Unim3u converter patch[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Unim3u converter patch.exe
Size

1.5MB
MD5

75d398fcf7e02f79dba4eafd95790ade
SHA1

3b71085e9c81345daf9010cc816821b7875ef35c
SHA256

605e31a192b97938b289194ed21e3e05a7626285e8b20c5ff246338cebe5d1b9
SHA512

b6a62e2699b910115555012483b69747d27f4645e0b41f3b1d6662eee7a8ca4f5ca5c02d35a1ab3797dcca33efb96cd1edbc23188e808e4c6171a33e4a9abc5d
SSDEEP

24576:YUCTl/dC1/SCf/dhz86GI1lmlxD3GN6A9xUEQatYNTfDfVtykR3tV/q/tP:GQ1/pNB3BjUEQaSNDDtQcdNu

Score

1^/10

Malware Config

Signatures

Files

Unim3u converter patch.exe
.exe windows x86

bba5a29c8775c79b35f60f7c33f66694

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:00:60:3c:86:22:fb:3f:4e:d1:7f:cd:fa:31:aa:ea
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/02/2020, 00:00

Not After

24/02/2021, 23:59

Subject

SERIALNUMBER=FN 519229 y,CN=Alpiq Digital Austria GmbH,O=Alpiq Digital Austria GmbH,L=Wien,C=AT,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13045769656e,1.3.6.1.4.1.311.60.2.1.2=#13045769656e,1.3.6.1.4.1.311.60.2.1.3=#13024154

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:00:60:3c:86:22:fb:3f:4e:d1:7f:cd:fa:31:aa:ea
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/02/2020, 00:00

Not After

24/02/2021, 23:59

Subject

SERIALNUMBER=FN 519229 y,CN=Alpiq Digital Austria GmbH,O=Alpiq Digital Austria GmbH,L=Wien,C=AT,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13045769656e,1.3.6.1.4.1.311.60.2.1.2=#13045769656e,1.3.6.1.4.1.311.60.2.1.3=#13024154

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:bd:2e:3a:9e:96:fc:dd:2e:7c:74:f7:49:e8:53:9e:8e:54:be:1e:cc:fc:b2:d8:26:7f:df:57:e2:a4:c0:06
Signer

Actual PE Digest

6b:bd:2e:3a:9e:96:fc:dd:2e:7c:74:f7:49:e8:53:9e:8e:54:be:1e:cc:fc:b2:d8:26:7f:df:57:e2:a4:c0:06

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=FN 519229 y,CN=Alpiq Digital Austria GmbH,O=Alpiq Digital Austria GmbH,L=Wien,C=AT,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13045769656e,1.3.6.1.4.1.311.60.2.1.2=#13045769656e,1.3.6.1.4.1.311.60.2.1.3=#13024154

03/09/2020, 13:55
Valid: true

Chain 1

SERIALNUMBER=FN 519229 y,CN=Alpiq Digital Austria GmbH,O=Alpiq Digital Austria GmbH,L=Wien,C=AT,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13045769656e,1.3.6.1.4.1.311.60.2.1.2=#13045769656e,1.3.6.1.4.1.311.60.2.1.3=#13024154

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

b1:d4:e7:31:98:3f:8c:dd:4a:62:d8:de:17:1e:a2:e2:be:7b:0d:31
Signer

Actual PE Digest

b1:d4:e7:31:98:3f:8c:dd:4a:62:d8:de:17:1e:a2:e2:be:7b:0d:31

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=FN 519229 y,CN=Alpiq Digital Austria GmbH,O=Alpiq Digital Austria GmbH,L=Wien,C=AT,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13045769656e,1.3.6.1.4.1.311.60.2.1.2=#13045769656e,1.3.6.1.4.1.311.60.2.1.3=#13024154

03/09/2020, 13:55
Valid: true

Chain 1

SERIALNUMBER=FN 519229 y,CN=Alpiq Digital Austria GmbH,O=Alpiq Digital Austria GmbH,L=Wien,C=AT,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13045769656e,1.3.6.1.4.1.311.60.2.1.2=#13045769656e,1.3.6.1.4.1.311.60.2.1.3=#13024154

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ClearEventLogA
ClearEventLogW
CreateProcessAsUserW
EqualDomainSid
LogonUserW
AdjustTokenPrivileges
CryptEncrypt
CheckTokenMembership
CryptImportKey
CryptCreateHash
CryptReleaseContext
PerfDecrementULongCounterValue
GetAclInformation
RegUnLoadKeyW
OpenProcessToken
RegQueryMultipleValuesW
RegDeleteKeyW
FreeSid
InitializeSecurityDescriptor
CryptGetHashParam
ConvertSecurityDescriptorToStringSecurityDescriptorA
AllocateAndInitializeSid
CryptDestroyKey
CryptDestroyHash
RegRestoreKeyW
CredReadW
RegLoadMUIStringW
CryptGenRandom
CredIsMarshaledCredentialA
CryptHashData
LookupPrivilegeValueW
RevertToSelf
RegCreateKeyExW
CryptAcquireContextA
PerfStartProviderEx

ws2_32

ioctlsocket
gethostname
htonl
ntohl
WSAStartup
WSACleanup
WSAGetLastError
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet

crypt32

CertFreeCertificateContext

wldap32

ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord143

normaliz

IdnToAscii
IdnToUnicode

kernel32

GetDriveTypeW
IsValidLocale
LoadLibraryExW
DecodePointer
VerifyVersionInfoA
CreateMailslotW
FindFirstFileNameW
Process32NextW
TerminateProcess
GetConsoleMode
OutputDebugStringW
IsProcessorFeaturePresent
GetTimeZoneInformation
CreateProcessW
WaitForSingleObject
RaiseException
FindClose
MultiByteToWideChar
CreateThread
DeleteFileW
GetLocaleInfoW
InitializeSListHead
IsBadReadPtr
GetModuleFileNameA
LoadLibraryA
GetTickCount64
BindIoCompletionCallback
TlsAlloc
SetCurrentDirectoryW
GetModuleFileNameW
FindNextFileW
WriteConsoleW
FindNextFileA
GetConsoleCP
InitializeCriticalSectionAndSpinCount
PeekNamedPipe
GetThreadPreferredUILanguages
CloseHandle
GetCurrentProcessId
GetStartupInfoW
SetEndOfFile
DeleteCriticalSection
EnterCriticalSection
FlsAlloc
FormatMessageA
GetModuleHandleExW
GetProcessWorkingSetSize
FreeEnvironmentStringsW
RemoveDirectoryW
FindFirstFileExW
ExpandEnvironmentStringsA
GetTimeFormatW
TlsGetValue
CreateEventW
GetModuleHandleA
LeaveCriticalSection
LCMapStringA
CreateFileW
GetVersionExW
VirtualUnlock
HeapAlloc
ExitThread
CreateWaitableTimerW
SetPriorityClass
FlushFileBuffers
CreateMutexW
IsDebuggerPresent
SetUnhandledExceptionFilter
CreateBoundaryDescriptorA
Process32FirstW
FreeLibraryAndExitThread
LoadLibraryW
CreateToolhelp32Snapshot
ReadConsoleW
UnhandledExceptionFilter
CopyFileA
GetLastError
TlsSetValue
CompareStringW
TlsFree
SetLastError
InterlockedFlushSList
GetCPInfo
GetSystemWow64DirectoryW
RtlUnwind
SetConsoleCtrlHandler
VirtualFree
SetEvent
GetProductInfo
GetUserDefaultLCID
SetEnvironmentVariableW
Sleep
EnumSystemLocalesW
GetUserDefaultLangID
LCMapStringW
GetProcessHeap
CreateDirectoryW
WriteFile
SleepEx
OutputDebugStringA
ResetEvent
GetEnvironmentVariableW
GetTickCount
GetACP
SetFilePointerEx
GetConsoleProcessList
GetCurrentDirectoryW
GetFullPathNameA
QueryPerformanceCounter
GetSystemDirectoryA
FileTimeToSystemTime
HeapFree
HeapDestroy
ExitProcess
EnumResourceTypesA
SetEnvironmentVariableA
EncodePointer
GetCommandLineW
GetProcAddress
SetLocaleInfoW
WaitForSingleObjectEx
GetEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetFileType
WideCharToMultiByte
GetFullPathNameW
InterlockedPushEntrySList
RemoveDirectoryTransactedA
GetCurrentThreadId
GetSystemTimeAsFileTime
GetModuleHandleW
WaitForMultipleObjects
GetDateFormatW
HeapSize
FreeLibrary
SetStdHandle
GetFileSize
GetStdHandle
SetCriticalSectionSpinCount
GetCurrentProcess
GetStringTypeW
HeapReAlloc
ReadFile
SystemTimeToTzSpecificLocalTime
GetCurrentThread
FindFirstFileExA
ResumeThread
InitializeCriticalSectionEx
VerSetConditionMask
GetFileAttributesExW
DisableThreadLibraryCalls
GetCommandLineA

user32

UnionRect
InternalGetWindowText
EndDeferWindowPos
PostMessageW
IntersectRect
GetWindowTextA
CheckRadioButton
SendMessageCallbackW
GetMonitorInfoW
FindWindowExW
DialogBoxParamW
EndDialog
GetNextDlgGroupItem
SendMessageW
TranslateAcceleratorW
UnregisterClassW
MessageBoxW
UnregisterClassA
SetWindowPos
SwitchToThisWindow
EnableMenuItem
GetSystemMenu
IsCharUpperW
LoadIconW
GetDlgItem
GetNextDlgTabItem
SetProcessDPIAware

shell32

SHGetSpecialFolderPathW
ord80
ord102
SHGetPathFromIDListEx
SHCreateShellItemArray
SHGetIconOverlayIndexA

oleaut32

SysAllocString
GetAltMonthNames
VarCySu
VarUI2FromR8
VarI2FromCy
VarDateFromStr
VarDecFromR8
QueryPathOfRegTypeLi
VarCyFromI1
VarI8FromUI1
VarParseNumFromStr
SysFreeString

shlwapi

StrChrNW
AssocQueryStringByKeyA
StrRStrIA
PathFindFileNameA
PathUnmakeSystemFolderW
PathFileExistsW
SHRegSetUSValueW
SHQueryInfoKeyW
SHCreateShellPalette
StrDupW
PathAppendW
StrCSpnIA
AssocQueryStringA

wtsapi32

WTSOpenServerW
WTSUnRegisterSessionNotification
WTSQueryUserToken
WTSEnumerateServersW
WTSVirtualChannelPurgeOutput

ole32

CoInitializeEx
CoCreateInstance
CoInitializeSecurity
CoUninitialize

Sections

.text
Size: 707KB - Virtual size: 707KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 714KB - Virtual size: 713KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bba5a29c8775c79b35f60f7c33f66694

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

11:00:60:3c:86:22:fb:3f:4e:d1:7f:cd:fa:31:aa:eaCertificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

11:00:60:3c:86:22:fb:3f:4e:d1:7f:cd:fa:31:aa:eaCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

6b:bd:2e:3a:9e:96:fc:dd:2e:7c:74:f7:49:e8:53:9e:8e:54:be:1e:cc:fc:b2:d8:26:7f:df:57:e2:a4:c0:06Signer

Signature Validations

Verification

03/09/2020, 13:55 Valid: true

Chain 1

b1:d4:e7:31:98:3f:8c:dd:4a:62:d8:de:17:1e:a2:e2:be:7b:0d:31Signer

Signature Validations

Verification

03/09/2020, 13:55 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ws2_32

crypt32

wldap32

normaliz

kernel32

user32

shell32

oleaut32

shlwapi

wtsapi32

ole32

Sections

.text Size: 707KB - Virtual size: 707KB

.rdata Size: 99KB - Virtual size: 98KB

.data Size: 3KB - Virtual size: 9KB

.gfids Size: 1024B - Virtual size: 584B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 714KB - Virtual size: 713KB

.reloc Size: 25KB - Virtual size: 25KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

11:00:60:3c:86:22:fb:3f:4e:d1:7f:cd:fa:31:aa:ea
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

11:00:60:3c:86:22:fb:3f:4e:d1:7f:cd:fa:31:aa:ea
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

6b:bd:2e:3a:9e:96:fc:dd:2e:7c:74:f7:49:e8:53:9e:8e:54:be:1e:cc:fc:b2:d8:26:7f:df:57:e2:a4:c0:06
Signer

03/09/2020, 13:55
Valid: true

b1:d4:e7:31:98:3f:8c:dd:4a:62:d8:de:17:1e:a2:e2:be:7b:0d:31
Signer

03/09/2020, 13:55
Valid: true

.text
Size: 707KB - Virtual size: 707KB

.rdata
Size: 99KB - Virtual size: 98KB

.data
Size: 3KB - Virtual size: 9KB

.gfids
Size: 1024B - Virtual size: 584B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 714KB - Virtual size: 713KB

.reloc
Size: 25KB - Virtual size: 25KB