a629e9e02d0cf04de0b22269f82c2e9b0340538bd8f4dd3174d549e590b50f90

Sharing

Copy URL Twitter E-mail

General

Target

a629e9e02d0cf04de0b22269f82c2e9b0340538bd8f4dd3174d549e590b50f90
Size

868KB
MD5

e3b7cdd41db61b8362ee20f1e456da4e
SHA1

08785c9f6296c29740ea84124fe4e262b3ba54e5
SHA256

a629e9e02d0cf04de0b22269f82c2e9b0340538bd8f4dd3174d549e590b50f90
SHA512

33d6e7dc6b2b4010a0fa95fd2ba12826157d09bf88d6464ce1eb9200109f694b95aa03953c939b3adb26571c5ba1e5d1308af17239d1962313f3f90865ecb2ce
SSDEEP

12288:7nvRWMFgrVMhP+Zla+pMboaA9Go8nZ02lVww62rRBnuNI0KDhJfUTsMSGxPwnS:7n5lPagDoCnpVwdEbHDhJfUT7PP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a629e9e02d0cf04de0b22269f82c2e9b0340538bd8f4dd3174d549e590b50f90

Files

a629e9e02d0cf04de0b22269f82c2e9b0340538bd8f4dd3174d549e590b50f90
.exe windows:4 windows x86 arch:x86

a507e4ea99b4108cde6db28e0858f152

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\upgrade\upgrade\product\win32\dbginfo\update.pdb

Imports

kernel32

GetWindowsDirectoryW
GetSystemDirectoryW
FileTimeToSystemTime
VirtualFree
VirtualAlloc
LocalFree
CreateFileA
FlushFileBuffers
LocalAlloc
SetEndOfFile
InterlockedCompareExchange
FormatMessageW
GetFileSizeEx
ReleaseMutex
InterlockedIncrement
OpenEventW
OpenMutexW
OutputDebugStringW
GetDiskFreeSpaceExW
GetExitCodeThread
SleepEx
DuplicateHandle
TerminateThread
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetCurrentDirectoryA
GetFullPathNameA
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTickCount
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapCreate
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
GetStartupInfoW
ExitProcess
GetModuleHandleA
GetSystemTimeAsFileTime
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedDecrement
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
TerminateProcess
DeleteCriticalSection
RaiseException
SetLastError
FlushInstructionCache
GetCurrentThreadId
CreateMutexW
GetCommandLineW
GetVersionExW
FreeResource
GetModuleFileNameW
InterlockedExchange
WritePrivateProfileStringW
RemoveDirectoryW
FindNextFileW
WaitForMultipleObjects
SetFilePointer
ResetEvent
SetEvent
CreateThread
CreateEventW
GetCurrentProcessId
OpenProcess
ExpandEnvironmentStringsW
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
CreateProcessW
MoveFileExW
CopyFileW
SetFileAttributesW
QueryDosDeviceW
GetLogicalDriveStringsW
CreateDirectoryW
GetFileAttributesW
WaitForSingleObject
MoveFileW
DeleteFileW
Sleep
GetLocalTime
GetPrivateProfileIntW
GetPrivateProfileStringW
FreeLibrary
GetCurrentProcess
GetFileSize
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcAddress
LoadLibraryW
FindFirstFileW
GetModuleHandleW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
GetLastError
WideCharToMultiByte
WriteFile
lstrlenW
lstrlenA
CloseHandle
ReadFile
CreateFileW
FindClose

user32

GetNextDlgTabItem
IsDialogMessageW
GetDC
FindWindowW
SetFocus
MonitorFromWindow
IsChild
GetFocus
BeginPaint
GetMonitorInfoW
GetCursorPos
ReleaseDC
CreateWindowExW
GetDesktopWindow
DefWindowProcW
LoadCursorW
RegisterClassExW
IsWindow
GetWindowRect
SendMessageW
ShowWindow
SetWindowPos
InvalidateRect
GetDlgItem
GetParent
GetWindowLongW
DestroyWindow
ScreenToClient
IsWindowEnabled
RegisterWindowMessageW
GetClientRect
CopyRect
GetClassInfoExW
GetActiveWindow
EnableWindow
GetWindowThreadProcessId
GetForegroundWindow
SystemParametersInfoW
AttachThreadInput
SetForegroundWindow
SetActiveWindow
GetWindow
MapWindowPoints
PostMessageW
SetWindowLongW
ExitWindowsEx
DispatchMessageW
PostThreadMessageW
PeekMessageW
TranslateMessage
GetMessageW
LoadImageW
UpdateLayeredWindow
SetRectEmpty
SetCursor
PtInRect
SetRect
GetDlgCtrlID
EqualRect
IsWindowVisible
DestroyIcon
ClientToScreen
SetCapture
ReleaseCapture
InflateRect
LoadIconW
SetTimer
KillTimer
IntersectRect
IsRectEmpty
OffsetRect
DrawTextW
DrawFrameControl
CallWindowProcW
DrawIconEx
EndPaint
UnionRect
EnumWindows
MoveWindow
UnregisterClassA

gdi32

OffsetRgn
CreateRectRgnIndirect
GetTextExtentPoint32W
TextOutW
RoundRect
Rectangle
ExtSelectClipRgn
GetClipRgn
SetViewportOrgEx
GetViewportOrgEx
GetTextColor
RestoreDC
SaveDC
GetCurrentObject
SelectClipRgn
SetBkMode
RectInRegion
MoveToEx
CreatePen
SetTextColor
CreateDIBSection
CombineRgn
CreateRectRgn
BitBlt
DeleteDC
ExtTextOutW
SetBkColor
SelectObject
CreateCompatibleDC
CreateFontIndirectW
GetStockObject
GetObjectW
DeleteObject
GetDeviceCaps
LineTo
CreateRoundRectRgn

advapi32

RegOpenKeyExA
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegOpenKeyW
RegQueryValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
StartServiceW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl

shell32

ShellExecuteW
SHCreateDirectoryExW
ord680

shlwapi

PathAddBackslashW
StrToIntW
PathFindFileNameW
StrToIntA
PathIsDirectoryW
PathRemoveFileSpecW
PathAppendW
PathFileExistsW

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipGetImageWidth
GdipLoadImageFromFile
GdiplusShutdown
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipCloneImage
GdipGetFontSize
GdipGetFamily
GdipDeleteFont
GdipCreateFont
GdipCreateFontFromLogfontW
GdipPrivateAddFontFile
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipCloneFontFamily
GdipGetFontCollectionFamilyList
GdipGetFontCollectionFamilyCount
GdipSetClipPath
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipDrawImageRectI
GdipDrawImageI
GdipMeasureString
GdipDrawString
GdipFillPath
GdipFillRectangleI
GdipFillRectangle
GdipGraphicsClear
GdipDrawPath
GdipDrawRectangleI
GdipDrawLinesI
GdipDrawLineI
GdipDrawLine
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetCompositingQuality
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipAddPathStringI
GdipAddPathPieI
GdipAddPathRectangleI
GdipAddPathArcI
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetPenDashStyle
GdipSetPenMode
GdipSetPenEndCap
GdipSetPenStartCap
GdipDeletePen
GdipCreatePen1
GdipDisposeImage
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipDeleteFontFamily
GdipFree
GdiplusStartup

ws2_32

inet_ntoa
WSAGetLastError
recv
send
getsockname
ntohs
WSACleanup
htons
getsockopt
setsockopt
connect
gethostbyname
WSASetLastError
__WSAFDIsSet
select
ioctlsocket
closesocket
socket
WSAStartup
bind

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 556KB - Virtual size: 553KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a507e4ea99b4108cde6db28e0858f152

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comctl32

msimg32

gdiplus

ws2_32

version

Sections

.text Size: 556KB - Virtual size: 553KB

.rdata Size: 140KB - Virtual size: 137KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 152KB - Virtual size: 148KB

.text
Size: 556KB - Virtual size: 553KB

.rdata
Size: 140KB - Virtual size: 137KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 152KB - Virtual size: 148KB