d7810e3e243867d05d3dc43a5e9bfea0318a494211b5e8698b682c61eb06130e

Sharing

Copy URL Twitter E-mail

General

Target

d7810e3e243867d05d3dc43a5e9bfea0318a494211b5e8698b682c61eb06130e
Size

10.0MB
MD5

bb67668ff7bb0fff443221af2a818894
SHA1

1054bb723ccb202d8e399d6c1899c3c3985d3e50
SHA256

d7810e3e243867d05d3dc43a5e9bfea0318a494211b5e8698b682c61eb06130e
SHA512

2e709e4f21b3254816448e31d778278f6dddcb7bdb5bc4d3fd6df323831e18ac64b65dd51e67c244ddda9d6900e955bde09b5c1551ba6efd3a32576aa01233c5
SSDEEP

196608:FVQ/jsrBoyG6hvcih92/sD0ozk945vTtjMv15ut+8s5YUtWb5:FVMjLyz9JDY945vTGv15c+hsb5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d7810e3e243867d05d3dc43a5e9bfea0318a494211b5e8698b682c61eb06130e

Files

d7810e3e243867d05d3dc43a5e9bfea0318a494211b5e8698b682c61eb06130e
.exe windows:5 windows x86 arch:x86

cd7d040cfdc92c002d669d9c5d9443a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\pack_node_prod\TemporarySource\daanquanyewuxian\360yasuo\release\2577-360yasuo-4.0.0.1530-20240820194145-4.0.0.1520\src\install\bin\Release\Installer.pdb

Imports

kernel32

GetFileSize
WritePrivateProfileStringW
GetPrivateProfileStringW
MoveFileW
GetVolumeInformationW
CreateDirectoryW
GetSystemDirectoryW
SetFileTime
GetShortPathNameW
GetFullPathNameW
SearchPathW
GetTempFileNameW
FindCloseChangeNotification
FindFirstChangeNotificationW
GetLogicalDriveStringsW
GetFileInformationByHandle
GetStdHandle
CompareFileTime
FileTimeToSystemTime
WaitForMultipleObjects
GetSystemWindowsDirectoryW
GetCurrentThread
GetThreadSelectorEntry
GetThreadContext
VirtualQuery
SetThreadPriority
VirtualAlloc
OpenThread
GetSystemInfo
GetThreadPriority
VirtualProtect
SuspendThread
GetFileSizeEx
WriteFile
FreeResource
LoadLibraryW
InterlockedCompareExchange
SystemTimeToFileTime
GetSystemTime
WideCharToMultiByte
InterlockedIncrement
CreateMutexW
SetEndOfFile
SetEnvironmentVariableA
GetTimeZoneInformation
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
Process32NextW
QueryPerformanceCounter
GetWindowsDirectoryW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
FatalAppExitA
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
GetStringTypeW
LCMapStringW
LCMapStringA
CompareStringW
SetFilePointer
CompareStringA
RtlUnwind
GetStartupInfoW
GetFileType
WriteConsoleW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitThread
SetWaitableTimer
CreateWaitableTimerW
CancelWaitableTimer
lstrcmpiA
lstrcmpA
CreateThread
ExpandEnvironmentStringsW
GetProcessTimes
DuplicateHandle
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
ExitProcess
OpenProcess
CopyFileW
TlsFree
DeleteAtom
FindAtomW
TlsAlloc
ReleaseMutex
AddAtomW
GetAtomNameW
TlsSetValue
TlsGetValue
GetLocalTime
Process32FirstW
CreateToolhelp32Snapshot
FindClose
FindNextFileW
FindFirstFileW
lstrlenA
ResetEvent
SetEvent
GlobalAlloc
ResumeThread
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
CreateEventW
GetCurrentProcessId
DeviceIoControl
LoadLibraryA
GetSystemDirectoryA
DeleteCriticalSection
InitializeCriticalSection
lstrcmpiW
GetTimeFormatA
InterlockedDecrement
GetLastError
SetLastError
GetDiskFreeSpaceExW
GetExitCodeThread
RemoveDirectoryW
Sleep
RaiseException
TerminateProcess
GetCurrentThreadId
FlushInstructionCache
GetTickCount
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
lstrlenW
lstrcpynW
CreateFileW
LocalAlloc
LocalFree
DeleteFileW
MoveFileExW
SetFileAttributesW
GetFileAttributesW
GetTempPathW
GetVersionExW
GetCurrentProcess
GetExitCodeProcess
GetPrivateProfileIntW
WaitForSingleObject
CloseHandle
CreateProcessW
FreeLibrary
GetModuleHandleW
FormatMessageW
OutputDebugStringW
SetFilePointerEx
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
CreateFileA
InterlockedExchange
VirtualFree
IsProcessorFeaturePresent
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetCPInfo
ReadFile
LoadLibraryExW
GetProcAddress
GetModuleFileNameW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetCommandLineW
GetModuleHandleA

user32

MonitorFromPoint
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
UnregisterClassA
SetTimer
LoadCursorW
ShowWindow
GetDlgItem
SetWindowTextW
EnableWindow
MapWindowPoints
FindWindowExW
GetForegroundWindow
MapVirtualKeyW
GetKeyNameTextW
GetWindowRect
KillTimer
InvalidateRect
SetWindowLongW
GetDesktopWindow
GetMessageW
SetDlgItemTextW
PostThreadMessageW
PostMessageW
PostQuitMessage
SetWindowPos
EndPaint
GetWindowTextW
GetClientRect
GetWindowLongW
SubtractRect
GetWindowThreadProcessId
SendMessageW
BeginPaint
wsprintfW
GetWindowDC
GetActiveWindow
CharToOemW
AttachThreadInput
GetUpdateRect
ReleaseDC
SetRect
GetWindow
MonitorFromWindow
GetMonitorInfoW
LoadImageW
GetWindowTextLengthW
ReleaseCapture
GetDlgCtrlID
SystemParametersInfoW
SetCapture
CreateDialogParamW
CallWindowProcW
SetCursor
GetDC
PtInRect
ClientToScreen
GetCapture
UpdateWindow
DrawFocusRect
GetSystemMetrics
InflateRect
DrawEdge
GetSysColor
IsWindowEnabled
OffsetRect
FillRect
DrawTextW
MessageBoxW
PeekMessageW
TranslateMessage
DispatchMessageW
CharNextW
DefWindowProcW
BringWindowToTop
SetForegroundWindow
FindWindowW
CharLowerBuffW
SetWindowRgn
GetParent
AdjustWindowRectEx
GetMenu
DestroyWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
IsWindow
RedrawWindow
IsIconic
CopyRect

gdi32

OffsetViewportOrgEx
CreatePatternBrush
CreateDIBPatternBrushPt
CreateFontW
GetDeviceCaps
CreateSolidBrush
GetCurrentObject
CreateDIBSection
StretchBlt
SetTextColor
CreatePolygonRgn
CreateFontIndirectW
GetObjectW
GetStockObject
SetViewportOrgEx
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
DeleteDC
SelectObject
SetBkMode
GetBitmapBits

advapi32

GetAce
RegGetKeySecurity
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegQueryValueExA
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
GetUserNameW
OpenThreadToken
OpenProcessToken
GetTokenInformation
GetAclInformation
AddAce
InitializeAcl
EqualSid
IsValidSid
GetLengthSid
CopySid
RegEnumValueW
BuildExplicitAccessWithNameW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
ConvertSidToStringSidW
LookupAccountNameW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AllocateAndInitializeSid
RegSetKeySecurity

shell32

CommandLineToArgvW
SHGetSpecialFolderPathA
ShellExecuteW
SHFileOperationW
SHFreeNameMappings
SHAppBarMessage
SHGetSpecialFolderLocation
ord165
SHGetFileInfoW
SHGetPathFromIDListW
SHChangeNotify
SHGetSpecialFolderPathW
SHBrowseForFolderW

ole32

CreateStreamOnHGlobal
CoUninitialize
CoInitialize
OleInitialize
CoCreateGuid
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
OleUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

SysAllocString
VarUI4FromStr
SysFreeString
OleLoadPicture
SysAllocStringByteLen
VariantClear
VariantCopy
VariantInit

shlwapi

PathIsURLW
StrToIntExW
PathGetDriveNumberW
PathFileExistsW
PathIsRootW
PathFindExtensionW
StrStrW
SHGetValueW
StrStrIW
PathIsPrefixW
SHGetValueA
PathFileExistsA
StrCmpIW
PathAppendA
PathCombineA
StrStrIA
PathIsDirectoryW
SHDeleteKeyW
SHSetValueW
PathRemoveArgsW
PathUnquoteSpacesW
PathAppendW
PathCombineW
PathRemoveFileSpecW

comctl32

ImageList_SetImageCount
ImageList_Add
ImageList_GetIconSize
ImageList_Create
_TrackMouseEvent
ImageList_Destroy
ImageList_Draw
InitCommonControlsEx
ImageList_Duplicate
ImageList_Remove

msimg32

AlphaBlend

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

secur32

GetUserNameExW

setupapi

SetupIterateCabinetW

wintrust

CryptCATAdminAcquireContext
WTHelperProvDataFromStateData
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext

crypt32

CertGetNameStringW

userenv

UnloadUserProfile

wininet

InternetOpenW
FtpGetFileSize
HttpQueryInfoW
HttpSendRequestExW
HttpOpenRequestW
InternetSetOptionA
InternetConnectW
InternetSetStatusCallbackW
InternetReadFile
InternetReadFileExA
FtpOpenFileW
HttpEndRequestW
InternetWriteFile
FtpCommandW
InternetGetLastResponseInfoW
InternetSetOptionW
InternetQueryOptionW
InternetCrackUrlW
CreateUrlCacheEntryW
GetUrlCacheEntryInfoW
CommitUrlCacheEntryW
InternetCloseHandle
InternetOpenUrlW

urlmon

ObtainUserAgentString

netapi32

Netbios

psapi

EnumProcessModules
GetModuleFileNameExW
GetModuleBaseNameW
GetProcessMemoryInfo
EnumProcesses

comdlg32

GetSaveFileNameW
GetOpenFileNameW

Sections

.text
Size: 582KB - Virtual size: 581KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13.9MB - Virtual size: 13.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd7d040cfdc92c002d669d9c5d9443a0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

version

secur32

setupapi

wintrust

crypt32

userenv

wininet

urlmon

netapi32

psapi

comdlg32

Sections

.text Size: 582KB - Virtual size: 581KB

.rdata Size: 116KB - Virtual size: 116KB

.data Size: 165KB - Virtual size: 195KB

.rsrc Size: 13.9MB - Virtual size: 13.9MB

.reloc Size: 64KB - Virtual size: 64KB

.text
Size: 582KB - Virtual size: 581KB

.rdata
Size: 116KB - Virtual size: 116KB

.data
Size: 165KB - Virtual size: 195KB

.rsrc
Size: 13.9MB - Virtual size: 13.9MB

.reloc
Size: 64KB - Virtual size: 64KB