c1906fff7c0432be86ba30ab40e76bfc42f2a15a3816ad0a1ff06d85bfc2ce4e

Sharing

Copy URL Twitter E-mail

General

Target

c1906fff7c0432be86ba30ab40e76bfc42f2a15a3816ad0a1ff06d85bfc2ce4e
Size

491KB
MD5

49d24af0f154cedbd57c5b3892514a39
SHA1

86a7fcbba75e36c8ec166a0a13d5c88712ddb390
SHA256

c1906fff7c0432be86ba30ab40e76bfc42f2a15a3816ad0a1ff06d85bfc2ce4e
SHA512

b8538704a69815f4d381b4a46619d3e679dd41144899d8085e0d8379887c7435ed2a1e369227cc7156df5693b77bf765780317e204c3afd7f65025167028ecea
SSDEEP

12288:dcmMuDpjc4BXrguNnB7IgXjxZsAaGyliYoAyZNXr7cGZx+8:dHu4RWgXjiGxGmaGZxd

Score

N/A

Malware Config

Signatures

Files

c1906fff7c0432be86ba30ab40e76bfc42f2a15a3816ad0a1ff06d85bfc2ce4e
.dll windows x86

26efee8e54ef94a9cdf6de3d0238fce6

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2008, 00:00

Not After

03/07/2009, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Research,O=Zhuhai Kingsoft Software Co.\,Ltd,L=ZHUHAI,ST=GUANGDONG,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b9:3b:14:c2:f8:d5:b9:86:3b:b9:4e:82:a9:60:7c:4b:76:9e:86:6f
Signer

Actual PE Digest

b9:3b:14:c2:f8:d5:b9:86:3b:b9:4e:82:a9:60:7c:4b:76:9e:86:6f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Research,O=Zhuhai Kingsoft Software Co.\,Ltd,L=ZHUHAI,ST=GUANGDONG,C=CN

24/11/2022, 14:55
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

listen
__WSAFDIsSet
closesocket
WSAGetLastError
connect
htons
recv
setsockopt
socket
accept
recvfrom
sendto
inet_ntoa
WSASetLastError
getsockopt
inet_addr
bind
getsockname
ntohs
ioctlsocket
WSAStartup
WSACleanup
send
select
gethostbyname

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

LoadResource
FindResourceW
LoadLibraryW
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
FormatMessageW
GlobalUnlock
GlobalFree
LocalAlloc
GlobalReAlloc
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
ExpandEnvironmentStringsA
LoadLibraryA
GetProcAddress
FreeLibrary
GetStdHandle
GetFileType
PeekNamedPipe
ReadFile
GetExitCodeThread
SetLastError
CreateMutexA
CreateEventA
WaitForMultipleObjects
ReleaseMutex
GetCurrentProcess
DuplicateHandle
SleepEx
FormatMessageA
LocalFree
lstrlenA
MultiByteToWideChar
CopyFileA
GetTickCount
Sleep
lstrlenW
DeleteFileA
WideCharToMultiByte
GetModuleFileNameW
GetLastError
InterlockedDecrement
GetModuleHandleW
SetThreadPriority
WaitForSingleObject
SetEvent
TerminateThread
CreateEventW
LockResource
SizeofResource
GlobalLock
lstrcmpW
GlobalAlloc
GlobalDeleteAtom
CreateFileW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
CloseHandle
GlobalHandle
LocalReAlloc
WritePrivateProfileStringW
GlobalFlags
GlobalAddAtomW
GlobalFindAtomW
FreeEnvironmentStringsW
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitThread
GetCurrentThreadId
CreateThread
CreateDirectoryW
SetEndOfFile
HeapFree
HeapAlloc
GetProcessHeap
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetCommandLineA
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
SetFilePointer
GetFileInformationByHandle
GetModuleHandleA
ExitProcess
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
SetHandleCount
GetStartupInfoA
HeapSize
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
GetFullPathNameA
GetCurrentDirectoryA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetModuleFileNameA
CreateFileA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetTimeZoneInformation
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetOEMCP

user32

PostMessageW
UnregisterClassA
DestroyMenu
ShowWindow
PostQuitMessage
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
UnhookWindowsHookEx
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
SendMessageW
IsWindowVisible
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetParent
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
SetCursor
SetWindowTextW
GetWindowTextW
PtInRect
GetClassNameW
GetWindowLongW
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowThreadProcessId
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetDC
ReleaseDC
GetSysColor
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
SetWindowPos
SetWindowLongW
CallWindowProcW
DefWindowProcW
CopyRect
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
GetMenu
GetClientRect
SetForegroundWindow
MapWindowPoints
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
GetDlgItem
GetForegroundWindow
IsWindow
RemovePropW
GetPropW
SetPropW
GetClassLongW
GetCapture
WinHelpW
LoadIconW
RegisterWindowMessageW
GetSysColorBrush
LoadCursorW

ole32

CoInitialize

shell32

SHGetFolderPathW

oleaut32

VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
SysAllocString

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetDeviceCaps
CreateBitmap
DeleteObject
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetMapMode
GetClipBox

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

wldap32

ord32
ord30
ord26
ord50
ord35
ord143
ord211
ord22
ord79
ord200
ord301
ord33
ord46
ord27
ord41
ord60

advapi32

RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

PathFindExtensionW

Exports

Exports

??0Cupcheck@@QAE@ABV0@@Z
??0Cupcheck@@QAE@PAPAUHWND__@@H@Z
??1Cupcheck@@UAE@XZ
??4Cupcheck@@QAEAAV0@ABV0@@Z
??_7Cupcheck@@6B@
??_FCupcheck@@QAEXXZ
?SetCheckFlag@Cupcheck@@QAEXH@Z
?SetHwnd@Cupcheck@@QAEXPAPAUHWND__@@@Z
?SetProxyInfo@Cupcheck@@QAEXPAUProxyInfo@@@Z
?Start@Cupcheck@@QAEXXZ
?Stop@Cupcheck@@QAEXXZ

Sections

.text
Size: 356KB - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26efee8e54ef94a9cdf6de3d0238fce6

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6bCertificate

Extended Key Usages

Key Usages

b9:3b:14:c2:f8:d5:b9:86:3b:b9:4e:82:a9:60:7c:4b:76:9e:86:6fSigner

Signature Validations

Verification

24/11/2022, 14:55 Valid: false

Headers

File Characteristics

Imports

ws2_32

version

kernel32

user32

ole32

shell32

oleaut32

gdi32

winspool.drv

wldap32

advapi32

shlwapi

Exports

Exports

Sections

.text Size: 356KB - Virtual size: 354KB

.rdata Size: 68KB - Virtual size: 66KB

.data Size: 24KB - Virtual size: 36KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 32KB - Virtual size: 28KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6b
Certificate

b9:3b:14:c2:f8:d5:b9:86:3b:b9:4e:82:a9:60:7c:4b:76:9e:86:6f
Signer

24/11/2022, 14:55
Valid: false

.text
Size: 356KB - Virtual size: 354KB

.rdata
Size: 68KB - Virtual size: 66KB

.data
Size: 24KB - Virtual size: 36KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 28KB