3eb57b436a873b595376e817e6bb4ed71f66e94b893960b4c4d0472445ae43b3

Sharing

Copy URL Twitter E-mail

General

Target

3eb57b436a873b595376e817e6bb4ed71f66e94b893960b4c4d0472445ae43b3
Size

227KB
MD5

2289f4cee37f61e3168ce6925c8f78cc
SHA1

e1b83985c40b2e7e14d7a967f99b9b42f1949008
SHA256

3eb57b436a873b595376e817e6bb4ed71f66e94b893960b4c4d0472445ae43b3
SHA512

5682efed8cd6bfba792036242439322ecc2d8c33671292d208c7fe08e7d4209351997e876dca122929af30881176b2591fc4509594425a3ee12b31fd1deb3fb6
SSDEEP

3072:biyYyPgcb7a+lrM1dyUsZJZzlrsUHh8ysnPjzC97gYSYxRi4tsojp:b11gcXlrM12NBAPpPjG97gjYvC0p

Score

N/A

Malware Config

Signatures

Files

3eb57b436a873b595376e817e6bb4ed71f66e94b893960b4c4d0472445ae43b3
.dll regsvr32 windows x86

8fdddb1f65cfd31d8a92b7794d8ca404

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2008, 00:00

Not After

03/07/2009, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Research,O=Zhuhai Kingsoft Software Co.\,Ltd,L=ZHUHAI,ST=GUANGDONG,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

13:e0:1d:62:d0:b6:82:42:71:2b:11:e8:81:75:a8:57:8d:1a:02:32
Signer

Actual PE Digest

13:e0:1d:62:d0:b6:82:42:71:2b:11:e8:81:75:a8:57:8d:1a:02:32

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Research,O=Zhuhai Kingsoft Software Co.\,Ltd,L=ZHUHAI,ST=GUANGDONG,C=CN

24/11/2022, 14:55
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
SetThreadLocale
GetThreadLocale
GetFileAttributesW
GetModuleFileNameW
CreateFileA
CreateFileW
CloseHandle
ReadFile
WriteFile
SetFilePointer
SetEndOfFile
GetFileSize
GetTickCount
GetVersionExW
GetSystemDefaultLCID
CompareStringA
CompareStringW
GetEnvironmentStrings
FreeEnvironmentStringsA
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
WideCharToMultiByte
lstrlenW
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStartupInfoA
GetFileType
SetHandleCount
GetOEMCP
GetCPInfo
Sleep
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
GetProcAddress
HeapCreate
VirtualAlloc
FreeEnvironmentStringsW
VirtualFree
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
LocalFree
GetProcessHeap
HeapSize
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc

user32

CharNextW
UnregisterClassA

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
OleRun
StringFromGUID2
CoTaskMemFree

oleaut32

SysStringByteLen
VariantClear
VariantChangeType
VariantInit
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPutElement
SysAllocStringByteLen
VarBstrCat
LoadRegTypeLi
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
VARIANT_UserSize
VARIANT_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserFree
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
GetErrorInfo
SysAllocStringLen

rpcrt4

IUnknown_QueryInterface_Proxy
NdrStubCall2
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
NdrStubForwardingFunction
NdrOleFree
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate

ws2_32

ntohl
WSAStartup
gethostbyname
WSACleanup

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 844B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8fdddb1f65cfd31d8a92b7794d8ca404

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6bCertificate

Extended Key Usages

Key Usages

13:e0:1d:62:d0:b6:82:42:71:2b:11:e8:81:75:a8:57:8d:1a:02:32Signer

Signature Validations

Verification

24/11/2022, 14:55 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

rpcrt4

ws2_32

Exports

Exports

Sections

.text Size: 144KB - Virtual size: 142KB

.orpc Size: 4KB - Virtual size: 844B

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 16KB - Virtual size: 20KB

.rsrc Size: 12KB - Virtual size: 8KB

.reloc Size: 12KB - Virtual size: 11KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6b
Certificate

13:e0:1d:62:d0:b6:82:42:71:2b:11:e8:81:75:a8:57:8d:1a:02:32
Signer

24/11/2022, 14:55
Valid: false

.text
Size: 144KB - Virtual size: 142KB

.orpc
Size: 4KB - Virtual size: 844B

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 12KB - Virtual size: 11KB