ac2bbaf1c31674c6d784b44e411a86a46229b4deb2287932fb5d3e551d6f46ff

Sharing

Copy URL

Twitter E-mail

General

Target

ac2bbaf1c31674c6d784b44e411a86a46229b4deb2287932fb5d3e551d6f46ff
Size

1.2MB
MD5

db77eb4be7cb74723c03b98dca1e878e
SHA1

ae6fef708678b998db18ce7d93a834848a1cde58
SHA256

ac2bbaf1c31674c6d784b44e411a86a46229b4deb2287932fb5d3e551d6f46ff
SHA512

888c15c684017af1487c6b20aabfb0a0c25a10b59a9a8be213a1653d64c490bb8d4de7664a7c089823923c55e95e8d87b327eab0fbca38315d1241369d6fe064
SSDEEP

24576:Vd/aXL+I51A/oM1uBtIT4FM/f5fblQE/K4xpi/FRcjybQ+QOsv:eL+wAAM1uBtITeMlbl/Kz3bQ+Q3v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac2bbaf1c31674c6d784b44e411a86a46229b4deb2287932fb5d3e551d6f46ff

Files

ac2bbaf1c31674c6d784b44e411a86a46229b4deb2287932fb5d3e551d6f46ff
.exe windows:6 windows x86 arch:x86

047a693a4f28a1d4954bdd43bcff263e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\project\wubi\WB_5_5\bin\SogouPdb\SogouWubi\XCrashReport.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

OutputDebugStringA
MultiByteToWideChar
GetSystemDirectoryA
SetUnhandledExceptionFilter
CreateMutexA
OpenMutexA
Sleep
ReadFile
GetFileSize
CreateFileA
GlobalMemoryStatusEx
Process32Next
Process32First
CreateToolhelp32Snapshot
WideCharToMultiByte
CopyFileA
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
ReadProcessMemory
OpenProcess
DeleteCriticalSection
InitializeCriticalSectionEx
LoadLibraryW
FreeLibrary
SetLastError
GetCurrentProcess
WriteFile
GetModuleFileNameW
WaitForMultipleObjects
SetFilePointer
CreateFileW
GetCurrentThreadId
DuplicateHandle
ExitThread
CreateEventW
FormatMessageW
GlobalAlloc
GlobalFree
CreateThread
LocalFree
CreateProcessW
QueryDosDeviceW
FindFirstFileW
FindNextFileW
RemoveDirectoryW
FindClose
GetFileAttributesW
GetVersionExW
GetSystemDirectoryW
SetFileAttributesW
GetLogicalDriveStringsW
Process32NextW
DeleteFileW
Process32FirstW
MoveFileExW
GetModuleHandleW
HeapFree
GetCommandLineW
GetTempPathW
HeapAlloc
GetLastError
WaitForSingleObject
GetExitCodeProcess
CreateDirectoryW
SetFileTime
GetProcessId
GetFileAttributesExW
FileTimeToSystemTime
SystemTimeToFileTime
CopyFileW
GetTempFileNameW
GetFileTime
LocalAlloc
GetProcessHeap
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
FlushFileBuffers
CreateMutexW
ReleaseMutex
OpenMutexW
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
SetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
IsBadWritePtr
lstrlenW
TerminateThread
lstrcatW
GetLocalTime
lstrcpyW
VirtualQuery
IsDebuggerPresent
GetStringTypeW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
OutputDebugStringW
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
GetCommandLineA
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
GetCurrentThread
HeapReAlloc
ExitProcess
GetStdHandle
GetACP
HeapSize
GetFileType
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
SetStdHandle
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
SetConsoleCtrlHandler
FindFirstFileExA
FindNextFileA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleW
SetEndOfFile
RaiseException
CloseHandle
DecodePointer
CreateDirectoryA
GetCurrentProcessId
TerminateProcess

user32

GetWindowRect
GetWindow
GetWindowThreadProcessId
GetWindowLongW
SetRectEmpty
SetCursor
LoadCursorW
TranslateMessage
MsgWaitForMultipleObjectsEx
SetWindowPos
DispatchMessageW
wvsprintfW
SystemParametersInfoW
GetParent
SetForegroundWindow
IsIconic
LoadStringW
MessageBoxW
EnumWindows
MonitorFromWindow
IsWindowVisible
GetSystemMetrics
ShowWindow
GetMonitorInfoW
GetForegroundWindow
AttachThreadInput
UnregisterClassA
PeekMessageW
GetClassNameW

advapi32

RegQueryInfoKeyW
RegOpenKeyW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetTokenInformation
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken
SetEntriesInAclW
RegQueryValueW
LookupAccountSidW
RegEnumValueW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegFlushKey
RegDeleteKeyW
BuildExplicitAccessWithNameW
RegEnumKeyW
GetLengthSid
AddAccessAllowedAceEx
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

imm32

ImmDisableIME

psapi

GetProcessMemoryInfo
GetModuleInformation

wininet

InternetConnectA
InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
HttpEndRequestA
HttpQueryInfoA

gdi32

CreateFontIndirectW

shell32

ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetFolderPathW

Sections

.text
Size: 836KB - Virtual size: 835KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 23KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

047a693a4f28a1d4954bdd43bcff263e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

imm32

psapi

wininet

gdi32

shell32

Sections

.text Size: 836KB - Virtual size: 835KB

.rdata Size: 179KB - Virtual size: 178KB

.data Size: 23KB - Virtual size: 125KB

.rsrc Size: 95KB - Virtual size: 96KB

.text
Size: 836KB - Virtual size: 835KB

.rdata
Size: 179KB - Virtual size: 178KB

.data
Size: 23KB - Virtual size: 125KB

.rsrc
Size: 95KB - Virtual size: 96KB