d291bededcd1125ea231da5c6e71ba14693d7716e8076a3bbba4d0d15aa63d38N

Sharing

Copy URL

Twitter E-mail

General

Target

d291bededcd1125ea231da5c6e71ba14693d7716e8076a3bbba4d0d15aa63d38N
Size

432KB
MD5

06fd64ad9dc6a84a2f38d16af9929f00
SHA1

97ba02865e3c83c5004e9b76d43e4c3fe5c3c6d5
SHA256

d291bededcd1125ea231da5c6e71ba14693d7716e8076a3bbba4d0d15aa63d38
SHA512

a87c363b548c612e2725c9ea9b5a7a21f05d02d4bbee3818bb09e796e1885b4a2ee05e47bb75b78eacce4426618b1792c4087901bff7466cd973b65252435647
SSDEEP

6144:ksnFIablBUGXjyT17/IyU4zAvl/bR/VixrrTN/5c9sm+DzPaE1C:kkFIavT4bIyUuAt/1/2rT5Ism+DLb1C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d291bededcd1125ea231da5c6e71ba14693d7716e8076a3bbba4d0d15aa63d38N

Files

d291bededcd1125ea231da5c6e71ba14693d7716e8076a3bbba4d0d15aa63d38N
.exe windows:4 windows x86 arch:x86

9be6fca40422ea6eb184f06e32c53960

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\kisengine\kis_defend_kprotect_2001_rb\product\win32\dbginfo\knbrcmd.pdb

Imports

kernel32

GetCurrentThreadId
GetCurrentProcess
InterlockedCompareExchange
VirtualFree
GetFileSize
SetFilePointer
FreeLibrary
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
EnterCriticalSection
InitializeCriticalSection
GetLocalTime
lstrlenW
LeaveCriticalSection
LoadLibraryW
ReadFile
GetModuleFileNameA
RaiseException
GlobalLock
GlobalFree
GlobalAlloc
GlobalUnlock
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
CreateFileA
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapCreate
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
Sleep
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
RtlUnwind
GetStartupInfoW
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
LoadLibraryA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
DeleteCriticalSection
VirtualAlloc
FlushInstructionCache
GetExitCodeProcess
ReadProcessMemory
VirtualQueryEx
WaitForSingleObject
CreateProcessW
GetEnvironmentVariableW
ExitProcess
ResumeThread
WriteProcessMemory
VirtualAllocEx
VirtualProtectEx
SetLastError
TerminateProcess
CopyFileW
GetTempPathW
WriteFile
CreateFileW
FreeResource
CloseHandle
FindResourceExW
GetPrivateProfileIntW
GetProcAddress
GetModuleHandleW
GetSystemDirectoryW
GetVersionExW
DeleteFileW
GetLastError
FindClose
GetFileAttributesW
CreateDirectoryW
FindFirstFileW
GetModuleFileNameW
LockResource
FindResourceW
SizeofResource
LoadResource

user32

GetWindowThreadProcessId
PeekMessageW
PostThreadMessageW
MapWindowPoints
EqualRect
FindWindowW
SetActiveWindow
TranslateMessage
SetForegroundWindow
OffsetRect
InvalidateRect
GetDC
PostMessageW
SetCursor
GetWindow
GetParent
GetKeyState
GetDlgItem
IsWindowEnabled
ReleaseDC
SetRect
LoadImageW
SetWindowPos
PtInRect
WindowFromPoint
SystemParametersInfoW
DrawFrameControl
MoveWindow
GetWindowLongW
SetFocus
GetNextDlgTabItem
LoadCursorW
IsWindowVisible
InflateRect
DestroyWindow
UpdateLayeredWindow
GetSystemMetrics
BeginPaint
GetDlgCtrlID
LoadIconW
ShowWindow
GetDesktopWindow
DestroyIcon
MonitorFromWindow
SetWindowLongW
SetRectEmpty
SetCapture
DefWindowProcW
UnregisterClassA
SendMessageW
ReleaseCapture
DrawIconEx
DrawTextW
LoadBitmapW
GetClassInfoExW
DispatchMessageW
AttachThreadInput
GetForegroundWindow
GetMessageW
GetFocus
RegisterClassExW
GetActiveWindow
CreateWindowExW
IsChild
IsDialogMessageW
EnableWindow
FindWindowExW
CopyRect
EndPaint
GetScrollPos
GetWindowRect
IsWindow
GetMonitorInfoW
CallWindowProcW
GetClientRect

gdi32

RectInRegion
GetCurrentObject
CreateCompatibleDC
ExtTextOutW
SaveDC
GetStockObject
BitBlt
CreateRectRgn
GetTextExtentPoint32W
CreateDIBSection
CreateFontIndirectW
TextOutW
RoundRect
GetClipRgn
SetBkColor
SelectClipRgn
GetObjectW
MoveToEx
CombineRgn
LineTo
StretchBlt
SetBkMode
CreateBitmap
CreatePen
DeleteDC
SetTextColor
CreateCompatibleBitmap
DeleteObject
RestoreDC
CreateRectRgnIndirect
SetStretchBltMode
Rectangle
SelectObject
GetTextColor

advapi32

RegSetValueExW
RegOpenKeyW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW

shell32

SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteW
SHChangeNotify
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime

shlwapi

PathFileExistsA
SHEnumKeyExW
PathAppendA
PathRemoveFileSpecA
StrToIntW
StrToIntA
PathRemoveFileSpecW
PathAppendW
PathFileExistsW
PathAddBackslashW

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipDisposeImageAttributes
GdipCreateBitmapFromStream
GdipDrawImagePointsRectI
GdipCreateHBITMAPFromBitmap
GdipCreateImageAttributes
GdipSetImageAttributesColorMatrix
GdipLoadImageFromStream
GdipImageRotateFlip
GdipDrawImageRectI
GdipCloneBrush
GdipGetImageWidth
GdipSetStringFormatTrimming
GdipDisposeImage
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipLoadImageFromFile
GdipDrawImageRectRectI
GdipGetImageHeight
GdipAlloc
GdipFree
GdipCreateFontFromDC
GdipCreateFromHDC
GdipDeleteBrush
GdipCloneImage
GdipCreateFontFromLogfontW
GdipResetWorldTransform
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDeleteGraphics
GdipSetStringFormatLineAlign
GdipCreateSolidFill
GdipDeleteFont
GdipDeleteStringFormat
GdipDrawString
GdiplusShutdown
GdiplusStartup

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9be6fca40422ea6eb184f06e32c53960

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

version

Sections

.text Size: 222KB - Virtual size: 222KB

.rdata Size: 50KB - Virtual size: 50KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 131KB - Virtual size: 132KB

.text
Size: 222KB - Virtual size: 222KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 131KB - Virtual size: 132KB