c7435aa35982fb38a8ca6b04c9b7f5832fc2580cb98d86191fd0b3dced8cc84fN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

c7435aa35982fb38a8ca6b04c9b7f5832fc2580cb98d86191fd0b3dced8cc84fN.exe
Size

1.8MB
MD5

1b04d54c5f8011f26e6165f96d4bb7d0
SHA1

13a034dd54b8634ca921567a0156d1df897a86b3
SHA256

c7435aa35982fb38a8ca6b04c9b7f5832fc2580cb98d86191fd0b3dced8cc84f
SHA512

6de48d1181cc80f41a54a7530e7795d11fb54667f682cde870e2e9fb0e72565e3fb09fae1a782cd840d2a44071217b04d59d4130639919e8b39110974c6e856b
SSDEEP

24576:OpWu6ejO9BDLdqsLIY6oF7gkqwJCXvSlLfCXYam5vQtMOt88dTrDcjIphBvVyV16:w6iOTDLFNqwJCXvpddTl9v0V1eN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7435aa35982fb38a8ca6b04c9b7f5832fc2580cb98d86191fd0b3dced8cc84fN.exe

Files

c7435aa35982fb38a8ca6b04c9b7f5832fc2580cb98d86191fd0b3dced8cc84fN.exe
.exe windows:5 windows x86 arch:x86

d1882b1c6e7992e91a3f05a588268084

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\project\ime_comp\branch\PinyinDev_R_8_9_cef\Bin\SogouPdb\Component\SogouFlash\SogouFlashexe.pdb

Imports

msimg32

TransparentBlt
AlphaBlend

kernel32

SetFilePointer
VirtualQuery
CreateProcessW
SetUnhandledExceptionFilter
GetCurrentProcess
WriteFile
FormatMessageW
TerminateProcess
CreateFileW
lstrlenW
GetLocalTime
lstrcatW
IsDebuggerPresent
GetCurrentThreadId
GetCurrentProcessId
lstrcpyW
SetLastError
CreateMutexW
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
InterlockedCompareExchange
SetEvent
GetTickCount
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CreateEventW
DeleteCriticalSection
ReleaseMutex
ConnectNamedPipe
WaitForSingleObjectEx
CreateNamedPipeW
GetOverlappedResult
DisconnectNamedPipe
ReadFileEx
WriteFileEx
GetTempFileNameW
MoveFileExW
GlobalAlloc
CopyFileW
GetFileAttributesW
FileTimeToSystemTime
GlobalFree
GetFileTime
SetFileAttributesW
GetFileSize
ReadFile
ExitThread
LocalFree
CreateThread
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
GetSystemDirectoryW
GetTempPathW
OpenMutexW
WideCharToMultiByte
FindResourceW
LoadResource
SizeofResource
LockResource
FlushFileBuffers
RemoveDirectoryW
LocalAlloc
QueryPerformanceCounter
GetVersionExW
VirtualAlloc
TerminateThread
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GlobalLock
GlobalUnlock
GlobalReAlloc
GetWindowsDirectoryA
GetACP
CreateFileA
CreateFileMappingA
OpenFileMappingA
OutputDebugStringW
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetStartupInfoW
RtlUnwind
FileTimeToLocalFileTime
ResumeThread
GetTimeZoneInformation
RaiseException
GetDriveTypeA
FindFirstFileA
GetCPInfo
GetOEMCP
IsValidCodePage
HeapCreate
HeapDestroy
VirtualFree
GetStdHandle
GetModuleFileNameA
HeapSize
LoadLibraryA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetModuleHandleA
GetCurrentDirectoryA
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetFullPathNameA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
WaitNamedPipeW
WriteConsoleW
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrlenA
DebugBreak
SleepEx
GetSystemDirectoryA
InitializeCriticalSection
PeekNamedPipe
ExpandEnvironmentStringsA
FormatMessageA
GetFileInformationByHandle
GetWindowsDirectoryW
QueryDosDeviceW
GetLastError
LoadLibraryW
OpenProcess
GetLogicalDriveStringsW
FreeLibrary
CreateDirectoryW
FindNextFileW
FindClose
FindFirstFileW
DeleteFileW
MultiByteToWideChar
CloseHandle
WaitForMultipleObjects
GetProcAddress
GetModuleFileNameW
Sleep
GetModuleHandleW
OpenEventW
GetConsoleOutputCP

user32

CreatePopupMenu
AppendMenuW
TrackPopupMenu
SetCaretPos
CreateCaret
DrawTextW
InflateRect
SetRect
EndPaint
SetCursor
UpdateLayeredWindow
SetTimer
SetCapture
KillTimer
GetKeyState
LoadCursorW
GetClientRect
BeginPaint
RegisterClassExW
UnionRect
IsWindow
CreateWindowExW
ReleaseCapture
IsWindowVisible
LoadStringW
SetForegroundWindow
GetDesktopWindow
SetWindowPos
SetMenuItemInfoW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjectsEx
DispatchMessageW
wvsprintfW
GetCursorPos
DestroyMenu
PostMessageW
GetMonitorInfoW
GetSystemMetrics
GetLastInputInfo
GetKeyboardLayoutList
ReleaseDC
IntersectRect
GetDC
ActivateKeyboardLayout
WindowFromPoint
SystemParametersInfoW
GetWindowThreadProcessId
GetParent
TrackMouseEvent
IsWindowEnabled
OffsetRect
GetWindowLongW
SetWindowLongW
ShowWindow
SendMessageW
EnableWindow
CallWindowProcW
SetCursorPos
LoadImageW
DestroyWindow
FindWindowW
SubtractRect
MonitorFromPoint
GetWindowRect
MoveWindow
DefWindowProcW
SetWindowRgn
PtInRect
GetAsyncKeyState
RedrawWindow
GetCursor
FillRect
SetRectEmpty
CharNextW

gdi32

SetMapMode
StretchDIBits
SetTextColor
GetStockObject
GetTextExtentPoint32W
GetTextMetricsW
GetCharABCWidthsFloatW
OffsetRgn
CombineRgn
ExtCreateRegion
StretchBlt
SetBkMode
SelectClipRgn
CreateCompatibleBitmap
GetTextExtentExPointW
CreateRectRgn
SelectObject
DeleteObject
GetObjectW
CreateCompatibleDC
CreateDIBSection
DeleteDC
GetDeviceCaps
GetFontData
MoveToEx
BitBlt
LineTo
GetPixel
Rectangle
CreateFontIndirectW
CreatePen
CreateSolidBrush

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

imm32

ImmDisableIME

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

urlmon

CreateURLMoniker

shlwapi

StrStrIW

advapi32

GetLengthSid
RegCreateKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
GetTokenInformation
LookupAccountSidW
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
GetNamedSecurityInfoW
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
SetSecurityDescriptorSacl
RegOpenKeyW
RegQueryValueExW

shell32

ShellExecuteW
SHGetFolderPathW
SHFileOperationW

ole32

CoInitialize
CoCreateInstance
OleDraw
CreateStreamOnHGlobal
CoTaskMemAlloc

oleaut32

GetErrorInfo
SysFreeString
SysAllocString

wininet

InternetSetOptionW
HttpQueryInfoW
InternetCloseHandle
InternetOpenUrlW
InternetOpenW
InternetReadFile

ws2_32

getservbyname
closesocket
getservbyport
WSAStartup
gethostname
sendto
htonl
WSAGetLastError
inet_ntoa
gethostbyname
inet_addr
socket
connect
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
send
recv
accept
listen
__WSAFDIsSet
select
ioctlsocket
recvfrom
WSACleanup
WSASetLastError
gethostbyaddr

wldap32

ord46
ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 35KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 146KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d1882b1c6e7992e91a3f05a588268084

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msimg32

kernel32

user32

gdi32

psapi

imm32

version

urlmon

shlwapi

advapi32

shell32

ole32

oleaut32

wininet

ws2_32

wldap32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 308KB - Virtual size: 308KB

.data Size: 35KB - Virtual size: 105KB

.rsrc Size: 113KB - Virtual size: 113KB

.reloc Size: 146KB - Virtual size: 148KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 308KB - Virtual size: 308KB

.data
Size: 35KB - Virtual size: 105KB

.rsrc
Size: 113KB - Virtual size: 113KB

.reloc
Size: 146KB - Virtual size: 148KB