4b39910c078e6be281264a873a8a3ccb588b4713394337684dca5364c03254f1

Sharing

Copy URL Twitter E-mail

General

Target

4b39910c078e6be281264a873a8a3ccb588b4713394337684dca5364c03254f1
Size

806KB
MD5

b7fc1d80e7e678b267c1e63665453257
SHA1

5ce87613fbdaba9ef08b825a3dda3b93aaf5acff
SHA256

4b39910c078e6be281264a873a8a3ccb588b4713394337684dca5364c03254f1
SHA512

dd6de4e01b4643c90707f73e667c4183334b788bde81a94f604ba10e2913664e0886d814213c310bba2cabe518893066393a6afe43564c769327042ef2a4821b
SSDEEP

24576:67Y3O6kT+JW9B/sN6kXGsnAkbO1NS2VCpI:oY819yNDX7AkbO1NS2Ci

Score

N/A

Malware Config

Signatures

Files

4b39910c078e6be281264a873a8a3ccb588b4713394337684dca5364c03254f1
.exe windows x86

9bdcad075c48287fbb6eb6bbb4a9ea15

Code Sign

26:c7:d0:30:a4:08:08:b8:4a:61:a0:33:68:a6:49:29
Certificate

Issuer

CN=Beijing Shengcai Education & Technology Co. Ltd.

Not Before

12/09/2013, 09:57

Not After

31/12/2039, 23:59

Subject

CN=Beijing Shengcai Education & Technology Co. Ltd.

18:93:d8:5f:66:6e:31:e0:07:50:2f:4e:6e:01:b1:7c:c0:e0:35:dc
Signer

Actual PE Digest

18:93:d8:5f:66:6e:31:e0:07:50:2f:4e:6e:01:b1:7c:c0:e0:35:dc

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Beijing Shengcai Education & Technology Co. Ltd.

28/10/2022, 15:04
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsFree
GlobalFlags
GlobalGetAtomNameW
SetErrorMode
GetStartupInfoW
RtlUnwind
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
ExitThread
HeapFree
HeapAlloc
HeapReAlloc
SetStdHandle
GetFileType
ExitProcess
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetCurrentDirectoryA
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
LocalReAlloc
TlsSetValue
GetProcessHeap
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
VirtualProtect
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
LoadLibraryExW
CompareStringA
InterlockedExchange
GetFileTime
GetFileSizeEx
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
FileTimeToLocalFileTime
FindNextFileW
GetCurrentProcessId
lstrcmpA
FormatMessageW
LocalFree
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
GetModuleHandleA
GetFileSize
FileTimeToSystemTime
SetFileTime
GetCurrentDirectoryW
GetFileAttributesW
LocalFileTimeToFileTime
SystemTimeToFileTime
ReadFile
SetFilePointer
GetTickCount
TerminateProcess
CopyFileW
GetCurrentProcess
GetCommandLineW
RemoveDirectoryW
CreateFileW
WriteFile
VirtualFreeEx
InterlockedIncrement
GlobalFree
MulDiv
CreateEventW
ResumeThread
ResetEvent
GlobalAlloc
GlobalLock
GlobalUnlock
WritePrivateProfileStringW
WaitForSingleObject
lstrlenW
GetTempPathW
SetFileAttributesW
WriteProcessMemory
GetModuleFileNameW
GetWindowsDirectoryW
GetSystemDirectoryW
lstrlenA
CreateDirectoryW
FindClose
FindFirstFileW
InterlockedDecrement
GetVersionExW
DeleteFileW
Sleep
MoveFileW
MultiByteToWideChar
OpenProcess
VirtualAllocEx
SetEvent
CreateThread
CloseHandle
GetPrivateProfileStringW
GetLastError
SetLastError
LoadLibraryW
FreeLibrary
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleHandleW
HeapCreate
GetProcAddress

user32

SetRectEmpty
GetSysColorBrush
UnregisterClassW
IsRectEmpty
KillTimer
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
PostQuitMessage
CharUpperW
GetMessageW
TranslateMessage
ValidateRect
LoadMenuW
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
EnableMenuItem
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
GetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
TranslateAcceleratorW
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
EndPaint
BeginPaint
PostMessageW
GetClientRect
InvalidateRect
MessageBeep
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
UnhookWindowsHookEx
wsprintfW
IsIconic
DrawIcon
ShowWindow
GetSystemMetrics
LoadIconW
SetForegroundWindow
DrawTextW
GetDlgItem
GetParent
CharNextW
CopyAcceleratorTableW
PostThreadMessageW
RegisterClipboardFormatW
GetSubMenu
GetMenuItemID
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
SetActiveWindow
BringWindowToTop
GetNextDlgGroupItem
GetLastActivePopup
InvalidateRgn
SetWindowLongW
GetWindowLongW
IsWindow
EnableWindow
ScreenToClient
SendMessageW
GetMessagePos
CopyRect
PtInRect
OffsetRect
LoadBitmapW
FillRect
SetWindowRgn
GetWindowRect
IsWindowVisible
SetTimer
SetCapture
LoadCursorW
ReleaseCapture
GetCursorPos
GetDC
GetWindow
GetDesktopWindow
GetWindowThreadProcessId
SetPropW
GetPropW
MessageBoxW
SendMessageTimeoutW
GetClassNameW
UpdateWindow
EnumWindows
SetCursor
GetMenuItemCount
CheckMenuItem
AppendMenuW
CreatePopupMenu
InflateRect
SetRect
ReleaseDC
GetSysColor

gdi32

CreatePatternBrush
CreateBitmap
CreateRectRgnIndirect
ExtSelectClipRgn
GetMapMode
CreateEllipticRgn
Ellipse
GetBkColor
GetTextColor
GetRgnBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
CreateCompatibleDC
MoveToEx
LineTo
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
LPtoDP
CreateFontIndirectW
GetDeviceCaps
CreateSolidBrush
DeleteDC
GetStockObject
GetPixel
GetTextExtentPoint32W
Rectangle
CreateCompatibleBitmap
SelectObject
GetObjectW
DeleteObject
StretchBlt
BitBlt
GetViewportExtEx

msimg32

TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegDeleteKeyW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey

shell32

DragQueryFileW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderPathW
DragFinish

comctl32

_TrackMouseEvent

shlwapi

PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW

oledlg

OleUIBusyW

ole32

OleInitialize
CoRevokeClassObject
CoFreeUnusedLibraries
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
OleRun
CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysFreeString
VariantInit
VariantCopy
VariantChangeType
VariantClear
OleLoadPicture
SysAllocStringLen
SysAllocString
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
GetErrorInfo

wininet

HttpQueryInfoW
InternetSetOptionW
InternetSetStatusCallbackW
InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle

psapi

EnumProcesses
GetModuleFileNameExW
EnumProcessModules

wsock32

WSACleanup
WSAStartup
WSASetLastError

Sections

.text
Size: 458KB - Virtual size: 458KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9bdcad075c48287fbb6eb6bbb4a9ea15

Code Sign

26:c7:d0:30:a4:08:08:b8:4a:61:a0:33:68:a6:49:29Certificate

18:93:d8:5f:66:6e:31:e0:07:50:2f:4e:6e:01:b1:7c:c0:e0:35:dcSigner

Signature Validations

Verification

28/10/2022, 15:04 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

psapi

wsock32

Sections

.text Size: 458KB - Virtual size: 458KB

.rdata Size: 108KB - Virtual size: 107KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 225KB - Virtual size: 224KB

26:c7:d0:30:a4:08:08:b8:4a:61:a0:33:68:a6:49:29
Certificate

18:93:d8:5f:66:6e:31:e0:07:50:2f:4e:6e:01:b1:7c:c0:e0:35:dc
Signer

28/10/2022, 15:04
Valid: false

.text
Size: 458KB - Virtual size: 458KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 225KB - Virtual size: 224KB