8f917ad6a4c7f6f847fb1b789454d60ba2bf30b0383ee1f34a3774170ac1a7bf

Sharing

Copy URL Twitter E-mail

General

Target

8f917ad6a4c7f6f847fb1b789454d60ba2bf30b0383ee1f34a3774170ac1a7bf
Size

316KB
MD5

08c16dd16371c2d964a49762acd553b1
SHA1

5c0e89d66ae5e173e09fd07dda64782f3d7eaa4a
SHA256

8f917ad6a4c7f6f847fb1b789454d60ba2bf30b0383ee1f34a3774170ac1a7bf
SHA512

bba2bb4a7e34ef2b97ff5f1bea9829b92a699cc5f74368299cb687dc5489e68d635f5ff34d73cf79549650ffe218bd371fb56f7659ddb45ed9ea34f3f6948678
SSDEEP

6144:lv5Rs10yJv18TvsITnnU+y7EPNeyIBbOzciQXdP:3uviAsnuEP3IROzcicd

Score

N/A

Malware Config

Signatures

Files

8f917ad6a4c7f6f847fb1b789454d60ba2bf30b0383ee1f34a3774170ac1a7bf
.exe windows x86

5cb32b3ed69d605e35077269b37136b5

Code Sign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:8c:e3:a9:ae:f0:a7:9b:99:11:10:8e:65:46:f8:de
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

18/02/2011, 00:00

Not After

18/04/2013, 23:59

Subject

CN=SuZhou Snail Electronic Co.\, Ltd,OU=Technology Center,O=SuZhou Snail Electronic Co.\, Ltd,L=Suzhou,ST=Jiangsu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:ac:46:fd:fe:d8:85:72:57:86:ed:41:b0:0a:ff:51:96:a2:f6:23
Signer

Actual PE Digest

45:ac:46:fd:fe:d8:85:72:57:86:ed:41:b0:0a:ff:51:96:a2:f6:23

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=SuZhou Snail Electronic Co.\, Ltd,OU=Technology Center,O=SuZhou Snail Electronic Co.\, Ltd,L=Suzhou,ST=Jiangsu,C=CN

04/11/2022, 15:41
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
ExitProcess
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RaiseException
RtlUnwind
HeapSize
HeapDestroy
HeapCreate
VirtualFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
SetErrorMode
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetOEMCP
GetCPInfo
CreateFileA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GlobalFlags
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalAddAtomA
FreeResource
WritePrivateProfileStringA
GetCurrentProcessId
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
FreeLibrary
GetModuleHandleA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
SetLastError
CloseHandle
FindResourceA
CreateThread
LoadResource
LockResource
SizeofResource
GetModuleFileNameA
Sleep
GetProcAddress
LoadLibraryA
GetLastError
MultiByteToWideChar
InterlockedExchange
WideCharToMultiByte
GetVersion
lstrlenA
GetACP
CompareStringA

user32

LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
DrawIcon
EnableWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
UnregisterClassA
DestroyMenu
LoadIconA
IsIconic
SendMessageA
GetSystemMetrics
GetClientRect
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
SetCursor
PostQuitMessage
PostMessageA
MessageBoxA
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MapWindowPoints

gdi32

SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

;�
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5cb32b3ed69d605e35077269b37136b5

Code Sign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

34:8c:e3:a9:ae:f0:a7:9b:99:11:10:8e:65:46:f8:deCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

45:ac:46:fd:fe:d8:85:72:57:86:ed:41:b0:0a:ff:51:96:a2:f6:23Signer

Signature Validations

Verification

04/11/2022, 15:41 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

Sections

.text Size: 132KB - Virtual size: 131KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 40KB - Virtual size: 36KB

;� Size: 92KB - Virtual size: 92KB

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

34:8c:e3:a9:ae:f0:a7:9b:99:11:10:8e:65:46:f8:de
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

45:ac:46:fd:fe:d8:85:72:57:86:ed:41:b0:0a:ff:51:96:a2:f6:23
Signer

04/11/2022, 15:41
Valid: false

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 40KB - Virtual size: 36KB

;�
Size: 92KB - Virtual size: 92KB