e398cd07c697e6exeexeexeex[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

e398cd07c697e6exeexeexeex.exe
Size

827KB
MD5

e398cd07c697e6bc46c31be632447b66
SHA1

5199558ece84f1a4b992b1bdca870306c28c646c
SHA256

59dacde3135905f4a63bff5ff2fb9d6389a7ae4eb5d75196bb67853e45dfb547
SHA512

39819dd418bccd7e779526e2bddfa232e498adfa0808159632d88b3dada6b4cd1ab40a2f8be4f6e88e3271364ba28505510f112446c2fd7b326d65df0b530620
SSDEEP

12288:MpEy+hNSe4V3ctrkRzP0UkngliUmHMACernXGxFJAFMJU4pkk:Mz+hYYtrkRLGsvvJAFMJ7pkk

Score

1^/10

Malware Config

Signatures

Files

e398cd07c697e6exeexeexeex.exe
.exe windows x86

b7eb20fe74a58b8070744b71abd2b5a6

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:12:e5:82:ce:e6:34:f6:e2:f6:0f:d0:6a:94:f4:3d
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

09/02/2018, 00:00

Not After

10/03/2020, 23:59

Subject

CN=Kingdee Software(China) Co.\,Ltd,OU=K/3 WISE Dept.,O=Kingdee Software(China) Co.\,Ltd,L=ShenZhen,ST=GuangDong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

72:de:3f:01:a4:81:97:3e:8c:40:9c:42:f3:66:7f:a9:16:bf:c9:2e
Signer

Actual PE Digest

72:de:3f:01:a4:81:97:3e:8c:40:9c:42:f3:66:7f:a9:16:bf:c9:2e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

connect
htons
socket
closesocket
recv
WSAGetLastError
send
setsockopt
ioctlsocket
gethostbyname
inet_ntoa

rtskeygendll

?EnCrypt@CRSSKeyGenDll@@QAEPADPAD@Z
?DeCrypt@CRSSKeyGenDll@@QAEPADPAD@Z
??0CRSSKeyGenDll@@QAE@XZ

kernel32

TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
GetTickCount
RtlUnwind
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapFree
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapReAlloc
VirtualProtect
LocalReAlloc
GetSystemInfo
VirtualQuery
GetProcessHeap
GetStartupInfoA
ExitProcess
ExitThread
CreateThread
HeapSize
SetStdHandle
GetFileType
GetACP
IsValidCodePage
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEnvironmentVariableA
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetFileTime
GetFileAttributesA
InterlockedIncrement
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GetProfileIntA
GetCurrentProcessId
GetModuleFileNameW
FormatMessageA
LocalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
SetLastError
lstrcmpW
GetModuleHandleA
GetProcAddress
GetVersionExA
GetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
LoadLibraryA
FreeLibrary
InterlockedDecrement
CompareStringW
CompareStringA
GetVersion
InterlockedExchange
WaitForSingleObject
lstrcmpA
DeleteFileA
CreateDirectoryA
FindFirstFileA
FindClose
GetModuleFileNameA
CreateMutexA
GetLastError
ReleaseMutex
CloseHandle
lstrlenA
Sleep
lstrcatA
MultiByteToWideChar
GetCommandLineA
lstrcpyA
SetCurrentDirectoryA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
CreateFileW
VirtualAlloc

user32

ReuseDDElParam
UnpackDDElParam
GetSysColorBrush
GetMenuItemInfoA
CharNextA
UnregisterClassA
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
SetRectEmpty
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
KillTimer
SetTimer
IsRectEmpty
FindWindowA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
LoadMenuA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
ValidateRect
ScrollWindow
TrackPopupMenu
GetScrollRange
ShowScrollBar
IsWindowVisible
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
PtInRect
DefWindowProcA
CallWindowProcA
SetWindowLongA
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetFocus
UpdateWindow
MessageBoxW
IsWindow
AdjustWindowRectEx
GetAsyncKeyState
LoadBitmapA
CharUpperA
SetScrollRange
SetScrollPos
GetScrollPos
GetDC
SetWindowPos
FlashWindow
IsIconic
DrawIcon
LoadIconA
SetForegroundWindow
SetWindowRgn
PostMessageA
IsChild
GetKeyState
GetSystemMetrics
LoadCursorA
InvalidateRgn
SetCursor
PeekMessageA
ReleaseCapture
GetCursorPos
DestroyCursor
DestroyMenu
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
BringWindowToTop
SetMenu
TranslateAcceleratorA
LoadImageA
CopyAcceleratorTableA
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
GetWindowTextA
TranslateMessage
GetWindowLongA
WindowFromPoint
GetParent
SetCapture
GetCapture
GetActiveWindow
RedrawWindow
InvalidateRect
ScreenToClient
ClientToScreen
GetClientRect
GetWindowRect
DrawFocusRect
FrameRect
FillRect
OffsetRect
InflateRect
SetRect
CopyRect
GetSysColor
DrawStateA
EnableWindow
SendMessageA
PostQuitMessage
GetMessageA
GetMessagePos
GetDCEx
MapWindowPoints

gdi32

GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreatePen
CreateFontIndirectA
SetRectRgn
GetMapMode
PatBlt
Rectangle
UnrealizeObject
GetRgnBox
GetTextExtentPoint32A
GetBkColor
GetTextColor
MoveToEx
LineTo
SelectClipRgn
CreateRectRgnIndirect
CreateRectRgn
CreateDCA
GetObjectA
CreateCompatibleBitmap
CreateSolidBrush
CreateBitmap
CreateCompatibleDC
SelectObject
SetBkColor
BitBlt
SetTextColor
DeleteDC
DeleteObject
GetStockObject
SetMapMode
SetROP2
SetBkMode
RestoreDC
SaveDC
Ellipse
LPtoDP
CreateEllipticRgn
GetClipBox
GetDeviceCaps
CreateRoundRectRgn
CreatePolygonRgn
CreateFontA
GetDIBits
CombineRgn

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegCloseKey
RegDeleteKeyA
RegOpenKeyA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteExA
DragFinish
DragQueryFileA
ShellExecuteA

comctl32

ord17

shlwapi

PathIsUNCA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
UrlUnescapeA

oledlg

ord8

ole32

OleUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CoInitializeSecurity
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoDisconnectObject
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize

oleaut32

SysAllocStringLen
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopy
SysAllocStringByteLen
SysStringLen
SysAllocString
VariantChangeType
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
VariantInit
VariantClear
SysFreeString
OleLoadPicture
OleCreateFontIndirect
LoadTypeLi

ws2_32

WSAStartup
WSACleanup
WSASetLastError

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
InternetSetOptionExA
HttpOpenRequestA
InternetOpenUrlA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
HttpAddRequestHeadersA
InternetQueryOptionA
InternetQueryDataAvailable

Sections

.text
Size: 500KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b7eb20fe74a58b8070744b71abd2b5a6

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

7c:12:e5:82:ce:e6:34:f6:e2:f6:0f:d0:6a:94:f4:3dCertificate

Extended Key Usages

Key Usages

72:de:3f:01:a4:81:97:3e:8c:40:9c:42:f3:66:7f:a9:16:bf:c9:2eSigner

Headers

File Characteristics

Imports

wsock32

rtskeygendll

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

wininet

Sections

.text Size: 500KB - Virtual size: 497KB

.rdata Size: 128KB - Virtual size: 124KB

.data Size: 20KB - Virtual size: 43KB

.rsrc Size: 172KB - Virtual size: 172KB

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

7c:12:e5:82:ce:e6:34:f6:e2:f6:0f:d0:6a:94:f4:3d
Certificate

72:de:3f:01:a4:81:97:3e:8c:40:9c:42:f3:66:7f:a9:16:bf:c9:2e
Signer

.text
Size: 500KB - Virtual size: 497KB

.rdata
Size: 128KB - Virtual size: 124KB

.data
Size: 20KB - Virtual size: 43KB

.rsrc
Size: 172KB - Virtual size: 172KB