ce5c1062e959042e364bebcac781087c12ed69afa08bd1c05278a53eb0050181

Sharing

Copy URL Twitter E-mail

General

Target

ce5c1062e959042e364bebcac781087c12ed69afa08bd1c05278a53eb0050181
Size

68KB
MD5

c795dbf5bc9f7542f594db0eb9243b46
SHA1

2b32840db2d4efd0deecaaf3b492aec49a55af91
SHA256

ce5c1062e959042e364bebcac781087c12ed69afa08bd1c05278a53eb0050181
SHA512

9662616d867f52267c88daba6808e73d4203d57fd6e8972c1d3b08b56db5bc89b836882c146d8ae6bd7e27cb62eb1839bffc88364497bcdda77db568a59f477f
SSDEEP

1536:7mf1uaG/IxTbaLLNuXV86fX/uTZqpKdJe9Hr3B33JD:7ik/mTWNuF86fvuTZqpKe9Lx35D

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
static1/unpack001/filetypesman 图标更改/FileTypesMan.exe	Nirsoft

Files

ce5c1062e959042e364bebcac781087c12ed69afa08bd1c05278a53eb0050181
.rar
filetypesman 图标更改/FileTypesMan.cfg
filetypesman 图标更改/FileTypesMan.chm
.chm
filetypesman 图标更改/FileTypesMan.exe
.exe windows x86

461e4897bb0e73490f1e437d8b48e34f

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:af:64:bc:03:af:e7:c4:3c:9e:62:17:a0:4f:e1:77:7a:c6:9b:38:5b:13:a7:60:4f:55:70:80:a9:d1:6a:76
Signer

Actual PE Digest

b4:af:64:bc:03:af:e7:c4:3c:9e:62:17:a0:4f:e1:77:7a:c6:9b:38:5b:13:a7:60:4f:55:70:80:a9:d1:6a:76

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

03/04/2020, 12:53
Valid: true

Chain 1

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
__p__commode
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__p__fmode
__set_app_type
_controlfp
exit
_except_handler3
__dllonexit
_wcslwr
strlen
qsort
_itow
memmove
malloc
free
modf
memcmp
wcstoul
_memicmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
wcscmp
_wtoi
_purecall
_wcsicmp
wcschr
wcsrchr
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
ImageList_ReplaceIcon
CreateStatusWindowW
CreateToolbarEx
ord17

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ws2_32

WSAStartup
WSACleanup
htonl
inet_addr
connect
WSAAsyncGetHostByName
WSAAsyncSelect
send
closesocket
WSASetLastError
socket
bind
htons
WSAGetLastError

kernel32

FormatMessageW
GetVersionExW
CloseHandle
GetWindowsDirectoryW
GetDateFormatW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetStartupInfoW
GetModuleHandleA
EnumResourceTypesW
Sleep
WinExec
GetCurrentThreadId
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
OpenProcess
ReadProcessMemory
GetCurrentProcess
ExitProcess
GetCurrentProcessId
SetErrorMode
DeleteFileW
GetStdHandle
WideCharToMultiByte
EnumResourceNamesW
FreeLibrary
GetProcAddress
FileTimeToLocalFileTime
CompareFileTime
ExpandEnvironmentStringsW
LoadLibraryW
FileTimeToSystemTime
GetModuleHandleW
LoadLibraryExW
GetTempFileNameW
GetTimeFormatW
GetFileAttributesW
GetFileSize
LocalFree
ReadFile
GetModuleFileNameW
LockResource
CreateFileW
lstrcpyW
WriteFile
lstrlenW
GlobalAlloc
GetSystemDirectoryW
FindResourceW
GlobalUnlock
LoadResource
GetTempPathW
GetLastError
SizeofResource
GlobalLock
GetPrivateProfileIntW

user32

FillRect
SetCapture
ReleaseCapture
GetWindowThreadProcessId
SetForegroundWindow
AttachThreadInput
EnumWindows
DrawTextExW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
GetKeyState
GetFocus
LoadIconW
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
SetDlgItemInt
GetWindow
BeginPaint
DrawFrameControl
GetClientRect
SetWindowTextW
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SendDlgItemMessageW
EndDialog
EndPaint
GetDlgItem
InvalidateRect
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
DefWindowProcW
UpdateWindow
SendMessageW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
SetMenu
SetWindowPos
LoadImageW
SetWindowLongW
GetWindowLongW
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
GetSysColor
LoadStringW
GetParent
CheckMenuItem
GetCursorPos
GetMenu
SetClipboardData
GetSubMenu
EnableWindow
MapWindowPoints
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
ScreenToClient
GetMenuStringW
CloseClipboard
MoveWindow
GetMenuItemCount
DestroyIcon
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
DialogBoxParamW
GetDlgCtrlID
DestroyMenu
DestroyWindow
CreateDialogParamW
EnumChildWindows

gdi32

SetBkMode
GetStockObject
GetTextExtentPoint32W
GetDeviceCaps
CreateSolidBrush
PatBlt
SelectObject
SetBkColor
SetTextColor
DeleteObject
CreateFontIndirectW

comdlg32

FindTextW
GetSaveFileNameW
GetOpenFileNameW
ChooseFontW

advapi32

RegDeleteKeyW
RegOpenKeyW
RegGetKeySecurity
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RevertToSelf
ImpersonateLoggedOnUser
QueryServiceStatus
StartServiceW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCreateKeyW

shell32

ShellExecuteW
ExtractIconExW
SHGetFileInfoW
SHChangeNotify

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
filetypesman 图标更改/FileTypesMan_lng.ini

Sharing

General

Malware Config

Signatures

Files

461e4897bb0e73490f1e437d8b48e34f

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

b4:af:64:bc:03:af:e7:c4:3c:9e:62:17:a0:4f:e1:77:7a:c6:9b:38:5b:13:a7:60:4f:55:70:80:a9:d1:6a:76Signer

Signature Validations

Verification

03/04/2020, 12:53 Valid: true

Chain 1

Headers

File Characteristics

Imports

msvcrt

comctl32

version

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 2KB - Virtual size: 7KB

.rsrc Size: 25KB - Virtual size: 24KB

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

b4:af:64:bc:03:af:e7:c4:3c:9e:62:17:a0:4f:e1:77:7a:c6:9b:38:5b:13:a7:60:4f:55:70:80:a9:d1:6a:76
Signer

03/04/2020, 12:53
Valid: true

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 2KB - Virtual size: 7KB

.rsrc
Size: 25KB - Virtual size: 24KB