$RA1BMJ5[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

$RA1BMJ5.exe
Size

1.6MB
MD5

a7424aba0a5d0e05b4750ebdea285405
SHA1

64c97413d4ed979fa50756d53a6163aa312c690a
SHA256

9faa01326e874a2cb95207c774b1f0969239587525074082f54a3688e8941c58
SHA512

73a8f9dfb700a84c9b1f842a4726f87e3ef4e96f22d2e4757dde218b1d218b47a9448d42df86c70719de7fcfcc98f49ba3aa9340bd0ced4fadd9e14dbfda9ce1
SSDEEP

49152:3N4CEBqbPkWcYKqyhGK5C9G4A+dvy216kktHyiUMBb:3N4CEokWcYKqywK5CjAiFktHyiUMBb

Score

1^/10

Malware Config

Signatures

Files

$RA1BMJ5.exe
.exe windows x86

8a4c02a73b973b4ae4bdd04e74e60e28

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:07:a9:cf:a6:a7:15:67:67:f0:5e:17:b7:51:c5:c5
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/02/2020, 00:00

Not After

20/03/2023, 12:00

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:07:a9:cf:a6:a7:15:67:67:f0:5e:17:b7:51:c5:c5
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/02/2020, 00:00

Not After

20/03/2023, 12:00

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

38:72:2b:dc:9c:d1:d7:19:e2:ef:0c:9d:dc:1b:4d:01:47:ca:2c:2c:bd:80:9a:0f:1e:17:7b:67:f5:a3:7a:41
Signer

Actual PE Digest

38:72:2b:dc:9c:d1:d7:19:e2:ef:0c:9d:dc:1b:4d:01:47:ca:2c:2c:bd:80:9a:0f:1e:17:7b:67:f5:a3:7a:41

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

10/11/2020, 02:04
Valid: false

a1:93:3f:6c:d9:cc:c3:e4:6a:51:f1:d3:b8:e6:aa:7f:8a:9f:89:3d
Signer

Actual PE Digest

a1:93:3f:6c:d9:cc:c3:e4:6a:51:f1:d3:b8:e6:aa:7f:8a:9f:89:3d

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

10/11/2020, 02:04
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ProcessIdToSessionId
GetSystemInfo
InterlockedCompareExchange
MoveFileW
GetLogicalDriveStringsW
QueryDosDeviceW
GetTempPathW
CopyFileW
GetTempFileNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
FlushFileBuffers
FileTimeToSystemTime
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetUserDefaultLangID
FileTimeToLocalFileTime
GetComputerNameA
GetStdHandle
WaitForMultipleObjects
VirtualFree
VirtualAlloc
SetEvent
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
CreateEventW
lstrcpyW
lstrcatW
SetFileAttributesW
DeviceIoControl
CreateFileA
LoadLibraryA
OpenMutexW
OpenEventW
OpenSemaphoreW
GetCurrentProcessId
ExpandEnvironmentStringsW
CreateProcessW
GetSystemTime
SetUnhandledExceptionFilter
FormatMessageA
ExpandEnvironmentStringsA
LocalFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetFullPathNameA
GetDriveTypeA
GetCurrentDirectoryA
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStartupInfoA
SetHandleCount
HeapCreate
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
VirtualQuery
GetModuleHandleA
VirtualProtect
GetFileType
SetStdHandle
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExA
LocalAlloc
OpenProcess
GetSystemDirectoryW
RemoveDirectoryW
FindClose
GetTickCount
SetEndOfFile
WriteFile
CreateDirectoryW
GetFileAttributesW
SetFilePointer
GetCurrentThread
SetThreadPriority
lstrcmpiW
GlobalAlloc
GlobalLock
MapViewOfFileEx
GlobalUnlock
GlobalFree
LoadLibraryExW
InterlockedDecrement
DeleteCriticalSection
InterlockedIncrement
CreateThread
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
MoveFileExW
DeleteFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WaitForSingleObject
Sleep
TerminateThread
GetDiskFreeSpaceExW
GetDriveTypeW
FreeResource
CloseHandle
InterlockedExchange
LeaveCriticalSection
CreateFileW
EnterCriticalSection
GetFileSize
RaiseException
ReadFile
GetCurrentProcess
GetPrivateProfileStringW
InitializeCriticalSection
GetModuleHandleW
GetProcAddress
GetVersionExW
SetLastError
lstrlenA
FindResourceExW
MultiByteToWideChar
LoadResource
LockResource
GetLocalTime
SizeofResource
GetWindowsDirectoryW
FreeLibrary
LoadLibraryW
FindResourceW
FlushInstructionCache
GetModuleFileNameW
GetLastError
WideCharToMultiByte
lstrlenW
GetPrivateProfileIntW
OutputDebugStringW
GetCurrentThreadId
SleepEx
FindFirstFileA

user32

LoadBitmapW
CharNextW
FindWindowExW
UpdateWindow
GetDlgItem
CharUpperW
CharLowerW
PostThreadMessageW
ReleaseDC
PeekMessageW
IsWindow
PtInRect
GetNextDlgTabItem
GetDC
UnregisterClassA
BringWindowToTop
CreateWindowExW
CallWindowProcW
AttachThreadInput
DestroyWindow
ClientToScreen
GetWindowTextW
IsWindowVisible
GetMessageW
GetWindowRect
SetForegroundWindow
TranslateMessage
MonitorFromWindow
OffsetRect
EndPaint
SetActiveWindow
LoadImageW
DispatchMessageW
GetMonitorInfoW
GetClientRect
MapWindowPoints
LoadIconW
DrawTextW
GetClassInfoExW
SetRectEmpty
CopyRect
SetCapture
SendMessageW
ReleaseCapture
SetCursor
RegisterClassExW
GetCursorPos
ScreenToClient
ShowWindow
LoadCursorW
UpdateLayeredWindow
IsRectEmpty
SetWindowLongW
EqualRect
SetWindowTextW
KillTimer
MoveWindow
FindWindowW
GetKeyState
GetActiveWindow
WindowFromPoint
DrawIconEx
GetDesktopWindow
GetScrollPos
IntersectRect
GetDlgCtrlID
IsWindowEnabled
EnableWindow
PostMessageW
GetFocus
SetRect
RegisterWindowMessageW
GetWindowThreadProcessId
IsChild
DrawFrameControl
GetForegroundWindow
SetFocus
BeginPaint
DefWindowProcW
SystemParametersInfoW
GetParent
SetWindowPos
IsDialogMessageW
DestroyIcon
InflateRect
GetWindowLongW
InvalidateRect
SetTimer
GetWindowTextLengthW
SetWindowRgn
GetWindow

gdi32

GetCurrentObject
SaveDC
DeleteDC
ExtTextOutW
CreateRoundRectRgn
RoundRect
Rectangle
GetClipRgn
GetTextExtentPoint32W
TextOutW
BitBlt
CreateFontIndirectW
CreateCompatibleBitmap
DeleteObject
GetTextColor
CreateCompatibleDC
GetViewportOrgEx
CreateDIBSection
RectInRegion
CreateRectRgn
GetStockObject
GetObjectW
CombineRgn
LineTo
ExtSelectClipRgn
MoveToEx
OffsetRgn
CreateRectRgnIndirect
SetBkMode
CreatePen
SetTextColor
RestoreDC
SelectObject
StretchBlt
SetViewportOrgEx
SelectClipRgn
CreateBitmap
SetStretchBltMode
GetTextMetricsW
CreateFontW
SetBkColor
GetDeviceCaps

advapi32

RegSetValueExW
RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHGetPathFromIDListW
Shell_NotifyIconW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW

ole32

CoUninitialize
CoSetProxyBlanket
CoCreateGuid
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoInitializeEx

oleaut32

SysFreeString
VarUI4FromStr
SysStringLen
VariantInit
VariantCopy
VariantClear
SysAllocString

shlwapi

PathAppendW
PathFindExtensionW
PathFindFileNameW
StrToIntA
PathAddBackslashW
PathFileExistsW
StrToIntW
PathRemoveFileSpecW

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipCloneBitmapArea
GdipLoadImageFromStream
GdipImageRotateFlip
GdipCreateBitmapFromHBITMAP
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipDrawImagePointsRectI
GdipCreateStringFormat
GdipGraphicsClear
GdipAddPathPieI
GdipGetImagePixelFormat
GdipSetTextRenderingHint
GdipDeleteStringFormat
GdipDrawImageI
GdipDeleteBrush
GdipSetStringFormatAlign
GdipCreateImageAttributes
GdipCreateFont
GdipCloneBrush
GdipFillPath
GdipCreateFromHDC
GdipCreatePen1
GdipGetFontSize
GdipDisposeImageAttributes
GdipMeasureString
GdipSetCompositingQuality
GdipSetClipPath
GdipDrawPath
GdipCreateFontFromLogfontW
GdipClosePathFigure
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipAddPathArcI
GdipSetStringFormatLineAlign
GdipFillRectangle
GdipSetPenDashStyle
GdipDeletePath
GdipSetStringFormatFlags
GdipNewPrivateFontCollection
GdipCreatePath
GdipSetStringFormatTrimming
GdipDeletePrivateFontCollection
GdipDrawRectangleI
GdipCreateLineBrushI
GdipFillRectangleI
GdipCloneImage
GdiplusStartup
GdipPrivateAddFontFile
GdipCreateBitmapFromScan0
GdipTranslateWorldTransform
GdipDrawLinesI
GdipGetFontCollectionFamilyCount
GdiplusShutdown
GdipLoadImageFromFile
GdipRotateWorldTransform
GdipDrawLine
GdipGetImageGraphicsContext
GdipDrawImageRectRect
GdipAlloc
GdipDisposeImage
GdipResetWorldTransform
GdipSetSmoothingMode
GdipFree
GdipDeleteFont
GdipSetPixelOffsetMode
GdipDeleteFontFamily
GdipSetPenMode
GdipGetFontCollectionFamilyList
GdipGetImageHeight
GdipCloneFontFamily
GdipGetFamily
GdipGetImageWidth
GdipSetPenStartCap
GdipAddPathRectangleI
GdipSetInterpolationMode
GdipSetPenEndCap
GdipDrawString
GdipCreateSolidFill
GdipAddPathStringI
GdipDeletePen
GdipDeleteGraphics
GdipDrawImageRectI

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

rasapi32

RasEnumConnectionsW

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile
GetAdaptersInfo

Sections

.text
Size: 748KB - Virtual size: 747KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 544KB - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a4c02a73b973b4ae4bdd04e74e60e28

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0f:07:a9:cf:a6:a7:15:67:67:f0:5e:17:b7:51:c5:c5Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

0f:07:a9:cf:a6:a7:15:67:67:f0:5e:17:b7:51:c5:c5Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

38:72:2b:dc:9c:d1:d7:19:e2:ef:0c:9d:dc:1b:4d:01:47:ca:2c:2c:bd:80:9a:0f:1e:17:7b:67:f5:a3:7a:41Signer

Signature Validations

Verification

10/11/2020, 02:04 Valid: false

a1:93:3f:6c:d9:cc:c3:e4:6a:51:f1:d3:b8:e6:aa:7f:8a:9f:89:3dSigner

Signature Validations

Verification

10/11/2020, 02:04 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

version

wtsapi32

psapi

rasapi32

iphlpapi

Sections

.text Size: 748KB - Virtual size: 747KB

.rdata Size: 160KB - Virtual size: 156KB

.data Size: 28KB - Virtual size: 46KB

.rsrc Size: 544KB - Virtual size: 540KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0f:07:a9:cf:a6:a7:15:67:67:f0:5e:17:b7:51:c5:c5
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

0f:07:a9:cf:a6:a7:15:67:67:f0:5e:17:b7:51:c5:c5
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

38:72:2b:dc:9c:d1:d7:19:e2:ef:0c:9d:dc:1b:4d:01:47:ca:2c:2c:bd:80:9a:0f:1e:17:7b:67:f5:a3:7a:41
Signer

10/11/2020, 02:04
Valid: false

a1:93:3f:6c:d9:cc:c3:e4:6a:51:f1:d3:b8:e6:aa:7f:8a:9f:89:3d
Signer

10/11/2020, 02:04
Valid: false

.text
Size: 748KB - Virtual size: 747KB

.rdata
Size: 160KB - Virtual size: 156KB

.data
Size: 28KB - Virtual size: 46KB

.rsrc
Size: 544KB - Virtual size: 540KB