ad1aa74a8df9074c669fbe94b56000e2365bc67640130a9c9da6cff5544da8e1

Sharing

Copy URL

Twitter E-mail

General

Target

ad1aa74a8df9074c669fbe94b56000e2365bc67640130a9c9da6cff5544da8e1
Size

431KB
MD5

637f69369f3707dffc9a886cb0390076
SHA1

a1858c09f11500f7e206dc93e08828d256623975
SHA256

ad1aa74a8df9074c669fbe94b56000e2365bc67640130a9c9da6cff5544da8e1
SHA512

3dfd393713b9360b414f659b9c1e8a5d40fd132c2d48ecd71648346b85c2bb047d586b74c43dd3137af369bdf6ab06050e346bb06f05beb254c7d72231479d49
SSDEEP

6144:cATO5/Ab7yXF5Ai9ieHp+0uY0UF0TOwV4LMh1zj3kPllS2izE:cATO5/dXFyi9vHHtT0hh1zSns

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad1aa74a8df9074c669fbe94b56000e2365bc67640130a9c9da6cff5544da8e1

Files

ad1aa74a8df9074c669fbe94b56000e2365bc67640130a9c9da6cff5544da8e1
.exe windows:5 windows x86 arch:x86

3c0a03126badeef198c457ea9a980f03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\code\pinyin-pc\Basic\Outputs\Release\BDImeTips.pdb

Imports

wininet

InternetOpenUrlW
HttpQueryInfoW
InternetCloseHandle
InternetOpenW

imm32

ImmDisableIME

configure

ReleaseConfigInst
GetConfigureInst

kernel32

QueryPerformanceCounter
LoadLibraryExW
FlushFileBuffers
ReadConsoleW
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetFileType
GetStdHandle
ExitProcess
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
GetFileAttributesExW
EncodePointer
GetStringTypeW
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
FreeEnvironmentStringsW
GetEnvironmentStringsW
MultiByteToWideChar
CreateFileMappingW
DecodePointer
HeapSize
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
GetFileSize
MoveFileW
GetTempPathW
MulDiv
WideCharToMultiByte
GetFileAttributesW
UnmapViewOfFile
ProcessIdToSessionId
GetPrivateProfileIntW
GetSystemTimeAsFileTime
OpenFileMappingW
MapViewOfFile
GetTickCount
FlushInstructionCache
RaiseException
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
GetModuleHandleW
GetPrivateProfileStringW
CreateProcessW
GlobalMemoryStatusEx
GetCurrentThreadId
GetCommandLineW
GetModuleFileNameW
AddVectoredExceptionHandler
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
RemoveVectoredExceptionHandler
ReadFile
WriteFile
GetOverlappedResult
SetEvent
SetNamedPipeHandleState
CreateFileW
CreateEventW
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedExchange
GetLastError
SetErrorMode
ReleaseMutex
CloseHandle
CreateMutexW
Sleep
LocalAlloc
LocalFree
WaitForSingleObject
FreeLibrary
GetVersionExW
GetProcAddress
LoadLibraryW
SetLastError
GetModuleHandleExW

user32

ReleaseDC
GetDC
DefWindowProcW
SetWindowLongW
GetWindowLongW
IsWindow
DestroyWindow
CreateWindowExW
UpdateLayeredWindow
TrackMouseEvent
SetCapture
ReleaseCapture
KillTimer
SendMessageW
RegisterClassExW
GetClassInfoExW
SetWinEventHook
WaitForInputIdle
LoadCursorW
SetCursor
IsWindowVisible
IsIconic
PeekMessageW
PostMessageW
FindWindowExW
GetDesktopWindow
CloseDesktop
OpenDesktopW
CharNextW
UnhookWinEvent
GetMessageW
CallWindowProcW
BringWindowToTop
MoveWindow
PtInRect
ClientToScreen
ShowWindow
FindWindowW
GetWindow
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
GetMonitorInfoW
MonitorFromPoint
GetCursorPos
GetSystemMetrics
PostQuitMessage
SetTimer
GetKeyState
MonitorFromWindow
UnregisterClassW
DispatchMessageW
TranslateMessage
GetWindowRect

gdi32

GetDeviceCaps
DeleteObject
DeleteDC
SelectObject
CreateCompatibleDC
CreateDIBSection

advapi32

AllocateAndInitializeSid
SetEntriesInAclW
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptSetKeyParam
CryptDecrypt
CryptDestroyKey
CryptImportKey
CryptReleaseContext
CryptAcquireContextW
GetSecurityDescriptorDacl
RegSetKeySecurity
RegGetKeySecurity
RegSetValueExW
RegCreateKeyExW
ConvertStringSidToSidW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
InitializeSecurityDescriptor

shell32

ord51
SHGetFolderPathW
ord165
ShellExecuteW

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
CoCreateGuid

oleaut32

SysFreeString
SysAllocString

shlwapi

PathFileExistsW
PathAppendW
AssocQueryStringW
PathRemoveFileSpecW

basicnetutils

?ReleaseHttpClientInDefaultManager@basic_net@@YAHPAVIHttpClient@1@@Z
?CreateHttpClientInDefaultManager@basic_net@@YAPAVIHttpClient@1@XZ

crypt32

CertGetNameStringW
CertNameToStrW

imagehlp

ImageGetCertificateHeader

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c0a03126badeef198c457ea9a980f03

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

imm32

configure

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

basicnetutils

crypt32

imagehlp

wintrust

version

Sections

.text Size: 318KB - Virtual size: 317KB

.rdata Size: 80KB - Virtual size: 80KB

.data Size: 13KB - Virtual size: 26KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 318KB - Virtual size: 317KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 13KB - Virtual size: 26KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 16KB