4c2809d10ecded9f945af1004d50342804b78e7f8891013dae5d3f69db525da0

Sharing

Copy URL Twitter E-mail

General

Target

4c2809d10ecded9f945af1004d50342804b78e7f8891013dae5d3f69db525da0
Size

1.6MB
MD5

d19e68078f29f9cf8227c404cc3247df
SHA1

da4a24afeff3952d52166096f158e437ac71b50d
SHA256

4c2809d10ecded9f945af1004d50342804b78e7f8891013dae5d3f69db525da0
SHA512

9c3106e4b502550b9e12985d561351452c1e92ac6ac5fc57956949ca1feb391c498528e29fe391bbfb3a166690ecb394f2d588a8f7543df0ab8763ec9b240022
SSDEEP

49152:Za+/178aAOh4evRUaFIE9BiwZM9McYCdVeu8PWVBywxyD43Hqp9:z178aB4ev6aZ9BiwK9McYCXeuCuyCI46

Score

1^/10

Malware Config

Signatures

Files

4c2809d10ecded9f945af1004d50342804b78e7f8891013dae5d3f69db525da0
.exe windows x86

a7f56ff5d0800f4012174316f7877857

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:c2:0b:48:4a:d3:ad:80:5c:63:81:c2:ab:7e:e6:7e
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/06/2022, 00:00

Not After

22/06/2023, 23:59

Subject

CN=Lenovo (Beijing) Co.\, Ltd.,OU=G07,O=Lenovo (Beijing) Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d9:78:8c:a7:3f:32:87:e9:f7:c3:8f:9c:26:1e:3c:25:12:18:af:0c:8a:a4:80:c7:b0:22:2d:d0:f6:80:82:2d
Signer

Actual PE Digest

d9:78:8c:a7:3f:32:87:e9:f7:c3:8f:9c:26:1e:3c:25:12:18:af:0c:8a:a4:80:c7:b0:22:2d:d0:f6:80:82:2d

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Lenovo (Beijing) Co.\, Ltd.,OU=G07,O=Lenovo (Beijing) Co.\, Ltd.,ST=Beijing,C=CN

30/08/2022, 20:09
Valid: true

Chain 1

CN=Lenovo (Beijing) Co.\, Ltd.,OU=G07,O=Lenovo (Beijing) Co.\, Ltd.,ST=Beijing,C=CN

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=Lenovo (Beijing) Co.\, Ltd.,OU=G07,O=Lenovo (Beijing) Co.\, Ltd.,ST=Beijing,C=CN

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleW
CreateFileW
SetEnvironmentVariableA
IsValidCodePage
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsProcessorFeaturePresent
HeapCreate
GetConsoleMode
GetConsoleCP
GetStdHandle
SetHandleCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapSize
HeapQueryInformation
CreateThread
GetTickCount
ExitThread
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
RaiseException
GetStartupInfoW
HeapSetInformation
GetCommandLineA
LCMapStringW
EncodePointer
HeapFree
HeapAlloc
RtlUnwind
FindResourceExW
SetStdHandle
CompareStringW
VirtualProtect
SearchPathA
GetProfileIntA
GetTempPathA
GetTempFileNameA
GetNumberFormatA
GetWindowsDirectoryA
GetCurrentDirectoryA
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToLocalFileTime
GetFileAttributesExA
SetErrorMode
lstrcpyA
FileTimeToSystemTime
GetACP
GetOEMCP
GetCPInfo
InterlockedIncrement
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
GetStringTypeW
DecodePointer
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetCurrentProcessId
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
ResumeThread
SetThreadPriority
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GetModuleFileNameA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
CloseHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileA
CreateFileA
lstrcmpiA
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
lstrlenW
MulDiv
lstrlenA
FindResourceA
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
GetModuleHandleA
FreeLibrary
WideCharToMultiByte
CompareStringA
LoadLibraryW
LoadLibraryA
ActivateActCtx
DeactivateActCtx
SetLastError
MultiByteToWideChar
lstrcmpW
FindResourceW
LoadResource
LockResource
SizeofResource
WaitForSingleObject
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
GetModuleHandleW
GetProcAddress
ExitProcess
CreateDirectoryA
GetProcessHeap

user32

DrawMenuBar
DefMDIChildProcA
DefFrameProcA
PostThreadMessageA
IsMenu
MonitorFromPoint
UpdateLayeredWindow
UnionRect
MapVirtualKeyExA
IsCharLowerA
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
CopyAcceleratorTableA
DrawFrameControl
DrawEdge
DrawStateA
GetSystemMenu
SetClassLongA
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
BringWindowToTop
TranslateAcceleratorA
DrawIconEx
GetNextDlgGroupItem
LoadImageA
CopyImage
GetIconInfo
MessageBeep
NotifyWinEvent
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
GetAsyncKeyState
IsRectEmpty
CreatePopupMenu
GetMenuDefaultItem
RedrawWindow
DestroyIcon
WaitMessage
WindowFromPoint
KillTimer
DeleteMenu
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
UnregisterClassA
GetSysColorBrush
RealChildWindowFromPoint
MapVirtualKeyA
GetKeyNameTextA
GetWindowThreadProcessId
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
CharUpperA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
TranslateMDISysAccel
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
CheckMenuItem
GetDesktopWindow
CreateDialogIndirectParamA
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SystemParametersInfoA
DestroyMenu
GetMenuItemInfoA
InflateRect
GetMenuState
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
CreateMenu
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetWindowRgn
DestroyCursor
MapDialogRect
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
PostMessageA
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
SubtractRect
GetDoubleClickTime
CharUpperBuffA
CopyIcon
GetDC
RegisterClipboardFormatA
RegisterClassA
AdjustWindowRectEx
GetWindowRect
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
GetWindow
GetCapture
GetActiveWindow
InvalidateRect
UpdateWindow
PtInRect
CopyRect
GetWindowLongA
SetWindowLongA
ReleaseCapture
GetSysColor
GetSystemMetrics
LoadIconW
SetCapture
SetTimer
GetUpdateRect
GetClientRect
IsIconic
SendMessageA
FillRect
IntersectRect
OffsetRect
SetRect
MessageBoxA
EnableWindow
GetParent
ClientToScreen
LoadMenuW
GetSubMenu
EnableMenuItem
DrawIcon
LoadCursorA

gdi32

CreateSolidBrush
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
SetRectRgn
CombineRgn
DPtoLP
GetTextMetricsA
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
GetBkColor
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
StretchBlt
SetPixel
PtVisible
GetRgnBox
EnumFontFamiliesExA
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetTextFaceA
GetPixel
GetWindowExtEx
Rectangle
GetViewportExtEx
GetObjectType
SelectPalette
GetStockObject
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
OffsetRgn
BitBlt
CreateRectRgn
SelectClipRgn
DeleteObject
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
GetTextExtentPoint32A
ExtTextOutA
CreateFontIndirectA
CreateDCA
CopyMetaFileA
GetDeviceCaps
GetObjectA
SetBkColor
SetTextColor
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreatePen
RectVisible

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey
RegEnumValueA
RegQueryValueA
RegEnumKeyA

shell32

SHGetFileInfoA
SHGetDesktopFolder
SHGetPathFromIDListA
SHAppBarMessage
SHBrowseForFolderA
ShellExecuteA
DragQueryFileA
DragFinish
SHGetSpecialFolderLocation

comctl32

ImageList_GetIconSize

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathRemoveFileSpecW
PathIsUNCA

ole32

DoDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateStreamOnHGlobal
CoCreateGuid
CoInitializeEx
CoCreateInstance
CoUninitialize
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoInitialize

oleaut32

VariantClear
SysAllocString
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringLen
SysFreeString
SysAllocStringLen
VariantInit
VariantChangeType

urlmon

URLDownloadToFileA

iphlpapi

GetAdaptersAddresses

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7f56ff5d0800f4012174316f7877857

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:c2:0b:48:4a:d3:ad:80:5c:63:81:c2:ab:7e:e6:7eCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

d9:78:8c:a7:3f:32:87:e9:f7:c3:8f:9c:26:1e:3c:25:12:18:af:0c:8a:a4:80:c7:b0:22:2d:d0:f6:80:82:2dSigner

Signature Validations

Verification

30/08/2022, 20:09 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

urlmon

iphlpapi

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 257KB - Virtual size: 257KB

.data Size: 22KB - Virtual size: 58KB

.rsrc Size: 37KB - Virtual size: 37KB

.reloc Size: 167KB - Virtual size: 166KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:c2:0b:48:4a:d3:ad:80:5c:63:81:c2:ab:7e:e6:7e
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

d9:78:8c:a7:3f:32:87:e9:f7:c3:8f:9c:26:1e:3c:25:12:18:af:0c:8a:a4:80:c7:b0:22:2d:d0:f6:80:82:2d
Signer

30/08/2022, 20:09
Valid: true

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 257KB - Virtual size: 257KB

.data
Size: 22KB - Virtual size: 58KB

.rsrc
Size: 37KB - Virtual size: 37KB

.reloc
Size: 167KB - Virtual size: 166KB