b0642aa76a1a14c2613c6c347f4b771c8ba828ca0db6db59b794689c15f3c59c

Sharing

Copy URL

Twitter E-mail

General

Target

b0642aa76a1a14c2613c6c347f4b771c8ba828ca0db6db59b794689c15f3c59c
Size

2.1MB
MD5

021ee8ee4f2290ab155ef42dd5986f82
SHA1

f71d6a33eb9118c885a462c4f5c05b3772ce3c48
SHA256

b0642aa76a1a14c2613c6c347f4b771c8ba828ca0db6db59b794689c15f3c59c
SHA512

4af7774d1832fb8cb06b4f64a353ab11bdeb6da16c27fdef50c577a66a514f61a9fba240b23ee9472839eb36c0b3fa46f141ac4c60d3f6723e8882e04338519d
SSDEEP

49152:O3FTf1MTJhKRVd7aL/dpmB3koCjImS6/jk3jou:451MTJMWRpmVkOmU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0642aa76a1a14c2613c6c347f4b771c8ba828ca0db6db59b794689c15f3c59c

Files

b0642aa76a1a14c2613c6c347f4b771c8ba828ca0db6db59b794689c15f3c59c
.exe windows:5 windows x86 arch:x86

7fd276ed554a9483e745a4e6abadebbb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\master_lu\setting_center\setting_center\Release\SettingCenter.pdb

Imports

kernel32

Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateFileW
FlushFileBuffers
ReadFile
WriteFile
GetFileSize
OutputDebugStringW
OpenMutexW
MulDiv
GetCurrentThread
CopyFileW
DeleteFileW
SetCurrentDirectoryW
LoadLibraryExW
CreateMutexW
lstrcmpiW
ReleaseMutex
ReleaseSemaphore
InterlockedIncrement
OutputDebugStringA
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindFirstFileExA
WriteConsoleW
ReadConsoleW
SetEndOfFile
SetStdHandle
SetConsoleCtrlHandler
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetStdHandle
DecodePointer
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
ExitProcess
GetModuleHandleExW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
SetProcessAffinityMask
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
InterlockedDecrement
FreeLibrary
CreateEventW
WaitForMultipleObjects
SetEvent
WideCharToMultiByte
GetPrivateProfileStringW
GetPrivateProfileIntW
LocalFree
LoadLibraryW
GetProcAddress
GetTickCount
CloseHandle
Sleep
WaitForSingleObject
TerminateThread
MultiByteToWideChar
WritePrivateProfileStringW
GetModuleFileNameW
GetVersionExW
FindResourceExW
FindResourceW
GetModuleHandleW
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
ResumeThread
SuspendThread
SetThreadContext
GetThreadContext
VirtualQuery
VirtualProtect
CreateNamedPipeW
DisconnectNamedPipe
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
ConnectNamedPipe
CreateSemaphoreW
WaitForMultipleObjectsEx
InitializeCriticalSectionEx
WaitNamedPipeW
GetSystemWindowsDirectoryW
FreeResource
InterlockedCompareExchange
CreateFileA
GetSystemDirectoryW
InitializeCriticalSection
SetLastError
GetLastError
lstrcmpiA
lstrcmpA
DeviceIoControl
GetTempPathW
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
GetCurrentThreadId
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
FindClose
GetStartupInfoW
ResetEvent
TerminateProcess
SetUnhandledExceptionFilter
GetModuleFileNameA
LockResource
GetStringTypeW
FormatMessageW
EncodePointer
TryEnterCriticalSection
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
GetExitCodeThread
GetNativeSystemInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetFileSizeEx
SetFilePointer
GetCurrentProcessId
UnhandledExceptionFilter
RtlCaptureStackBackTrace

user32

SendMessageW
PostMessageW
UnregisterClassW
LoadImageW
GetWindowThreadProcessId
CopyRect
SetWindowTextW
GetPropW
SetPropW
SetForegroundWindow
GetForegroundWindow
UpdateWindow
GetSystemMetrics
PostQuitMessage
AttachThreadInput
MessageBoxW
GetActiveWindow
CharNextW
CreateDialogParamW
ShowWindow
SendNotifyMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
IsDialogMessageW
RegisterWindowMessageW
FindWindowW
SendMessageTimeoutW
PostThreadMessageW
PeekMessageW
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
GetWindow
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
OffsetRect
MapWindowPoints
ScreenToClient
SetCursor
GetWindowRect
GetClientRect
wsprintfW
UnregisterClassA
DestroyCursor
UnionRect
EqualRect
PtInRect
DrawFocusRect
MoveWindow
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
EnableWindow
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetAsyncKeyState
EndDialog
DialogBoxParamW
BringWindowToTop
SetWindowPos
UpdateLayeredWindow
DestroyWindow
IsWindow
CreateWindowExW

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontW
EnumFontFamiliesW
RectVisible
OffsetViewportOrgEx
CreateRectRgnIndirect
DeleteDC
DeleteObject
RestoreDC
SaveDC
SelectClipRgn
SelectObject
GetDeviceCaps
CreateDIBSection
GetObjectW
SetViewportOrgEx
ExtTextOutW
SetBkColor

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

SetSecurityDescriptorDacl
RegOpenKeyExA
RegEnumKeyExA
RegGetValueW
CryptContextAddRef
CryptDecrypt
CryptEncrypt
RegEnumValueW
InitializeSecurityDescriptor
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptReleaseContext
CryptAcquireContextW
OpenProcessToken
GetTokenInformation
RegQueryValueExA

shell32

SHGetSpecialFolderPathW
ord165
CommandLineToArgvW
ShellExecuteExW
SHCreateDirectoryExW
ShellExecuteW

ole32

CoUninitialize
CoCreateGuid
CoSetProxyBlanket
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
CreateStreamOnHGlobal
CoTaskMemFree
CoInitializeSecurity

oleaut32

SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
SysStringLen
DispCallFunc
GetErrorInfo
VariantChangeType
SysAllocString
SysFreeString
CreateErrorInfo
SetErrorInfo
VariantInit
VariantClear

shlwapi

SHSetValueW
PathCombineW
PathFileExistsW
PathAppendW
PathIsDirectoryW
PathIsURLW
PathAddBackslashW
PathIsRelativeW
StrCmpIW
StrStrIA
StrStrIW
PathAppendA
PathIsRootW
StrToIntExW
SHGetValueA
SHSetValueA
StrTrimA
StrCmpNIW
SHGetValueW
PathRemoveFileSpecW

comctl32

_TrackMouseEvent
InitCommonControlsEx

winmm

timeGetTime

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

imagehlp

MakeSureDirectoryPathExists

imm32

ImmDisableIME

crypt32

CryptStringToBinaryW
CryptStringToBinaryA
CryptBinaryToStringA
CryptBinaryToStringW
CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

gdiplus

GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateBitmapFromFileICM
GdipCloneImage
GdipDeletePen
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipAlloc
GdipFree
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipCloneBrush
GdipDrawImageRectRectI
GdipCreateSolidFill
GdipCreatePen1
GdipDeleteBrush
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImagePointRectI
GdipDrawImageRectRect

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 29KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 138KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7fd276ed554a9483e745a4e6abadebbb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

winmm

version

imagehlp

imm32

crypt32

wintrust

wininet

iphlpapi

urlmon

gdiplus

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 267KB - Virtual size: 266KB

.data Size: 29KB - Virtual size: 44KB

.rsrc Size: 356KB - Virtual size: 355KB

.reloc Size: 138KB - Virtual size: 140KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 267KB - Virtual size: 266KB

.data
Size: 29KB - Virtual size: 44KB

.rsrc
Size: 356KB - Virtual size: 355KB

.reloc
Size: 138KB - Virtual size: 140KB