7a70d38bba5954dfb6f96967662e5578bc2d9718b3a5d30a67ce8f3dd7f9f965

Sharing

Copy URL

Twitter E-mail

General

Target

7a70d38bba5954dfb6f96967662e5578bc2d9718b3a5d30a67ce8f3dd7f9f965
Size

3.2MB
MD5

ccaaef8dd0259f00ea08c551b1c0cd70
SHA1

fb4b8f6c9787cc03b4e19330ded6989e8c631887
SHA256

7a70d38bba5954dfb6f96967662e5578bc2d9718b3a5d30a67ce8f3dd7f9f965
SHA512

6f7d1cb4532c35886374f4793c374c74005d08140b17e58908d021f7a792ab23a871f421c66b5aa3abe89c56a8a62b3c2c44c6799d4e5b401b763fed48a02134
SSDEEP

49152:yTXiRAerdc0oM3oYfnykTqCMM8UPB71CtP6+EYEn6Bex:yTXiS2oM3ohwq/KbCY+2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a70d38bba5954dfb6f96967662e5578bc2d9718b3a5d30a67ce8f3dd7f9f965

Files

7a70d38bba5954dfb6f96967662e5578bc2d9718b3a5d30a67ce8f3dd7f9f965
.exe windows:6 windows x86 arch:x86

8f29a38c5bbe20370dc605e03fd6e793

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\landun\pinyin_agent\workspace\p-f93f0d74ed8a49278e11882bf2562c5a\src\bin\Release_Win32\SogouComMgr.pdb

Imports

kernel32

VerifyVersionInfoW
DeleteFiber
ConvertFiberToThread
SetConsoleMode
ReadConsoleA
LoadLibraryA
MoveFileW
VerSetConditionMask
UnmapViewOfFile
DeleteFileW
GetTempPathW
FindClose
CreateSemaphoreW
TerminateThread
InitializeCriticalSection
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
GetExitCodeProcess
GetTickCount
GetTempFileNameW
DebugBreak
GetCurrentProcessId
DeleteCriticalSection
DecodePointer
CloseHandle
GetLastError
Sleep
WaitForSingleObject
InitializeCriticalSectionEx
FindNextFileW
FindFirstFileW
GlobalFree
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
GlobalHandle
WriteConsoleW
HeapSize
SetConsoleCtrlHandler
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapReAlloc
GetStdHandle
PeekNamedPipe
GetDriveTypeW
ExitProcess
GetConsoleMode
GetConsoleOutputCP
GetFileType
SetStdHandle
GetTimeZoneInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
RtlUnwind
GetCPInfo
OutputDebugStringA
GetFileAttributesW
OutputDebugStringW
QueryPerformanceFrequency
GlobalLock
QueryPerformanceCounter
GlobalUnlock
GetVersionExW
GetCommandLineW
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
GetProcAddress
FreeLibrary
ReadFile
SetLastError
GetCurrentProcess
WriteFile
SetFilePointer
CreateFileW
GetCurrentThreadId
DuplicateHandle
ExitThread
CreateEventW
FormatMessageW
CreateThread
LocalFree
GetFileSize
GetSystemDirectoryW
LoadLibraryW
GetModuleHandleW
OpenMutexW
LoadLibraryExW
RemoveDirectoryW
SetFileAttributesW
FileTimeToSystemTime
MoveFileExW
CreateDirectoryW
GetProcessId
CreateProcessW
CopyFileW
GetFileTime
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
OpenEventW
lstrlenW
HeapFree
GetFullPathNameW
lstrlenA
LocalAlloc
HeapAlloc
GetProcessHeap
CreateMutexW
ReleaseMutex
FlushFileBuffers
VirtualFree
VirtualAlloc
SetEvent
GetCurrentDirectoryW
ReleaseSRWLockExclusive
GetLocalTime
FindFirstFileExW
GetFileSizeEx
SetEndOfFile
GetFileInformationByHandle
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
GetWindowsDirectoryW
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
IsDebuggerPresent
RaiseException
SetEnvironmentVariableW
GetEnvironmentVariableW
GetNativeSystemInfo
TerminateProcess
VirtualQuery
SetUnhandledExceptionFilter
ResetEvent
GetQueuedCompletionStatus
CreateIoCompletionPort
lstrcatW
lstrcpyW
WaitForSingleObjectEx
TransactNamedPipe
SetNamedPipeHandleState
WaitNamedPipeW
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
InitializeSRWLock
EncodePointer
LCMapStringEx
GetStringTypeW

user32

MessageBoxW
GetMessageW
EndPaint
BeginPaint
ReleaseDC
IsIconic
ReleaseCapture
GetParent
KillTimer
AppendMenuW
SetCursor
SetCapture
SetPropW
DestroyMenu
IsWindowEnabled
TrackMouseEvent
SetMenuItemInfoW
ClientToScreen
SetTimer
TrackPopupMenu
GetWindowPlacement
NotifyWinEvent
CreatePopupMenu
DestroyWindow
GetPropW
MoveWindow
InsertMenuItemW
CallWindowProcW
GetKeyState
IsWindowVisible
GetDesktopWindow
DrawTextW
UpdateLayeredWindow
GetFocus
IntersectRect
GetMonitorInfoW
MonitorFromPoint
SubtractRect
SetRectEmpty
CharNextW
LoadStringW
wsprintfW
DefWindowProcW
GetProcessWindowStation
GetUserObjectInformationW
GetWindowRect
LoadCursorW
RegisterClassExW
CreateWindowExW
SetWindowPos
ScreenToClient
PtInRect
PostQuitMessage
SystemParametersInfoW
GetCursorPos
SendMessageW
ShowWindow
GetDC
EnableWindow
GetSystemMetrics
IsWindow
DispatchMessageW
TranslateMessage
LoadIconW
FindWindowW
RegisterWindowMessageW
SetForegroundWindow
GetWindowTextW
GetWindowLongW
wvsprintfW
GetClientRect
SetWindowLongW
PostMessageW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
EqualSid
SetEntriesInAclW
GetAce
GetAclInformation
SetFileSecurityW
GetSecurityDescriptorDacl
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
LookupAccountSidW
GetTokenInformation
OpenProcessToken
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
LookupAccountNameW
AddAccessAllowedAce
GetLengthSid
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptAcquireContextW
CryptDecrypt
CryptSetKeyParam
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext
AddAccessAllowedAceEx
SetSecurityInfo
InitializeAcl
InitializeSecurityDescriptor
GetFileSecurityW
AddAce
SetSecurityDescriptorSacl
GetNamedSecurityInfoW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegOpenKeyW
RegDeleteValueW

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
OleCreate
OleSetContainedObject

oleaut32

SysAllocString
VariantInit
SysFreeString
VariantClear

imm32

ImmDisableIME

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetProcessMemoryInfo

msimg32

AlphaBlend

oleacc

AccessibleObjectFromWindow
LresultFromObject

wininet

HttpEndRequestW
HttpSendRequestExW
InternetConnectA
HttpAddRequestHeadersW
InternetCrackUrlA
InternetQueryOptionW
InternetReadFile
InternetSetOptionW
InternetCloseHandle
HttpQueryInfoW
InternetOpenW
InternetOpenUrlW
HttpOpenRequestA
InternetWriteFile

ws2_32

closesocket
WSASetLastError
send
WSAGetLastError
WSACleanup
recv

shell32

SHGetKnownFolderPath
CommandLineToArgvW
SHChangeNotify
SHFileOperationW
ShellExecuteExW
ShellExecuteW
SHGetFolderPathW

shlwapi

PathMatchSpecW

winmm

timeGetTime

gdi32

GetFontData
CreateFontIndirectW
BitBlt
SelectObject
CreateCompatibleDC
SetTextColor
SetBkMode
SetTextCharacterExtra
CreateDIBSection
GetObjectW
DeleteObject
DeleteDC

winhttp

WinHttpReadData
WinHttpWriteData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpen
WinHttpSetOption
WinHttpConnect
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpenRequest
WinHttpQueryOption
WinHttpAddRequestHeaders
WinHttpCrackUrl
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpSetTimeouts
WinHttpQueryDataAvailable
WinHttpCloseHandle

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 633KB - Virtual size: 633KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 30KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 176KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8f29a38c5bbe20370dc605e03fd6e793

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

imm32

version

psapi

msimg32

oleacc

wininet

ws2_32

shell32

shlwapi

winmm

gdi32

winhttp

crypt32

bcrypt

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 633KB - Virtual size: 633KB

.data Size: 30KB - Virtual size: 129KB

.rsrc Size: 164KB - Virtual size: 164KB

.reloc Size: 176KB - Virtual size: 180KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 633KB - Virtual size: 633KB

.data
Size: 30KB - Virtual size: 129KB

.rsrc
Size: 164KB - Virtual size: 164KB

.reloc
Size: 176KB - Virtual size: 180KB