5a1196070a8d9d16103e0887fab86772495cb513132ff9715298d56ec2a9ce62

Sharing

Copy URL

Twitter E-mail

General

Target

5a1196070a8d9d16103e0887fab86772495cb513132ff9715298d56ec2a9ce62
Size

7.5MB
MD5

4fcb546e89a2b3f4af8d094c7a4f6c80
SHA1

0efddf0d563831b2889ec9583fe549368c8b2962
SHA256

5a1196070a8d9d16103e0887fab86772495cb513132ff9715298d56ec2a9ce62
SHA512

2880af7795411462d0d99a9211e0f54d1dfd3d66f2628226be24aefae91954a9061c0d8faeba1a945f675ae9d6d4e9caa5954ab4567f60281440b758c20f84c3
SSDEEP

196608:AqVmfkAfQifyMvkvHB4uAjS4VCpM4hHqfLHZTqAh:7W79kvHB4hjSJMQoUAh

Score

N/A

Malware Config

Signatures

Files

5a1196070a8d9d16103e0887fab86772495cb513132ff9715298d56ec2a9ce62
.exe windows x86

675e745e6053e5b9ad771b889f3b8054

Code Sign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17-11-2006 00:00

Not After

30-12-2020 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:83:19:94:31:c4:a0:ac:17:48:ff:62:57:f4:27:5e
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

28-05-2014 00:00

Not After

28-05-2015 23:59

Subject

CN=上海游窝信息科技有限公司,O=上海游窝信息科技有限公司,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

88:ef:d1:e3:34:a6:e2:90:35:b2:ad:de:00:02:9f:c1:4d:92:64:e0
Signer

Actual PE Digest

88:ef:d1:e3:34:a6:e2:90:35:b2:ad:de:00:02:9f:c1:4d:92:64:e0

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=上海游窝信息科技有限公司,O=上海游窝信息科技有限公司,L=Shanghai,ST=Shanghai,C=CN

24-11-2022 14:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalReAlloc
TlsFree
InterlockedIncrement
GetFileSizeEx
GetFileTime
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
ExitThread
HeapReAlloc
RtlUnwind
ExitProcess
RaiseException
SetStdHandle
GetFileType
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
TlsSetValue
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
GetDriveTypeA
GetProcessHeap
SetEnvironmentVariableA
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
WritePrivateProfileStringW
GlobalFlags
FindNextFileW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
lstrlenA
GetModuleHandleA
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
FormatMessageW
LocalFree
MulDiv
InterlockedDecrement
GlobalFree
GlobalAddAtomW
GetCurrentProcessId
SetLastError
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpW
ResumeThread
GetCurrentThreadId
Sleep
FileTimeToSystemTime
GetTickCount
UnmapViewOfFile
GetFileSize
GetShortPathNameW
GetLastError
GetTempPathW
lstrlenW
GetModuleFileNameW
GetVersionExW
GetPrivateProfileStringW
LocalFileTimeToFileTime
GetCurrentDirectoryW
CreateFileW
ReadFile
GetFileAttributesW
WriteFile
SetFileTime
SystemTimeToFileTime
SetFilePointer
CreateThread
CloseHandle
FindClose
FindFirstFileW
GetProcAddress
LoadLibraryW
GetModuleHandleW
FreeLibrary
SetErrorMode
WideCharToMultiByte
FreeResource
DeleteFileW
GetDiskFreeSpaceExW
LockResource
GlobalUnlock
MultiByteToWideChar
SizeofResource
GlobalAlloc
WaitForSingleObject
GlobalLock
CreateDirectoryW
GetLogicalDriveStringsW
LoadResource
FindResourceW

user32

CharNextW
GetSysColorBrush
CharUpperW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
SetActiveWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
CreateWindowExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
GetMenu
OffsetRect
IntersectRect
IsIconic
GetWindowPlacement
GetWindowTextLengthW
GetWindowTextW
ShowWindow
MoveWindow
GetDlgCtrlID
IsWindow
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
RegisterClipboardFormatW
GetMenuItemID
GetMenuItemCount
GetSubMenu
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
ValidateRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
MessageBoxW
DestroyMenu
PostQuitMessage
PostThreadMessageW
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
GetClassInfoExW
CopyAcceleratorTableW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
SetCursor
ScreenToClient
SetCapture
SetFocus
GetWindowLongW
SetWindowLongW
GetCursorPos
ReleaseCapture
CallWindowProcW
DefWindowProcW
PtInRect
SetRectEmpty
CopyRect
IsRectEmpty
GetDesktopWindow
wsprintfW
GetWindowRect
InvalidateRect
SetWindowRgn
SetTimer
PostMessageW
KillTimer
LoadCursorW
GetClientRect
GetSystemMetrics
SendMessageW
EnableWindow
UpdateWindow
SystemParametersInfoA

gdi32

ExtSelectClipRgn
DeleteDC
PtVisible
GetStockObject
GetBkColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetWindowExtEx
GetViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
GetTextColor
CreateRoundRectRgn
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateBitmap
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
RectVisible

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegDeleteKeyW
RegQueryValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegOpenKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW

comctl32

_TrackMouseEvent

shlwapi

PathFindExtensionW
PathFindFileNameW
UrlUnescapeW
PathStripToRootW
PathIsUNCW
ord156

oledlg

OleUIBusyW

ole32

CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CoInitialize
CoTaskMemFree
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantChangeType
VariantClear
SysStringLen
SysFreeString
SysAllocStringLen
VariantInit

gdiplus

GdipDisposeImage
GdipCreateFromHDC
GdipCloneImage
GdipDrawImageRectRect
GdipDeleteBrush
GdipDeletePen
GdipCloneBrush
GdipGetImageHeight
GdipSetTextRenderingHint
GdipDeleteFont
GdipSetImageAttributesWrapMode
GdipSetStringFormatAlign
GdipDeleteFontFamily
GdipCreateSolidFill
GdipDisposeImageAttributes
GdipCreateFont
GdipAlloc
GdipDrawString
GdipCreateFontFamilyFromName
GdipSetSolidFillColor
GdipFillRectangleI
GdipCreateStringFormat
GdipGetImageWidth
GdipCreatePen1
GdipDeleteStringFormat
GdipDrawRectangleI
GdipGetPathWorldBounds
GdipGetFontStyle
GdipGetFamily
GdipAddPathString
GdipGetFontSize
GdipDeletePath
GdipCreatePath
GdiplusStartup
GdiplusShutdown
GdipLoadImageFromStream
GdipCreateImageAttributes
GdipFree
GdipDeleteGraphics

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetConnectW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpAddRequestHeadersW
InternetQueryDataAvailable
InternetSetOptionExW
InternetQueryOptionW
InternetCanonicalizeUrlW
GetUrlCacheEntryInfoW
DeleteUrlCacheEntryW
InternetOpenUrlW
HttpOpenRequestW
HttpQueryInfoW
InternetCrackUrlW

Sections

.text
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

675e745e6053e5b9ad771b889f3b8054

Code Sign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

3d:83:19:94:31:c4:a0:ac:17:48:ff:62:57:f4:27:5eCertificate

Extended Key Usages

Key Usages

88:ef:d1:e3:34:a6:e2:90:35:b2:ad:de:00:02:9f:c1:4d:92:64:e0Signer

Signature Validations

Verification

24-11-2022 14:54 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

version

wininet

Sections

.text Size: 363KB - Virtual size: 363KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 7.0MB - Virtual size: 7.0MB

.reloc Size: 58KB - Virtual size: 57KB

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

3d:83:19:94:31:c4:a0:ac:17:48:ff:62:57:f4:27:5e
Certificate

88:ef:d1:e3:34:a6:e2:90:35:b2:ad:de:00:02:9f:c1:4d:92:64:e0
Signer

24-11-2022 14:54
Valid: false

.text
Size: 363KB - Virtual size: 363KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 7.0MB - Virtual size: 7.0MB

.reloc
Size: 58KB - Virtual size: 57KB