ddbd36d6ce27615d7bdcb224c59f397e3cf69a8950dce3435b0cf7f572ada94f

Sharing

Copy URL

Twitter E-mail

General

Target

ddbd36d6ce27615d7bdcb224c59f397e3cf69a8950dce3435b0cf7f572ada94f
Size

4.3MB
MD5

44f7357f13a653c07d956c9c0556ec06
SHA1

c067118b8ce3bb7278bfd3af0e1b9fdd5ae708e5
SHA256

ddbd36d6ce27615d7bdcb224c59f397e3cf69a8950dce3435b0cf7f572ada94f
SHA512

77d9779ce500bb4cb7777e1fd63a3943a112aa5d519a0453b84a98e4ee03ff4c47dd4498961a82f1d246f8736e520e2baba631920cb46987a2c2fbbc739a31f1
SSDEEP

98304:MhXZS/doSRWC+Fd1uSEqXMyIMyKxu8n+M:MjS/PR8nMc28n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ddbd36d6ce27615d7bdcb224c59f397e3cf69a8950dce3435b0cf7f572ada94f

Files

ddbd36d6ce27615d7bdcb224c59f397e3cf69a8950dce3435b0cf7f572ada94f
.exe windows:6 windows x86 arch:x86

ba082245e05704b630cdba2ae29e2f78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\landun\pinyin_agent\workspace\p-f93f0d74ed8a49278e11882bf2562c5a\src\bin\Release_Win32\SGKaomoji.pdb

Imports

kernel32

GetSystemDirectoryW
LoadLibraryA
ReadConsoleA
SetConsoleMode
ConvertFiberToThread
DeleteFiber
VerifyVersionInfoW
VerSetConditionMask
RtlCaptureStackBackTrace
LocalAlloc
OpenMutexW
CreateMutexW
LocalFree
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetLocalTime
GetStartupInfoW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
MoveFileExW
CopyFileW
GetCurrentDirectoryW
SetLastError
GetSystemTime
GetTempPathW
WriteFile
SetFilePointer
ReadFile
GetTempFileNameW
GetFileSize
GetFileAttributesW
GetDiskFreeSpaceExW
FlushFileBuffers
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
GetSystemTimeAsFileTime
MultiByteToWideChar
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
HeapReAlloc
LockResource
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree
SizeofResource
GetTickCount
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryW
GlobalUnlock
GlobalLock
CloseHandle
GlobalFree
GlobalAlloc
CreateDirectoryW
GetFileAttributesExW
FileTimeToSystemTime
CreateProcessW
GetFileTime
GetCurrentProcess
ExitThread
CreateEventW
FormatMessageW
CreateThread
GetCommandLineW
GetModuleHandleW
OpenEventW
InitializeCriticalSectionAndSpinCount
RemoveDirectoryW
lstrlenW
GetFullPathNameW
OutputDebugStringW
LoadLibraryExW
GetWindowsDirectoryW
SetEvent
VirtualFree
VirtualAlloc
QueryPerformanceFrequency
OutputDebugStringA
TerminateProcess
lstrcatW
lstrcpyW
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
GetExitCodeThread
GetNativeSystemInfo
InitOnceBeginInitialize
InitOnceComplete
GetStringTypeW
EncodePointer
LCMapStringEx
GetCPInfo
ResetEvent
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
RaiseException
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
SetEnvironmentVariableW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
ExitProcess
GetStdHandle
SetFilePointerEx
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
GetTimeZoneInformation
SetStdHandle
SetConsoleCtrlHandler
SetEndOfFile
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GetEnvironmentVariableW
GlobalHandle
Sleep
WaitForSingleObject
GetVersionExW
GetModuleFileNameW
SetFileAttributesW

user32

TrackPopupMenu
GetWindowPlacement
RegisterClassExW
CreatePopupMenu
ScreenToClient
InsertMenuItemW
GetKeyState
GetFocus
MoveWindow
wvsprintfW
GetProcessWindowStation
GetUserObjectInformationW
SetRectEmpty
MessageBoxW
ClientToScreen
SetMenuItemInfoW
TrackMouseEvent
IsWindowEnabled
CloseClipboard
OpenClipboard
PostMessageW
GetWindowTextW
EnableWindow
GetParent
SetWindowLongW
SetCapture
LoadCursorW
SetPropW
DestroyMenu
SetWindowTextW
GetSystemMetrics
SendMessageW
CreateWindowExW
SetWindowPos
IsWindowVisible
DestroyWindow
SetCursor
AppendMenuW
ReleaseDC
IsIconic
SetForegroundWindow
KillTimer
ReleaseCapture
BeginPaint
CallWindowProcW
DefWindowProcW
EndPaint
UpdateLayeredWindow
DrawTextW
wsprintfW
GetDesktopWindow
FindWindowW
GetMonitorInfoW
ShowWindow
GetDC
GetWindowTextLengthW
GetWindowLongW
PtInRect
GetClipboardData
GetForegroundWindow
GetWindowRect
LoadImageW
LoadIconW
RegisterClipboardFormatW
IntersectRect
MonitorFromRect
SubtractRect
GetScrollInfo
ShowScrollBar
SetClipboardData
SetTimer
MonitorFromPoint
TranslateMessage
SetFocus
DispatchMessageW
IsWindow
GetMessageW
NotifyWinEvent
GetPropW
GetCursorPos
SendInput
EmptyClipboard

gdi32

DeleteObject
GetFontData
GetStockObject
SetTextColor
GetObjectW
SetBkMode
SetTextCharacterExtra
CreateFontIndirectW
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC

advapi32

CryptReleaseContext
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptSetKeyParam
CryptDecrypt
CryptAcquireContextW
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptCreateHash
CryptDestroyHash
CryptSignHashW
RegOpenKeyW
RegSetValueExW
CryptEnumProvidersW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
SetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorSacl
GetLengthSid
AddAccessAllowedAceEx
RegQueryValueExW
RegOpenKeyExW

imm32

ImmNotifyIME
ImmGetContext
ImmDisableIME

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetProcessMemoryInfo

wininet

InternetWriteFile
InternetCrackUrlA
InternetOpenW
HttpEndRequestW
HttpSendRequestExW
InternetCloseHandle
InternetConnectA
InternetReadFile
HttpAddRequestHeadersW
InternetGetConnectedState
InternetQueryOptionW
InternetSetOptionW
HttpAddRequestHeadersA
HttpOpenRequestA

msimg32

AlphaBlend

oleacc

LresultFromObject
AccessibleObjectFromWindow

shell32

SHGetFolderPathW
CommandLineToArgvW
SHGetKnownFolderPath
SHFileOperationW
ShellExecuteW

ole32

CoTaskMemFree
CoInitialize
CoUninitialize

oleaut32

SysAllocString

winhttp

WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpWriteData
WinHttpSetOption
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpCrackUrl
WinHttpQueryOption
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpSendRequest

winmm

timeGetTime

shlwapi

PathMatchSpecW

ws2_32

WSACleanup
WSAGetLastError
recv
send
WSASetLastError
closesocket

crypt32

CertFreeCertificateContext
CertOpenStore
CertCloseStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore

bcrypt

BCryptGenRandom

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 791KB - Virtual size: 791KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 99KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 233KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ba082245e05704b630cdba2ae29e2f78

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

imm32

version

psapi

wininet

msimg32

oleacc

shell32

ole32

oleaut32

winhttp

winmm

shlwapi

ws2_32

crypt32

bcrypt

Exports

Exports

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 791KB - Virtual size: 791KB

.data Size: 99KB - Virtual size: 262KB

.rsrc Size: 209KB - Virtual size: 208KB

.reloc Size: 233KB - Virtual size: 236KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 791KB - Virtual size: 791KB

.data
Size: 99KB - Virtual size: 262KB

.rsrc
Size: 209KB - Virtual size: 208KB

.reloc
Size: 233KB - Virtual size: 236KB