4fe05292af7783exeexeexeex[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4fe05292af7783exeexeexeex.exe
Size

1.7MB
MD5

4fe05292af7783c85ce6eac7b801983b
SHA1

1198334440b94a060410cef29f77de6bbe737ee7
SHA256

e63f7a8caeb9480989c5b98a675569dc0cc8696e5b114e2535467d0964cba84d
SHA512

72e31eafdafa4e924bd0e8ac47112b453def4839313cae07d87a90dbabb0c5342913160fc4a15aeaa94916309af49c9bb8b42a750149cf34f73f4e77fab4ba24
SSDEEP

49152:jfKlRHzPJuAxczyavp2DPw0EBprN+RB1BmXaoemnJFHCxtwa9zelP80djN:jEdzBuAxczyavp2DPw0EBprN+/1B2aob

Score

1^/10

Malware Config

Signatures

Files

4fe05292af7783exeexeexeex.exe
.exe windows x86

c5a9cae4303276aa9237a437566a717b

Code Sign

0a:9c:c4:0e:ee:b4:10:3c:26:11:55:04:e2:2b:c0:ac
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

25/01/2022, 00:00

Not After

19/02/2025, 23:59

Subject

CN=Beijing Jinwanwei Technology Co.\, Ltd.,O=Beijing Jinwanwei Technology Co.\, Ltd.,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSLogoffSession
WTSEnumerateSessionsA
WTSRegisterSessionNotification
WTSFreeMemory
WTSEnumerateProcessesA
WTSQuerySessionInformationA

zlib1

uncompress
compressBound
compress

kernel32

ResumeThread
SuspendThread
GlobalFlags
InterlockedExchange
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GetCPInfo
GetOEMCP
GetFileAttributesExA
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetFileTime
GetStringTypeExA
lstrcmpiA
WriteFile
FlushFileBuffers
LockFile
UnlockFile
GetFileSize
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
GetShortPathNameA
GetPrivateProfileIntA
GetCurrentDirectoryA
SetErrorMode
InterlockedCompareExchange
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapReAlloc
GetCommandLineA
VirtualProtect
SetThreadPriority
GetSystemInfo
VirtualQuery
ExitThread
HeapSize
ExitProcess
SetStdHandle
GetFileType
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
CompareStringW
GetStringTypeW
FatalAppExitA
VirtualFree
HeapCreate
HeapDestroy
GetStdHandle
GetConsoleCP
GetConsoleMode
SetHandleCount
GetACP
IsValidCodePage
SetEnvironmentVariableA
SetEnvironmentVariableW
GetStringTypeA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
QueryPerformanceCounter
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetCurrentDirectoryA
CreateFileW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetModuleFileNameW
SystemTimeToFileTime
GetThreadLocale
lstrcmpA
GetAtomNameA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FreeResource
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
VerSetConditionMask
VerifyVersionInfoW
LoadLibraryW
CreateProcessW
SetLastError
CreateToolhelp32Snapshot
Process32First
GetProcessId
Process32Next
GetLongPathNameA
Beep
RemoveDirectoryA
GetProcessHeap
HeapAlloc
HeapFree
SetFileAttributesA
FormatMessageA
WritePrivateProfileStringA
GetLocalTime
InterlockedIncrement
ReleaseSemaphore
CreateSemaphoreA
lstrcpyW
lstrcatW
CreateDirectoryW
GetVersion
CopyFileA
SetLocaleInfoA
FindFirstFileA
FindClose
GetVersionExA
CreatePipe
GetStartupInfoA
ReadFile
GetModuleHandleA
GetFileAttributesA
GetBinaryTypeA
GetLogicalDrives
GetDriveTypeA
GetModuleHandleW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTickCount
WaitForMultipleObjects
GetComputerNameA
lstrlenA
GetPrivateProfileStringW
lstrlenW
GetPrivateProfileStringA
lstrcatA
lstrcpyA
TerminateProcess
InterlockedDecrement
LoadResource
LockResource
SizeofResource
FindResourceA
WideCharToMultiByte
Sleep
GetCurrentProcess
LocalAlloc
LocalHandle
LocalFree
GetSystemDirectoryA
GetExitCodeProcess
GetCurrentThreadId
DefineDosDeviceA
CreateDirectoryA
CreateProcessA
MapViewOfFile
OpenEventA
CreateEventA
SetEvent
OpenProcess
GetCurrentProcessId
ProcessIdToSessionId
CreateThread
WaitForSingleObject
ReleaseMutex
GetModuleHandleExA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
CreateMutexA
IsBadReadPtr
OpenFileMappingA
CreateFileMappingA
MapViewOfFileEx
DeleteFileA
MoveFileA
GetTempPathA
GetTempFileNameA
CreateFileA
SetFilePointer
SetEndOfFile
GetLastError
UnmapViewOfFile
CloseHandle
MultiByteToWideChar
CreateRemoteThread
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
SetThreadContext
FlushInstructionCache
GetThreadContext
VirtualAlloc

user32

UnregisterClassA
DestroyIcon
CharUpperA
PostQuitMessage
DestroyMenu
GetMenuItemInfoA
InflateRect
GetDialogBaseUnits
GetCursorPos
ValidateRect
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ScrollWindowEx
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
SetRectEmpty
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
GetKeyState
InvalidateRect
SetCursor
ShowOwnedPopups
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
IsWindowVisible
UpdateWindow
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
CopyRect
GetDlgCtrlID
CallWindowProcA
PtInRect
GetMenu
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
GetWindowPlacement
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
SendMessageA
EndDialog
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
GetShellWindow
GetIconInfo
SendMessageTimeoutA
GetClassLongA
DeleteMenu
TranslateAcceleratorA
BringWindowToTop
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
ReleaseCapture
GetMenuBarInfo
LoadMenuA
ReuseDDElParam
UnpackDDElParam
SetRect
WindowFromPoint
GetKeyNameTextA
MapVirtualKeyA
IsRectEmpty
GetSystemMenu
SetParent
UnionRect
GetDCEx
LockWindowUpdate
SetCapture
GetMessageTime
GetLayeredWindowAttributes
GetClassNameA
GetWindowRgn
IsIconic
GetClientRect
FillRect
GetSystemMetrics
SetForegroundWindow
EnableWindow
MessageBoxA
LoadKeyboardLayoutA
UnloadKeyboardLayout
OpenInputDesktop
CloseDesktop
GetLastInputInfo
GetMessageA
KillTimer
SetTimer
PeekMessageA
TranslateMessage
DispatchMessageA
LoadCursorA
RegisterClassExA
CreateWindowExA
DefWindowProcA
IsWindow
GetWindowLongA
GetWindowThreadProcessId
GetWindowRect
GetWindowTextW
EnumWindows
MsgWaitForMultipleObjects
SystemParametersInfoA
GetForegroundWindow
ShowWindow
GetWindowTextA
PostMessageA
ShowScrollBar

gdi32

GetBkColor
CreateCompatibleBitmap
StretchDIBits
CreateFontA
GetCharWidthA
DPtoLP
GetWindowExtEx
GetViewportExtEx
SelectClipPath
GetClipRgn
SelectClipRgn
SetColorAdjustment
PatBlt
GetMapMode
SetRectRgn
CreateRectRgnIndirect
CreateFontIndirectA
GetTextMetricsA
GetTextExtentPoint32A
CreateHatchBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreatePatternBrush
CreateDIBPatternBrushPt
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
DeleteObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
StartDocA
GetPixel
GetRgnBox
EqualRgn
CombineRgn
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CreateDCA
CopyMetaFileA
GetDeviceCaps
ExtCreateRegion
GetRegionData
GetObjectA
CreateCompatibleDC
GetDIBits
DeleteDC
OffsetRgn
CreateSolidBrush
CreateRectRgn
BitBlt

comdlg32

GetFileTitleA

winspool.drv

ord204
EnumFormsA
EnumPrintersA
EnumPrintersW
ord202
DocumentPropertiesA
ord203
ClosePrinter
DeletePrinter
OpenPrinterA

advapi32

RegEnumKeyA
RegQueryValueA
RegOpenKeyA
RegCreateKeyA
RegSetValueA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
GetTokenInformation
EqualSid
DuplicateTokenEx
QueryServiceStatus
QueryServiceStatusEx
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle
RegFlushKey
RegQueryValueExW
RegDeleteValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegEnumValueA
RegQueryValueExA
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyExW
RegDeleteKeyA
GetUserNameA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

shell32

ShellExecuteA
ShellExecuteExA
SHGetFileInfoA
ExtractIconA
DragFinish
DragQueryFileA
SHFileOperationA

shlwapi

SHCopyKeyA
PathIsDirectoryW
PathFileExistsA
PathIsUNCA
PathRemoveBackslashA
PathAddBackslashA
PathRemoveFileSpecA
UrlUnescapeA
PathFindExtensionA
PathStripToRootA
PathRemoveExtensionA
PathFindFileNameA
PathRemoveFileSpecW
PathIsDirectoryA

ole32

CoCreateInstance
CLSIDFromProgID
CoInitialize
CoUninitialize
CoTaskMemFree
SetConvertStg
CoCreateGuid
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoInitializeEx
WriteFmtUserTypeStg
CoTreatAsClass
CreateBindCtx
ReleaseStgMedium
CoDisconnectObject
CLSIDFromString
StringFromGUID2
OleDuplicateData
CoTaskMemAlloc

oleaut32

SafeArrayCreate
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarDateFromStr
SysReAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SysAllocString
SysFreeString
SysAllocStringByteLen
SysStringByteLen
VariantInit
SysStringLen
VariantClear
VariantChangeType
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
GetErrorInfo
SetErrorInfo
CreateErrorInfo

urlmon

CreateURLMoniker

mpr

WNetAddConnection2A

wininet

FtpFindFirstFileA
GopherCreateLocatorA
GopherOpenFileA
FtpOpenFileA
GopherGetAttributeA
HttpSendRequestExA
InternetOpenUrlA
FtpCommandA
InternetFindNextFileA
HttpEndRequestA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
GopherFindFirstFileA
InternetErrorDlg
FtpGetFileA
FtpPutFileA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpRenameFileA
FtpDeleteFileA
InternetQueryDataAvailable
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
InternetQueryOptionA
HttpOpenRequestA
InternetConnectA
InternetSetOptionA
InternetOpenA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetSetOptionExA
InternetSetCookieA
InternetGetCookieA

dnsapi

DnsQuery_A
DnsFree

ws2_32

inet_addr
ntohl
gethostbyname
WSACleanup
WSAGetLastError
bind
htons
connect
getsockname
ntohs
htonl
closesocket
socket
WSAStartup
inet_ntoa

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

iphlpapi

GetAdaptersInfo
GetTcpTable

psapi

EnumProcessModules
GetModuleFileNameExA
EnumProcesses

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5a9cae4303276aa9237a437566a717b

Code Sign

0a:9c:c4:0e:ee:b4:10:3c:26:11:55:04:e2:2b:c0:acCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

zlib1

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

urlmon

mpr

wininet

dnsapi

ws2_32

version

iphlpapi

psapi

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 230KB - Virtual size: 230KB

.data Size: 18KB - Virtual size: 46KB

.rsrc Size: 2KB - Virtual size: 2KB

0a:9c:c4:0e:ee:b4:10:3c:26:11:55:04:e2:2b:c0:ac
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 230KB - Virtual size: 230KB

.data
Size: 18KB - Virtual size: 46KB

.rsrc
Size: 2KB - Virtual size: 2KB