69c47e12a46075e3d204c8a66258c2673380ba1ca5048ee4c759a815ab268afe

Sharing

Copy URL

Twitter E-mail

General

Target

69c47e12a46075e3d204c8a66258c2673380ba1ca5048ee4c759a815ab268afe
Size

1.2MB
MD5

9e2f3962f9b636d434b8cf8da9543199
SHA1

0a562f0353684bc929eb13809f2dc76b4a8e8f46
SHA256

69c47e12a46075e3d204c8a66258c2673380ba1ca5048ee4c759a815ab268afe
SHA512

fb9ae88f21be71daab06319820aff5ce6f0432e713de14c1708891cac400aa305588ff1922e6bbc1e191083343ef2263b77380d22555b39a5935e5c8c8e77b1b
SSDEEP

24576:5vu5bAJMG+sr1PyQFEiJNlwLZTXYzKJ5:5vu6r1Pd6dJ

Score

N/A

Malware Config

Signatures

Files

69c47e12a46075e3d204c8a66258c2673380ba1ca5048ee4c759a815ab268afe
.dll windows x86

deaea7163a3803bbbfd965557f800511

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:44:0c:62:56:43:ed:0b:86:28:36:49:88:1d:dc:80
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

31/10/2019, 00:00

Not After

30/10/2020, 23:59

Subject

CN=天津迅读科技有限公司,OU=IT,O=天津迅读科技有限公司,ST=天津,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:54:b7:e9:0f:f3:cb:9a:90:ec:26:b9:40:31:07:8e:6c:08:2b:10
Signer

Actual PE Digest

0e:54:b7:e9:0f:f3:cb:9a:90:ec:26:b9:40:31:07:8e:6c:08:2b:10

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=天津迅读科技有限公司,OU=IT,O=天津迅读科技有限公司,ST=天津,C=CN

12/03/2020, 03:36
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObject
LoadResource
SizeofResource
GetFileTime
CloseHandle
GetTickCount
LoadLibraryW
GetModuleFileNameW
GetModuleHandleW
OutputDebugStringW
FindResourceW
FindResourceExW
GetTempPathW
GetTempFileNameW
CreateFileW
SetFileAttributesW
DeleteFileW
CopyFileW
MoveFileW
MoveFileExW
MultiByteToWideChar
OutputDebugStringA
GetCurrentThreadId
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForMultipleObjects
GetLastError
GetCurrentProcessId
GetFileSizeEx
GetLocalTime
FreeLibrary
ReleaseMutex
CreateMutexW
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
CreateProcessW
SetEndOfFile
WriteConsoleW
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableW
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
RaiseException
GetExitCodeProcess
OpenProcess
CreateEventW
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcAddress
LockResource
WriteFile
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
GetFileAttributesExW
CreateProcessA
GetACP
GetStringTypeW
GetModuleFileNameA
ExitProcess
ReadFile
GetModuleHandleExW
ResumeThread
ExitThread
RtlUnwind
WaitForMultipleObjectsEx
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
RtlCaptureStackBackTrace
InterlockedFlushSList
ReleaseSemaphore
DuplicateHandle
SetEnvironmentVariableA
DecodePointer
SetProcessAffinityMask
VirtualProtect
GetVersionExW
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentProcess
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
TryEnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
FormatMessageW
LoadLibraryExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
InterlockedExchangeAdd
Sleep
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA

user32

SendMessageW
RegisterClassExW
GetClassInfoExW
CallWindowProcW
UnregisterClassW
PostMessageW
SendMessageTimeoutW
CreateWindowExW
CopyRect
WaitForInputIdle
LoadCursorW
FindWindowW
SetWindowLongW
GetWindowLongW
SetWindowTextW
KillTimer
SetTimer
DestroyWindow
IsWindow
DefWindowProcW

gdi32

GetTextExtentPoint32W
GetStockObject
DeleteObject
SelectObject

advapi32

RegCreateKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHCreateDirectoryExW
ShellExecuteW
ord165
SHCreateDirectoryExA
SHGetSpecialFolderPathW
SHGetFolderPathA
ShellExecuteExW

ole32

CoInitialize
CoCreateGuid
StringFromGUID2
CoUninitialize

oleaut32

SysFreeString

shlwapi

PathCombineW
PathAppendW
SHGetValueW
PathFindExtensionA
PathFindFileNameW
PathFileExistsW
PathCanonicalizeW
PathFindExtensionW
PathFindFileNameA
PathRemoveFileSpecW
StrStrIW
PathCompactPathW

psapi

GetModuleFileNameExW
EnumProcessModules

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

Exports

Exports

CreateMultiTabWebView
GetWebViewFactory
IWebViewToIWebViewEx
IsSupportedWebViewEngine

Sections

.text
Size: 953KB - Virtual size: 952KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.shared
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

deaea7163a3803bbbfd965557f800511

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

25:44:0c:62:56:43:ed:0b:86:28:36:49:88:1d:dc:80Certificate

Extended Key Usages

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

0e:54:b7:e9:0f:f3:cb:9a:90:ec:26:b9:40:31:07:8e:6c:08:2b:10Signer

Signature Validations

Verification

12/03/2020, 03:36 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

version

crypt32

wintrust

Exports

Exports

Sections

.text Size: 953KB - Virtual size: 952KB

.rdata Size: 241KB - Virtual size: 241KB

.data Size: 13KB - Virtual size: 20KB

.idata Size: 8KB - Virtual size: 8KB

.shared Size: 512B - Virtual size: 260B

.00cfg Size: 512B - Virtual size: 260B

.tls Size: 1024B - Virtual size: 777B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 35KB - Virtual size: 34KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

25:44:0c:62:56:43:ed:0b:86:28:36:49:88:1d:dc:80
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

0e:54:b7:e9:0f:f3:cb:9a:90:ec:26:b9:40:31:07:8e:6c:08:2b:10
Signer

12/03/2020, 03:36
Valid: false

.text
Size: 953KB - Virtual size: 952KB

.rdata
Size: 241KB - Virtual size: 241KB

.data
Size: 13KB - Virtual size: 20KB

.idata
Size: 8KB - Virtual size: 8KB

.shared
Size: 512B - Virtual size: 260B

.00cfg
Size: 512B - Virtual size: 260B

.tls
Size: 1024B - Virtual size: 777B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 35KB - Virtual size: 34KB