C4D3EF9239B9838691B8A6930C964BBC[.]fil

Sharing

Copy URL Twitter E-mail

General

Target

C4D3EF9239B9838691B8A6930C964BBC.fil
Size

7.3MB
MD5

c4d3ef9239b9838691b8a6930c964bbc
SHA1

c6261c5cff6021fc6a7f029b7dadca41c24d0373
SHA256

16ae049cd8519b5628dea6037ec9617416ef31b45e794347bbed87efb11a7952
SHA512

4ed8917bf15038175f774b16b609fbf8a2a5ff257510ec2d276e2b6478b8c05ac317cdf275fc54b02e76ac42231741ccc2a7a768e3d871c5fc740d214d0eba50
SSDEEP

196608:4UkDrGz1BJVLaGERj0tP++j4mjKmPcPmj:xZ72jq+OHUPmj

Score

N/A

Malware Config

Signatures

Files

C4D3EF9239B9838691B8A6930C964BBC.fil
.dll windows x64

baaa06556a4b5411b33f878c0082f629

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:17:1c:18:bf:9d:9f:f6:21:85:45:eb
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

23/09/2022, 04:34

Not After

22/09/2025, 08:03

Subject

SERIALNUMBER=91110105MA01RR6W9J,CN=StreamFab Technology,O=StreamFab Technology,STREET=朝阳区高碑店乡半壁店村惠河南街1063号-1号1层C1147,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074245494a494e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:c7:12:8e:9e:bd:d1:cc:46:28:11:d9:20:84:f0:d0:ce:3b:4f:b4
Signer

Actual PE Digest

3b:c7:12:8e:9e:bd:d1:cc:46:28:11:d9:20:84:f0:d0:ce:3b:4f:b4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91110105MA01RR6W9J,CN=StreamFab Technology,O=StreamFab Technology,STREET=朝阳区高碑店乡半壁店村惠河南街1063号-1号1层C1147,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074245494a494e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

28/09/2022, 09:46
Valid: true

Chain 1

SERIALNUMBER=91110105MA01RR6W9J,CN=StreamFab Technology,O=StreamFab Technology,STREET=朝阳区高碑店乡半壁店村惠河南街1063号-1号1层C1147,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074245494a494e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=91110105MA01RR6W9J,CN=StreamFab Technology,O=StreamFab Technology,STREET=朝阳区高碑店乡半壁店村惠河南街1063号-1号1层C1147,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074245494a494e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

powrprof

SetSuspendState

wldap32

ord35

kernel32

GetVersionExA
GetVersion
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SystemParametersInfoA
CharUpperBuffW

advapi32

RegEnumKeyA

shell32

ShellExecuteExA

ole32

CoSetProxyBlanket

oleaut32

VariantClear

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@O@Z

iphlpapi

GetAdaptersInfo

vcruntime140

memcpy

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table

api-ms-win-crt-string-l1-1-0

strcat

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-math-l1-1-0

floor

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-filesystem-l1-1-0

_splitpath

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-multibyte-l1-1-0

_mbspbrk

api-ms-win-crt-conio-l1-1-0

_getch

ws2_32

htonl

version

VerQueryValueA

Exports

Exports

CloseSession
CreateSessionAndGenerateRequest
LoadSession
OnRejectPromise
OnResolvePromise
OnSessionMessage
RemoveSession
SetServerCertificate
UpdateSession

Sections

.text
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 546KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdz0
Size: - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdz1
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdz2
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

baaa06556a4b5411b33f878c0082f629

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

7d:17:1c:18:bf:9d:9f:f6:21:85:45:ebCertificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

3b:c7:12:8e:9e:bd:d1:cc:46:28:11:d9:20:84:f0:d0:ce:3b:4f:b4Signer

Signature Validations

Verification

28/09/2022, 09:46 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

powrprof

wldap32

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp140

iphlpapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-conio-l1-1-0

ws2_32

version

Exports

Exports

Sections

.text Size: - Virtual size: 1.8MB

.rdata Size: - Virtual size: 546KB

.data Size: - Virtual size: 321KB

.pdata Size: - Virtual size: 106KB

.rdz0 Size: - Virtual size: 3.8MB

.rdz1 Size: 5KB - Virtual size: 5KB

.rdz2 Size: 7.3MB - Virtual size: 7.3MB

.reloc Size: 512B - Virtual size: 228B

.rsrc Size: 512B - Virtual size: 233B

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

7d:17:1c:18:bf:9d:9f:f6:21:85:45:eb
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

3b:c7:12:8e:9e:bd:d1:cc:46:28:11:d9:20:84:f0:d0:ce:3b:4f:b4
Signer

28/09/2022, 09:46
Valid: true

.text
Size: - Virtual size: 1.8MB

.rdata
Size: - Virtual size: 546KB

.data
Size: - Virtual size: 321KB

.pdata
Size: - Virtual size: 106KB

.rdz0
Size: - Virtual size: 3.8MB

.rdz1
Size: 5KB - Virtual size: 5KB

.rdz2
Size: 7.3MB - Virtual size: 7.3MB

.reloc
Size: 512B - Virtual size: 228B

.rsrc
Size: 512B - Virtual size: 233B