35030ba9134d0028a45cf2eff37811f05b19a25c804be26c4895106245fc4eff

Sharing

Copy URL

Twitter E-mail

General

Target

35030ba9134d0028a45cf2eff37811f05b19a25c804be26c4895106245fc4eff
Size

1.7MB
MD5

caf1c3cbd3df63630230b07302590977
SHA1

ae3e87c4bb17f0beb3dc21b6d13405a8b9fa31c7
SHA256

35030ba9134d0028a45cf2eff37811f05b19a25c804be26c4895106245fc4eff
SHA512

ea7a6a5022376fd150d636c3c8acceda4449cedb3d71e04aa79838ee4c455551b0185f0eb00dd42a87968dee5d4acc9b821d14ca662f81c63ecfeaea452f210b
SSDEEP

24576:sqRq2E57hTUVIjMcE5N1GspwTrusOFF13u6hTIsI0wKyUspSZ5cOZeP:TjcEj1GspwXcFT39Us3cpSXrYP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35030ba9134d0028a45cf2eff37811f05b19a25c804be26c4895106245fc4eff

Files

35030ba9134d0028a45cf2eff37811f05b19a25c804be26c4895106245fc4eff
.exe windows:6 windows x86 arch:x86

29892fd2069c60d628d2d6fc34c69eb1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\project\wubi\WB_5_5\bin\SogouPdb\SogouWubi\WbQueryWindow.pdb

Imports

kernel32

SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetConsoleCP
ReadConsoleW
GetConsoleMode
PeekNamedPipe
GetOEMCP
IsValidCodePage
GetTimeFormatW
SetEndOfFile
WriteConsoleW
GetCurrentThreadId
GetLastError
QueryPerformanceFrequency
HeapDestroy
lstrlenW
lstrcpyW
GetFullPathNameW
GetCurrentDirectoryW
GetFileInformationByHandle
GetDriveTypeW
FindResourceW
LoadResource
FindResourceExW
LockResource
SizeofResource
GetDateFormatW
GetTimeZoneInformation
GetFileType
GetACP
GetStdHandle
FormatMessageA
InitializeCriticalSection
LoadLibraryA
GetSystemDirectoryA
SleepEx
SetFilePointerEx
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
LoadLibraryExW
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
OpenFileMappingW
UnmapViewOfFile
CloseHandle
CreateFileMappingW
MapViewOfFile
ReadFile
SetLastError
GetCurrentProcess
WriteFile
GetModuleFileNameW
WaitForMultipleObjects
SetFilePointer
ExitThread
CreateEventW
FormatMessageW
GlobalAlloc
GlobalFree
CreateThread
LocalFree
GetFileSize
CreateProcessW
OpenEventW
Sleep
CreateMutexW
WaitForSingleObject
ReleaseMutex
OpenMutexW
FindFirstFileW
FindNextFileW
RemoveDirectoryW
FindClose
GetFileAttributesW
GetVersionExW
GetSystemDirectoryW
SetFileAttributesW
DeleteFileW
LoadLibraryW
GetProcAddress
MoveFileExW
GetModuleHandleW
HeapFree
GetCommandLineW
GetTempPathW
HeapAlloc
GetCurrentProcessId
LocalAlloc
CreateDirectoryW
GetFileAttributesExW
FileTimeToSystemTime
CopyFileW
FreeLibrary
GetProcessHeap
QueryPerformanceCounter
FlushFileBuffers
SetEvent
InitializeCriticalSectionEx
RaiseException
DecodePointer
HeapSize
OutputDebugStringW
HeapReAlloc
IsBadWritePtr
TerminateProcess
lstrcatW
GetLocalTime
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
GetTickCount
UnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
GetStringTypeW
EncodePointer
GetCPInfo
CompareStringW
LCMapStringW
TlsAlloc
HeapCreate

user32

GetKeyboardState
EndDialog
DestroyIcon
CallNextHookEx
GetDlgItem
SendMessageW
SetWindowPos
IsWindowVisible
GetDC
SetScrollInfo
DestroyWindow
GetScrollInfo
GetScrollPos
LoadBitmapW
ScrollWindow
CreateDialogParamW
AdjustWindowRectEx
MonitorFromPoint
GetMenu
InflateRect
GetSystemMetrics
SetWindowTextW
CreatePopupMenu
SetTimer
GetMonitorInfoW
GetDlgCtrlID
ClientToScreen
DestroyMenu
LoadIconW
MessageBoxW
GetClassNameW
DialogBoxParamW
UnhookWindowsHookEx
wvsprintfW
CreateWindowExW
TrackPopupMenuEx
AppendMenuW
KillTimer
DrawEdge
SystemParametersInfoW
UpdateWindow
LoadImageW
GetFocus
FillRect
ScreenToClient
RemovePropW
IsWindow
OffsetRect
GetCapture
DrawFocusRect
GetSysColor
IsWindowEnabled
SetFocus
SetPropW
LoadCursorW
SetCapture
GetWindowDC
SetCursor
SetRectEmpty
DrawTextW
GetParent
PtInRect
ReleaseCapture
InvalidateRect
GetCursorPos
FindWindowW
SetWindowsHookExW
SetWindowLongW
GetWindowThreadProcessId
GetClientRect
SetForegroundWindow
ReleaseDC
GetWindowRect
PostMessageW
CallWindowProcW
DefWindowProcW
GetWindowLongW
GetWindowTextW
EnableWindow
EndPaint
BeginPaint

gdi32

DeleteDC
DeleteObject
CreateDIBSection
StretchBlt
GetTextExtentPointW
CreatePatternBrush
SetBkColor
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateFontIndirectW
SetViewportOrgEx
CreateSolidBrush
SelectObject
GetStockObject
GetTextExtentPoint32W
SetTextColor
SetBkMode
GetObjectW

imm32

ImmDisableIME

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetProcessMemoryInfo

comctl32

_TrackMouseEvent
ImageList_LoadImageW
ImageList_Draw
ImageList_Destroy
InitCommonControlsEx
ImageList_GetIconSize

wininet

InternetReadFile
InternetCloseHandle
InternetGetLastResponseInfoW
HttpQueryInfoW
InternetOpenW
InternetOpenUrlW
InternetSetOptionW

advapi32

GetTokenInformation
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken
RegCloseKey
LookupAccountSidW
GetLengthSid
AddAccessAllowedAceEx
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
RegSetValueExW
RegCreateKeyExW
RegOpenKeyW

shell32

SHGetFolderPathW
ShellExecuteW
SHFileOperationW

ws2_32

ioctlsocket
listen
accept
getpeername
connect
bind
send
recv
WSAGetLastError
closesocket
WSACleanup
WSAStartup
sendto
recvfrom
select
__WSAFDIsSet
gethostname
WSASetLastError
getservbyname
getservbyport
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
htonl
getsockopt
socket
setsockopt
ntohs
htons
getsockname

wldap32

ord143
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301

Sections

.text
Size: 814KB - Virtual size: 813KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 406KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 76KB - Virtual size: 426KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 350KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

29892fd2069c60d628d2d6fc34c69eb1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

imm32

version

psapi

comctl32

wininet

advapi32

shell32

ws2_32

wldap32

Sections

.text Size: 814KB - Virtual size: 813KB

.rdata Size: 406KB - Virtual size: 405KB

.data Size: 76KB - Virtual size: 426KB

.rsrc Size: 350KB - Virtual size: 352KB

.text
Size: 814KB - Virtual size: 813KB

.rdata
Size: 406KB - Virtual size: 405KB

.data
Size: 76KB - Virtual size: 426KB

.rsrc
Size: 350KB - Virtual size: 352KB