eed969a10044ad1db1acc4e18f564ab8066c25bca266b746941085467278132b

Sharing

Copy URL

Twitter E-mail

General

Target

eed969a10044ad1db1acc4e18f564ab8066c25bca266b746941085467278132b
Size

10.9MB
MD5

37bf9401cb3f3877b5651a65522664e1
SHA1

822cd1ed31d59e7d7f2702b5ae8644008f7746d6
SHA256

eed969a10044ad1db1acc4e18f564ab8066c25bca266b746941085467278132b
SHA512

8752d64a34a762d0ba3041e18045b3a84266cbdca9e7420c4e30117e4f3c15393cd3af2d07398a3863698d1d878e9a8cfeebd26139a555fc95f2bbf66edfe381
SSDEEP

196608:ArgKt+dKzq4VzdtsMgqS8/1a9Q1NlCURZkTG4XIpWl+UycjfOYfAH4/C:EgKtQB4V+8/1HtCYZkT40l+UlykAHD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eed969a10044ad1db1acc4e18f564ab8066c25bca266b746941085467278132b

Files

eed969a10044ad1db1acc4e18f564ab8066c25bca266b746941085467278132b
.exe windows:6 windows x86 arch:x86

7437e022fdcdb1ba74f14a2104ea2ea1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\SixPicture_install_exe_dll\install_uninstall_code\Release\Install.pdb

Imports

kernel32

SetEvent
CreateEventW
GetDriveTypeW
MapViewOfFile
GetFileInformationByHandle
CompareFileTime
FindCloseChangeNotification
FindFirstChangeNotificationW
SearchPathW
CreateDirectoryW
GetCurrentDirectoryW
SetFileTime
SetFilePointer
WaitForMultipleObjects
CreateFileMappingW
GetFileAttributesExW
TerminateProcess
WritePrivateProfileStringW
lstrcmpiW
LoadLibraryExW
ExitThread
Sleep
VerifyVersionInfoW
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
VerSetConditionMask
DeleteCriticalSection
InitializeCriticalSectionEx
RaiseException
DecodePointer
CreateThread
WaitForSingleObject
GetCommandLineW
lstrcpynW
LocalFree
GetLocalTime
LoadLibraryW
FreeLibrary
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
GetVersionExW
GetTickCount
UnlockFile
ReadFile
LockFile
GetFileSize
CreateFileW
Process32NextW
WriteConsoleW
SetEndOfFile
ReadConsoleW
GetStringTypeW
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
SetFilePointerEx
EnumSystemLocalesW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameW
OpenProcess
GetCurrentProcessId
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLongPathNameW
MoveFileExW
MoveFileW
lstrlenW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetWindowsDirectoryW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
GetTempPathW
SetFileAttributesW
RemoveDirectoryW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
GetCurrentThread
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
InterlockedFlushSList
RtlUnwind
lstrcmpiA
lstrcmpA
FindClose
DeleteFileW
CloseHandle
GetExitCodeProcess
GetLogicalDriveStringsW
DeviceIoControl
GetSystemWindowsDirectoryW
FreeResource
QueryPerformanceCounter
GetStartupInfoW
WaitForSingleObjectEx
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FlushFileBuffers
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
LoadLibraryExA
GetTempFileNameA
GetTempPathA
WriteFile
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
QueryDosDeviceW
EncodePointer
IsDebuggerPresent
GetShortPathNameW
GetPrivateProfileStringW
InterlockedCompareExchange
InterlockedExchange
GetDiskFreeSpaceExW
GetSystemDirectoryW
GetEnvironmentVariableW
InterlockedIncrement
GetTempFileNameW
FormatMessageW
DeleteFileA
CreateFileA
LocalAlloc
GetSystemInfo
ResetEvent
GetFileSizeEx
OutputDebugStringW
OutputDebugStringA
CopyFileW
InterlockedDecrement
UnmapViewOfFile

user32

ReleaseDC
RegisterClassExW
CallWindowProcW
DefWindowProcW
SendMessageW
UnregisterClassW
GetShellWindow
LoadStringW
GetDC
GetClassInfoExW
CreateWindowExW
IsWindow
DestroyWindow
PostMessageW
KillTimer
ShowWindow
UpdateLayeredWindow
GetWindowThreadProcessId
SetTimer
DrawTextW
ReleaseCapture
SetCapture
EqualRect
GetAsyncKeyState
GetFocus
GetDlgItem
FindWindowExW
BeginPaint
IsDialogMessageW
GetActiveWindow
EndDialog
DialogBoxParamW
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
CopyRect
MapWindowPoints
RedrawWindow
SetForegroundWindow
GetSystemMetrics
EnableWindow
SetFocus
IsIconic
IsWindowVisible
MoveWindow
PostQuitMessage
wsprintfW
RegisterWindowMessageW
SendMessageTimeoutW
SendNotifyMessageW
FindWindowW
OffsetRect
UnionRect
EndPaint
PtInRect
SetCursor
DrawFocusRect
UnregisterClassA
CharNextW
BringWindowToTop
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadCursorW
GetParent
SetWindowLongW
GetWindowLongW
FillRect
ScreenToClient
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
InvalidateRect
SetWindowPos

gdi32

RectVisible
EnumFontFamiliesW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontW
CreateRectRgnIndirect
DeleteObject
GetStockObject
RestoreDC
SaveDC
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetTextColor
CreateDIBSection
GetObjectW
SetViewportOrgEx
DeleteDC
OffsetViewportOrgEx

advapi32

RegOpenKeyExA
AllocateAndInitializeSid
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
GetUserNameW
CreateWellKnownSid
RegQueryValueExA
CheckTokenMembership
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegCloseKey
LookupPrivilegeValueW
DuplicateTokenEx
AdjustTokenPrivileges
OpenProcessToken
EqualSid
RegEnumKeyExA
GetTokenInformation
CryptContextAddRef
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
GetTrusteeNameW
DeleteAce
BuildExplicitAccessWithNameW
GetExplicitEntriesFromAclW
LookupAccountNameW
LookupAccountSidW
FreeSid

shell32

CommandLineToArgvW
SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteExW
SHChangeNotify
ShellExecuteW
SHFileOperationW
SHBrowseForFolderW
ord165
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CreateStreamOnHGlobal
CoCreateGuid
CoInitialize
CoCreateInstance
CoUninitialize
OleRun

oleaut32

VarBstrCmp
VariantClear
SysFreeString
SysAllocString
SysStringByteLen
VarUI4FromStr
SysStringLen
VariantInit
VariantChangeType
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SysAllocStringByteLen
VariantCopy

shlwapi

SHGetValueW
PathFindFileNameA
PathRenameExtensionA
PathAppendW
SHGetValueA
StrToIntExW
StrCmpIW
StrTrimA
StrCmpNIW
StrStrIA
PathCombineW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
SHSetValueW
PathIsPrefixW
PathRemoveFileSpecW
PathIsDirectoryW
wnsprintfW
AssocQueryStringW
SHSetValueA
PathIsRootW
PathIsRelativeW
StrStrIW

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipDrawRectangleI
GdipFillPath
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipClosePathFigure
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushI
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint
GdipAddPathArcI
GdipFillRectangleI
GdipDrawImagePointRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
EnumProcesses

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

setupapi

SetupIterateCabinetW

crypt32

CryptStringToBinaryW
CryptBinaryToStringA
CryptStringToBinaryA
CertGetNameStringW
CryptBinaryToStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

Exports

Exports

BasicEntry
InstallEntryW
Start
StartEast
_BasicEntryEx@12

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7437e022fdcdb1ba74f14a2104ea2ea1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

psapi

iphlpapi

wininet

urlmon

version

setupapi

crypt32

wintrust

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 226KB - Virtual size: 225KB

.data Size: 21KB - Virtual size: 58KB

.rsrc Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 50KB - Virtual size: 49KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 226KB - Virtual size: 225KB

.data
Size: 21KB - Virtual size: 58KB

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 50KB - Virtual size: 49KB