47db4ac45817e5b8de4911ccd0082b3953838c17768a4bf5d9beca0acd836841

Sharing

Copy URL

Twitter E-mail

General

Target

47db4ac45817e5b8de4911ccd0082b3953838c17768a4bf5d9beca0acd836841
Size

102KB
MD5

14c267fa1dc4591371a7be889b528d46
SHA1

90ee2ca5c85f015b9b4328e8d1c26f52bc42743e
SHA256

47db4ac45817e5b8de4911ccd0082b3953838c17768a4bf5d9beca0acd836841
SHA512

0c29336000ea8cec6203922312ae48039209d22ec8ee8e47ce5dde71bb20b383550cbe245490ff7fd4f182172fe93819c7ab47086f269a5fe4c7d5786a2dff07
SSDEEP

3072:cgxhw+6oey8N7Hlw1gDLKPDZuY+qdeVqsG3bDye0:cMsflw1dPD4YBdTd0

Score

10^/10

Malware Config

Signatures

Nirsoft 2 IoCs

resource	yara_rule
static1/unpack001/修改資料夾日期和時間更新工具 FolderTimeUpdate 1.71 中文免安裝/foldertimeupdate-x64/FolderTimeUpdate.exe	Nirsoft
static1/unpack001/修改資料夾日期和時間更新工具 FolderTimeUpdate 1.71 中文免安裝/foldertimeupdate/FolderTimeUpdate.exe	Nirsoft

Files

47db4ac45817e5b8de4911ccd0082b3953838c17768a4bf5d9beca0acd836841
.7z
修改資料夾日期和時間更新工具 FolderTimeUpdate 1.71 中文免安裝/La 討論區.url
.url
修改資料夾日期和時間更新工具 FolderTimeUpdate 1.71 中文免安裝/foldertimeupdate-x64/FolderTimeUpdate.chm
.chm
修改資料夾日期和時間更新工具 FolderTimeUpdate 1.71 中文免安裝/foldertimeupdate-x64/FolderTimeUpdate.exe
.exe windows x64

84f0ec67ca8b0ee244199db0b0bf1df9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__setusermatherr
_onexit
__dllonexit
_wcslwr
strlen
qsort
_wcsnicmp
towupper
wcscmp
_commode
_fmode
__set_app_type
__C_specific_handler
_ultow
malloc
_memicmp
_wcsicmp
free
modf
wcstoul
wcsrchr
wcschr
_itow
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memcpy
wcslen
_wtoi
memcmp
_purecall
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_Add
CreateStatusWindowW
CreateToolbarEx
ImageList_ReplaceIcon
ImageList_Create
ord17
ImageList_AddMasked
ImageList_SetImageCount

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

ReadProcessMemory
ExitProcess
GetCurrentProcess
GetCurrentProcessId
DeleteFileW
GetCurrentDirectoryW
SetErrorMode
OpenProcess
EnumResourceTypesW
GetStartupInfoW
CloseHandle
ExpandEnvironmentStringsW
GetTickCount
GetStdHandle
GetPrivateProfileStringW
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetDriveTypeW
WaitForSingleObject
GetSystemTimeAsFileTime
SetFileTime
CreateThread
CreateFileW
GetLastError
GetFileAttributesW
WriteFile
TzSpecificLocalTimeToSystemTime
FindResourceW
ReadFile
GetModuleFileNameW
LoadResource
SystemTimeToTzSpecificLocalTime
GetWindowsDirectoryW
GlobalAlloc
LoadLibraryExW
FileTimeToLocalFileTime
lstrlenW
WideCharToMultiByte
GetNumberFormatW
LockResource
LocalFree
lstrcpyW
GetDateFormatW
GlobalUnlock
GetTempFileNameW
GetLocaleInfoW
GetTempPathW
LocalFileTimeToFileTime
GlobalLock
GetFileSize
SizeofResource
FormatMessageW
FindFirstFileW
GetVersionExW
FindNextFileW
GetTimeFormatW
FindClose
EnumResourceNamesW
WritePrivateProfileStringW
GetPrivateProfileIntW

user32

DrawTextExW
DispatchMessageW
TranslateMessage
ChildWindowFromPoint
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
SetWindowTextW
UpdateWindow
InvalidateRect
SendMessageW
GetWindowRect
SetDlgItemTextW
GetDlgItemTextW
GetDlgItemInt
SetWindowLongPtrW
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetClientRect
SendDlgItemMessageW
GetWindow
EndDialog
GetDlgItem
LoadAcceleratorsW
DefWindowProcW
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
LoadImageW
LoadIconW
GetWindowLongW
GetSysColor
SetWindowLongW
SetFocus
GetParent
EndDeferWindowPos
BeginDeferWindowPos
SendMessageTimeoutW
CloseClipboard
GetMenu
EmptyClipboard
MoveWindow
EnableMenuItem
GetDC
ReleaseDC
OpenClipboard
GetClassNameW
GetSubMenu
CheckMenuItem
GetMenuItemCount
GetCursorPos
GetMenuStringW
SetClipboardData
EnableWindow
MapWindowPoints
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
IsDialogMessageW

gdi32

SetBkMode
CreateFontIndirectW
DeleteObject
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
GetObjectW
DeleteDC
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
SetTextColor

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegDeleteKeyW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

shell32

ShellExecuteExW
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
DragFinish
DragQueryFileW
DragAcceptFiles
SHGetFileInfoW
ShellExecuteW

ole32

OleInitialize
OleUninitialize

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
修改資料夾日期和時間更新工具 FolderTimeUpdate 1.71 中文免安裝/foldertimeupdate-x64/readme.txt
修改資料夾日期和時間更新工具 FolderTimeUpdate 1.71 中文免安裝/foldertimeupdate/FolderTimeUpdate.chm
.chm
修改資料夾日期和時間更新工具 FolderTimeUpdate 1.71 中文免安裝/foldertimeupdate/FolderTimeUpdate.exe
.exe windows x86

2725220abcbec1f29e5409b60bbbe94d

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-09-2019 00:00

Not After

09-09-2023 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6c:48:e2:41:ab:de:be:70:10:1c:29:7e:db:b9:12:67:59:7c:c9:88:e2:59:c5:df:0f:e5:16:7b:cb:52:6b:b8
Signer

Actual PE Digest

6c:48:e2:41:ab:de:be:70:10:1c:29:7e:db:b9:12:67:59:7c:c9:88:e2:59:c5:df:0f:e5:16:7b:cb:52:6b:b8

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

27-10-2022 14:06
Valid: true

Chain 1

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
_controlfp
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_c_exit
_onexit
__dllonexit
strlen
qsort
_wcslwr
_wcsnicmp
malloc
_wcsicmp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_exit
_ultow
towupper
wcscmp
free
modf
_memicmp
wcstoul
wcsrchr
wcschr
_itow
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
_wtoi
memcmp
_purecall
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_Create
CreateStatusWindowW
CreateToolbarEx
ImageList_ReplaceIcon
ord17
ImageList_Add
ImageList_AddMasked
ImageList_SetImageCount

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

EnumResourceNamesW
GetPrivateProfileStringW
GetStdHandle
GetPrivateProfileIntW
GetStartupInfoW
GetModuleHandleA
EnumResourceTypesW
GetTickCount
GetCurrentDirectoryW
ExpandEnvironmentStringsW
SetErrorMode
DeleteFileW
ReadProcessMemory
GetCurrentProcessId
ExitProcess
OpenProcess
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
GetDriveTypeW
CreateThread
WaitForSingleObject
GetSystemTimeAsFileTime
SetFileTime
CreateFileW
GetLastError
CloseHandle
FindFirstFileW
GetWindowsDirectoryW
GetTimeFormatW
FileTimeToLocalFileTime
GetFileAttributesW
WriteFile
ReadFile
GetNumberFormatW
GetModuleFileNameW
LockResource
LocalFree
TzSpecificLocalTimeToSystemTime
FindResourceW
lstrcpyW
lstrlenW
LoadResource
GlobalAlloc
LocalFileTimeToFileTime
SystemTimeToTzSpecificLocalTime
GlobalUnlock
LoadLibraryExW
WideCharToMultiByte
GetTempPathW
GetLocaleInfoW
FindNextFileW
SizeofResource
GlobalLock
GetDateFormatW
GetTempFileNameW
FormatMessageW
FindClose
GetVersionExW
GetFileSize
WritePrivateProfileStringW
GetCurrentProcess

user32

LoadMenuW
TranslateMessage
IsDialogMessageW
GetMessageW
SetCursor
LoadCursorW
GetSysColorBrush
PostQuitMessage
ChildWindowFromPoint
DeferWindowPos
GetClientRect
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindow
SetWindowLongW
GetDlgItem
GetWindowRect
GetDlgItemInt
SetWindowTextW
InvalidateRect
UpdateWindow
SendMessageW
SetDlgItemTextW
GetDlgItemTextW
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
SetMenu
SetWindowPos
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
LoadIconW
LoadImageW
GetSysColor
GetWindowLongW
SetFocus
GetParent
EndDeferWindowPos
BeginDeferWindowPos
SendMessageTimeoutW
GetCursorPos
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
GetMenuStringW
GetMenuItemCount
CheckMenuItem
CloseClipboard
ShowWindow
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
GetDesktopWindow
GetWindowTextW
DispatchMessageW
DrawTextExW
RegisterWindowMessageW
TrackPopupMenu

gdi32

SetBkMode
CreateFontIndirectW
DeleteObject
SetBkColor
GetStockObject
GetTextExtentPoint32W
GetDeviceCaps
GetPixel
DeleteDC
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW
SetTextColor

comdlg32

GetSaveFileNameW
FindTextW

advapi32

RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW

shell32

ShellExecuteW
ShellExecuteExW
SHGetFileInfoW
DragAcceptFiles
DragQueryFileW
DragFinish
SHBrowseForFolderW
SHGetMalloc
SHGetPathFromIDListW

ole32

OleInitialize
OleUninitialize

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
修改資料夾日期和時間更新工具 FolderTimeUpdate 1.71 中文免安裝/foldertimeupdate/readme.txt
修改資料夾日期和時間更新工具 FolderTimeUpdate 1.71 中文免安裝/foldertimeupdate_tchinese/FolderTimeUpdate_lng.ini

Sharing

General

Malware Config

Signatures

Files

84f0ec67ca8b0ee244199db0b0bf1df9

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 79KB - Virtual size: 79KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 1024B - Virtual size: 6KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 29KB - Virtual size: 28KB

2725220abcbec1f29e5409b60bbbe94d

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

6c:48:e2:41:ab:de:be:70:10:1c:29:7e:db:b9:12:67:59:7c:c9:88:e2:59:c5:df:0f:e5:16:7b:cb:52:6b:b8Signer

Signature Validations

Verification

27-10-2022 14:06 Valid: true

Chain 1

Headers

File Characteristics

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 49KB - Virtual size: 49KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 1024B - Virtual size: 5KB

.rsrc Size: 29KB - Virtual size: 28KB

.text
Size: 79KB - Virtual size: 79KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 1024B - Virtual size: 6KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 29KB - Virtual size: 28KB

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

6c:48:e2:41:ab:de:be:70:10:1c:29:7e:db:b9:12:67:59:7c:c9:88:e2:59:c5:df:0f:e5:16:7b:cb:52:6b:b8
Signer

27-10-2022 14:06
Valid: true

.text
Size: 49KB - Virtual size: 49KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 29KB - Virtual size: 28KB