c563aea4b45ff4065f0884eac22cc86bba6a855324d2a2b799e078748c7058c4

Sharing

Copy URL Twitter E-mail

General

Target

c563aea4b45ff4065f0884eac22cc86bba6a855324d2a2b799e078748c7058c4
Size

102KB
MD5

118e6ccdf30d0f0aeb0e386fa01a9cda
SHA1

38cdbffabc9e7d6f99fab3eb609d0894c5bfe05e
SHA256

c563aea4b45ff4065f0884eac22cc86bba6a855324d2a2b799e078748c7058c4
SHA512

f074360f60f1e3c54d2d7a07540f5b7abfcbf092e689c2498974d3e51f944290599a238d43b29b357f5e46fd09679c2eef151c10e3c9f5c97e84d15012d084b0
SSDEEP

1536:6o9F/XMG+SLE8T57GKY5+4z+rM94gq02zLAIHUk0abocnH8:xXsSw8BGKwfaUcnH8

Score

N/A

Malware Config

Signatures

Files

c563aea4b45ff4065f0884eac22cc86bba6a855324d2a2b799e078748c7058c4
.exe windows x86

6734be7c0b1575406c8e950dee0fec73

Code Sign

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

01/01/2021, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

4d:3a:c8:39:26:4b:33:a0:44:7f:ab:7c:f3:c1:ec:71
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

12/11/2013, 00:00

Not After

12/11/2014, 23:59

Subject

CN=Shenzhen Futian Yinghui Electronic Line,O=Shenzhen Futian Yinghui Electronic Line,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b6:31:89:bd:98:0d:31:7c:ea:9d:60:d1:a2:d3:44:ae:51:71:c4:89
Signer

Actual PE Digest

b6:31:89:bd:98:0d:31:7c:ea:9d:60:d1:a2:d3:44:ae:51:71:c4:89

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Shenzhen Futian Yinghui Electronic Line,O=Shenzhen Futian Yinghui Electronic Line,L=Shenzhen,ST=Guangdong,C=CN

24/11/2022, 14:55
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AllocConsole
DeleteCriticalSection
EnterCriticalSection
ExitProcess
GetCommandLineA
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

_strdup
_stricoll
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_findclose
_findfirst
_findnext
_fullpath
_iob
_onexit
_setmode
_snprintf
_strdate
_strtime
abort
atexit
calloc
fclose
fopen
free
fwrite
isspace
malloc
mbstowcs
memcpy
realloc
setlocale
signal
strcoll
strlen
strncpy
tolower
vfprintf
vsprintf
wcstombs

shell32

SHGetFolderPathAndSubDirA

shlwapi

PathAppendA

user32

FindWindowA
GetAsyncKeyState
GetForegroundWindow
GetKeyboardState
GetWindowTextA
IsWindow
MapVirtualKeyA
ShowWindow
ToAscii

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 412B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/89
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6734be7c0b1575406c8e950dee0fec73

Code Sign

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54Certificate

4d:3a:c8:39:26:4b:33:a0:44:7f:ab:7c:f3:c1:ec:71Certificate

Extended Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

b6:31:89:bd:98:0d:31:7c:ea:9d:60:d1:a2:d3:44:ae:51:71:c4:89Signer

Signature Validations

Verification

24/11/2022, 14:55 Valid: false

Headers

File Characteristics

Imports

kernel32

msvcrt

shell32

shlwapi

user32

Sections

.text Size: 12KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 16B

.rdata Size: 2KB - Virtual size: 1KB

/4 Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 412B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

/14 Size: 512B - Virtual size: 440B

/29 Size: 24KB - Virtual size: 24KB

/41 Size: 5KB - Virtual size: 5KB

/55 Size: 5KB - Virtual size: 5KB

/67 Size: 512B - Virtual size: 140B

/78 Size: 10KB - Virtual size: 9KB

/89 Size: 1KB - Virtual size: 1KB

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
Certificate

4d:3a:c8:39:26:4b:33:a0:44:7f:ab:7c:f3:c1:ec:71
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

b6:31:89:bd:98:0d:31:7c:ea:9d:60:d1:a2:d3:44:ae:51:71:c4:89
Signer

24/11/2022, 14:55
Valid: false

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 16B

.rdata
Size: 2KB - Virtual size: 1KB

/4
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 412B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

/14
Size: 512B - Virtual size: 440B

/29
Size: 24KB - Virtual size: 24KB

/41
Size: 5KB - Virtual size: 5KB

/55
Size: 5KB - Virtual size: 5KB

/67
Size: 512B - Virtual size: 140B

/78
Size: 10KB - Virtual size: 9KB

/89
Size: 1KB - Virtual size: 1KB