cb575f650bf7ac711c05c75b649272f4c5354621c14f26b2067db4f7c7367798

Sharing

Copy URL Twitter E-mail

General

Target

cb575f650bf7ac711c05c75b649272f4c5354621c14f26b2067db4f7c7367798
Size

5.4MB
MD5

22c68ff7753302d89e322730d58f47c7
SHA1

dd1682d9638179d477d9c1d80695f6da2ae47492
SHA256

cb575f650bf7ac711c05c75b649272f4c5354621c14f26b2067db4f7c7367798
SHA512

8af18ffede02666914c45d430e78b520898b2651f1278ad9a353a0306b6d84d957146e38b93e1c76ab1cac2186c0c69da504fda6b74bcde94de47d7d8af1f013
SSDEEP

98304:yaITm4rr/vBHBObEt64oHawOS7mq77KrG3JCx1JB2M9eUIUvGGPhGg2:h4nnwEt6NH3mqyrcEXIM91IUuGP2

Score

N/A

Malware Config

Signatures

Files

cb575f650bf7ac711c05c75b649272f4c5354621c14f26b2067db4f7c7367798
.exe windows x86

883bbda5fc19d7333ca18eb46a538c07

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:b0:f4:d8:21:e2:39:ba:81:b3:d1:0e:61:b7:61:5b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

30/05/2014, 00:00

Not After

30/05/2015, 23:59

Subject

CN=Guangxi Nanning Shengtai'an E-Business Development CO.LTD,O=Guangxi Nanning Shengtai'an E-Business Development CO.LTD,L=Guangxi,ST=Nanning,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

80:2b:4f:98:d3:ad:78:e3:e0:cf:35:2d:24:6f:2d:25:8a:27:e2:8f
Signer

Actual PE Digest

80:2b:4f:98:d3:ad:78:e3:e0:cf:35:2d:24:6f:2d:25:8a:27:e2:8f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Guangxi Nanning Shengtai'an E-Business Development CO.LTD,O=Guangxi Nanning Shengtai'an E-Business Development CO.LTD,L=Guangxi,ST=Nanning,C=CN

17/11/2022, 13:15
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpA
Process32First
GetLastError
Process32Next
CreateMutexA
CreateToolhelp32Snapshot
GetVolumeInformationA
WritePrivateProfileStringA
DeviceIoControl
GetVersionExA
lstrlenA
GetEnvironmentVariableA
FindFirstFileA
FindNextFileA
GetFileAttributesA
GetSystemInfo
OutputDebugStringA
WinExec
DosDateTimeToFileTime
SetFilePointer
SystemTimeToFileTime
SetFileTime
ReadFile
GetFileType
GetCurrentDirectoryW
GetFullPathNameA
WriteFile
FormatMessageA
LocalFree
IsDBCSLeadByteEx
GetProcessHeap
SetEndOfFile
CreateFileW
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
HeapSize
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetHandleCount
IsValidCodePage
GetOEMCP
LoadLibraryW
InitializeCriticalSectionAndSpinCount
HeapCreate
CreateFileA
GetACP
WideCharToMultiByte
MultiByteToWideChar
GetTempPathA
LockResource
SizeofResource
LoadResource
FreeResource
FindResourceA
TerminateThread
DeleteFileA
CloseHandle
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
GetLocalTime
GetPrivateProfileStringA
SetFileAttributesA
GetProcAddress
CreateDirectoryA
TerminateProcess
Sleep
OpenProcess
GetCurrentProcess
GetDriveTypeW
IsProcessorFeaturePresent
GetLocaleInfoW
GetModuleFileNameW
GetStdHandle
SetLastError
TlsFree
TlsSetValue
InterlockedIncrement
TlsGetValue
TlsAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
RtlUnwind
GetCPInfo
RaiseException
GetStartupInfoW
HeapSetInformation
GetCommandLineA
MoveFileA
HeapReAlloc
HeapAlloc
ExitProcess
GetModuleHandleW
HeapFree
CreateThread
GetCurrentThreadId
ExitThread
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DecodePointer
EncodePointer
InterlockedExchange
InterlockedDecrement

user32

GetDlgItem
CreateWindowExA
MessageBoxA
TranslateMessage
IsDlgButtonChecked
SendMessageA
GetClientRect
LoadIconA
SendDlgItemMessageA
PostQuitMessage
CreateDialogParamA
SetWindowPos
GetMessageA
DestroyWindow
EndPaint
wvsprintfA
wsprintfA
EnableWindow
PostMessageA
SetDlgItemTextA
GetDlgItemTextA
DispatchMessageA
GetSystemMetrics
LoadImageA
ShowWindow
BeginPaint

gdi32

CreateFontA

advapi32

OpenProcessToken
OpenSCManagerA
StartServiceA
CreateServiceA
CloseServiceHandle
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExA
RegCreateKeyExA
LookupPrivilegeValueA
RegQueryValueExA
RegSetValueExA

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderA
SHCreateDirectoryExA
Shell_NotifyIconA
SHGetPathFromIDListA

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance

gdiplus

GdipFillRectangleI
GdipDrawLineI
GdipCreateFromHDC
GdiplusStartup
GdipCreateFontFamilyFromName
GdipDrawString
GdipCreateFont
GdipCreateSolidFill
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeleteFont
GdipDeletePen
GdipDeleteBrush
GdipCreatePen1

wininet

HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetReadFile
InternetOpenUrlA
HttpQueryInfoA
HttpSendRequestA

shlwapi

PathCombineA
PathIsDirectoryA
PathRemoveBackslashA
PathFileExistsA
PathStripPathA
UrlGetPartA
PathIsURLA

netapi32

Netbios

sensapi

IsNetworkAlive

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

883bbda5fc19d7333ca18eb46a538c07

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

1e:b0:f4:d8:21:e2:39:ba:81:b3:d1:0e:61:b7:61:5bCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

80:2b:4f:98:d3:ad:78:e3:e0:cf:35:2d:24:6f:2d:25:8a:27:e2:8fSigner

Signature Validations

Verification

17/11/2022, 13:15 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

gdiplus

wininet

shlwapi

netapi32

sensapi

psapi

version

iphlpapi

Sections

.text Size: 309KB - Virtual size: 308KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 9KB - Virtual size: 18KB

.rsrc Size: 5.0MB - Virtual size: 5.0MB

.reloc Size: 32KB - Virtual size: 31KB

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

1e:b0:f4:d8:21:e2:39:ba:81:b3:d1:0e:61:b7:61:5b
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

80:2b:4f:98:d3:ad:78:e3:e0:cf:35:2d:24:6f:2d:25:8a:27:e2:8f
Signer

17/11/2022, 13:15
Valid: false

.text
Size: 309KB - Virtual size: 308KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 5.0MB - Virtual size: 5.0MB

.reloc
Size: 32KB - Virtual size: 31KB