FYpicl[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FYpicl.exe
Size

689KB
MD5

cb46a504713e47e7280ffa86874d07cc
SHA1

63ce511fb047f6bf1193a3cab78cbd12804c64b7
SHA256

b8351c97431a7a8136c3278b0cb1aebb533a855a751a3db5534f527a779ba14d
SHA512

3654874907461316e77055c22a656d10745413541e56a4645b57d9d4d929b3ea580673f69b82f9bdec5c6edf019a48c8a843d4b1decc5b2308658e0746812bfa
SSDEEP

12288:mL+fKGwkoY3q3CAmkQ7CdsR9FMa8pIqo2Vqmsm2Lo3V+m+zIvMNnshnmCWW0:mLUKGT+VjyqoUqmp2L4V+m+zSM6hnSZ

Score

N/A

Malware Config

Signatures

Files

FYpicl.exe
.exe windows x86

67ca3085ee82ee4f727081f3c35f6401

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0b:61:99:26:10:a9:fe:05:9d:45:8b:a7:9f:90:7c:38
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/06/2019, 00:00

Not After

01/07/2020, 12:00

Subject

CN=浙江自贸区耀光网络科技有限公司,OU=研发部,O=浙江自贸区耀光网络科技有限公司,L=舟山市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7f:60:54:fb:d2:15:7d:38:06:77:6d:fa:15:9b:fe:31
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

19/11/2018, 00:00

Not After

18/02/2020, 23:59

Subject

CN=浙江自贸区耀光网络科技有限公司,OU=产品开发,O=浙江自贸区耀光网络科技有限公司,L=舟山市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2a:d0:1a:a5:95:89:d3:75:7a:1d:44:ab:08:03:9e:28:0c:76:ff:e1:f8:69:70:63:cd:56:a2:1c:0b:f2:ad:d5
Signer

Actual PE Digest

2a:d0:1a:a5:95:89:d3:75:7a:1d:44:ab:08:03:9e:28:0c:76:ff:e1:f8:69:70:63:cd:56:a2:1c:0b:f2:ad:d5

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=浙江自贸区耀光网络科技有限公司,OU=产品开发,O=浙江自贸区耀光网络科技有限公司,L=舟山市,ST=浙江省,C=CN

13/08/2019, 10:50
Valid: false

40:a5:e5:5c:45:f8:ef:15:59:a1:00:cd:69:71:32:c6:a4:77:92:38
Signer

Actual PE Digest

40:a5:e5:5c:45:f8:ef:15:59:a1:00:cd:69:71:32:c6:a4:77:92:38

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=浙江自贸区耀光网络科技有限公司,OU=研发部,O=浙江自贸区耀光网络科技有限公司,L=舟山市,ST=浙江省,C=CN

13/08/2019, 10:50
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
DecodePointer
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
GetFullPathNameW
CreateMutexA
ReleaseMutex
ResetEvent
GetLastError
LocalFree
LocalAlloc
WritePrivateProfileStringW
GetPrivateProfileStringW
GetCurrentDirectoryW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
IsDebuggerPresent
OutputDebugStringW
WaitForSingleObjectEx
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetSystemDirectoryW
GetVolumeInformationW
GetFileSize
ReadFile
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
GetSystemInfo
GetVersionExW
GlobalAlloc
GlobalFree
OpenProcess
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DeleteFileW
CreateMutexW
GetLongPathNameW
FindClose
lstrcpyW
FindFirstFileW
FindNextFileW
GetPrivateProfileIntW
FormatMessageW
GetCommandLineW
GetTempPathW
GetProcAddress
GetTickCount
WriteFile
DeviceIoControl
OutputDebugStringA
SetPriorityClass
VirtualAlloc
VirtualFree
VirtualProtect
SetLastError
GetNativeSystemInfo
LoadLibraryA
IsBadReadPtr
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
GetConsoleCP
FlushFileBuffers
WriteConsoleW
SetEndOfFile
GetDriveTypeW
ExpandEnvironmentStringsW
PeekNamedPipe
WaitForMultipleObjects
GetSystemDirectoryA
SleepEx
GetWindowsDirectoryW
FreeLibrary
GetModuleFileNameW
CreateEventW
CloseHandle
Sleep
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetExitCodeThread
TerminateThread
CreateThread

user32

wsprintfW

advapi32

OpenProcessToken
LookupAccountSidW
DuplicateTokenEx
RegEnumKeyW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation
SetEntriesInAclW
RegCreateKeyExW
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

shlwapi

PathRemoveFileSpecW
PathFileExistsW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToFileW

ws2_32

gethostname
ioctlsocket
listen
accept
sendto
recvfrom
WSAStartup
WSACleanup
recv
send
WSAGetLastError
closesocket
socket
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSASetLastError
htonl
inet_addr
inet_ntoa
gethostbyaddr
gethostbyname
getservbyport
getservbyname
__WSAFDIsSet
select

Sections

.text
Size: 513KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67ca3085ee82ee4f727081f3c35f6401

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0b:61:99:26:10:a9:fe:05:9d:45:8b:a7:9f:90:7c:38Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

7f:60:54:fb:d2:15:7d:38:06:77:6d:fa:15:9b:fe:31Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

2a:d0:1a:a5:95:89:d3:75:7a:1d:44:ab:08:03:9e:28:0c:76:ff:e1:f8:69:70:63:cd:56:a2:1c:0b:f2:ad:d5Signer

Signature Validations

Verification

13/08/2019, 10:50 Valid: false

40:a5:e5:5c:45:f8:ef:15:59:a1:00:cd:69:71:32:c6:a4:77:92:38Signer

Signature Validations

Verification

13/08/2019, 10:50 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

ole32

iphlpapi

urlmon

ws2_32

Sections

.text Size: 513KB - Virtual size: 512KB

.rdata Size: 114KB - Virtual size: 114KB

.data Size: 6KB - Virtual size: 11KB

.gfids Size: 512B - Virtual size: 432B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 24KB - Virtual size: 23KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0b:61:99:26:10:a9:fe:05:9d:45:8b:a7:9f:90:7c:38
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

7f:60:54:fb:d2:15:7d:38:06:77:6d:fa:15:9b:fe:31
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

2a:d0:1a:a5:95:89:d3:75:7a:1d:44:ab:08:03:9e:28:0c:76:ff:e1:f8:69:70:63:cd:56:a2:1c:0b:f2:ad:d5
Signer

13/08/2019, 10:50
Valid: false

40:a5:e5:5c:45:f8:ef:15:59:a1:00:cd:69:71:32:c6:a4:77:92:38
Signer

13/08/2019, 10:50
Valid: false

.text
Size: 513KB - Virtual size: 512KB

.rdata
Size: 114KB - Virtual size: 114KB

.data
Size: 6KB - Virtual size: 11KB

.gfids
Size: 512B - Virtual size: 432B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 24KB - Virtual size: 23KB