ec44dcc07a13c000dde49ba8f925dcdff38cc58513d81b7389c0285081d47d10

Sharing

Copy URL Twitter E-mail

General

Target

ec44dcc07a13c000dde49ba8f925dcdff38cc58513d81b7389c0285081d47d10
Size

509KB
MD5

3ac5408423857f51c17df89999d2898c
SHA1

f13e191140b9d139a469b8ad041c455d98490bcc
SHA256

ec44dcc07a13c000dde49ba8f925dcdff38cc58513d81b7389c0285081d47d10
SHA512

da3d1c298cecbbc60cd71e832b41c1e5a985ef1f137585d9febdaf6cc4a03b7981e316365cf13776f0fd299f2211413f1a30ba923167ab0b03f05a7a647dd57d
SSDEEP

6144:4C3iJJSwiN6z60CSL8y1WG1ZGG2C8uPbx0Bcnm9mrsUYPpyPuQlrf7Bo63AvKXEX:qi56+i893CbTFrsUIpymQVc

Score

N/A

Malware Config

Signatures

Files

ec44dcc07a13c000dde49ba8f925dcdff38cc58513d81b7389c0285081d47d10
.exe windows x86

e5762317349d61d6798b5e9e1977e961

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:2f:f6:ae:78:3f:ef:dc:e5:a0:10:33:8f:f4:d8:0f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/09/2008, 00:00

Not After

12/09/2009, 23:59

Subject

CN=Eunovation International Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Eunovation International Inc.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

74:1d:03:d4:78:67:cb:75:01:68:28:09:56:08:d0:96:23:29:d3:65
Signer

Actual PE Digest

74:1d:03:d4:78:67:cb:75:01:68:28:09:56:08:d0:96:23:29:d3:65

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Eunovation International Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Eunovation International Inc.,L=Beijing,ST=Beijing,C=CN

01/12/2022, 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleBaseNameW
EnumProcesses

shell32

SHCreateDirectoryExW
SHChangeNotify
ShellExecuteExW

advapi32

RegOpenKeyW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW

user32

DrawTextW
TabbedTextOutW
DestroyMenu
ClientToScreen
SetWindowTextW
DrawTextExW
GrayStringW
UnregisterClassA
PostMessageW
LoadStringW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
RegisterWindowMessageW
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
DialogBoxParamW
UpdateWindow
ShowWindow
IsIconic
TranslateMessage
DispatchMessageW
LoadIconW
LoadCursorW
RegisterClassExW
SetForegroundWindow
GetClientRect
GetMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
DestroyWindow
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetWindowsHookExW
CallNextHookEx
GetKeyState
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
UnhookWindowsHookEx
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
PeekMessageW
SendMessageW
GetDlgItem
wsprintfW
GetWindowThreadProcessId
SetTimer
PostQuitMessage
EndDialog
EndPaint
BeginPaint
DefWindowProcW
CreateWindowExW

shlwapi

PathFileExistsW
PathRemoveFileSpecW
StrStrIW
SHRegCloseUSKey
SHRegCreateUSKeyW
SHDeleteKeyW

kernel32

FreeEnvironmentStringsA
GetEnvironmentStrings
GetCommandLineA
GetCommandLineW
LoadLibraryA
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapSize
RtlUnwind
RaiseException
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
GetProcessHeap
HeapAlloc
HeapFree
SetEndOfFile
FlushFileBuffers
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetModuleHandleA
InterlockedCompareExchange
SetEnvironmentVariableA
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
GlobalFlags
GetThreadLocale
lstrcpyW
OpenProcess
WaitForMultipleObjects
lstrcmpiW
lstrlenW
CloseHandle
TerminateProcess
CreateThread
WaitForSingleObject
TerminateThread
lstrcmpW
GetCurrentProcessId
GetModuleFileNameW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetLogicalDriveStringsW
ExpandEnvironmentStringsW
CreateProcessW
DeleteFileW
lstrcatW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
LoadLibraryW
GetProcAddress
Sleep
MoveFileW
FreeLibrary
CopyFileW
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetSystemDefaultLangID
CreateFileW
ReadFile
WideCharToMultiByte
MultiByteToWideChar
FindFirstFileW
FindNextFileW
FindClose
CreateDirectoryW
RemoveDirectoryW
SetFilePointer
WriteFile
GetFileInformationByHandle
GetModuleHandleW
GetLastError
GetLocalTime
GetCurrentProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTickCount
GetLongPathNameW
SetLastError
SizeofResource
LockResource
LoadResource
FindResourceW
LocalAlloc
LocalFree
LeaveCriticalSection
EnterCriticalSection
GlobalLock
GlobalReAlloc
GlobalUnlock
GlobalHandle
GlobalAlloc
InitializeCriticalSection
LocalReAlloc
DeleteCriticalSection
GlobalFree
InterlockedDecrement
FormatMessageW
GetCurrentThreadId
InterlockedIncrement
GetVersion
GetVersionExA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
SetHandleCount

oleaut32

VariantClear
VariantChangeType
VariantInit

gdi32

SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetStockObject
GetDeviceCaps
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
SetMapMode
RestoreDC
SaveDC
ExtTextOutW
DeleteObject

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

Exports

Exports

?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@V?$list@VCopyInfo@@V?$allocator@VCopyInfo@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@V?$list@VRegBase@@V?$allocator@VRegBase@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@VCopyInfo@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@VRegBase@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@VSerlizateFileSystem@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@VSerlizateRegistry@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vtext_iarchive@archive@boost@@VUserLimitData@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@V?$list@VCopyInfo@@V?$allocator@VCopyInfo@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@V?$list@VRegBase@@V?$allocator@VRegBase@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@VCopyInfo@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@VRegBase@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@VSerlizateFileSystem@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@VSerlizateRegistry@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vtext_oarchive@archive@boost@@VUserLimitData@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z

Sections

.text
Size: 364KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5762317349d61d6798b5e9e1977e961

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

14:2f:f6:ae:78:3f:ef:dc:e5:a0:10:33:8f:f4:d8:0fCertificate

Extended Key Usages

Key Usages

74:1d:03:d4:78:67:cb:75:01:68:28:09:56:08:d0:96:23:29:d3:65Signer

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

File Characteristics

Imports

psapi

shell32

advapi32

user32

shlwapi

kernel32

oleaut32

gdi32

winspool.drv

Exports

Exports

Sections

.text Size: 364KB - Virtual size: 362KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 16KB - Virtual size: 39KB

.rsrc Size: 52KB - Virtual size: 48KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

14:2f:f6:ae:78:3f:ef:dc:e5:a0:10:33:8f:f4:d8:0f
Certificate

74:1d:03:d4:78:67:cb:75:01:68:28:09:56:08:d0:96:23:29:d3:65
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 364KB - Virtual size: 362KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 16KB - Virtual size: 39KB

.rsrc
Size: 52KB - Virtual size: 48KB