6557bb5e66b9d77d3828b4516055364eb5f7e8db5e4ed630fbd70ac7c65da36d

Sharing

Copy URL Twitter E-mail

General

Target

6557bb5e66b9d77d3828b4516055364eb5f7e8db5e4ed630fbd70ac7c65da36d
Size

276KB
MD5

b6c351fc63974941ab7c14909c3bacd0
SHA1

7727eedc8300ee01b067e485a8d945f16196d18a
SHA256

6557bb5e66b9d77d3828b4516055364eb5f7e8db5e4ed630fbd70ac7c65da36d
SHA512

bc0ae081bb9d4c7e612f4c5d090b63464dc3b3912e9298c42fad4b3e50ca02fca6c5432b1e54cceed00d58a43653c23bb044c83a6e0e7cdced15bbc745d9666e
SSDEEP

6144:NTXciPEU59w/n4vl8bspnYHQpFW1axsg2ctY2eO9s:NjciV8n4ubspnYQXBW

Score

N/A

Malware Config

Signatures

Files

6557bb5e66b9d77d3828b4516055364eb5f7e8db5e4ed630fbd70ac7c65da36d
.dll regsvr32 windows x86

96176ef403371108b7636c806524bde9

Code Sign

63:ec:ec:49:92:77:4c:31:43:8c:81:ad:31:36:e3:f2
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:1c:ae:5f:45:70:a4:9c:b1:5b:30:4b:e7:b8:a5:b5
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

07/01/2012, 00:00

Not After

05/02/2013, 23:59

Subject

CN=深圳市华视瑞通信息技术有限公司,O=深圳市华视瑞通信息技术有限公司,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

99:64:ff:b7:a4:fa:1d:aa:eb:a8:99:b3:a4:33:bb:ad:df:ee:1b:2d
Signer

Actual PE Digest

99:64:ff:b7:a4:fa:1d:aa:eb:a8:99:b3:a4:33:bb:ad:df:ee:1b:2d

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=深圳市华视瑞通信息技术有限公司,O=深圳市华视瑞通信息技术有限公司,L=深圳市,ST=广东省,C=CN

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThreadId
DeleteFileW
GetTempPathW
WideCharToMultiByte
CreateDirectoryW
FindClose
FindFirstFileW
GlobalFree
GlobalHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
lstrcmpW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetTimeZoneInformation
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapDestroy
HeapCreate
GetCommandLineA
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualProtect
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FlushInstructionCache
LockResource
SetLastError
GetExitCodeThread
WaitForSingleObject
CreateThread
GetTickCount
Sleep
lstrlenA
CreateProcessW
CreateFileW
SetFilePointer
SetEndOfFile
WriteFile
GetFileSize
CloseHandle
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetThreadLocale
SetThreadLocale
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
FreeLibrary
MultiByteToWideChar
GetModuleFileNameW
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetLastError
lstrlenW
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetCurrentProcessId
TerminateProcess
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange

user32

SetWindowPos
CreateWindowExW
GetWindowLongW
SetWindowLongW
DestroyWindow
MapDialogRect
EndDialog
LoadStringW
CharNextW
PostMessageW
GetDlgItem
SendDlgItemMessageW
GetWindow
SetWindowContextHelpId
SendMessageW
DefWindowProcW
GetSysColor
MoveWindow
SetWindowTextW
ShowWindow
GetClientRect
ClientToScreen
ScreenToClient
SetTimer
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
KillTimer
UnregisterClassA
CreateDialogIndirectParamW
GetKeyState
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
UnionRect
PtInRect
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
CreateAcceleratorTableW
RegisterClassExW
LoadCursorW
GetClassInfoExW
IsWindow
SetFocus
GetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
GetParent
IsChild
SetCapture
RedrawWindow

gdi32

SetMapMode
SetViewportOrgEx
CreateDCW
CreateMetaFileW
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
GetClipRgn
CreateRectRgn
SelectClipRgn
Rectangle
SetTextAlign
TextOutW
GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
LPtoDP

advapi32

RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

ShellExecuteW

ole32

OleLockRunning
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
OleSaveToStream
WriteClassStm
CreateOleAdviseHolder
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
OleLoadFromStream
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString

oleaut32

BSTR_UserFree
OleCreatePropertyFrame
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocStringLen
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr

shlwapi

PathIsDirectoryW
PathFileExistsW

urlmon

ObtainUserAgentString

rpcrt4

IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrStubForwardingFunction
NdrStubCall2
IUnknown_Release_Proxy

wininet

InternetOpenUrlW
HttpQueryInfoW
InternetSetOptionW
InternetOpenW
InternetCloseHandle
InternetReadFile

sensapi

IsNetworkAlive

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 51B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96176ef403371108b7636c806524bde9

Code Sign

63:ec:ec:49:92:77:4c:31:43:8c:81:ad:31:36:e3:f2Certificate

Extended Key Usages

Key Usages

10:1c:ae:5f:45:70:a4:9c:b1:5b:30:4b:e7:b8:a5:b5Certificate

Extended Key Usages

99:64:ff:b7:a4:fa:1d:aa:eb:a8:99:b3:a4:33:bb:ad:df:ee:1b:2dSigner

Signature Validations

Verification

15/09/2022, 14:52 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

rpcrt4

wininet

sensapi

Exports

Exports

Sections

.text Size: 189KB - Virtual size: 189KB

.orpc Size: 512B - Virtual size: 51B

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 15KB - Virtual size: 22KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 16KB - Virtual size: 16KB

63:ec:ec:49:92:77:4c:31:43:8c:81:ad:31:36:e3:f2
Certificate

10:1c:ae:5f:45:70:a4:9c:b1:5b:30:4b:e7:b8:a5:b5
Certificate

99:64:ff:b7:a4:fa:1d:aa:eb:a8:99:b3:a4:33:bb:ad:df:ee:1b:2d
Signer

15/09/2022, 14:52
Valid: false

.text
Size: 189KB - Virtual size: 189KB

.orpc
Size: 512B - Virtual size: 51B

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 15KB - Virtual size: 22KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 16KB - Virtual size: 16KB