9d93c23e91c00dba8c7bd5ea727ccc815c5c40a714766326decf3463cdb67051

Sharing

Copy URL

Twitter E-mail

General

Target

9d93c23e91c00dba8c7bd5ea727ccc815c5c40a714766326decf3463cdb67051
Size

1.3MB
MD5

5c2820ff1e12376ab7ad0406c437f458
SHA1

e539669ce5aadc758c5e5244072172a22386b7dd
SHA256

9d93c23e91c00dba8c7bd5ea727ccc815c5c40a714766326decf3463cdb67051
SHA512

58a1c7df32e2dfa391b1db9c69eee70c45619e27f9b9b6072427eb9a591649394cc59e3efc804a581dfeed4f75812a62643e724a07d7b9f2d45ca835523244b9
SSDEEP

24576:64wevST61zu5VnoRx79BkjprdQjkjHdldLifSgAj8zWYtv:64c2uSx79Bk5dQKHjdLUSgSWWY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9d93c23e91c00dba8c7bd5ea727ccc815c5c40a714766326decf3463cdb67051

Files

9d93c23e91c00dba8c7bd5ea727ccc815c5c40a714766326decf3463cdb67051
.exe windows:6 windows x86 arch:x86

36dbbcd26fc562ecb8d80d18243ad0e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\project\wubi\WB_5_5\bin\SogouPdb\SogouWubi\ScdReg.pdb

Imports

imm32

ImmDisableIME

kernel32

GetStartupInfoW
FindFirstFileW
HeapFree
FindNextFileW
GetTempPathW
InitializeCriticalSectionEx
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameW
GetDriveTypeW
GetCurrentDirectoryW
FindResourceW
LoadResource
FindResourceExW
LockResource
SizeofResource
FindClose
HeapSize
GetLastError
QueryPerformanceFrequency
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
ReadFile
SetLastError
WriteFile
SetFilePointer
CreateFileW
SetFileAttributesW
Sleep
CloseHandle
GetFileSize
FlushFileBuffers
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineW
GetCurrentProcess
GetModuleFileNameW
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
LoadLibraryW
FreeLibrary
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetCurrentThreadId
ExitThread
CreateEventW
FormatMessageW
GlobalAlloc
GlobalFree
CreateThread
LocalFree
CreateProcessW
RemoveDirectoryW
GetFileAttributesW
GetVersionExW
GetSystemDirectoryW
DeleteFileW
MoveFileExW
CreateDirectoryW
WaitForSingleObject
GetFileAttributesExW
FileTimeToSystemTime
CopyFileW
LocalAlloc
OpenEventW
CreateMutexW
ReleaseMutex
OpenMutexW
QueryPerformanceCounter
SetEvent
IsBadWritePtr
lstrlenW
TerminateProcess
GetProcessHeap
GetLocalTime
lstrcpyW
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
HeapCreate
GetStringTypeW
EncodePointer
GetCPInfo
CompareStringW
LCMapStringW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
OutputDebugStringW
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
lstrcatW
InitializeSListHead
RtlUnwind
LoadLibraryExW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP
GetFileType
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetEndOfFile
ReadConsoleW
WriteConsoleW

user32

IsWindowVisible
GetWindowThreadProcessId
CreateWindowExW
wvsprintfW
SetWindowTextW
SetTimer
TrackMouseEvent
IsDlgButtonChecked
SetPropW
GetClientRect
GetDlgItem
DrawTextW
CheckDlgButton
GetParent
DialogBoxParamW
InvalidateRect
ReleaseDC
BeginPaint
EndPaint
GetWindowTextW
RemovePropW
GetWindowLongW
CallWindowProcW
GetWindowRect
GetDC
SetWindowPos
MessageBoxW
GetPropW
ScreenToClient
SendMessageW
EndDialog
GetClassNameW
SetWindowLongW
GetSystemMetrics
GetWindowDC
SetRectEmpty
DefWindowProcW

gdi32

GetObjectW
CreateSolidBrush
DeleteObject
SelectObject
GetStockObject
GetTextExtentPoint32W
SetTextColor
SetBkMode
CreateFontIndirectW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetProcessMemoryInfo

wininet

InternetCloseHandle
HttpQueryInfoW
InternetSetOptionW
InternetOpenUrlW
InternetWriteFile
InternetCrackUrlA
HttpEndRequestW
HttpSendRequestExW
InternetConnectA
HttpAddRequestHeadersW
HttpOpenRequestA
InternetOpenW

advapi32

CryptAcquireContextW
CryptSetKeyParam
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext
RegQueryValueExW
RegOpenKeyW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
InitializeAcl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
AddAccessAllowedAceEx
GetLengthSid
OpenProcessToken
LookupAccountSidW
GetTokenInformation
RegCloseKey
RegEnumKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW

shell32

SHFileOperationW
ShellExecuteW
SHGetFolderPathW

Sections

.text
Size: 699KB - Virtual size: 698KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 75KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

36dbbcd26fc562ecb8d80d18243ad0e6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

imm32

kernel32

user32

gdi32

version

psapi

wininet

advapi32

shell32

Sections

.text Size: 699KB - Virtual size: 698KB

.rdata Size: 376KB - Virtual size: 375KB

.data Size: 75KB - Virtual size: 425KB

.rsrc Size: 104KB - Virtual size: 108KB

.text
Size: 699KB - Virtual size: 698KB

.rdata
Size: 376KB - Virtual size: 375KB

.data
Size: 75KB - Virtual size: 425KB

.rsrc
Size: 104KB - Virtual size: 108KB