eb6ba15c35dc9e28716d86299757182fbba1abca4ce365676bc2913ceda2fe7e

Sharing

Copy URL

Twitter E-mail

General

Target

eb6ba15c35dc9e28716d86299757182fbba1abca4ce365676bc2913ceda2fe7e
Size

631KB
MD5

81ee92cd51d8c189e6063092fa75a383
SHA1

8d6f7eb70a64674ce31b0695a8ead11c4632ad72
SHA256

eb6ba15c35dc9e28716d86299757182fbba1abca4ce365676bc2913ceda2fe7e
SHA512

9e96a34bb39193ef00ae391478edb15c227bfd7edc7b6f8965420bed130a2d84a72e6292c2bada8c34e95d77a31dac00b89bbeb6a4d78a2d2dffef0508cfc1ae
SSDEEP

12288:9iTZEor6rCk9CMgpoHZwcJWNWKCL1fm6O:9iJUamwTXCL1+6O

Score

N/A

Malware Config

Signatures

Files

eb6ba15c35dc9e28716d86299757182fbba1abca4ce365676bc2913ceda2fe7e
.exe windows x86

e90a0138b7e78b366dfb30fd7ab77695

Code Sign

04:7a:53
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03/03/2009, 12:53

Not After

03/03/2024, 12:53

Subject

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:fa:0f:2b:42:b6:25:fc:1e:90:ef:0f:3c:09:3b:28
Certificate

Issuer

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

06/01/2014, 00:00

Not After

06/01/2015, 00:00

Subject

CN=Open Source Developer\, 孙中元,O=孙中元,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:90:db:01:c8:33:69:6a:0e:ad:b4:0d:9c:15:79:22:6e:42:69:ec
Signer

Actual PE Digest

08:90:db:01:c8:33:69:6a:0e:ad:b4:0d:9c:15:79:22:6e:42:69:ec

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Open Source Developer\, 孙中元,O=孙中元,C=CN

24/11/2022, 14:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
GetConsoleMode
HeapReAlloc
RtlUnwind
ExitProcess
RaiseException
ExitThread
CreateThread
HeapSize
SetStdHandle
GetFileType
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
GetTimeZoneInformation
CreateFileA
VirtualAlloc
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
SetErrorMode
GetFileTime
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
InterlockedIncrement
TlsFree
LocalReAlloc
GlobalHandle
GlobalReAlloc
GetThreadLocale
GlobalFlags
GetProfileIntW
lstrlenA
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleA
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
CopyFileW
GlobalSize
LocalFree
MulDiv
InterlockedDecrement
CreateEventW
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GlobalAddAtomW
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GlobalDeleteAtom
GetModuleHandleW
FindFirstFileW
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
FindClose
TlsAlloc
lstrcmpW
FreeResource
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
WritePrivateProfileStringW
GetPrivateProfileStringW
LocalFileTimeToFileTime
SetFileAttributesW
lstrcpyW
GetCurrentProcessId
DeleteFileW
CloseHandle
GetDiskFreeSpaceExW
GetCurrentThreadId
CreateToolhelp32Snapshot
lstrcatW
Process32NextW
RemoveDirectoryW
LockResource
Process32FirstW
GetLocalTime
GetProcAddress
GetLastError
GetTempPathW
lstrlenW
MultiByteToWideChar
CreateFileW
GetModuleFileNameW
TerminateProcess
GetFileAttributesW
GetVersionExW
FormatMessageW
SizeofResource
Sleep
LoadLibraryW
WideCharToMultiByte
OpenProcess
TlsSetValue
SetFileTime
GetTickCount
WaitForSingleObject
CreateDirectoryW
GetCurrentProcess
LoadResource
FreeLibrary
FindResourceW
TlsGetValue
QueryPerformanceCounter
DosDateTimeToFileTime

user32

CharUpperW
GetSysColorBrush
InflateRect
IsRectEmpty
EndPaint
BeginPaint
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetMenuItemID
GetMenuItemCount
GetSubMenu
UnregisterClassW
DestroyMenu
UnhookWindowsHookEx
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowsHookExW
CallNextHookEx
GetMessageW
GetActiveWindow
GetCursorPos
ValidateRect
GetLastActivePopup
IsWindowEnabled
MessageBoxW
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
CopyRect
UpdateWindow
SetCursor
UpdateLayeredWindow
GetWindowRect
FillRect
SetCapture
GetKeyState
LoadCursorW
PtInRect
GetDC
SetRect
IntersectRect
InvalidateRect
GetWindowLongW
ReleaseDC
SetWindowLongW
SetLayeredWindowAttributes
ShowWindow
ReleaseCapture
TranslateMessage
PeekMessageW
DispatchMessageW
IsIconic
DrawIcon
GetClientRect
LoadIconW
IsWindowVisible
SendMessageW
EnableWindow
PostMessageW
FindWindowW
GetSystemMetrics
GetWindowThreadProcessId
GetSysColor
UnregisterClassA

gdi32

GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateSolidBrush
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CopyMetaFileW
GetDeviceCaps
CreateBitmap
BitBlt
DeleteDC
CreateDIBSection
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
DeleteObject
CreateFontW

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

ControlService
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegFlushKey
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExW
QueryServiceStatus
LookupPrivilegeValueW
RegQueryValueExW
RegCreateKeyW
OpenServiceW
OpenSCManagerW
DeleteService
OpenProcessToken
CloseServiceHandle

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW

comctl32

_TrackMouseEvent

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathFileExistsW
PathIsUNCW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoTaskMemFree
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
DoDragDrop

oleaut32

VariantClear
VariantChangeType
VariantInit

urlmon

URLDownloadToFileW

gdiplus

GdipDrawPath
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipGetFontStyle
GdipGetImageGraphicsContext
GdipSetImageAttributesWrapMode
GdipCreateStringFormat
GdipDrawImage
GdipSetSmoothingMode
GdipGetFamily
GdipBitmapUnlockBits
GdipCreateSolidFill
GdipDisposeImageAttributes
GdipCreateMatrix2
GdipDisposeImage
GdipAddPathStringI
GdipGetFontSize
GdipDeletePath
GdipCreateImageAttributes
GdipDrawRectangle
GdipDrawString
GdipFillRectangle
GdipCreateFromHDC
GdipFillPath
GdipGetImagePixelFormat
GdipSetInterpolationMode
GdipBitmapLockBits
GdipFillRectangleI
GdipCloneImage
GdipImageRotateFlip
GdipSetStringFormatTrimming
GdipCreatePath
GdipReleaseDC
GdipCreatePen1
GdipLoadImageFromStream
GdipSetStringFormatLineAlign
GdipCreateBitmapFromGraphics
GdipMeasureString
GdipCreateFontFamilyFromName
GdipCreateFont
GdipDrawImageRectRectI
GdipCloneBrush
GdipDeletePen
GdipDeleteBrush
GdipAlloc
GdipDeleteFontFamily
GdipSetStringFormatAlign
GdipDeleteFont
GdipFree
GdipGetImageWidth
GdipGetImageHeight
GdiplusStartup
GdiplusShutdown
GdipDrawImageRectRect
GdipDeleteMatrix
GdipDeleteStringFormat
GdipSetWorldTransform

psapi

GetModuleFileNameExW
EnumProcesses

iphlpapi

GetAdaptersInfo

ws2_32

gethostbyname
inet_ntoa
gethostname

wininet

HttpOpenRequestW
InternetConnectW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW
InternetQueryDataAvailable
DeleteUrlCacheEntryW

Sections

.text
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e90a0138b7e78b366dfb30fd7ab77695

Code Sign

04:7a:53Certificate

Key Usages

1e:fa:0f:2b:42:b6:25:fc:1e:90:ef:0f:3c:09:3b:28Certificate

Extended Key Usages

Key Usages

08:90:db:01:c8:33:69:6a:0e:ad:b4:0d:9c:15:79:22:6e:42:69:ecSigner

Signature Validations

Verification

24/11/2022, 14:54 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

urlmon

gdiplus

psapi

iphlpapi

ws2_32

wininet

Sections

.text Size: 316KB - Virtual size: 315KB

.rdata Size: 76KB - Virtual size: 72KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 220KB - Virtual size: 217KB

04:7a:53
Certificate

1e:fa:0f:2b:42:b6:25:fc:1e:90:ef:0f:3c:09:3b:28
Certificate

08:90:db:01:c8:33:69:6a:0e:ad:b4:0d:9c:15:79:22:6e:42:69:ec
Signer

24/11/2022, 14:54
Valid: false

.text
Size: 316KB - Virtual size: 315KB

.rdata
Size: 76KB - Virtual size: 72KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 220KB - Virtual size: 217KB