4d07921d78b939639717f1f90878580a9cdfc6fd08582f1c1fceeec1d4599f9f[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4d07921d78b939639717f1f90878580a9cdfc6fd08582f1c1fceeec1d4599f9f.exe
Size

2.7MB
MD5

8d381f2934e9799941fc37544a21f954
SHA1

393cc8d1a54f17593646a0103fe109b2dd325cd9
SHA256

4d07921d78b939639717f1f90878580a9cdfc6fd08582f1c1fceeec1d4599f9f
SHA512

458613b8a00cb9a466206e788285b4af34a42b274cb582c229a02dad201a3a860609aa2762503292db309ed28148183dade39f381884666892873da2a03527ff
SSDEEP

49152:rokIAJDgbOiyTJFMo4Bt1iJHS77E2o5h93:k9+4juy7Rop

Score

N/A

Malware Config

Signatures

Files

4d07921d78b939639717f1f90878580a9cdfc6fd08582f1c1fceeec1d4599f9f.exe
.exe windows x64

f74d2a8211f62017a1467cbcaa57a3e1

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:14:ad:e0:6a:46:f6:62:1a:52:db:8d:c2:11:44:b1
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

17/06/2021, 00:00

Not After

17/06/2023, 23:59

Subject

CN=Changsha Shenghua Yaozhi Software Development Co.\, Ltd.,OU=IT Dept,O=Changsha Shenghua Yaozhi Software Development Co.\, Ltd.,L=长沙市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:cb:34:fd:3d:ff:12:11:33:9f:f0:7c:4b:21:57:c7
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

30/08/2022, 00:00

Not After

29/08/2023, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetDateFormatA
GetTimeFormatA
GetConsoleCP
GetConsoleMode
LCMapStringW
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
LCMapStringA
EncodePointer
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
FlsAlloc
WriteConsoleW
GetCurrentDirectoryA
GetDriveTypeA
CreateFileA
SetEnvironmentVariableA
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
HeapSize
HeapQueryInformation
VirtualQuery
VirtualAlloc
FindResourceW
VirtualProtect
ExitProcess
HeapReAlloc
RtlPcToFileHeader
RaiseException
FlsFree
FlsSetValue
FlsGetValue
GetConsoleOutputCP
DecodePointer
RtlUnwindEx
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
ExitThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetErrorMode
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
GetModuleHandleA
ResumeThread
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
CompareStringA
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
MulDiv
WTSGetActiveConsoleSessionId
GetFileInformationByHandle
FindVolumeClose
SetVolumeMountPointW
DeleteVolumeMountPointW
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
FindNextVolumeW
FindFirstVolumeW
lstrlenA
GlobalUnlock
GlobalLock
CreateMutexW
GetLocalTime
GetSystemInfo
GlobalFree
GlobalAlloc
GetFileSize
CreateEventW
SetEvent
GetPrivateProfileStringA
GetLocaleInfoW
GetCurrentProcessId
GetCurrentThreadId
SetUnhandledExceptionFilter
GetFileSizeEx
DuplicateHandle
OpenProcess
GetLongPathNameW
CreateHardLinkW
CopyFileExW
SetFilePointer
GetVolumeInformationW
GetTempPathW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GlobalMemoryStatusEx
SetSystemPowerState
GetDiskFreeSpaceExW
GetComputerNameW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
HeapFree
GetProcessHeap
HeapAlloc
GetPrivateProfileSectionNamesW
SystemTimeToFileTime
GetSystemTime
GetModuleHandleW
SetLastError
LoadLibraryExW
LocalAlloc
FormatMessageW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFullPathNameW
FindClose
FindNextFileW
FindFirstFileW
lstrcatW
MultiByteToWideChar
GetCommandLineW
GetDriveTypeW
GetLogicalDrives
ReadFile
LocalFree
WideCharToMultiByte
GetFileAttributesW
GetCurrentProcess
GetSystemDirectoryW
CopyFileW
DeleteFileW
GetVersion
SetFileAttributesW
ExpandEnvironmentStringsW
GetVersionExW
GetPrivateProfileStringW
GetExitCodeProcess
TerminateProcess
GetTickCount
WriteFile
CreatePipe
WritePrivateProfileStringW
GetWindowsDirectoryW
GetPrivateProfileIntW
DeviceIoControl
CreateDirectoryW
CreateProcessW
GetStartupInfoW
lstrcpyW
Sleep
TerminateThread
LoadLibraryW
CreateFileW
FreeLibrary
GetLastError
GetModuleFileNameW
lstrlenW
GetProcAddress
WaitForSingleObject
CreateThread
CloseHandle
LockResource
SizeofResource
LoadResource
GetStringTypeA

user32

GetWindowThreadProcessId
IsWindowEnabled
GetMessageW
GetActiveWindow
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetTopWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
GetKeyState
BeginPaint
SetScrollPos
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetMenuState
GetMenuStringW
UnhookWindowsHookEx
OffsetRect
ReleaseCapture
SetCapture
SetCursor
ClientToScreen
LoadCursorW
UpdateWindow
DestroyWindow
ShowWindow
CreateDialogIndirectParamW
RegisterDeviceNotificationW
SetWindowTextW
CreateDesktopW
GetClassInfoW
FindWindowW
IsDialogMessageW
EndDialog
UnregisterDeviceNotification
ModifyMenuW
GetNextDlgTabItem
GetDesktopWindow
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
SetMenu
GetWindowDC
EnableWindow
EndPaint
CharUpperW
DestroyMenu
WindowFromPoint
SetRectEmpty
UnionRect
IsZoomed
MapDialogRect
SetWindowContextHelpId
UnregisterClassW
GetSysColorBrush
CharNextW
CopyAcceleratorTableW
RegisterClipboardFormatW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PostThreadMessageW
SetTimer
SendMessageW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
ExitWindowsEx
IsMenu
GetClassNameW
MessageBoxW
KillTimer
SystemParametersInfoW
IsWindowVisible
LoadImageW
SetForegroundWindow
PostQuitMessage
AppendMenuW
GetSystemMenu
EnableMenuItem
GetMenuItemID
GetMenuItemCount
GetMenu
MoveWindow
TranslateAcceleratorW
IsWindow
LoadAcceleratorsW
ChangeDisplaySettingsW
ChangeDisplaySettingsExW
EnumDisplaySettingsW
EnumDisplayDevicesW
GetSubMenu
LoadMenuW
GetCursorPos
GetWindowRect
ScreenToClient
LoadIconW
GetParent
GetWindowLongW
RedrawWindow
GetScrollPos
InflateRect
DrawFocusRect
DrawEdge
IsRectEmpty
CopyRect
FillRect
SetRect
GetSysColor
ReleaseDC
GetDC
PtInRect
GetFocus
GetWindow
GetDlgItem
DispatchMessageW
PeekMessageW
TranslateMessage
wsprintfW
GetLastInputInfo
PostMessageW
InvalidateRect

gdi32

GetBkColor
GetTextMetricsW
GetMapMode
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetTextColor
GetViewportExtEx
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetTextExtentPoint32W
GetStockObject
CreateSolidBrush
GetObjectW
CreateFontIndirectW
SelectObject
CreateFontW
PatBlt
CreatePen
GetDeviceCaps
GetClipBox
SetTextColor
SetBkColor
CreateBitmap
CreateRectRgnIndirect
SaveDC
RestoreDC
SetBkMode
SetROP2
SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
GetRgnBox
GetWindowExtEx
DeleteObject
OffsetViewportOrgEx
SetViewportOrgEx
Escape

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryInfoKeyW
RegGetKeySecurity
RegDeleteKeyW
GetSecurityDescriptorLength
CopySid
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
CheckTokenMembership
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
RegSaveKeyW
DeleteService
CreateServiceW
SetFileSecurityW
GetFileSecurityW
CreateProcessAsUserW
GetTokenInformation
LogonUserW
RegCreateKeyW
FreeSid
AllocateAndInitializeSid
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumValueW
MakeSelfRelativeSD
SetSecurityDescriptorSacl
RegDeleteValueW
RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
OpenSCManagerW
CloseServiceHandle
OpenServiceW
QueryServiceStatus
StartServiceW
GetUserNameW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
ControlService
ConvertStringSecurityDescriptorToSecurityDescriptorW
MakeAbsoluteSD
RegConnectRegistryW
SetEntriesInAclW
GetSecurityDescriptorControl
ConvertSecurityDescriptorToStringSecurityDescriptorW
LookupAccountSidW
ConvertSidToStringSidW
GetAclInformation
GetAce
EqualSid
DeleteAce
IsValidSid
IsValidAcl
GetLengthSid
InitializeAcl
AddAccessAllowedAce
AddAce
MapGenericMask
ConvertStringSidToSidW
LookupAccountNameW
GetKernelObjectSecurity
GetNamedSecurityInfoW
IsValidSecurityDescriptor
SetSecurityInfo
SetNamedSecurityInfoW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegSetKeySecurity

shell32

ShellExecuteW
ShellExecuteExW
CommandLineToArgvW
SHChangeNotify
SHGetFolderPathW
ord232
SHFileOperationW
Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFileExistsW
PathRemoveFileSpecW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
CoInitializeEx
CoSetProxyBlanket
CoQueryProxyBlanket
CoInitializeSecurity
CoUninitialize
CoTaskMemFree
CLSIDFromProgID
CLSIDFromString
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoCreateInstance
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
OleUninitialize
CoInitialize
CoGetClassObject

oleaut32

SysStringLen
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantCopy
SysAllocStringByteLen
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocStringLen
VarUdateFromDate
VarDateFromStr
VariantClear
VariantInit
SysFreeString
SysAllocString

wsock32

select
__WSAFDIsSet
gethostbyname
getsockname
htons
ioctlsocket
closesocket
shutdown
WSAStartup
sendto
accept
listen
recv
ntohl
WSAGetLastError
setsockopt
send
connect
WSACleanup
ntohs
socket
bind
WSASetLastError

iphlpapi

SendARP
GetExtendedTcpTable
GetExtendedUdpTable
GetAdaptersInfo

wininet

InternetGetConnectedState

netapi32

NetUseDel
NetApiBufferFree
DsGetDcNameW
NetJoinDomain

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

setupapi

SetupDiDestroyDeviceInfoList
SetupGetInfInformationW
SetupQueryInfVersionInformationW
SetupOpenInfFileW
SetupFindFirstLineW
SetupCloseInfFile
SetupGetFieldCount
SetupGetStringFieldW
SetupFindNextLine
SetupGetMultiSzFieldW
SetupDiGetDeviceInstanceIdW
SetupDiSetClassInstallParamsW
CM_Get_DevNode_Status
SetupDiCreateDeviceInfoList
SetupDiCallClassInstaller
SetupDiGetINFClassW
SetupDiCreateDeviceInfoW
SetupDiSetDeviceRegistryPropertyW
SetupDiRemoveDevice
SetupDiGetDeviceRegistryPropertyW
SetupDiChangeState
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo

newdev

UpdateDriverForPlugAndPlayDevicesW

userenv

LoadUserProfileW

wtsapi32

WTSLogoffSession

pdh

PdhCloseQuery
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhAddCounterW
PdhOpenQueryW

winhttp

WinHttpOpen
WinHttpCrackUrl
WinHttpSetOption
WinHttpConnect
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpReadData

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

crypt32

CryptProtectData

ws2_32

WSAIoctl

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 427KB - Virtual size: 426KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 881KB - Virtual size: 881KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f74d2a8211f62017a1467cbcaa57a3e1

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

4a:14:ad:e0:6a:46:f6:62:1a:52:db:8d:c2:11:44:b1Certificate

Extended Key Usages

Key Usages

03:cb:34:fd:3d:ff:12:11:33:9f:f0:7c:4b:21:57:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

iphlpapi

wininet

netapi32

mpr

setupapi

newdev

userenv

wtsapi32

pdh

winhttp

psapi

crypt32

ws2_32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 427KB - Virtual size: 426KB

.data Size: 20KB - Virtual size: 1.1MB

.pdata Size: 79KB - Virtual size: 78KB

.rsrc Size: 881KB - Virtual size: 881KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

4a:14:ad:e0:6a:46:f6:62:1a:52:db:8d:c2:11:44:b1
Certificate

03:cb:34:fd:3d:ff:12:11:33:9f:f0:7c:4b:21:57:c7
Certificate

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 427KB - Virtual size: 426KB

.data
Size: 20KB - Virtual size: 1.1MB

.pdata
Size: 79KB - Virtual size: 78KB

.rsrc
Size: 881KB - Virtual size: 881KB