cad035bb437631d022bd8dba6023e18d495b12c795610cf19a77a2e5409369cd

Sharing

Copy URL

Twitter E-mail

General

Target

cad035bb437631d022bd8dba6023e18d495b12c795610cf19a77a2e5409369cd
Size

548KB
MD5

dc77e902b0fb805fd66b5690df6fdadb
SHA1

7f6b99115c8aaab7bada26bba1a276c08ab4efc3
SHA256

cad035bb437631d022bd8dba6023e18d495b12c795610cf19a77a2e5409369cd
SHA512

2f51e6898897ca482fdbfefa5dcd47a6a255130651443fc425a82b5501e2d49a30ef075254d28a969672cfcd0a2e7408be0d7b35e4fb8160eefdd1773f3a9b58
SSDEEP

6144:roNpThzqvFsni+GtCgncsiqP8uZuQZtZNgxT95cAOCOzeIYi292IambPo:ENpThzKFsni+GtfncsfuQZBoiq2Ia

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cad035bb437631d022bd8dba6023e18d495b12c795610cf19a77a2e5409369cd

Files

cad035bb437631d022bd8dba6023e18d495b12c795610cf19a77a2e5409369cd
.exe windows:5 windows x86 arch:x86

b226f0a31d8f6c5840e482ff903bb180

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\source\MyWork\ShuDaXia\trunk\bin\MCBrowser.pdb

Imports

kernel32

GetLastError
OpenEventW
OpenFileMappingW
UnmapViewOfFile
CreateEventW
FormatMessageW
GetTickCount64
SetEvent
LocalFree
CreateFileMappingW
MapViewOfFile
OutputDebugStringA
GetModuleFileNameW
LoadLibraryW
GetProcAddress
WinExec
GetStdHandle
FindClose
FindFirstFileExW
FindNextFileW
GetFullPathNameW
GetTempPathA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetWindowsDirectoryA
GetComputerNameA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
RtlCaptureStackBackTrace
GetSystemTimeAsFileTime
GetCurrentProcess
HeapSize
DeleteFileW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
GetTimeZoneInformation
SetEndOfFile
GetCurrentDirectoryW
CreatePipe
GetFileAttributesExW
GetExitCodeProcess
WaitForSingleObject
GetFileSizeEx
SetFilePointerEx
ReadFile
FlushFileBuffers
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapFree
HeapAlloc
GetModuleHandleExW
ExitProcess
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleOutputCP
WriteFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
WideCharToMultiByte
MultiByteToWideChar
SetUnhandledExceptionFilter
GetCurrentProcessId
CloseHandle
OpenProcess
CreateProcessW
WriteConsoleW
DuplicateHandle
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
RaiseException
RtlUnwind
InitializeSListHead
GetCurrentThreadId
CreateFileW
ReadConsoleW
GetShortPathNameW
GetStringTypeW
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
GetModuleHandleW
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter

user32

MessageBoxW
IsIconic
GetParent
GetClassInfoExW
IsZoomed
GetClientRect
SetWindowLongW
GetKeyState
GetFocus
MessageBoxA
SetFocus
SetCapture
SetCursor
PostQuitMessage
ReleaseCapture
InvalidateRect
BeginPaint
EndPaint
GetMessageW
SetTimer
TranslateAcceleratorW
UpdateWindow
MsgWaitForMultipleObjects
DispatchMessageW
LoadCursorW
TranslateMessage
GetWindowLongW
DefWindowProcW
PeekMessageW
CallWindowProcW
PostMessageW
GetWindow
GetWindowRect
SetWindowPos
GetPropW
MonitorFromWindow
CreateWindowExW
ScreenToClient
SendMessageW
RegisterClassExW
IsWindow
OffsetRect
GetMonitorInfoW
RegisterClassW
SetPropW

gdi32

SelectObject
DeleteDC
CreateCompatibleDC
CreateDIBSection
BitBlt
DeleteObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoCreateGuid

dbghelp

UnDecorateSymbolName
SymFromAddr
SymInitialize
SymSetOptions
SymCleanup
MiniDumpWriteDump

shlwapi

StrCmpW
PathFileExistsW

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

Sections

.text
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b226f0a31d8f6c5840e482ff903bb180

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

dbghelp

shlwapi

imm32

Sections

.text Size: 300KB - Virtual size: 300KB

.rdata Size: 113KB - Virtual size: 113KB

.data Size: 5KB - Virtual size: 73KB

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 86KB - Virtual size: 88KB

.text
Size: 300KB - Virtual size: 300KB

.rdata
Size: 113KB - Virtual size: 113KB

.data
Size: 5KB - Virtual size: 73KB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 86KB - Virtual size: 88KB