5bd604b845ec9a4248c28867e260be160370dce930022852ffd79615ffd00144

Sharing

Copy URL

Twitter E-mail

General

Target

5bd604b845ec9a4248c28867e260be160370dce930022852ffd79615ffd00144
Size

539KB
MD5

0f2d835e2c7a9abd3d30ab1786e023ae
SHA1

6b8c142b3cacef5522e556935be50c9c11421a32
SHA256

5bd604b845ec9a4248c28867e260be160370dce930022852ffd79615ffd00144
SHA512

159ea5b4c13d268c181952bccc50624dae89d1276a7ada3590381229345f1b15b328f5d0551612ae732c4ed33e055c482fcfe5f5aec83e38d9873aaa9336554b
SSDEEP

6144:4+n0XNhjU4yOrDP6wm6PK1w2j4E+QNCHnAoOgr5IKdAOe0SOu14peFXuf1BN1/TS:4jhjNXP7hE+aVoOgr5IKdiOuiKABO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bd604b845ec9a4248c28867e260be160370dce930022852ffd79615ffd00144

Files

5bd604b845ec9a4248c28867e260be160370dce930022852ffd79615ffd00144
.exe windows:6 windows x86 arch:x86

3f0d9e5af540e24511b2a97a78745806

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\project\wubi\WB_5_5\bin\SogouPdb\SogouWubi\ErrorReport.pdb

Imports

kernel32

CreateFileW
GetCurrentThreadId
ExitThread
CreateEventW
FormatMessageW
GlobalAlloc
GlobalFree
CreateThread
LocalFree
GetFileSize
CreateProcessW
MultiByteToWideChar
WideCharToMultiByte
OpenEventW
Sleep
HeapFree
GetCommandLineW
GetTempPathW
HeapAlloc
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
GlobalLock
GlobalUnlock
FindNextFileW
FindClose
GetFileAttributesW
GetSystemDirectoryW
SetFileAttributesW
DeleteFileW
LoadLibraryW
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
CreateDirectoryW
GetModuleFileNameW
GetProcessHeap
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection
CreateMutexW
ReleaseMutex
OpenMutexW
FreeLibrary
FlushFileBuffers
GetStringTypeW
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
RaiseException
LoadLibraryExW
FindFirstFileExW
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
HeapReAlloc
ExitProcess
GetStdHandle
GetACP
GetDateFormatW
GetTimeFormatW
GetFileType
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
GetConsoleCP
GetConsoleMode
HeapSize
SetFilePointerEx
WriteConsoleW
WriteFile
GetCurrentProcess
SetLastError
ReadFile
QueryPerformanceCounter
CloseHandle
ResetEvent
SetEvent
WaitForSingleObject
GetLastError
LocalAlloc
WaitForSingleObjectEx

advapi32

RegOpenKeyExW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
SetEntriesInAclW
GetTokenInformation
LookupAccountSidW
OpenProcessToken
SetNamedSecurityInfoW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
AddAccessAllowedAceEx
RegQueryValueExW
GetLengthSid
GetNamedSecurityInfoW
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
InitializeAcl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW

imm32

ImmDisableIME

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

user32

GetWindowThreadProcessId
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
GetSystemMetrics
SetRectEmpty
MessageBoxW
IsWindowVisible
GetClassNameW

shell32

ShellExecuteW
SHGetFolderPathW

Sections

.text
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 19KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 97KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3f0d9e5af540e24511b2a97a78745806

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

imm32

version

user32

shell32

Sections

.text Size: 229KB - Virtual size: 228KB

.rdata Size: 118KB - Virtual size: 117KB

.data Size: 19KB - Virtual size: 39KB

.rsrc Size: 97KB - Virtual size: 100KB

.text
Size: 229KB - Virtual size: 228KB

.rdata
Size: 118KB - Virtual size: 117KB

.data
Size: 19KB - Virtual size: 39KB

.rsrc
Size: 97KB - Virtual size: 100KB