7f492420dff12ed030c549534ae29dbd5db9b9352863a814c9145f40356c6ee4

Sharing

Copy URL Twitter E-mail

General

Target

7f492420dff12ed030c549534ae29dbd5db9b9352863a814c9145f40356c6ee4
Size

3.3MB
MD5

0e9d16f876a1be8b8efc05b7b7ef4414
SHA1

c9f783608d3ad675d3bf1e70bfa275ac4c9d1189
SHA256

7f492420dff12ed030c549534ae29dbd5db9b9352863a814c9145f40356c6ee4
SHA512

f377be847a05273e6dfa998f738488298e635f85d8f2137c9b16df72f81a089bfdd09c863ea72ee32e0b96fa172a6c9064246ffbf5a8b7e3a9da708f262254f2
SSDEEP

98304:1ZgD5ojSP1pNqwbcQS+14Jz5aslJQY4rC29wwa9GMt:1wojiT03WbO4a9GMt

Score

1^/10

Malware Config

Signatures

Files

7f492420dff12ed030c549534ae29dbd5db9b9352863a814c9145f40356c6ee4
.exe windows x86

4beed9504fa0f1dd771341420be35615

Code Sign

0b:b9:fb:8e:48:a1:35:80:e4:35:dc:e9:6f:83:f0:6d
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/04/2019, 00:00

Not After

27/04/2022, 12:00

Subject

CN=Topsec Inc.,O=Topsec Inc.,L=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:e3:43:1b:94:5d:51:81:f6:81:7a:a3:44:17:98:50:30:d3:a2:e9
Signer

Actual PE Digest

f7:e3:43:1b:94:5d:51:81:f6:81:7a:a3:44:17:98:50:30:d3:a2:e9

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Topsec Inc.,O=Topsec Inc.,L=Beijing,C=CN

07/02/2023, 20:50
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sv_log

GetLogLevel
set_log_filename
LogPrint

libcobra

libcobra_setopt
libcobra_release
libcobra_sync
libcobra_create
libcobra_scan
libcobra_init

crypt32

CryptHashCertificate
CertEnumCertificatesInStore
CertOpenSystemStoreW
CertGetCertificateContextProperty
CertCloseStore

iphlpapi

GetAdaptersInfo

advapi32

GetUserNameA
RegDeleteKeyW
RegDeleteValueW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptSignHashW
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExW
RegOpenKeyW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

gdi32

GetStockObject
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
GetBoundsRect
FillRgn
SetPaletteEntries
ExtFloodFill
SetPixelV
PtInRegion
FrameRgn
RoundRect
CreateRoundRectRgn
OffsetRgn
GetRgnBox
EnumFontFamiliesExW
Rectangle
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
GetBkColor
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
GetTextMetricsW
GetTextExtentPoint32W
DPtoLP
SetRectRgn
PatBlt
CreateRectRgnIndirect
CreateFontIndirectW
CombineRgn
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
GetObjectW
SetTextAlign
SetTextColor
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateBitmap
CreateDCW
CopyMetaFileW
GetTextFaceW
RealizePalette

user32

CheckMenuItem
FillRect
ScreenToClient
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
DestroyIcon
RealChildWindowFromPoint
GetClassNameW
PtInRect
ClientToScreen
IsDialogMessageW
SetWindowLongW
SetWindowTextW
GetFocus
GetDlgCtrlID
CheckDlgButton
GetDlgItem
SetWindowPos
MoveWindow
IsWindow
GetWindow
GetScrollPos
SetScrollPos
SetFocus
CallNextHookEx
SetWindowsHookExW
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
GetMessageW
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetLastActivePopup
GetWindowThreadProcessId
GetParent
GetWindowLongW
MessageBoxW
IsWindowEnabled
EnableWindow
GetWindowTextLengthW
GetWindowTextW
UnhookWindowsHookEx
GetSystemMetrics
DestroyWindow
GetWindowPlacement
GetIconInfo
MessageBeep
GetAsyncKeyState
EnableScrollBar
EndDialog
CreateDialogIndirectParamW
InvalidateRect
KillTimer
SetTimer
DeleteMenu
SetCursor
ShowOwnedPopups
SendDlgItemMessageA
CopyImage
SystemParametersInfoW
GetMenuItemInfoW
DestroyMenu
IntersectRect
InflateRect
IsIconic
GetMonitorInfoW
MonitorFromWindow
WinHelpW
SetWindowPlacement
EnableMenuItem
GetTopWindow
GetClassLongW
EqualRect
CopyRect
MapWindowPoints
HideCaret
InvertRect
NotifyWinEvent
CreatePopupMenu
CharUpperW
RemoveMenu
GetMenuDefaultItem
MapVirtualKeyW
LoadMenuW
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
SetWindowRgn
UnionRect
IsMenu
UpdateLayeredWindow
MonitorFromPoint
BringWindowToTop
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetKeyNameTextW
TrackMouseEvent
GetComboBoxInfo
IsZoomed
GetSystemMenu
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
SetParent
LockWindowUpdate
SetClassLongW
GetDoubleClickTime
CopyIcon
SetMenuDefaultItem
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
CreateMenu
MapDialogRect
EndDeferWindowPos
GetCapture
GetMenu
SetMenu
TrackPopupMenu
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
RedrawWindow
ScrollWindow
SetScrollRange
GetScrollRange
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
RegisterWindowMessageW
GetMessagePos
GetMessageTime
PostMessageW
CallWindowProcW
GetClassInfoW
GetClassInfoExW
SetScrollInfo
IsChild
BeginDeferWindowPos
DeferWindowPos
GetNextDlgTabItem
DrawIconEx
LoadImageW
IsRectEmpty
OffsetRect
SetRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetScrollInfo
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
GetDesktopWindow
GetWindowRect
FindWindowW
SetCursorPos
GetCursorPos
SendMessageTimeoutW
SendMessageW
PostQuitMessage
LoadCursorW
TranslateMessage
LoadIconW
PeekMessageW
RegisterDeviceNotificationW
ShowWindow
CreateWindowExW
RegisterClassW
UpdateWindow
DefWindowProcW
DispatchMessageW
GetNextDlgGroupItem
ShowScrollBar
DestroyCursor
GetWindowRgn
DrawIcon
SetPropW
GetPropW
RemovePropW
GetClientRect
FrameRect
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
AdjustWindowRectEx

kernel32

GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
LocalFree
MulDiv
CopyFileW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
LocalAlloc
FlushFileBuffers
GetVolumeInformationW
LockFile
SetEndOfFile
UnlockFile
OutputDebugStringA
lstrcmpA
GlobalGetAtomNameW
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
WaitForSingleObject
SetThreadPriority
ResumeThread
GetFileAttributesExW
GetFileSizeEx
GetFileTime
GlobalFlags
lstrcmpW
GlobalAddAtomW
EncodePointer
GetSystemDirectoryW
CompareStringW
GetLocaleInfoW
GetUserDefaultUILanguage
FreeResource
GlobalDeleteAtom
GlobalFindAtomW
GetWindowsDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetTempFileNameW
GetTempPathW
FlushConsoleInputBuffer
SearchPathW
VirtualProtect
GetUserDefaultLCID
FindResourceExW
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
ExitThread
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
ExitProcess
GetModuleHandleExW
AreFileApisANSI
SetConsoleCtrlHandler
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
CreateProcessA
RtlUnwind
SetStdHandle
HeapQueryInformation
VirtualAlloc
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
GetConsoleCP
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
UnhandledExceptionFilter
TerminateProcess
ReadConsoleW
PeekNamedPipe
GetStringTypeW
GetExitCodeProcess
WriteConsoleW
OutputDebugStringW
SetEnvironmentVariableA
GetVersionExA
QueryPerformanceCounter
GetFileInformationByHandle
lstrlenA
GetProfileIntW
GetFileType
HeapReAlloc
FindResourceW
LoadResource
CreateProcessW
HeapAlloc
GetCurrentProcess
HeapFree
GetModuleHandleW
GetProcessHeap
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
SizeofResource
GetModuleFileNameW
MultiByteToWideChar
RaiseException
GetLastError
GetProcAddress
HeapSize
Process32FirstW
ProcessIdToSessionId
LockResource
DecodePointer
Process32NextW
CreateToolhelp32Snapshot
DeleteCriticalSection
CloseHandle
GetVersion
GetCurrentProcessId
GlobalMemoryStatus
SetFilePointer
VirtualQuery
FreeLibrary
SetUnhandledExceptionFilter
GetCurrentThread
WriteFile
LoadLibraryW
FormatMessageW
GetVersionExW
FileTimeToSystemTime
CreateFileW
LoadLibraryA
GetProcessWorkingSetSize
GetSystemInfo
lstrcmpiW
GetCurrentThreadId
GetDiskFreeSpaceExW
FileTimeToLocalFileTime
SuspendThread
GetSystemDirectoryA
SetFileAttributesW
GetFullPathNameW
GetModuleHandleA
FindFirstFileW
SystemTimeToFileTime
SetHandleInformation
GetFileAttributesW
ReadFile
GetStdHandle
SetLastError
FindClose
GetLocalTime
CreatePipe
FindNextFileW
DuplicateHandle
SetCurrentDirectoryW
DeleteFileW
GetDriveTypeW
GetLogicalDriveStringsW
Sleep
MoveFileW
GetFileSize
InterlockedDecrement
CreateDirectoryW
OpenProcess
lstrlenW
WritePrivateProfileStringW
QueryDosDeviceW
WaitForMultipleObjects
GetModuleFileNameA
lstrcatW
lstrcpyW
CreateThread
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetCurrentDirectoryW
GetTickCount

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

shell32

ShellExecuteW
SHGetFileInfoW
SHGetDesktopFolder
DragQueryFileW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHAppBarMessage
SHGetPathFromIDListW
DragFinish
SHGetSpecialFolderLocation

shlwapi

PathFileExistsW
PathIsDirectoryW
PathFileExistsA
UrlUnescapeW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
StrFormatKBSizeW
StrStrIA

uxtheme

GetThemePartSize
GetWindowTheme
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
DrawThemeParentBackground
DrawThemeText

ole32

RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantInit
LoadTypeLi
VarBstrFromDate
SysAllocString
SysStringLen
SysAllocStringByteLen
SysFreeString
VariantClear
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopy
VariantChangeType

ws2_32

send
getsockopt
listen
accept
recvfrom
WSAStartup
inet_addr
htonl
htons
sendto
WSACleanup
socket
gethostbyname
shutdown
getsockname
ntohs
WSAGetLastError
select
ntohl
inet_ntoa
connect
ioctlsocket
getpeername
freeaddrinfo
WSASetLastError
__WSAFDIsSet
bind
recv
closesocket
setsockopt
getaddrinfo

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetCanonicalizeUrlW
InternetCrackUrlW

psapi

GetProcessImageFileNameW

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Exports

Exports

??0CBase64@@QAE@ABV0@@Z
??0CBase64@@QAE@XZ
??1CBase64@@UAE@XZ
??4CBase64@@QAEAAV0@ABV0@@Z
??_7CBase64@@6B@
?DecodeBase64@CBase64@@QAEHPBDPAEH@Z
?DecryptString@CBase64@@QAEXPAD0H@Z
?EncodeBase64@CBase64@@QAEHPBEPADHH@Z
?EncryptString@CBase64@@QAEXPAD0HH@Z
?GetMainBoardSerialByWMI@CBase64@@AAEXPADAAH@Z
?sv_check_usbkey@@YAHPBD@Z
?sv_login@@YAHPBDPADI@Z
?sv_test@@YAHXZ
SendSPAMessageToVone

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 680KB - Virtual size: 680KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4beed9504fa0f1dd771341420be35615

Code Sign

0b:b9:fb:8e:48:a1:35:80:e4:35:dc:e9:6f:83:f0:6dCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

f7:e3:43:1b:94:5d:51:81:f6:81:7a:a3:44:17:98:50:30:d3:a2:e9Signer

Signature Validations

Verification

07/02/2023, 20:50 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

sv_log

libcobra

crypt32

iphlpapi

advapi32

gdi32

user32

kernel32

msimg32

winspool.drv

shell32

shlwapi

uxtheme

ole32

oleaut32

ws2_32

version

wininet

psapi

oleacc

gdiplus

imm32

winmm

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 680KB - Virtual size: 680KB

.data Size: 74KB - Virtual size: 116KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 173KB - Virtual size: 173KB

0b:b9:fb:8e:48:a1:35:80:e4:35:dc:e9:6f:83:f0:6d
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

f7:e3:43:1b:94:5d:51:81:f6:81:7a:a3:44:17:98:50:30:d3:a2:e9
Signer

07/02/2023, 20:50
Valid: false

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 680KB - Virtual size: 680KB

.data
Size: 74KB - Virtual size: 116KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 173KB - Virtual size: 173KB