96ef3693355a2aa8344435b873a4df852f4d71060d81e8db192b64813ce6eaf9

Sharing

Copy URL

Twitter E-mail

General

Target

96ef3693355a2aa8344435b873a4df852f4d71060d81e8db192b64813ce6eaf9
Size

1.6MB
MD5

8122f65e4440c5f3a296f77ab6e1da44
SHA1

4347751858c0072e2f8a091efde46bf2c09b6ae6
SHA256

96ef3693355a2aa8344435b873a4df852f4d71060d81e8db192b64813ce6eaf9
SHA512

287d2ccd3b17ac78af1ff0f076fbee469b172387da8cdd3f364249a751fb1cdeaabe06a347074df7df6f3dd296dcdb17fc76ee29d49fdff4a622c9ae179fe3aa
SSDEEP

24576:na1QsnXF9oandUSRQrAb4l47zV5k1km4ucOZ+Kl:MXrood5lbA47gLRr4Kl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96ef3693355a2aa8344435b873a4df852f4d71060d81e8db192b64813ce6eaf9

Files

96ef3693355a2aa8344435b873a4df852f4d71060d81e8db192b64813ce6eaf9
.exe windows:6 windows x86 arch:x86

4ac2cadde820e18807ba03e47954d588

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\project\wubi\WB_5_5\bin\SogouPdb\SogouWubi\ConfigIE.pdb

Imports

comctl32

InitCommonControlsEx

kernel32

CompareStringW
GetSystemTime
FindFirstFileW
FindNextFileW
FindClose
CreateFileW
GetModuleHandleW
DeleteFileW
GetFileAttributesW
QueryPerformanceFrequency
GetDiskFreeSpaceExW
CloseHandle
WriteConsoleW
SetEndOfFile
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetStdHandle
SetLastError
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
HeapFree
GetCommandLineW
GetCurrentProcess
GetModuleFileNameW
GetTempPathW
GetLastError
HeapAlloc
GetProcAddress
GetCurrentProcessId
TlsAlloc
TlsFree
ReadFile
WriteFile
SetFilePointer
GetCurrentThreadId
ExitThread
CreateEventW
FormatMessageW
GlobalAlloc
GlobalFree
CreateThread
LocalFree
GetFileSize
CreateProcessW
CreateDirectoryW
WaitForSingleObject
SetFileAttributesW
GetFileAttributesExW
FileTimeToSystemTime
MoveFileExW
CopyFileW
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
LocalAlloc
GetSystemDirectoryW
LoadLibraryW
FreeLibrary
RemoveDirectoryW
Sleep
FlushFileBuffers
CreateMutexW
ReleaseMutex
OpenMutexW
GetProcessHeap
SetEvent
QueryPerformanceCounter
IsBadWritePtr
lstrlenW
TerminateProcess
lstrcatW
GetLocalTime
lstrcpyW
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
RaiseException
DecodePointer
HeapDestroy
SizeofResource
LockResource
FindResourceExW
LoadResource
FindResourceW
HeapCreate
LCMapStringW
GetStringTypeW
EncodePointer
GetCPInfo
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
InitializeSListHead
OutputDebugStringW
RtlUnwind
LoadLibraryExW
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SetEnvironmentVariableA
GetCurrentDirectoryW
GetDriveTypeW
GetFullPathNameW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
ExitProcess
GetStdHandle
GetACP
GetDateFormatW
GetTimeFormatW
IsValidCodePage
GetOEMCP
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP

user32

GetClassNameW
SetRectEmpty
IsWindowVisible
GetWindowThreadProcessId
GetWindowLongW
wvsprintfW
EndPaint
BeginPaint
DialogBoxParamW
SetWindowLongW
DestroyWindow
CreateDialogParamW
IsIconic
SetForegroundWindow
FindWindowW
GetSystemMetrics
ShowWindow
CheckDlgButton
GetSystemMenu
PostMessageW
GetWindowRect
GetFocus
MessageBoxW
ScreenToClient
EndDialog
SetWindowTextW
SetDlgItemTextW
GetDlgItemTextW
MoveWindow
LoadBitmapW
LoadIconW
GetClientRect
GetDlgItem
EnableMenuItem
EnableWindow
SendMessageW

gdi32

StretchBlt
CreateFontIndirectW
CreateCompatibleDC
GetObjectW
SelectObject
DeleteObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

shell32

SHGetFolderPathW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderPathW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

imm32

ImmDisableIME

psapi

GetProcessMemoryInfo

wininet

InternetOpenUrlW
InternetOpenW
HttpQueryInfoW
InternetCloseHandle
InternetSetOptionW

advapi32

AddAccessAllowedAceEx
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
GetTokenInformation
LookupAccountSidW
OpenProcessToken
GetLengthSid
RegOpenKeyW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
InitializeAcl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW

Sections

.text
Size: 698KB - Virtual size: 697KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 446KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 87KB - Virtual size: 947KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 409KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4ac2cadde820e18807ba03e47954d588

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

comdlg32

shell32

version

imm32

psapi

wininet

advapi32

Sections

.text Size: 698KB - Virtual size: 697KB

.rdata Size: 446KB - Virtual size: 446KB

.data Size: 87KB - Virtual size: 947KB

.rsrc Size: 409KB - Virtual size: 412KB

.text
Size: 698KB - Virtual size: 697KB

.rdata
Size: 446KB - Virtual size: 446KB

.data
Size: 87KB - Virtual size: 947KB

.rsrc
Size: 409KB - Virtual size: 412KB