16d041ccb18960ebfcbfe842ac55394040fc2cbb85782adb9e8ff8a70cbbf28a

Sharing

Copy URL

Twitter E-mail

General

Target

16d041ccb18960ebfcbfe842ac55394040fc2cbb85782adb9e8ff8a70cbbf28a
Size

5.1MB
MD5

c43553aa330256173da04a55e6fb7d6e
SHA1

64f338702b237c8be387135f1f38c3870dc119ac
SHA256

16d041ccb18960ebfcbfe842ac55394040fc2cbb85782adb9e8ff8a70cbbf28a
SHA512

50fc0bc7c139a687215076d03e50c540d8f7aafbc2bd3e4c9b334265bd136d659ddac368c81f58fc30255aed0993824849356d38494e54d1fd352b1c31ca074e
SSDEEP

98304:SmoP7JqXSceajGYYMCgQ/UxOETRl8XVtZyVwDdjeS:824K48JTRVODdj9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16d041ccb18960ebfcbfe842ac55394040fc2cbb85782adb9e8ff8a70cbbf28a

Files

16d041ccb18960ebfcbfe842ac55394040fc2cbb85782adb9e8ff8a70cbbf28a
.exe windows:5 windows x86 arch:x86

bdab05406197f71f2002b2fed8d3994e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\workplace\AndroidEmulator\7KMarket_Git_Release64\Basic\Client\Output\Binfinal\Update2\TUpdate.pdb

Imports

comctl32

InitCommonControlsEx
_TrackMouseEvent

ws2_32

setsockopt
htons
inet_addr
inet_ntoa
WSAStartup
WSACreateEvent
WSAEventSelect
WSACleanup
sendto
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
recvfrom
ntohs
ntohl
send
WSAGetLastError
recv
select
freeaddrinfo
closesocket
connect
socket
getaddrinfo
getsockopt
getsockname
getpeername
WSASetLastError
bind
__WSAFDIsSet
listen
accept
gethostname
gethostbyname
shutdown
ioctlsocket

kernel32

GetDriveTypeW
GetModuleFileNameW
GetCommandLineW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetFileAttributesW
DeleteFileW
GetFileAttributesExA
DeleteFileA
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetExitCodeProcess
OpenProcess
TerminateProcess
ResetEvent
SwitchToThread
GetLocaleInfoW
GetEnvironmentVariableW
GetSystemDirectoryW
GetSystemTime
SystemTimeToFileTime
GetModuleFileNameA
WideCharToMultiByte
GetTickCount
WriteFile
SetFilePointer
ReadFile
GetFileAttributesExW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
FindClose
GetFullPathNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetLocalTime
InterlockedExchangeAdd
MoveFileW
GetCurrentThreadId
FormatMessageW
CreatePipe
CreateProcessA
PeekNamedPipe
IsProcessorFeaturePresent
GetSystemInfo
GlobalMemoryStatusEx
OutputDebugStringW
LoadLibraryExW
MoveFileExW
CopyFileW
VirtualAlloc
VirtualFree
ExpandEnvironmentStringsW
GetLongPathNameW
CreateDirectoryW
GetFileSize
lstrcmpW
LocalFileTimeToFileTime
SetFileTime
FileTimeToSystemTime
InitializeCriticalSection
SearchPathW
lstrcpynW
VirtualQuery
GetCurrentProcessId
WriteProcessMemory
SetUnhandledExceptionFilter
Thread32First
Thread32Next
OpenThread
SuspendThread
DuplicateHandle
Module32FirstW
Module32NextW
SetErrorMode
WaitForMultipleObjects
ReadProcessMemory
VirtualAllocEx
RaiseException
GetTempPathW
GetVersionExW
SetLastError
OutputDebugStringA
GetACP
DecodePointer
FreeResource
LocalFree
GlobalFree
GetLogicalDrives
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
OpenEventW
OpenFileMappingW
GetSystemDefaultLangID
SleepEx
FormatMessageA
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
K32GetModuleFileNameExA
CreateDirectoryA
CreateFileA
GetPrivateProfileStringA
GetPrivateProfileIntA
SetEndOfFile
CreateMutexA
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetDiskFreeSpaceW
LockFile
GetFullPathNameA
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
GetVersionExA
HeapCompact
UnlockFile
CreateFileMappingA
LockFileEx
GetSystemTimeAsFileTime
QueryPerformanceCounter
FlushFileBuffers
GetModuleHandleA
GlobalMemoryStatus
FlushConsoleInputBuffer
GetConsoleMode
SetConsoleCtrlHandler
ExitProcess
SystemTimeToTzSpecificLocalTime
GetModuleHandleExW
ResumeThread
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
LCMapStringW
CompareStringW
GetCPInfo
QueryPerformanceFrequency
EncodePointer
QueueUserWorkItem
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
SetFilePointerEx
FindFirstFileExW
GetStringTypeW
CreateFileW
GetDiskFreeSpaceExW
GetCurrentProcess
DeviceIoControl
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
UnhandledExceptionFilter
UnmapViewOfFile
MapViewOfFile
WaitForSingleObject
CreateFileMappingW
WaitForSingleObjectEx
ReleaseMutex
CreateMutexW
SetEvent
CreateEventW
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
Sleep
InterlockedExchange
InterlockedCompareExchange
CreateProcessW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
CloseHandle
GetLastError
OpenMutexW
ReadConsoleInputA
SetConsoleMode
SetEnvironmentVariableA
ReadConsoleW
GetConsoleCP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GetThreadContext
SetThreadContext
FlushInstructionCache
LoadLibraryA

user32

UpdateLayeredWindow
FindWindowExW
IsWindowVisible
GetWindowRect
EndPaint
wsprintfW
GetSystemMetrics
GetDC
ReleaseDC
DestroyWindow
DefWindowProcW
CreateWindowExA
GetWindow
MapWindowPoints
FillRect
DrawTextW
FindWindowA
IsZoomed
SetPropW
GetUserObjectInformationW
EnumDisplayDevicesW
GetMessageW
TranslateMessage
DispatchMessageW
SendMessageTimeoutW
CallWindowProcW
SetCursor
SetFocus
ClientToScreen
WindowFromPoint
ScreenToClient
GetCursorPos
GetClassNameW
GetClassInfoExW
DrawIconEx
GetMenuState
GetSystemMenu
GetWindowTextW
GetActiveWindow
RegisterClassExA
SetWindowRgn
ShowWindow
UpdateWindow
SetRect
SystemParametersInfoW
PostMessageW
SetWindowPos
GetParent
SetForegroundWindow
PostQuitMessage
SendMessageW
LoadImageW
GetWindowLongW
IsWindow
CallNextHookEx
GetClassInfoW
SetWindowsHookExW
CreateWindowExW
UnhookWindowsHookEx
SetWindowLongW
LoadCursorW
RegisterClassExW
PtInRect
OffsetRect
IntersectRect
SetCapture
ReleaseCapture
GetCapture
GetKeyState
SetTimer
KillTimer
GetClientRect
CopyRect
EqualRect
RegisterWindowMessageW
GetPropW
RemovePropW
IsWindowUnicode
GetProcessWindowStation
BeginPaint
IsRectEmpty
InvalidateRect
UnionRect
FindWindowW
MessageBoxA

gdi32

SetTextColor
CreateSolidBrush
GetObjectA
CombineRgn
ExtCreateRegion
GetObjectW
Rectangle
CreateRectRgn
ExcludeClipRect
BitBlt
GetDeviceCaps
ChoosePixelFormat
SetPixelFormat
CreateFontIndirectW
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
DeleteDC
GetStockObject
SetBkMode
GetTextExtentPoint32W
CreatePen
CreateCompatibleBitmap

advapi32

RegOpenKeyExW
RegQueryValueExW
ReportEventA
RegisterEventSourceA
DeregisterEventSource
CryptGenRandom
RegOpenKeyExA
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CloseServiceHandle
DeleteService
ControlService
OpenServiceW
OpenSCManagerW
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueW
LookupPrivilegeNameW
GetTokenInformation
OpenProcessToken
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

shell32

SHCreateDirectoryExW
ShellExecuteExW
SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteW
SHGetFolderPathA
CommandLineToArgvW

ole32

CoUninitialize
CoCreateGuid
CoCreateInstance
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoInitialize

oleaut32

VariantClear
VariantInit
SysStringLen
SysAllocString
SysFreeString

shlwapi

SHGetValueW
PathIsDirectoryW
PathRemoveFileSpecA
SHDeleteKeyW
StrStrIW
PathFileExistsW
PathRemoveFileSpecW
StrStrIA
PathFindFileNameW
wnsprintfW
PathAppendW
SHSetValueW
SHDeleteValueW
PathAddBackslashW

d3d9

Direct3DCreate9

opengl32

wglDeleteContext
wglMakeCurrent
glGetString
wglCreateContext
wglGetProcAddress

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

HttpQueryInfoW
InternetCloseHandle
InternetReadFile
InternetSetOptionW
InternetQueryOptionW
HttpSendRequestW
HttpOpenRequestW
InternetCrackUrlW
InternetOpenW
InternetConnectW

psapi

GetModuleFileNameExW

winhttp

WinHttpGetProxyForUrl
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpWriteData
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpOpenRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

gdiplus

GdipDrawImageRectI
GdipGraphicsClear
GdipSetWorldTransform
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipRotateMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRectI
GdipCloneImage
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipAlloc
GdipBitmapUnlockBits
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetTextRenderingHint
GdipDrawString
GdipMeasureString
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipImageSelectActiveFrame
GdiplusStartup
GdipFree
GdipDisposeImage
GdiplusShutdown

msimg32

AlphaBlend

netapi32

Netbios

wldap32

ord142
ord41
ord216
ord147
ord79
ord27
ord26
ord127
ord46
ord301
ord133
ord208
ord167
ord118
ord145
ord14

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMGuid
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 920KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tvm0
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 692KB - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bdab05406197f71f2002b2fed8d3994e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

d3d9

opengl32

version

wininet

psapi

winhttp

iphlpapi

gdiplus

msimg32

netapi32

wldap32

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 656KB - Virtual size: 656KB

.data Size: 64KB - Virtual size: 92KB

Shared Size: 512B - Virtual size: 16B

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 21B

.QMGuid Size: 512B - Virtual size: 32B

.rsrc Size: 920KB - Virtual size: 920KB

.tvm0 Size: 46KB - Virtual size: 48KB

.reloc Size: 692KB - Virtual size: 696KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 656KB - Virtual size: 656KB

.data
Size: 64KB - Virtual size: 92KB

Shared
Size: 512B - Virtual size: 16B

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 21B

.QMGuid
Size: 512B - Virtual size: 32B

.rsrc
Size: 920KB - Virtual size: 920KB

.tvm0
Size: 46KB - Virtual size: 48KB

.reloc
Size: 692KB - Virtual size: 696KB