage_SetDotsPerMeterX@8
_FreeImage_SetDotsPerMeterY@8
_FreeImage_SetMetadata@16
_FreeImage_SetMetadataKeyValue@16
_FreeImage_SetOutputMessage@4
_FreeImage_SetOutputMessageStdCall@4
_FreeImage_SetPixelColor@16
_FreeImage_SetPixelIndex@16
_FreeImage_SetPluginEnabled@8
_FreeImage_SetTagCount@8
_FreeImage_SetTagDescription@8
_FreeImage_SetTagID@8
_FreeImage_SetTagKey@8
_FreeImage_SetTagLength@8
_FreeImage_SetTagType@8
_FreeImage_SetTagValue@8
_FreeImage_SetThumbnail@8
_FreeImage_SetTransparencyTable@12
_FreeImage_SetTransparent@8
_FreeImage_SetTransparentIndex@8
_FreeImage_TellMemory@4
_FreeImage_Unload@4
_FreeImage_Validate@8
_FreeImage_ValidateFromHandle@12
_FreeImage_ValidateFromMemory@8
_FreeImage_ValidateU@8
_FreeImage_WriteMemory@16

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 524KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ec44f502bea366e0f16a5a4824b7b28

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

dbghelp

ws2_32

wininet

crypt32

netapi32

iphlpapi

cryptui

msvcr120

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 524KB - Virtual size: 523KB

.data Size: 35KB - Virtual size: 51KB

.detourc Size: 13KB - Virtual size: 13KB

.detourd Size: 512B - Virtual size: 36B

.rsrc Size: 90KB - Virtual size: 90KB

.reloc Size: 87KB - Virtual size: 87KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 524KB - Virtual size: 523KB

.data
Size: 35KB - Virtual size: 51KB

.detourc
Size: 13KB - Virtual size: 13KB

.detourd
Size: 512B - Virtual size: 36B

.rsrc
Size: 90KB - Virtual size: 90KB

.reloc
Size: 87KB - Virtual size: 87KB