9bbb6e6f38949d0686c40bf43cc61a939c40e94a7ad90973858b78df7c36d6a3

Sharing

Copy URL Twitter E-mail

General

Target

9bbb6e6f38949d0686c40bf43cc61a939c40e94a7ad90973858b78df7c36d6a3
Size

265KB
MD5

4eff1559d0bf3a2388614d9e115e31a7
SHA1

0f5f46e32ec3ade53034a85d01ce046276e1f1a8
SHA256

9bbb6e6f38949d0686c40bf43cc61a939c40e94a7ad90973858b78df7c36d6a3
SHA512

898598fbd11c2b9bd02b4e5ff985d7c4c8579028c44795c4f85bf1848f9a5b99502a3970a3475825c1fdb28e52b30d1ec801b6a3907c08c8a857aa4a14b9a2ef
SSDEEP

6144:5L7NTsqhwatII0yqLlu06JRX47N58gdgQyhPkR8l4Ls+Wya2+sUGjU:9B3WRazoxZdgofsJya2k

Score

N/A

Malware Config

Signatures

Files

9bbb6e6f38949d0686c40bf43cc61a939c40e94a7ad90973858b78df7c36d6a3
.exe windows x86

d82cee4fc73a6aa78ca36da652641ada

Code Sign

54:d0:35:0c:a9:5f:c4:19:71:a1:42:d5:9d:76:7f:ba
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

31/07/2013, 00:00

Not After

30/07/2014, 23:59

Subject

CN=Shenzhen Manha Plaza Xingwangbotongxunchanpin Firm,O=Shenzhen Manha Plaza Xingwangbotongxunchanpin Firm,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

54:ea:e5:a1:f8:ce:23:7c:f0:da:c8:f8:0a:78:2e:26:c8:35:cf:a3
Signer

Actual PE Digest

54:ea:e5:a1:f8:ce:23:7c:f0:da:c8:f8:0a:78:2e:26:c8:35:cf:a3

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Shenzhen Manha Plaza Xingwangbotongxunchanpin Firm,O=Shenzhen Manha Plaza Xingwangbotongxunchanpin Firm,L=Shenzhen,ST=Guangdong,C=CN

24/11/2022, 14:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveInGetNumDevs
waveInGetDevCapsA
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveInReset
waveInUnprepareHeader
waveInClose
mixerClose
mixerOpen
mixerGetLineInfoA
mixerGetLineControlsA
mixerGetControlDetailsA
mixerSetControlDetails

user32

GetMessageA

kernel32

TlsAlloc
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
SetEndOfFile
InitializeCriticalSection
DeleteCriticalSection
lstrcmpA
LeaveCriticalSection
EnterCriticalSection
VirtualFree
Sleep
VirtualAlloc
CloseHandle
CreateThread
GetLocalTime
GetModuleFileNameA
GetVersion
GetLastError
CreateMutexA
HeapFree
HeapAlloc
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
ExitProcess
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
IsBadWritePtr
GetCurrentThreadId
TlsSetValue
SetLastError
TlsGetValue
GetProcAddress
WriteFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
RaiseException
FlushFileBuffers
ReadFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CreateFileA
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d82cee4fc73a6aa78ca36da652641ada

Code Sign

54:d0:35:0c:a9:5f:c4:19:71:a1:42:d5:9d:76:7f:baCertificate

Extended Key Usages

54:ea:e5:a1:f8:ce:23:7c:f0:da:c8:f8:0a:78:2e:26:c8:35:cf:a3Signer

Signature Validations

Verification

24/11/2022, 14:54 Valid: false

Headers

File Characteristics

Imports

winmm

user32

kernel32

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 20KB - Virtual size: 363KB

54:d0:35:0c:a9:5f:c4:19:71:a1:42:d5:9d:76:7f:ba
Certificate

54:ea:e5:a1:f8:ce:23:7c:f0:da:c8:f8:0a:78:2e:26:c8:35:cf:a3
Signer

24/11/2022, 14:54
Valid: false

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 20KB - Virtual size: 363KB