3c2a31fa281d8a686a8125ca814214a3668d783c06fd1d45ad882db20b0fe850N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

3c2a31fa281d8a686a8125ca814214a3668d783c06fd1d45ad882db20b0fe850N.exe
Size

1021KB
MD5

790d867c33b4b28a9d54c85d8ad2c980
SHA1

bff3455fe5071892101cab6c2df868f034c993ff
SHA256

3c2a31fa281d8a686a8125ca814214a3668d783c06fd1d45ad882db20b0fe850
SHA512

7c1bd41b36b00270f3ba2cc65bdf44f041ec2effafbec7093482654b41cf940f52b2a5697e21bc2ee2e20d1a1e2563eb56427da385b53e4a940d33ea3906c853
SSDEEP

24576:Bsc1yQpprv+w6gKrzFI+mLT3Pvm++G2R8:ZGox+yT32++

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c2a31fa281d8a686a8125ca814214a3668d783c06fd1d45ad882db20b0fe850N.exe

Files

3c2a31fa281d8a686a8125ca814214a3668d783c06fd1d45ad882db20b0fe850N.exe
.exe windows:6 windows x86 arch:x86

73e389572a2b5fe81aa5489732bce309

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\project\wubi\WB_5_5\bin\SogouPdb\SogouWubi\WbSkinReg.pdb

Imports

kernel32

HeapDestroy
SizeofResource
InitializeCriticalSectionEx
LockResource
FindResourceExW
LoadResource
FindResourceW
GetSystemInfo
VirtualAlloc
VirtualProtect
SetLastError
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineW
GetCurrentProcess
GetModuleFileNameW
GetTempPathW
CloseHandle
HeapAlloc
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
ReadFile
WriteFile
SetFilePointer
CreateFileW
GetCurrentThreadId
ExitThread
CreateEventW
FormatMessageW
GlobalAlloc
GlobalFree
CreateThread
LocalFree
GetFileSize
CreateProcessW
FindFirstFileW
FindNextFileW
RemoveDirectoryW
FindClose
GetFileAttributesW
GetVersionExW
GetSystemDirectoryW
SetFileAttributesW
DeleteFileW
GetCurrentDirectoryW
MoveFileExW
CreateDirectoryW
WaitForSingleObject
FileTimeToSystemTime
CopyFileW
GetFileTime
GetExitCodeProcess
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
LocalAlloc
CreateMutexW
ReleaseMutex
OpenMutexW
Sleep
FlushFileBuffers
SetEvent
QueryPerformanceCounter
IsBadWritePtr
lstrlenW
TerminateProcess
lstrcatW
GetLocalTime
lstrcpyW
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
GetStringTypeW
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
FreeLibrary
LoadLibraryExW
RaiseException
RtlUnwind
FindFirstFileExW
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP
HeapReAlloc
GetFileType
OutputDebugStringW
GetDateFormatW
GetTimeFormatW
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
GetConsoleCP
GetConsoleMode
HeapSize
SetFilePointerEx
SetEndOfFile
ReadConsoleW
WriteConsoleW
GlobalLock
GlobalUnlock
GetFileSizeEx
GetFullPathNameW
GetProcessHeap
GetLastError
LoadLibraryW
HeapFree

user32

GetClassNameW
SystemParametersInfoW
GetSystemMetrics
SetRectEmpty
EndPaint
BeginPaint
ReleaseDC
InvalidateRect
SetForegroundWindow
wvsprintfW
DialogBoxParamW
GetParent
GetClientRect
SetWindowLongW
GetWindowLongW
DefWindowProcW
CallWindowProcW
GetWindowRect
DestroyWindow
GetDC
SetWindowPos
GetWindowThreadProcessId
IsWindowVisible
CheckDlgButton
GetWindowDC
SetPropW
IsDlgButtonChecked
GetForegroundWindow
TrackMouseEvent
RemovePropW
EndDialog
SendMessageW
CreateWindowExW
GetPropW
MessageBoxW
GetWindowTextW

gdi32

CreateCompatibleDC
SetDIBColorTable
CreateDIBSection
BitBlt
CreateFontIndirectW
CreateSolidBrush
DeleteDC
SetBkMode
SetTextColor
GetTextExtentPoint32W
GetStockObject
SelectObject
GetObjectW
CreateCompatibleBitmap
DeleteObject

shell32

SHFileOperationW
SHGetFolderPathW
SHChangeNotify
ShellExecuteW
ShellExecuteExW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

imm32

ImmDisableIME

psapi

GetProcessMemoryInfo

wininet

InternetCloseHandle
InternetSetOptionW
InternetOpenW
HttpQueryInfoW
InternetOpenUrlW

advapi32

RegQueryValueExW
SetSecurityDescriptorSacl
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
InitializeAcl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
SetSecurityDescriptorDacl
RegQueryInfoKeyW
RegEnumKeyW
RegCloseKey
GetTokenInformation
LookupAccountSidW
OpenProcessToken
GetLengthSid
AddAccessAllowedAceEx
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityDescriptorSacl
RegOpenKeyW
InitializeSecurityDescriptor

gdiplus

GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipGetImagePalette
GdipBitmapLockBits
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipDrawImageI
GdiplusShutdown
GdipFree
GdipGetImagePixelFormat
GdiplusStartup
GdipGetImageHeight
GdipGetImagePaletteSize
GdipCloneImage
GdipBitmapUnlockBits
GdipAlloc
GdipGetImageWidth
GdipDisposeImage

ole32

StgOpenStorage
StgCreateDocfile
StgOpenStorageOnILockBytes
CoTaskMemFree
CreateILockBytesOnHGlobal

Sections

.text
Size: 622KB - Virtual size: 621KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 36KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

73e389572a2b5fe81aa5489732bce309

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

version

imm32

psapi

wininet

advapi32

gdiplus

ole32

Sections

.text Size: 622KB - Virtual size: 621KB

.rdata Size: 218KB - Virtual size: 218KB

.data Size: 36KB - Virtual size: 66KB

.rsrc Size: 75KB - Virtual size: 76KB

.text
Size: 622KB - Virtual size: 621KB

.rdata
Size: 218KB - Virtual size: 218KB

.data
Size: 36KB - Virtual size: 66KB

.rsrc
Size: 75KB - Virtual size: 76KB