7e7a9580ad341813b2c57200a7258d27e49d3395eef93b27dc29a20058d62b6d

Sharing

Copy URL Twitter E-mail

General

Target

7e7a9580ad341813b2c57200a7258d27e49d3395eef93b27dc29a20058d62b6d
Size

4.5MB
MD5

1b8e8dae71c8b20016392856757a536c
SHA1

ff5eee8504ea30ad2ed560d0952249099f34d9cc
SHA256

7e7a9580ad341813b2c57200a7258d27e49d3395eef93b27dc29a20058d62b6d
SHA512

e76df09fa7d873650e323750e5aa70f429aba022c37a42080eeae81c6c2bcaf65b266e98fca8aec83a02a11bd5ebd1789b2b8939ba227b7496eb4e0605c94dd6
SSDEEP

98304:hVLhP7L9O/BZXxkI5PG1f5ehM/Cw/khc5FbKEQ26PVR7m6gZ1MRGNCyI5AxV300m:bl/MBZBkIehehM/Cw/khc5FbKEV6PVRn

Score

1^/10

Malware Config

Signatures

Files

7e7a9580ad341813b2c57200a7258d27e49d3395eef93b27dc29a20058d62b6d
.exe windows x86

e30008faf564323ee04e4db0de060d42

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:37:b8:4b:76:0e:63:fa:cf:22:ef:b0:fe:6a:89:de
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20/03/2020, 00:00

Not After

24/03/2023, 12:00

Subject

CN=天津珊瑚信息科技有限公司,OU=IT Dept,O=天津珊瑚信息科技有限公司,ST=天津市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:36:58:62:ed:6d:72:e2:c2:99:7c:11:0d:e2:89:ba
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20/03/2020, 00:00

Not After

24/03/2023, 12:00

Subject

CN=天津珊瑚信息科技有限公司,OU=IT Dept,O=天津珊瑚信息科技有限公司,ST=天津市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c9:cd:cc:8a:fb:f7:98:1c:bc:a2:1c:5b:2c:50:29:42:a4:81:cd:3f:99:86:80:33:17:a5:89:e4:44:90:18:b0
Signer

Actual PE Digest

c9:cd:cc:8a:fb:f7:98:1c:bc:a2:1c:5b:2c:50:29:42:a4:81:cd:3f:99:86:80:33:17:a5:89:e4:44:90:18:b0

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=天津珊瑚信息科技有限公司,OU=IT Dept,O=天津珊瑚信息科技有限公司,ST=天津市,C=CN

07/02/2023, 20:40
Valid: true

Chain 1

CN=天津珊瑚信息科技有限公司,OU=IT Dept,O=天津珊瑚信息科技有限公司,ST=天津市,C=CN

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

6e:68:e9:45:a1:de:60:97:5e:22:0d:d8:02:68:ff:6f:cf:33:e1:f0
Signer

Actual PE Digest

6e:68:e9:45:a1:de:60:97:5e:22:0d:d8:02:68:ff:6f:cf:33:e1:f0

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=天津珊瑚信息科技有限公司,OU=IT Dept,O=天津珊瑚信息科技有限公司,ST=天津市,C=CN

27/12/2021, 02:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
GetCurrentDirectoryW
CreateDirectoryW
SearchPathW
FindFirstChangeNotificationW
FindCloseChangeNotification
CompareFileTime
GetFileInformationByHandle
SwitchToThread
GetDriveTypeW
WritePrivateProfileStringW
GetCommandLineW
LoadLibraryExW
lstrcmpiW
Sleep
InterlockedDecrement
InterlockedIncrement
DecodePointer
LocalFree
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
RaiseException
GetVersionExW
GetTickCount
GetFileSize
UnlockFile
LockFile
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateMutexW
GetCurrentProcessId
OpenProcess
GetLongPathNameW
SetEndOfFile
WriteConsoleW
SetFilePointerEx
ReadConsoleW
CreateFileW
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
ReadFile
GetFileSizeEx
MoveFileExW
MoveFileW
FindNextFileW
FindFirstFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetFullPathNameW
RemoveDirectoryW
GetWindowsDirectoryW
GetTempPathW
lstrlenW
FindClose
SetLastError
WideCharToMultiByte
MultiByteToWideChar
FindResourceExW
FindResourceW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryW
CreateEventW
SizeofResource
LoadResource
WaitForMultipleObjects
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
GetCurrentProcess
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetFileType
GetCurrentThread
GetACP
GetStdHandle
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
InterlockedFlushSList
GetSystemWindowsDirectoryW
FreeResource
lstrcmpiA
lstrcmpA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
WaitForSingleObjectEx
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GlobalFree
HeapDestroy
GetProcAddress
FreeLibrary
GlobalUnlock
GlobalLock
GlobalAlloc
FlushFileBuffers
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
LockResource
WriteFile
EncodePointer
IsDebuggerPresent
DeviceIoControl
GetShortPathNameW
GetPrivateProfileStringW
LocalAlloc
InterlockedCompareExchange
InterlockedExchange
GetDiskFreeSpaceExW
GetSystemDirectoryW
GetLogicalDriveStringsW
GetFileAttributesExW
SetFilePointer
DeleteFileA
CreateFileA
GetTempFileNameA
GetTempPathA
CloseHandle
SetStdHandle
GetEnvironmentVariableW
GetTempFileNameW
FormatMessageW
TerminateProcess
GetExitCodeProcess
CopyFileW
OutputDebugStringA
OutputDebugStringW
GetLocalTime
ResetEvent
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

user32

DefWindowProcW
PostMessageW
KillTimer
CallWindowProcW
FindWindowExW
GetWindowThreadProcessId
SetTimer
UnregisterClassW
RegisterClassExW
SetRect
IsDialogMessageW
OffsetRect
EndDialog
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
MapWindowPoints
SetForegroundWindow
GetSystemMetrics
IsIconic
PostQuitMessage
GetActiveWindow
CharNextW
DialogBoxParamW
MessageBoxW
wsprintfW
RegisterWindowMessageW
SendMessageTimeoutW
SendNotifyMessageW
FindWindowW
UnionRect
EqualRect
PtInRect
SetCursor
DrawFocusRect
DestroyCursor
MoveWindow
UnregisterClassA
BringWindowToTop
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetParent
FillRect
ScreenToClient
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
InvalidateRect
DrawTextW
ReleaseCapture
SetCapture
GetAsyncKeyState
GetFocus
DestroyWindow
SendMessageW
GetShellWindow
SystemParametersInfoW
LoadCursorW
SetWindowLongW
GetWindowLongW
CopyRect
GetWindowRect
GetClientRect
SetWindowRgn
EndPaint
BeginPaint
ReleaseDC
GetDC
IsWindowVisible
SetWindowPos
UpdateLayeredWindow
ShowWindow
IsWindow
CreateWindowExW
GetClassInfoExW

gdi32

OffsetViewportOrgEx
RectVisible
EnumFontFamiliesW
CreateFontW
GetObjectW
BitBlt
CombineRgn
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject
SetViewportOrgEx
CreateRectRgnIndirect
GetStockObject
RestoreDC
SaveDC
SelectClipRgn
SetBkMode
SetTextColor
CreateDIBSection
CreateRectRgn

advapi32

CryptDecrypt
GetExplicitEntriesFromAclW
SetEntriesInAclW
LookupAccountNameW
LookupAccountSidW
DeleteAce
CryptContextAddRef
EqualSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CloseServiceHandle
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegCloseKey
DuplicateTokenEx
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
GetTokenInformation
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
UnlockServiceDatabase
StartServiceW
QueryServiceLockStatusW
GetUserNameW
QueryServiceConfig2W
QueryServiceConfigW
LockServiceDatabase
CreateServiceW
ChangeServiceConfig2W
ChangeServiceConfigW
GetTrusteeNameW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetNamedSecurityInfoW

shell32

CommandLineToArgvW
SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateDirectoryExW
ShellExecuteW
ord165
SHChangeNotify
SHFileOperationW

ole32

CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoCreateGuid
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoTaskMemAlloc
OleRun
CreateStreamOnHGlobal
CoInitializeSecurity
CoInitialize

oleaut32

VariantCopy
SysFreeString
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo
VarUI4FromStr
VariantInit
SysStringLen
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysAllocString

shlwapi

SHSetValueW
SHDeleteValueW
PathIsPrefixW
SHSetValueA
PathIsRootW
PathIsRelativeW
PathRemoveFileSpecW
SHGetValueW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathCombineW
PathAppendW
PathRenameExtensionA
PathFindFileNameA
wnsprintfW
PathIsDirectoryW
StrStrIA
StrCmpIW
StrToIntExW
SHGetValueA
StrCmpNIW
StrTrimA
StrStrIW
AssocQueryStringW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipDrawImageRectRect
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdiplusStartup
GdiplusShutdown
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImagePointRectI
GdipDrawImageRectRectI
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipCreateImageAttributes
GdipSetStringFormatTrimming
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDisposeImageAttributes
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign

psapi

EnumProcesses
GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupIterateCabinetW

secur32

GetUserNameExW

crypt32

CertGetNameStringW
CryptStringToBinaryA
CryptStringToBinaryW
CryptBinaryToStringA
CryptBinaryToStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

Exports

Exports

Dll_Entry
Start

Sections

.text
Size: 998KB - Virtual size: 998KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e30008faf564323ee04e4db0de060d42

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

08:37:b8:4b:76:0e:63:fa:cf:22:ef:b0:fe:6a:89:deCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

05:36:58:62:ed:6d:72:e2:c2:99:7c:11:0d:e2:89:baCertificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

c9:cd:cc:8a:fb:f7:98:1c:bc:a2:1c:5b:2c:50:29:42:a4:81:cd:3f:99:86:80:33:17:a5:89:e4:44:90:18:b0Signer

Signature Validations

Verification

07/02/2023, 20:40 Valid: true

Chain 1

6e:68:e9:45:a1:de:60:97:5e:22:0d:d8:02:68:ff:6f:cf:33:e1:f0Signer

Signature Validations

Verification

27/12/2021, 02:54 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

psapi

iphlpapi

wininet

urlmon

version

setupapi

secur32

crypt32

wintrust

Exports

Exports

Sections

.text Size: 998KB - Virtual size: 998KB

.rdata Size: 218KB - Virtual size: 217KB

.data Size: 22KB - Virtual size: 33KB

.rsrc Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 51KB - Virtual size: 50KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

08:37:b8:4b:76:0e:63:fa:cf:22:ef:b0:fe:6a:89:de
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

05:36:58:62:ed:6d:72:e2:c2:99:7c:11:0d:e2:89:ba
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

c9:cd:cc:8a:fb:f7:98:1c:bc:a2:1c:5b:2c:50:29:42:a4:81:cd:3f:99:86:80:33:17:a5:89:e4:44:90:18:b0
Signer

07/02/2023, 20:40
Valid: true

6e:68:e9:45:a1:de:60:97:5e:22:0d:d8:02:68:ff:6f:cf:33:e1:f0
Signer

27/12/2021, 02:54
Valid: false

.text
Size: 998KB - Virtual size: 998KB

.rdata
Size: 218KB - Virtual size: 217KB

.data
Size: 22KB - Virtual size: 33KB

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 51KB - Virtual size: 50KB