9bef5a41574bb094c05aecbc55d0b205a4a5bec5fb7e73cded6d70f876c1bb33

Sharing

Copy URL Twitter E-mail

General

Target

9bef5a41574bb094c05aecbc55d0b205a4a5bec5fb7e73cded6d70f876c1bb33
Size

118KB
MD5

7a15aba569e19c176fa4ac3d52f10ea2
SHA1

64f6581806510d9e1ce0718ed7cf1268c9af54b2
SHA256

9bef5a41574bb094c05aecbc55d0b205a4a5bec5fb7e73cded6d70f876c1bb33
SHA512

57d6572433f7f2a27418497c557c529d3e2afffc2e860e36dcd79af57c7d3cc87b9d910653b5fb95a4397d3ab3b493da74b6351dee79e1e22f1d09846c3b5462
SSDEEP

3072:snvkLWag/XEGi1FeJVIRcNddMRop9zPnm:IKgf2GSLm9q

Score

N/A

Malware Config

Signatures

Files

9bef5a41574bb094c05aecbc55d0b205a4a5bec5fb7e73cded6d70f876c1bb33
.exe windows x86

e5ad1a795b324b72b9883ba860341389

Code Sign

49:a2:c8:2a:ca:a5:12:8d:c8:0f:70:ad:15:49:ce:ab
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

25/02/2010, 00:00

Not After

25/02/2011, 23:59

Subject

CN=(주)링크프라이스,O=(주)링크프라이스,L=Gangnam-gu\ ,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

01/01/2021, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:d6:c4:01:67:fd:80:c7:01:5f:15:b0:d8:19:f7:50:1f:cd:f5:5b
Signer

Actual PE Digest

07:d6:c4:01:67:fd:80:c7:01:5f:15:b0:d8:19:f7:50:1f:cd:f5:5b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=(주)링크프라이스,O=(주)링크프라이스,L=Gangnam-gu\ ,ST=Seoul,C=KR

01/12/2022, 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetQueryDataAvailable

kernel32

GetProcAddress
TerminateProcess
FreeLibrary
MultiByteToWideChar
InterlockedDecrement
GetModuleFileNameA
GetSystemDirectoryA
LoadLibraryA
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WinExec
GetLastError
CreateMutexA
InterlockedIncrement
lstrlenA
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenW
lstrcmpA
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
GetCommandLineA
GetStartupInfoA
RaiseException
GetFileAttributesA
RtlUnwind
HeapFree
HeapAlloc
LocalFree
WideCharToMultiByte
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
VirtualFree
WriteFile
CloseHandle
GetVersionExA
MulDiv
GetModuleHandleA
SetFilePointer
SetStdHandle
FlushFileBuffers
ExitProcess
GetEnvironmentVariableA
HeapCreate
GetVersion

user32

LoadIconA
CreateWindowExA
GetMessageA
FindWindowExA
RegisterWindowMessageA
GetClassInfoExA
GetFocus
GetClassNameA
GetDesktopWindow
PostQuitMessage
DestroyWindow
IsWindowVisible
SetParent
SendMessageTimeoutA
IsWindow
GetWindow
SetWindowPos
CopyRect
DispatchMessageA
wsprintfA
SetRect
GetSysColor
GetClientRect
FillRect
ClientToScreen
EqualRect
BringWindowToTop
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
CallWindowProcA
GetDlgItem
ReleaseDC
GetDC
SetFocus
IsChild
InvalidateRgn
GetWindowLongA
SetWindowLongA
BeginPaint
EndPaint
GetCursorPos
GetWindowRect
PtInRect
KillTimer
SetCursor
GetParent
GetForegroundWindow
GetCapture
SetTimer
ReleaseCapture
SendMessageA
SetCapture
LoadBitmapA
InvalidateRect
DefWindowProcA
LoadCursorA
RegisterClassA
CreateAcceleratorTableA
TranslateMessage
RedrawWindow
RegisterClassExA

gdi32

CreateSolidBrush
CreateCompatibleBitmap
CreatePen
MoveToEx
Rectangle
GetDeviceCaps
LineTo
GetStockObject
RoundRect
CreateCompatibleDC
SelectObject
GetObjectA
BitBlt
DeleteObject
DeleteDC

advapi32

RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA

shell32

ShellExecuteA

ole32

CoInitialize
CoCreateInstance
CoUninitialize
OleUninitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
OleLockRunning
OleInitialize

oleaut32

VariantChangeType
OleCreateFontIndirect
SysAllocStringLen
LoadRegTypeLi
SysAllocString
VariantCopy
SysStringLen
VariantInit
VariantClear
SysFreeString

ws2_32

gethostbyname
gethostname
WSAStartup
inet_ntoa
WSACleanup

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5ad1a795b324b72b9883ba860341389

Code Sign

49:a2:c8:2a:ca:a5:12:8d:c8:0f:70:ad:15:49:ce:abCertificate

Extended Key Usages

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54Certificate

0aCertificate

Extended Key Usages

Key Usages

07:d6:c4:01:67:fd:80:c7:01:5f:15:b0:d8:19:f7:50:1f:cd:f5:5bSigner

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

File Characteristics

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

Sections

.text Size: 80KB - Virtual size: 77KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 16KB - Virtual size: 31KB

.rsrc Size: 4KB - Virtual size: 808B

49:a2:c8:2a:ca:a5:12:8d:c8:0f:70:ad:15:49:ce:ab
Certificate

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
Certificate

0a
Certificate

07:d6:c4:01:67:fd:80:c7:01:5f:15:b0:d8:19:f7:50:1f:cd:f5:5b
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 80KB - Virtual size: 77KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 16KB - Virtual size: 31KB

.rsrc
Size: 4KB - Virtual size: 808B