46dc64bee3546b666e3aebd4d78c3665d48d803ea949411fe2d6c5732f5f6939

Sharing

Copy URL Twitter E-mail

General

Target

46dc64bee3546b666e3aebd4d78c3665d48d803ea949411fe2d6c5732f5f6939
Size

207KB
MD5

4d970fef624631c5075bcecc0229a664
SHA1

c46cfd7db572afd34a856fd8ac8af1a99d37bf39
SHA256

46dc64bee3546b666e3aebd4d78c3665d48d803ea949411fe2d6c5732f5f6939
SHA512

515897bfe90ec29e583e36863cc47a30acf36e3a092f7f0a1c4f4165de999aa46a388782bfbc07922c8bd80a489b9c018136be38e7e4aa10ea80accee5b053c4
SSDEEP

1536:iDQrJ6pZjED/9Gr7JdHfI763Lddb7z6+op+TbDsjIdBA9rjUr5ABmqK5MkjdmI0+:NJ6pZ4DAdbdocbSkK3B0doO8HtKSDgFP

Score

N/A

Malware Config

Signatures

Files

46dc64bee3546b666e3aebd4d78c3665d48d803ea949411fe2d6c5732f5f6939
.dll regsvr32 windows x86

a6fa5250f5a6c78b8a104b803bae9713

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2008, 00:00

Not After

03/07/2009, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Research,O=Zhuhai Kingsoft Software Co.\,Ltd,L=ZHUHAI,ST=GUANGDONG,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:5a:0f:3a:e8:df:53:9a:0f:6c:16:90:64:f6:fe:1f:d2:38:56:3e
Signer

Actual PE Digest

ca:5a:0f:3a:e8:df:53:9a:0f:6c:16:90:64:f6:fe:1f:d2:38:56:3e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Research,O=Zhuhai Kingsoft Software Co.\,Ltd,L=ZHUHAI,ST=GUANGDONG,C=CN

24/11/2022, 14:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
GetProcAddress
LoadLibraryW
FreeLibrary
lstrlenW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
FindClose
FindFirstFileW
CloseHandle
ReadFile
GetFileSize
CreateFileW
RaiseException
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FindResourceExW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
FindResourceW
LoadResource
LockResource
SizeofResource
GetThreadLocale
SetThreadLocale
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
SetStdHandle
InitializeCriticalSection
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange
GetACP
GetLocaleInfoA
GetLastError
lstrlenA
LocalFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetOEMCP
LCMapStringA
LCMapStringW
HeapCreate
VirtualFree
VirtualAlloc

user32

SendMessageW
CharLowerBuffW
UnregisterClassA

shell32

SHGetFolderPathW

ole32

OleRun
CLSIDFromProgID
CoCreateGuid
CLSIDFromString
CoCreateInstance

oleaut32

SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayCopy
SafeArrayGetVartype
SafeArrayGetUBound
SafeArrayGetLBound
VariantTimeToSystemTime
LoadTypeLi
LoadRegTypeLi
VariantClear
VariantChangeType
VariantCopy
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString
SysStringLen
GetErrorInfo

atl80

ord31
ord58
ord32
ord61
ord23
ord64
ord22
ord18
ord15
ord30

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6fa5250f5a6c78b8a104b803bae9713

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6bCertificate

Extended Key Usages

Key Usages

ca:5a:0f:3a:e8:df:53:9a:0f:6c:16:90:64:f6:fe:1f:d2:38:56:3eSigner

Signature Validations

Verification

24/11/2022, 14:54 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

shell32

ole32

oleaut32

atl80

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 136KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 11KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6b
Certificate

ca:5a:0f:3a:e8:df:53:9a:0f:6c:16:90:64:f6:fe:1f:d2:38:56:3e
Signer

24/11/2022, 14:54
Valid: false

.text
Size: 140KB - Virtual size: 136KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 11KB