9a793960b7be7faab47431544458658c0f53a908fac1921c76f5237e91f38307

Sharing

Copy URL

Twitter E-mail

General

Target

9a793960b7be7faab47431544458658c0f53a908fac1921c76f5237e91f38307
Size

416KB
MD5

b5103b69433487a73b3f3f4469508e67
SHA1

fc73c09f3601e9bd62346e96eae4ad3dc921e5df
SHA256

9a793960b7be7faab47431544458658c0f53a908fac1921c76f5237e91f38307
SHA512

6961f92fd2f1210c5b3d77c3a87afd7ba3f078036c7b29fe532b51d4dcfa0be14f3dbe346e7661bc5f3de756fb6ce5ebe821e19340646875fdbdc4fef2c31943
SSDEEP

6144:M1mWY14NdB+qXsUWhY+tT3nTRCjTMFbGe2CiMtLkyGJebm+xhqyiQ/6W4E6fN:MEWY1owqcUW3AjT+2qAQ/V0N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a793960b7be7faab47431544458658c0f53a908fac1921c76f5237e91f38307

Files

9a793960b7be7faab47431544458658c0f53a908fac1921c76f5237e91f38307
.exe windows:5 windows x86 arch:x86

a3ff3dd47c63ee3f894d0ddf17ed0df6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\code\pinyin-pc\Basic\Outputs\Release\imedownloader.pdb

Imports

kernel32

DeleteFileW
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
OpenThread
InterlockedCompareExchange
WaitNamedPipeW
DisconnectNamedPipe
FreeLibraryAndExitThread
ReadFileEx
ResetEvent
CancelIo
WriteFileEx
CreateThread
TerminateThread
SwitchToThread
ConnectNamedPipe
CreateNamedPipeW
LocalAlloc
WideCharToMultiByte
QueryPerformanceCounter
GetPrivateProfileStringW
GetFileAttributesW
GetFileSize
GetVersionExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetErrorMode
WaitForMultipleObjects
CreateSemaphoreW
ReleaseSemaphore
OutputDebugStringW
CreateFileMappingW
IsProcessorFeaturePresent
EncodePointer
IsDebuggerPresent
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile
DecodePointer
GetTickCount
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
CreateProcessW
ReadFile
Sleep
GetOverlappedResult
SetUnhandledExceptionFilter
RaiseException
TerminateProcess
GetCurrentProcess
LocalFree
GlobalMemoryStatusEx
FreeLibrary
ProcessIdToSessionId
CreateFileW
GetPrivateProfileIntW
FindResourceExW
FindResourceW
GetCommandLineW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryW
SetNamedPipeHandleState
GetSystemTimeAsFileTime
WriteFile
SizeofResource
LoadResource
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
GetCurrentProcessId
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
GetTempPathW
GetModuleHandleExW
OpenEventW
CreateEventW
CreateMutexW
CloseHandle
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetLastError
GetLastError
GetProcAddress
CreateDirectoryW
InterlockedExchange

user32

KillTimer
SendMessageW
MsgWaitForMultipleObjects
GetClassInfoW
PostThreadMessageW
RegisterClassW
CloseDesktop
OpenDesktopW
CharNextW
RegisterWindowMessageW
TranslateMessage
RegisterClassExW
DispatchMessageW
PeekMessageW
PostMessageW
PostQuitMessage
MsgWaitForMultipleObjectsEx
GetWindowThreadProcessId
SetWindowLongW
CreateWindowExW
DefWindowProcW
GetWindowLongW
SendMessageTimeoutW
FindWindowExW
IsWindow
DestroyWindow
GetClassInfoExW

advapi32

RegCreateKeyExW
GetSecurityDescriptorDacl
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
ConvertStringSidToSidW
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegGetKeySecurity
RegSetKeySecurity
RegSetValueExW

shell32

CommandLineToArgvW
SHGetFolderPathW
ord165

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoCreateGuid
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString

msvcp120

?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_BADOFF@std@@3_JB
?_Xbad_function_call@std@@YAXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

shlwapi

PathFindExtensionW
PathRemoveFileSpecW
PathAppendW
PathFileExistsW
PathFindFileNameW

basicnetutils

?GetNetManager@basic_net@@YAPAVINetManager@1@H@Z
?ReleaseNetManager@basic_net@@YAHPAVINetManager@1@@Z

msvcr120

_snwprintf_s
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??3@YAXPAX@Z
_purecall
??2@YAPAXI@Z
memmove
_CxxThrowException
__CxxFrameHandler3
memcpy
__RTDynamicCast
memset
wcsstr
_wcsupr_s
memcpy_s
memmove_s
wcsrchr
_wcsicmp
_vsnwprintf
wmemcpy_s
??_V@YAXPAX@Z
_set_invalid_parameter_handler
free
swprintf_s
vswprintf_s
_wfopen_s
fclose
fgetpos
fread
fseek
??0exception@std@@QAE@ABV01@@Z
wcsncmp
strtok_s
?terminate@@YAXXZ
_waccess_s
strncmp
_vsnprintf
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
wcsncpy_s
_wcslwr_s
malloc
_except1
_vscwprintf
wcschr
_wsplitpath_s

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust

crypt32

CertGetNameStringW
CertNameToStrW

imm32

ImmDisableIME

imagehlp

ImageGetCertificateHeader

Sections

.text
Size: 267KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3ff3dd47c63ee3f894d0ddf17ed0df6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp120

shlwapi

basicnetutils

msvcr120

wintrust

crypt32

imm32

imagehlp

Sections

.text Size: 267KB - Virtual size: 267KB

.rdata Size: 94KB - Virtual size: 93KB

.data Size: 11KB - Virtual size: 17KB

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 267KB - Virtual size: 267KB

.rdata
Size: 94KB - Virtual size: 93KB

.data
Size: 11KB - Virtual size: 17KB

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 18KB - Virtual size: 18KB