ab45a38b5fb7a1895e7f3862fdb3dd82464b1921809d9ceaaa9065d919904681

Sharing

Copy URL Twitter E-mail

General

Target

ab45a38b5fb7a1895e7f3862fdb3dd82464b1921809d9ceaaa9065d919904681
Size

823KB
MD5

d317883c8809d1047ad9ec2cd3dd7ff9
SHA1

93c9d8c5a3bcfafb92f588980e5e5c133e79f463
SHA256

ab45a38b5fb7a1895e7f3862fdb3dd82464b1921809d9ceaaa9065d919904681
SHA512

a7aa027d0c35c5c221b5ff6000a7eda5df4b895d067ab5db5da318c0f1efbfdab75e88fbaa361bee953d4249bea7ad1eb2e57691d21cc3766a6db125da429a2b
SSDEEP

6144:xOUMeANu/a1Fu17swT/WOeANu/a1Fu17swT/Ww:Se2pL2pe2pL2

Score

N/A

Malware Config

Signatures

Files

ab45a38b5fb7a1895e7f3862fdb3dd82464b1921809d9ceaaa9065d919904681
.exe windows x64

0f4d39b270f701255aecb78e4b1c0bfe

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:df:09:9e:8d:36:54:43:eb:18:42:b5
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27/08/2018, 09:38

Not After

27/08/2021, 09:38

Subject

CN=DVDFab Software Inc.,O=DVDFab Software Inc.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f8:6f:1c:95:77:48:51:c0:8d:53:7b:88:68:c0:d8:91:92:88:58:4a
Signer

Actual PE Digest

f8:6f:1c:95:77:48:51:c0:8d:53:7b:88:68:c0:d8:91:92:88:58:4a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=DVDFab Software Inc.,O=DVDFab Software Inc.,L=Beijing,ST=Beijing,C=CN

21/02/2020, 03:20
Valid: true

Chain 1

CN=DVDFab Software Inc.,O=DVDFab Software Inc.,L=Beijing,ST=Beijing,C=CN

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathRemoveFileSpecA
PathAppendA

kernel32

GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
FindFirstFileA
FindNextFileA
DeleteFileA
FindClose
RemoveDirectoryA
IsDebuggerPresent
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
GetCurrentProcessId

shell32

SHGetSpecialFolderPathA

msvcp120

?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Winerror_map@std@@YAPEBDH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z

msvcr120

memchr
??2@YAPEAX_K@Z
_purecall
_lock
_unlock
_calloc_crt
__dllonexit
__C_specific_handler
memmove
_XcptFilter
_amsg_exit
memcpy
__set_app_type
??3@YAXPEAX@Z
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__initenv
_fmode
_commode
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCapturePreviousContext
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtSetUnhandledExceptionFilter
exit
_CxxThrowException
__CxxFrameHandler3
_onexit
__getmainargs

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 802KB - Virtual size: 801KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f4d39b270f701255aecb78e4b1c0bfe

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

26:df:09:9e:8d:36:54:43:eb:18:42:b5Certificate

Extended Key Usages

Key Usages

f8:6f:1c:95:77:48:51:c0:8d:53:7b:88:68:c0:d8:91:92:88:58:4aSigner

Signature Validations

Verification

21/02/2020, 03:20 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

shell32

msvcp120

msvcr120

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 636B

.rsrc Size: 802KB - Virtual size: 801KB

.reloc Size: 512B - Virtual size: 112B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

26:df:09:9e:8d:36:54:43:eb:18:42:b5
Certificate

f8:6f:1c:95:77:48:51:c0:8d:53:7b:88:68:c0:d8:91:92:88:58:4a
Signer

21/02/2020, 03:20
Valid: true

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 636B

.rsrc
Size: 802KB - Virtual size: 801KB

.reloc
Size: 512B - Virtual size: 112B