Analysis of cochang private key leak event on March 21, 2023[.]pdf[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Analysis of cochang private key leak event on March 21, 2023.pdf.zip
Size

28.7MB
MD5

14590ed407ac3137dfebf6e577738b6f
SHA1

4c57d1fdf4b14bfbfaee2adefe1a186bb48b7fcd
SHA256

8849188015f3e48dff6985bd0b823fb744da1e65e7ac93fed19e370e3af419d3
SHA512

0179b1852e1c0062c906613c0eedb681d345c468d12754efda7b0970ad9441caf5a483f05a48ed3e2f811154491678496936a6304b95f85375c8e057c8ecfe8b
SSDEEP

393216:PdRMyQ5nDRugTM6ZWK4GV+Pws5TttG9/yaxC67GHh6FKLNhvNzkRZO9DXwhT+GbK:PYp1nM6WO+1TOxeMFkNJN40DAhKGbEfH

Score

1^/10

Malware Config

Signatures

Files

Analysis of cochang private key leak event on March 21, 2023.pdf.zip
.zip

Password: cochang
Analysis of cochang private key leak event on March 21, 2023.pdf.scr
.exe windows x86

Password: cochang

b5cdc5501116a5933f87b847ea44476c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
FindClose
GetExitCodeProcess
CreateThread
CreateProcessA
CreateProcessW
OpenProcess
GetModuleHandleA
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalFree
GetUserDefaultLCID
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFileSizeEx
FlushFileBuffers
SetFilePointerEx
ReadConsoleW
ReadFile
SetEndOfFile
SetStdHandle
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapReAlloc
GetCurrentThread
WriteFile
GetStdHandle
SetConsoleCtrlHandler
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
WaitForSingleObject
GetModuleHandleExW
ExitProcess
GetFileType
SetEnvironmentVariableW
GetFullPathNameW
GetDriveTypeW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
CompareStringEx
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
GetLocaleInfoEx
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
ReleaseMutex
FormatMessageA
LocalFree
Sleep
CloseHandle
SetFileTime
GetLocaleInfoA
WideCharToMultiByte
GetTimeFormatW
GetTimeFormatA
GetDateFormatW
GetDateFormatA
VerifyVersionInfoA
GetComputerNameW
GetComputerNameA
MoveFileExW
MoveFileExA
MoveFileW
MoveFileA
CopyFileW
CopyFileA
WritePrivateProfileStringW
WritePrivateProfileStringA
GetPrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileIntW
GetPrivateProfileIntA
FindResourceA
MulDiv
LoadLibraryW
LoadLibraryA
FindResourceW
LoadLibraryExW
LoadLibraryExA
GetProcAddress
GetLastError
GetModuleFileNameW
GetModuleFileNameA
FreeLibrary
GetVersionExW
CreateEventW
CreateEventA
CreateMutexW
CreateMutexA
OutputDebugStringW
OutputDebugStringA
GetTempPathA
GetTempPathW
RemoveDirectoryW
RemoveDirectoryA
GetFileAttributesW
GetFileAttributesA
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
GetCurrentThreadId
DeleteFileW
DeleteFileA
CreateFileW
CreateFileA
CreateDirectoryW
CreateDirectoryA
GetCurrentDirectoryW
SetCurrentDirectoryW
SetCurrentDirectoryA
GetEnvironmentVariableW
GetEnvironmentVariableA
VerSetConditionMask
MultiByteToWideChar
GetProcessHeap
HeapFree
HeapAlloc
IsBadReadPtr
GetVersionExA
GetTimeZoneInformation
WriteConsoleW

user32

GetClientRect
GetShellWindow
GetWindowThreadProcessId
LoadCursorA
LoadIconA
IsDialogMessageA
IsDialogMessageW
DrawIconEx
GetSysColor
GetDC
ReleaseDC
DrawTextW
SetRect
OffsetRect
GetDesktopWindow
GetKeyboardLayoutNameA
SendMessageA
SendMessageW
RegisterClassA
RegisterClassW
UnregisterClassA
UnregisterClassW
RegisterClassExA
RegisterClassExW
CreateWindowExA
CreateWindowExW
DialogBoxParamA
DialogBoxParamW
GetDlgItem
RegisterClipboardFormatA
RegisterClipboardFormatW
CharUpperW
InsertMenuA
InsertMenuW
AppendMenuA
AppendMenuW
DrawTextA
SetPropA
SetPropW
GetPropA
GetPropW
RemovePropA
RemovePropW
SetWindowTextA
SetWindowTextW
GetWindowTextA
GetWindowTextW
MessageBoxA
MessageBoxW
FrameRect
FindWindowA
FindWindowW
GetClassNameA
GetClassNameW
LoadImageA
LoadImageW
MonitorFromWindow
wsprintfA
GetMessageA
PostMessageA
GetMessageW
TranslateMessage
DispatchMessageA
LockWindowUpdate
InvalidateRect
EndPaint
BeginPaint
SetForegroundWindow
UpdateWindow
GetSystemMetrics
IsWindowEnabled
EnableWindow
KillTimer
SetTimer
SetFocus
SendDlgItemMessageA
GetDlgItemTextW
SetDlgItemTextW
SetWindowPos
ShowWindow
DestroyWindow
PostQuitMessage
DefWindowProcW
DefWindowProcA
DispatchMessageW

gdi32

TextOutA
MoveToEx
LineTo
GetTextExtentPoint32A
GetRgnBox
GetClipRgn
Ellipse
CreateRectRgn
CreateSolidBrush
CreateFontW
AddFontResourceW
AddFontResourceA
GdiFlush
GetTextExtentPoint32W
GetObjectA
CreateDIBSection
SetTextColor
SetStretchBltMode
TextOutW
SetPixel
SetBkMode
SetBkColor
SelectObject
GetTextColor
GetPixel
GetDIBits
GetCurrentObject
GetBkMode
GetBkColor
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
BitBlt
GetStockObject
SetDIBits
Polygon
CreatePalette
GetDeviceCaps
RealizePalette
SelectPalette
StretchBlt
SetDIBitsToDevice
CreatePen
CreateFontA

comdlg32

ChooseFontA
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW
GetOpenFileNameA
ChooseFontW

advapi32

RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey
ConvertSidToStringSidA
GetTokenInformation
OpenProcessToken
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclA
FreeSid
AllocateAndInitializeSid
RegSetValueExW

shell32

Shell_NotifyIconA
CommandLineToArgvW
SHGetFolderLocation
ord155
SHBrowseForFolderA
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
SHGetPathFromIDListW
DragQueryFileA
DragQueryFileW
ShellExecuteA
ShellExecuteW
ShellExecuteExA
SHGetPathFromIDListA
ShellExecuteExW
Shell_NotifyIconW
SHGetFileInfoA
SHGetFileInfoW
SHGetMalloc

ole32

StringFromGUID2
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
CoCreateGuid

wintrust

WinVerifyTrust

gdiplus

GdipCreateLineBrushI
GdipCreateBitmapFromStream
GdipFillPath
GdipFillEllipseI
GdipFillPolygonI
GdipFillRectangleI
GdipDrawPath
GdipDrawPolygonI
GdipDrawEllipseI
GdipDrawLineI
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingMode
GdipSetPenLineCap197819
GdipSetPenWidth
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathArcI
GdipDrawImageRectI
GdipClosePathFigure
GdipResetPath
GdipDeletePath
GdipCreateBitmapFromStreamICM
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectRect
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetImageAttributesWrapMode
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipAddPathLineI
GdipCreatePath

Sections

.text
Size: 726KB - Virtual size: 725KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: cochang

Password: cochang

b5cdc5501116a5933f87b847ea44476c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

wintrust

gdiplus

Sections

.text Size: 726KB - Virtual size: 725KB

.rdata Size: 149KB - Virtual size: 149KB

.data Size: 11KB - Virtual size: 23KB

.didat Size: 512B - Virtual size: 56B

.rsrc Size: 299KB - Virtual size: 298KB

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 726KB - Virtual size: 725KB

.rdata
Size: 149KB - Virtual size: 149KB

.data
Size: 11KB - Virtual size: 23KB

.didat
Size: 512B - Virtual size: 56B

.rsrc
Size: 299KB - Virtual size: 298KB

.reloc
Size: 29KB - Virtual size: 29KB