cb3aa561212b60a4bcb40abf4cff49ac45c0b9afc2b5c5e992e9f85e76bf357d

Sharing

Copy URL

Twitter E-mail

General

Target

cb3aa561212b60a4bcb40abf4cff49ac45c0b9afc2b5c5e992e9f85e76bf357d
Size

133KB
MD5

0874bb3cf64de3a48e2d9b5dec6aae85
SHA1

391da1ffc9e7d4a0be67136ce82606b3a7478de6
SHA256

cb3aa561212b60a4bcb40abf4cff49ac45c0b9afc2b5c5e992e9f85e76bf357d
SHA512

a3c2e6a1016907aafe95e6e02c31a6ead1056b681b027b466b3abd5a4137abbfc6b92411a5ab2d165cb65809443b71a6283bd46c6057b408c78e5f8ca0e40028
SSDEEP

3072:jqeSHx2bY76NjBV/LVbg0IcSGgr6d5PRjsQiXZ8zJb0ONIKQaq88myjx:jG2k76NjnVV0G9LRAQF0OBMoyF

Score

N/A

Malware Config

Signatures

Files

cb3aa561212b60a4bcb40abf4cff49ac45c0b9afc2b5c5e992e9f85e76bf357d
.exe windows x86

8343f5d7255251991b3af5f7ba9e74dc

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:af:13:74:fe:5f:db:ed:b4:de:05:ff:a9:03:dd:7a
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14/05/2010, 00:00

Not After

14/05/2011, 23:59

Subject

CN=上海瑞创网络科技发展有限公司,O=上海瑞创网络科技发展有限公司,L=ShangHai,ST=ShangHai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

24:26:0e:5a:a3:05:7f:5e:d9:f9:d3:8f:ca:50:d9:a1:e0:ac:cf:bb
Signer

Actual PE Digest

24:26:0e:5a:a3:05:7f:5e:d9:f9:d3:8f:ca:50:d9:a1:e0:ac:cf:bb

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=上海瑞创网络科技发展有限公司,O=上海瑞创网络科技发展有限公司,L=ShangHai,ST=ShangHai,C=CN

04/11/2022, 15:42
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
GetSystemDefaultLangID
SetFilePointer
ReadFile
CreateFileW
CreateDirectoryW
SetFileAttributesW
GetFileAttributesW
FindResourceW
FindClose
FindFirstFileW
GetModuleFileNameW
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FormatMessageW
LocalFree
GetPrivateProfileStringW
CreateMutexW
ReleaseMutex
SetEndOfFile
WriteFile
GetFileSize
GetFullPathNameW
GetTempPathW
GetTempFileNameW
LoadLibraryW
GetCurrentDirectoryW
GetLongPathNameW
MoveFileW
lstrlenW
SetLastError
FlushInstructionCache
RaiseException
GetCurrentProcess
GetCurrentThreadId
FreeLibrary
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExA
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
Sleep
OpenProcess
GetWindowsDirectoryW
GetProcAddress
DeleteFileW
WaitForSingleObject
CloseHandle
GetModuleHandleW
GetLastError
MoveFileExW
InterlockedExchange

user32

GetDlgItem
GetWindowLongW
DialogBoxParamW
LoadStringW
wsprintfW
IsWindow
MessageBoxW
GetWindow
UnregisterClassA
SystemParametersInfoW
MapWindowPoints
GetParent
SetFocus
GetDesktopWindow
SetWindowTextW
SendDlgItemMessageW
EnableWindow
SetWindowLongW
GetActiveWindow
ShowWindow
GetClientRect
BringWindowToTop
PostMessageW
LoadIconW
SendMessageW
MoveWindow
SetWindowPos
CreateDialogParamW
GetPropW
ScreenToClient
EndDialog
GetWindowRect
SetPropW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegOpenCurrentUser
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExW
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
OleUninitialize
OleInitialize

msvcr80

_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
__p__fmode
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
__p__commode
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__CxxFrameHandler3
_CxxThrowException
malloc
free
??3@YAXPAX@Z
strlen
memset
memcpy
memmove_s
??0exception@std@@QAE@XZ
?what@exception@std@@UBEPBDXZ
wcslen
_invalid_parameter_noinfo
_itow
??1exception@std@@UAE@XZ
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
memcpy_s
??_V@YAXPAX@Z
_stricmp
_splitpath_s
towlower
wcschr
towupper

comctl32

PropertySheetW
InitCommonControlsEx

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8343f5d7255251991b3af5f7ba9e74dc

Code Sign

0aCertificate

Extended Key Usages

Key Usages

24:af:13:74:fe:5f:db:ed:b4:de:05:ff:a9:03:dd:7aCertificate

Extended Key Usages

24:26:0e:5a:a3:05:7f:5e:d9:f9:d3:8f:ca:50:d9:a1:e0:ac:cf:bbSigner

Signature Validations

Verification

04/11/2022, 15:42 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

msvcr80

comctl32

version

Sections

.text Size: 91KB - Virtual size: 90KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 17KB - Virtual size: 16KB

0a
Certificate

24:af:13:74:fe:5f:db:ed:b4:de:05:ff:a9:03:dd:7a
Certificate

24:26:0e:5a:a3:05:7f:5e:d9:f9:d3:8f:ca:50:d9:a1:e0:ac:cf:bb
Signer

04/11/2022, 15:42
Valid: false

.text
Size: 91KB - Virtual size: 90KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 17KB - Virtual size: 16KB