dec01c49d126095c1f6312ca6a29658f23d7584f3eba9e6741342514494d3b80

Sharing

Copy URL Twitter E-mail

General

Target

dec01c49d126095c1f6312ca6a29658f23d7584f3eba9e6741342514494d3b80
Size

1.4MB
MD5

fbd4d98ebff31eff674af201dacadeff
SHA1

3cebfff12b4b3dd758f512cc8f7dcbb1d99e5112
SHA256

dec01c49d126095c1f6312ca6a29658f23d7584f3eba9e6741342514494d3b80
SHA512

557e2eba25b7d2117294b527197ae96a3e34d20d178aeb070fda0cb8bb50cd1bc67869f5574d5db0d30bf710ae6e903572b259f3d8289289dce2c3935d3774bc
SSDEEP

24576:UCRUypIFHu5CRUypIFHuOp6HPvLO5PZ+J2D19FToclFtCtDfLT:pRrylRry/QH7KPZ++191oAszLT

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Kingview7.5SP3Ȩļװ˵/dbghelp(1).dll
unpack001/Kingview7.5SP3Ȩļװ˵/dbghelp.dll
unpack001/Kingview7.5SP3Ȩļװ˵/kvs.dll

Files

dec01c49d126095c1f6312ca6a29658f23d7584f3eba9e6741342514494d3b80
.zip
Kingview7.5SP3Ȩļװ˵/dbghelp(1).dll
.dll windows:6 windows x86 arch:x86

425b64334ee18e882811879422b116dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

kernel32

GetProcAddress
DeleteFileA
CreateDirectoryA
GetModuleFileNameA
ExpandEnvironmentStringsA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
UnmapViewOfFile
GetFullPathNameA
GetFileAttributesA
SetFilePointer
FindClose
VirtualProtect
VirtualAlloc
DuplicateHandle
MapViewOfFile
CreateFileMappingA
GetModuleHandleA
OpenProcess
GetCurrentProcessId
VirtualFree
ReadProcessMemory
WriteFile
DeleteFileW
CreateFileW
SetErrorMode
DebugBreak
GetSystemDirectoryA
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
FreeLibrary
OutputDebugStringA
lstrlenA
IsDBCSLeadByte
HeapFree
HeapAlloc
HeapReAlloc
TlsFree
TlsAlloc
GetVersionExA
InitializeCriticalSection
FlushViewOfFile
MapViewOfFileEx
GetFileType
CreateFileMappingW
DeviceIoControl
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
LCMapStringW
LCMapStringA
CopyFileA
SetFileAttributesA
CopyFileW
GetFileAttributesW
SetFileAttributesW
InterlockedIncrement
InterlockedDecrement
Sleep
FormatMessageA
GetThreadSelectorEntry
CreateThread
TerminateThread
LoadLibraryW
VirtualQueryEx
GetPriorityClass
GetThreadPriority
GetThreadTimes
GetThreadContext
ResumeThread
HeapCreate
DeleteCriticalSection
LocalFree
HeapDestroy
TlsGetValue
TlsSetValue
GetLastError
CreateFileA
GetFileSize
ReadFile
CloseHandle
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
FindFirstFileA
FindNextFileA
SetLastError
GetEnvironmentVariableA
GetSystemInfo
GetVersionExW
SuspendThread

msvcrt

__dllonexit
_adjust_fdiv
_initterm
_wcsnicmp
isprint
_vsnwprintf
memmove
calloc
wcscat
strncat
_itoa
_vsnprintf
_write
strncpy
_strcmpi
strrchr
tolower
_close
_open
time
wcsncpy
_ltoa
_strnicmp
vsprintf
_stricmp
isspace
ctime
malloc
_strlwr
free
__CxxFrameHandler
fclose
_wcsicmp
_onexit
wcscmp
wcsncmp
_wsplitpath
towlower
__unDName
_CxxThrowException
bsearch
_snwprintf
fread
fseek
_wfopen
fopen
_osver
wcstol
wcsrchr
_wmakepath
wcscpy
_winminor
_winmajor
_wcsdup
ftell
_wgetenv
_mbsicmp
_fullpath
_access
_fsopen
_wfsopen
_sopen
_wsopen
_wfullpath
_get_osfhandle
_read
_lseeki64
_chsize
_open_osfhandle
_mbscmp
_memicmp
_mbsnbcpy
??1type_info@@UAE@XZ
?terminate@@YAXXZ
sprintf
_except_handler3
wcslen
qsort
strchr
strstr
strncmp
isxdigit
??2@YAPAXI@Z
??3@YAXPAX@Z
_splitpath
_purecall
atol

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumerateLoadedModules
EnumerateLoadedModules64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
StackWalk
StackWalk64
SymAddSymbol
SymCleanup
SymDeleteSymbol
SymEnumLines
SymEnumSourceFiles
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumTypes
SymEnumerateModules
SymEnumerateModules64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFromAddr
SymFromIndex
SymFromName
SymFromToken
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromName
SymGetLineFromName64
SymGetLineNext
SymGetLineNext64
SymGetLinePrev
SymGetLinePrev64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOptions
SymGetScope
SymGetSearchPath
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileToken
SymGetSourceVarFromToken
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetTypeFromName
SymGetTypeInfo
SymInitialize
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymMatchFileName
SymMatchString
SymMatchStringW
SymNext
SymPrev
SymRegisterCallback
SymRegisterCallback64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSetContext
SymSetHomeDirectory
SymSetOptions
SymSetParentWindow
SymSetSearchPath
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnmapDebugInformation
WinDbgExtensionDllInit
dbghelp
dh
fptr
lm
lmi
omap
srcfiles
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 733KB - Virtual size: 732KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Kingview7.5SP3Ȩļװ˵/dbghelp.dll
.dll windows:6 windows x86 arch:x86

425b64334ee18e882811879422b116dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

kernel32

GetProcAddress
DeleteFileA
CreateDirectoryA
GetModuleFileNameA
ExpandEnvironmentStringsA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
UnmapViewOfFile
GetFullPathNameA
GetFileAttributesA
SetFilePointer
FindClose
VirtualProtect
VirtualAlloc
DuplicateHandle
MapViewOfFile
CreateFileMappingA
GetModuleHandleA
OpenProcess
GetCurrentProcessId
VirtualFree
ReadProcessMemory
WriteFile
DeleteFileW
CreateFileW
SetErrorMode
DebugBreak
GetSystemDirectoryA
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
FreeLibrary
OutputDebugStringA
lstrlenA
IsDBCSLeadByte
HeapFree
HeapAlloc
HeapReAlloc
TlsFree
TlsAlloc
GetVersionExA
InitializeCriticalSection
FlushViewOfFile
MapViewOfFileEx
GetFileType
CreateFileMappingW
DeviceIoControl
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
LCMapStringW
LCMapStringA
CopyFileA
SetFileAttributesA
CopyFileW
GetFileAttributesW
SetFileAttributesW
InterlockedIncrement
InterlockedDecrement
Sleep
FormatMessageA
GetThreadSelectorEntry
CreateThread
TerminateThread
LoadLibraryW
VirtualQueryEx
GetPriorityClass
GetThreadPriority
GetThreadTimes
GetThreadContext
ResumeThread
HeapCreate
DeleteCriticalSection
LocalFree
HeapDestroy
TlsGetValue
TlsSetValue
GetLastError
CreateFileA
GetFileSize
ReadFile
CloseHandle
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
FindFirstFileA
FindNextFileA
SetLastError
GetEnvironmentVariableA
GetSystemInfo
GetVersionExW
SuspendThread

msvcrt

__dllonexit
_adjust_fdiv
_initterm
_wcsnicmp
isprint
_vsnwprintf
memmove
calloc
wcscat
strncat
_itoa
_vsnprintf
_write
strncpy
_strcmpi
strrchr
tolower
_close
_open
time
wcsncpy
_ltoa
_strnicmp
vsprintf
_stricmp
isspace
ctime
malloc
_strlwr
free
__CxxFrameHandler
fclose
_wcsicmp
_onexit
wcscmp
wcsncmp
_wsplitpath
towlower
__unDName
_CxxThrowException
bsearch
_snwprintf
fread
fseek
_wfopen
fopen
_osver
wcstol
wcsrchr
_wmakepath
wcscpy
_winminor
_winmajor
_wcsdup
ftell
_wgetenv
_mbsicmp
_fullpath
_access
_fsopen
_wfsopen
_sopen
_wsopen
_wfullpath
_get_osfhandle
_read
_lseeki64
_chsize
_open_osfhandle
_mbscmp
_memicmp
_mbsnbcpy
??1type_info@@UAE@XZ
?terminate@@YAXXZ
sprintf
_except_handler3
wcslen
qsort
strchr
strstr
strncmp
isxdigit
??2@YAPAXI@Z
??3@YAXPAX@Z
_splitpath
_purecall
atol

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumerateLoadedModules
EnumerateLoadedModules64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
StackWalk
StackWalk64
SymAddSymbol
SymCleanup
SymDeleteSymbol
SymEnumLines
SymEnumSourceFiles
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumTypes
SymEnumerateModules
SymEnumerateModules64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFromAddr
SymFromIndex
SymFromName
SymFromToken
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromName
SymGetLineFromName64
SymGetLineNext
SymGetLineNext64
SymGetLinePrev
SymGetLinePrev64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOptions
SymGetScope
SymGetSearchPath
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileToken
SymGetSourceVarFromToken
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetTypeFromName
SymGetTypeInfo
SymInitialize
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymMatchFileName
SymMatchString
SymMatchStringW
SymNext
SymPrev
SymRegisterCallback
SymRegisterCallback64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSetContext
SymSetHomeDirectory
SymSetOptions
SymSetParentWindow
SymSetSearchPath
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnmapDebugInformation
WinDbgExtensionDllInit
dbghelp
dh
fptr
lm
lmi
omap
srcfiles
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 733KB - Virtual size: 732KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Kingview7.5SP3Ȩļװ˵/kvs.dll
.dll windows:4 windows x86 arch:x86

fb0591410ce082552644e0c5a085d671

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

user32

GetWindow

advapi32

RegDeleteKeyA

shell32

SHGetFolderPathW

Exports

Exports

m

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 768KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Kingview7.5SP3Ȩļװ˵/lic(1).key
Kingview7.5SP3Ȩļװ˵/lic.key
Kingview7.5SP3Ȩļװ˵/tools(1).dll
Kingview7.5SP3Ȩļװ˵/tools.dll

Sharing

General

Malware Config

Signatures

Files

425b64334ee18e882811879422b116dd

Headers

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

advapi32

rpcrt4

Exports

Exports

Sections

.text Size: 733KB - Virtual size: 732KB

.data Size: 10KB - Virtual size: 37KB

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 49KB - Virtual size: 48KB

425b64334ee18e882811879422b116dd

Headers

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

advapi32

rpcrt4

Exports

Exports

Sections

.text Size: 733KB - Virtual size: 732KB

.data Size: 10KB - Virtual size: 37KB

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 49KB - Virtual size: 48KB

fb0591410ce082552644e0c5a085d671

Headers

File Characteristics

Imports

kernel32

msvcrt

iphlpapi

psapi

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 84KB

.sedata Size: 768KB - Virtual size: 768KB

.idata Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 733KB - Virtual size: 732KB

.data
Size: 10KB - Virtual size: 37KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 49KB - Virtual size: 48KB

.text
Size: 733KB - Virtual size: 732KB

.data
Size: 10KB - Virtual size: 37KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 49KB - Virtual size: 48KB

.text
Size: 84KB - Virtual size: 84KB

.sedata
Size: 768KB - Virtual size: 768KB

.idata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB

.sedata
Size: 4KB - Virtual size: 4KB