9979483c5e1758d24a5c6cf2e50f409c18942835c7068c60dac5d555626be44e

Sharing

Copy URL

Twitter E-mail

General

Target

9979483c5e1758d24a5c6cf2e50f409c18942835c7068c60dac5d555626be44e
Size

401KB
MD5

2349346ac1ae0a48b654f278ea6440f6
SHA1

bed6b1e00b71fc33eaf4f90655b8e02650f17e35
SHA256

9979483c5e1758d24a5c6cf2e50f409c18942835c7068c60dac5d555626be44e
SHA512

fedb455aff1f393ad827d5e6c6d4150982444dd0e199fd717fa5d987f00806c8808f1943eb791ba3e4862f08635c1056baf408b002131c2ecf73a8902f92e9d4
SSDEEP

12288:mrqcrS2Y0JmpPhyhin1Z9BU0ZPIo9rU/HFi0M:cS+k180U0ZPR3

Score

N/A

Malware Config

Signatures

Files

9979483c5e1758d24a5c6cf2e50f409c18942835c7068c60dac5d555626be44e
.rar
DesktopOK桌面图标排列备份恢复.exe
.exe windows x86

0fa17d71b3f0e6fa9c70f99abf13f77f

Code Sign

5c:ed:a3:96:d8:ca:15:4b:0e:23:f0:c8:8d:ec:f9:0f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

16/06/2019, 00:00

Not After

15/06/2021, 23:59

Subject

CN=Nenad Hrg,O=Nenad Hrg,POSTALCODE=82024,STREET=Edelweißstr. 104,L=Taufkirchen,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b2:59:69:a0:99:5d:7d:e3:6b:22:a7:c6:78:ad:1e:c0:c0:fd:7c:ed:d2:c3:c7:11:65:24:17:cb:ec:ee:ab:0f
Signer

Actual PE Digest

b2:59:69:a0:99:5d:7d:e3:6b:22:a7:c6:78:ad:1e:c0:c0:fd:7c:ed:d2:c3:c7:11:65:24:17:cb:ec:ee:ab:0f

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nenad Hrg,O=Nenad Hrg,POSTALCODE=82024,STREET=Edelweißstr. 104,L=Taufkirchen,ST=Bayern,C=DE

18/06/2019, 09:47
Valid: true

Chain 1

CN=Nenad Hrg,O=Nenad Hrg,POSTALCODE=82024,STREET=Edelweißstr. 104,L=Taufkirchen,ST=Bayern,C=DE

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryW
GetDriveTypeW
GetLogicalDriveStringsW
GetFileAttributesW
GetCurrentDirectoryW
GlobalSize
LocalFree
FormatMessageW
FindFirstFileW
VirtualAlloc
VirtualFree
SetFileAttributesW
VirtualFreeEx
WriteProcessMemory
ReadProcessMemory
CreateProcessW
lstrcpynW
GetExitCodeProcess
ExitProcess
MulDiv
WaitForSingleObject
GlobalMemoryStatus
lstrcmpiW
InterlockedExchange
GetStartupInfoW
OpenProcess
GetComputerNameW
CreateDirectoryW
GetUserDefaultLangID
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTimeFormatW
GetDateFormatW
GetUserDefaultLCID
EnumDateFormatsW
EnumTimeFormatsW
GetLocaleInfoW
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
GetTimeZoneInformation
GlobalHandle
FreeResource
DeleteFileW
GetFileSize
ReadFile
lstrcatW
CopyFileW
CreateFileW
WriteFile
WideCharToMultiByte
GetModuleFileNameW
GetModuleHandleW
GlobalReAlloc
FindResourceW
SizeofResource
LoadResource
LockResource
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
FreeLibrary
OutputDebugStringW
LoadLibraryW
GetProcAddress
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
CreateMutexW
GetLastError
CloseHandle
CreateThread
Sleep
TerminateThread
lstrcmpW
GetCurrentProcess
FlushInstructionCache
GetVersionExW
lstrcpyW
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
GetCurrentProcessId
MultiByteToWideChar
lstrlenA
InterlockedDecrement
InterlockedIncrement
lstrlenW
GetTempPathW
VirtualAllocEx

user32

ClientToScreen
CheckMenuItem
EnableWindow
SetActiveWindow
SetForegroundWindow
CascadeWindows
TileWindows
GetCursor
GetAsyncKeyState
DialogBoxParamW
GetCursorPos
CreatePopupMenu
AppendMenuW
TrackPopupMenu
EnumDisplaySettingsW
SetRect
FindWindowW
SetCursor
SendDlgItemMessageW
SetDlgItemTextW
EnumDisplayMonitors
InvalidateRgn
SetCapture
ReleaseCapture
CreateAcceleratorTableW
GetDesktopWindow
SetFocus
DeleteMenu
GetClassInfoExW
LoadCursorW
CreateDialogIndirectParamW
SetTimer
GetParent
KillTimer
CopyRect
SetParent
SetWindowTextW
IsChild
IsDialogMessageW
GetWindowTextW
ShowWindow
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
FindWindowExW
EnumChildWindows
RedrawWindow
RegisterClassExW
CreateWindowExW
BeginPaint
EndPaint
InsertMenuW
GetSystemMenu
LoadMenuW
GetClassLongW
DrawIconEx
EnableMenuItem
SetWindowPlacement
GetWindowPlacement
IsZoomed
GetDlgItemTextW
DrawAnimatedRects
GetKeyboardState
keybd_event
GetWindowTextLengthW
CopyIcon
EndDialog
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoW
GetWindowRect
GetWindow
GetWindowLongW
DefWindowProcW
DestroyMenu
IsWindow
SendMessageW
SetCursorPos
GetThreadDesktop
GetUserObjectInformationW
OpenDesktopW
CreateDesktopW
SwitchDesktop
IsRectEmpty
MoveWindow
SetDlgItemInt
EmptyClipboard
GetForegroundWindow
RegisterClipboardFormatW
GetDlgItem
LoadIconW
CreateDialogParamW
DestroyWindow
GetMessageW
TranslateMessage
DispatchMessageW
EnumWindows
PostQuitMessage
MessageBoxW
SendMessageTimeoutW
GetDC
LoadImageW
LoadStringW
wsprintfW
GetClassNameW
MonitorFromPoint
GetMonitorInfoW
TrackPopupMenuEx
ModifyMenuW
FrameRect
DrawEdge
OffsetRect
GetSysColor
GetSysColorBrush
GetSubMenu
PeekMessageW
PtInRect
CallNextHookEx
ReleaseDC
GetSystemMetrics
DrawTextW
RegisterWindowMessageW
GetMessagePos
WindowFromPoint
ScreenToClient
InvalidateRect
UpdateWindow
GetKeyState
GetActiveWindow
GetWindowThreadProcessId
CharLowerW
CharNextW
GetMenuItemCount
GetMenuItemInfoW
SetMenuItemInfoW
FillRect
GetFocus
MessageBeep
PostMessageW
UnhookWindowsHookEx
CallWindowProcW
SetWindowsHookExW
SetWindowLongW
IsWindowVisible

gdi32

RestoreDC
SaveDC
GetTextExtentPointW
Ellipse
ExtTextOutW
LineTo
GetDeviceCaps
CreateSolidBrush
CreateDCW
CreateEnhMetaFileW
CloseEnhMetaFile
SelectPalette
RealizePalette
GetDIBits
GetStockObject
SetPixel
CreateDIBSection
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
CreateBitmap
SetTextColor
SetBkColor
SetBkMode
DeleteDC
GetObjectW
MoveToEx
SetROP2
CreatePen
GetPixel
Rectangle
StretchBlt
SetStretchBltMode
OffsetWindowOrgEx
CreateFontIndirectW
SelectObject
DeleteObject

comdlg32

GetOpenFileNameW
ChooseFontW
GetSaveFileNameW

advapi32

RegOpenKeyW
OpenProcessToken
GetTokenInformation
RegEnumKeyExW
RegDeleteKeyW
GetUserNameW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegDeleteValueW
CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptDestroyHash
CryptAcquireContextW
CryptCreateHash
RegQueryValueExW

shell32

SHGetMalloc
SHGetFileInfoW
ord25
SHFileOperationW
SHGetDesktopFolder
ord155
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHGetSettings
ShellExecuteExW
Shell_NotifyIconW
ShellExecuteW
SHAppBarMessage

ole32

CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
CoUninitialize
OleInitialize
CoCreateInstance
CoSetProxyBlanket
CLSIDFromProgID
OleUninitialize
OleLockRunning
CreateStreamOnHGlobal
CoInitialize

oleaut32

OleCreateFontIndirect
DispCallFunc
SysStringLen
LoadRegTypeLi
SafeArrayDestroy
VariantInit
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
SysAllocString
SysAllocStringLen
VariantClear
VarRound

msvcrt

??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
memmove
wcsstr
free
memset
malloc
realloc
_ftol
_wcsicmp
wcsncpy
wcscmp
_purecall
iswspace
vswprintf
wcslen
swprintf
iswdigit
_wtoi
strlen
memcmp
sprintf
time
wcsrchr
wcscat
wcschr
__CxxFrameHandler
fmod
mktime
_wsetlocale
wcscpy
wcsftime
localtime
clock
_wcsicoll
abs
fclose
fread
fwrite
_wfopen
rand
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
_CxxThrowException
__p__fmode
??1type_info@@UAE@XZ

comctl32

ImageList_GetIcon
ImageList_LoadImageW
ImageList_Create
ImageList_ReplaceIcon
ord17
InitCommonControlsEx
ImageList_Draw

winmm

PlaySoundW
mixerClose
mixerGetNumDevs
waveOutOpen
mixerGetID
waveOutClose
timeGetTime
mixerOpen
mixerGetLineInfoW
mixerSetControlDetails
mixerGetControlDetailsW
mixerGetLineControlsW

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
图标/avi.ico
图标/flv.ico
图标/mkv.ico
图标/mp4.ico
图标/mpeg.ico
图标/rmvb.ico
图标/srt.ico
图标/wmv.ico
图标/视频/3gp.ico
图标/视频/dvd-vob.ico
图标/视频/film_64px_1151461_easyicon.net.ico
图标/视频/film_72px_1151461_easyicon.net.png
.png
图标/视频/h264.ico
图标/视频/mp4 (2).ico
图标/视频/quicktime-mov.ico
图标/视频/ts.ico
图标/视频/vcd-dat.ico
图标/音频/aac.ico
图标/音频/ape flac.ico
图标/音频/cd-wav.ico
图标/音频/mp3.ico
图标/音频/wma.ico
指针/系统原生黑色指针/arrow_r.cur
指针/系统原生黑色指针/beam_r.cur
指针/系统原生黑色指针/cross_r.cur
指针/系统原生黑色指针/wait_r.cur
指针/黑色阴影/1.cur
指针/黑色阴影/10.cur
指针/黑色阴影/2.ani
指针/黑色阴影/3.ani
指针/黑色阴影/5.cur
指针/黑色阴影/6.cur
指针/黑色阴影/9.cur

Sharing

General

Malware Config

Signatures

Files

0fa17d71b3f0e6fa9c70f99abf13f77f

Code Sign

5c:ed:a3:96:d8:ca:15:4b:0e:23:f0:c8:8d:ec:f9:0fCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

b2:59:69:a0:99:5d:7d:e3:6b:22:a7:c6:78:ad:1e:c0:c0:fd:7c:ed:d2:c3:c7:11:65:24:17:cb:ec:ee:ab:0fSigner

Signature Validations

Verification

18/06/2019, 09:47 Valid: true

Chain 1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

msvcrt

comctl32

winmm

Sections

.text Size: 212KB - Virtual size: 211KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 24KB - Virtual size: 193KB

.rsrc Size: 172KB - Virtual size: 171KB

5c:ed:a3:96:d8:ca:15:4b:0e:23:f0:c8:8d:ec:f9:0f
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

b2:59:69:a0:99:5d:7d:e3:6b:22:a7:c6:78:ad:1e:c0:c0:fd:7c:ed:d2:c3:c7:11:65:24:17:cb:ec:ee:ab:0f
Signer

18/06/2019, 09:47
Valid: true

.text
Size: 212KB - Virtual size: 211KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 24KB - Virtual size: 193KB

.rsrc
Size: 172KB - Virtual size: 171KB