c16f76c43cb4623c00df1af4899033659d75346c9fcf3bebe5baecdbeeed3c7a

Sharing

Copy URL Twitter E-mail

General

Target

c16f76c43cb4623c00df1af4899033659d75346c9fcf3bebe5baecdbeeed3c7a
Size

1.3MB
MD5

56ffecbb9e3512275cbfbba0cd77c0ab
SHA1

b9b56f0b98ebc615e5871769a8bc3767e5099f69
SHA256

c16f76c43cb4623c00df1af4899033659d75346c9fcf3bebe5baecdbeeed3c7a
SHA512

030ac35edf139a492fd436e6f2e2fb64fafc7c38264f6868be7c82e49fcd06c9e674952f554f9da9a608464164d2bc58331150ae800909afb46605fae6cba369
SSDEEP

24576:MENRnmTyCChRRUPF8IwBtNrko8s9XtQdHo98TlwAuYugoCY2pwhLs/X:MENRWCh4VwVQoP9XCI989oipwRs/

Score

1^/10

Malware Config

Signatures

Files

c16f76c43cb4623c00df1af4899033659d75346c9fcf3bebe5baecdbeeed3c7a
.zip
PDFRunningHelper.exe
.exe windows x86

ad379a8f49326742d86098c7e6f14b20

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:ff:90:1e:ad:ca:ed:ce:57:5f:0b:10:7f:7d:f6:99
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/09/2020, 00:00

Not After

08/12/2021, 12:00

Subject

CN=天津迅读科技有限公司,O=天津迅读科技有限公司,ST=天津市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:6d:10:f2:6a:58:9d:ab:29:3f:72:a5:bb:19:c4:72
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/09/2020, 00:00

Not After

08/12/2021, 12:00

Subject

CN=天津迅读科技有限公司,O=天津迅读科技有限公司,ST=天津市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:e0:f6:ae:bd:50:35:e6:f6:23:a8:34:49:a2:9e:1e:96:0c:f4:45:ed:14:62:3f:53:bd:06:18:30:44:26:68
Signer

Actual PE Digest

72:e0:f6:ae:bd:50:35:e6:f6:23:a8:34:49:a2:9e:1e:96:0c:f4:45:ed:14:62:3f:53:bd:06:18:30:44:26:68

Digest Algorithm

sha256

PE Digest Matches

true

f1:c6:25:16:d4:a3:28:26:82:64:ca:9c:2a:6f:4b:74:0b:fc:1b:da
Signer

Actual PE Digest

f1:c6:25:16:d4:a3:28:26:82:64:ca:9c:2a:6f:4b:74:0b:fc:1b:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
ExitProcess
GetWindowsDirectoryW
GetSystemDirectoryW
LocalFree
lstrcmpA
OpenEventW
OpenFileMappingW
SetErrorMode
GetSystemTime
SystemTimeToFileTime
SleepEx
FormatMessageA
GetFileType
GetStdHandle
PeekNamedPipe
ExpandEnvironmentStringsA
QueryPerformanceCounter
LoadLibraryA
GlobalMemoryStatus
FlushConsoleInputBuffer
GetTempPathW
GetVersion
MulDiv
GetCurrentProcessId
OpenProcess
GetModuleHandleA
VerifyVersionInfoW
VerSetConditionMask
GlobalFree
GlobalAlloc
ReadFile
GetFileSize
WideCharToMultiByte
GetExitCodeProcess
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
CreateProcessW
GetFullPathNameW
GetCurrentDirectoryW
GetTimeZoneInformation
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetACP
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
SetFilePointerEx
GetModuleHandleExW
ExitThread
FindFirstFileExW
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
FreeLibraryAndExitThread
GetLocalTime
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
UnhandledExceptionFilter
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStringTypeW
TryEnterCriticalSection
WaitForSingleObjectEx
DuplicateHandle
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
SetUnhandledExceptionFilter
SetThreadLocale
GetThreadLocale
WaitForMultipleObjects
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetDriveTypeW
DeviceIoControl
IsBadReadPtr
GetLongPathNameW
SetFileAttributesW
MoveFileExW
RemoveDirectoryW
MapViewOfFile
CreateFileMappingW
SetEndOfFile
UnmapViewOfFile
GetQueuedCompletionStatus
InterlockedExchange
CreateIoCompletionPort
CreateEventW
GetExitCodeThread
GetSystemInfo
PostQueuedCompletionStatus
SetEvent
ResetEvent
GetNativeSystemInfo
lstrlenA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
Sleep
WaitForSingleObject
TerminateProcess
DecodePointer
GetCommandLineW
LoadLibraryExW
MultiByteToWideChar
lstrcmpiW
GetCurrentProcess
GetModuleHandleW
SetProcessShutdownParameters
WriteFile
OutputDebugStringW
SetFilePointer
CreateFileW
GetPrivateProfileStringW
GetTickCount
WritePrivateProfileStringW
GetPrivateProfileIntW
SetLastError
RaiseException
GetCurrentThreadId
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
CopyFileW
CreateDirectoryW
CreateThread
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryW
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
GetLastError
HeapReAlloc
HeapSize
HeapDestroy
IsDebuggerPresent
FlushFileBuffers
GetCurrentThread
SetThreadPriority
GetStartupInfoW
CreatePipe
FormatMessageW
CreateFileA
GetFileAttributesExW
GetFileTime
lstrlenW
TerminateThread
InitializeCriticalSection
GetThreadTimes
GetVersionExW
GetModuleFileNameW

user32

DefWindowProcW
DestroyWindow
SendMessageW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
SetWindowLongW
GetWindowLongW
CallWindowProcW
FindWindowExW
SetWindowPos
IsWindow
GetClientRect
GetParent
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetDlgItem
PtInRect
wsprintfW
ShowWindow
CharNextW
FindWindowW
PostMessageW
IsWindowVisible
SetRectEmpty
SystemParametersInfoW
KillTimer
SetTimer
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
EqualRect
SetCursor
ClientToScreen
ScreenToClient
GetDoubleClickTime
CopyRect
IntersectRect
SetFocus
IsRectEmpty
GetIconInfo
DrawIconEx
BeginPaint
EndPaint
IsIconic
InvalidateRect
TrackMouseEvent
SetCapture
ReleaseCapture
SetWindowRgn
EnableWindow
GetForegroundWindow
GetWindowTextW
IsZoomed
GetCursorPos
MonitorFromRect
OffsetRect
SetLayeredWindowAttributes
DrawTextW
GetDC
ReleaseDC
CharLowerBuffW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
MessageBoxW
IsClipboardFormatAvailable
RegisterClipboardFormatW
GetSysColor
SetCaretPos
CreateCaret
GetCaretBlinkTime
GetWindowTextLengthW
SetWindowTextW
UpdateLayeredWindow
SetActiveWindow
SetForegroundWindow
UpdateWindow
FillRect
PostQuitMessage
BringWindowToTop
AttachThreadInput
GetWindowThreadProcessId
MapWindowPoints
MoveWindow
GetFocus

gdi32

SetTextColor
DeleteObject
GetViewportOrgEx
SetTextCharacterExtra
GetCurrentObject
GetTextColor
CreateSolidBrush
SetBkColor
CreateFontIndirectW
RestoreDC
SaveDC
CreateRectRgnIndirect
ExtSelectClipRgn
GetDeviceCaps
GetStockObject
SetBkMode
CreateRectRgn
CombineRgn
CreateRoundRectRgn
SetBitmapBits
GetBitmapBits
StretchBlt
SetStretchBltMode
DeleteDC
BitBlt
SetPixel
CreateCompatibleDC
GetObjectW
CreateDIBSection
Rectangle
SelectObject
CreatePen

advapi32

DeregisterEventSource
ReportEventA
RegisterEventSourceA
ConvertSidToStringSidW
LookupAccountNameW
GetUserNameW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegEnumKeyW
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
CloseServiceHandle
CreateServiceW
OpenSCManagerW

shell32

ord165
ShellExecuteW
ShellExecuteExW
SHCreateDirectoryExW
SHChangeNotify
SHGetSpecialFolderPathW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFolderPathW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CLSIDFromProgID
OleRun
RegisterDragDrop
CoInitializeSecurity

oleaut32

SysFreeString
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysAllocString
SysAllocStringLen
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantClear
SysStringLen
VariantCopy
GetErrorInfo

shlwapi

SHDeleteKeyW
AssocQueryStringW
SHSetValueW
SHGetValueW
PathRemoveFileSpecW
PathIsDirectoryW
PathAppendW
SHDeleteValueW
PathCombineW
PathRemoveExtensionW
PathIsPrefixW
PathRemoveBackslashW
PathCanonicalizeW
PathIsRootW
PathSearchAndQualifyW
PathFindFileNameW
StrStrIW
PathFindExtensionW
PathFileExistsW
StrCmpIW

comctl32

ord17

msimg32

AlphaBlend

wininet

InternetCrackUrlW
InternetOpenW
InternetSetOptionW
HttpQueryInfoW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetReadFile
InternetConnectW

gdiplus

GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdiplusStartup
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile

ws2_32

WSACleanup
WSAStartup
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
getservbyname
gethostbyname
htonl
shutdown
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs

riched20

ord4

crypt32

CertGetNameStringW
CryptBinaryToStringW
CryptStringToBinaryW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

wldap32

ord145
ord46
ord14
ord216
ord208
ord41
ord118
ord26
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301

netapi32

Netbios

iphlpapi

GetAdaptersInfo
GetIpAddrTable

psapi

EnumProcessModules

secur32

GetUserNameExW

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 513KB - Virtual size: 513KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 557KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad379a8f49326742d86098c7e6f14b20

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

04:ff:90:1e:ad:ca:ed:ce:57:5f:0b:10:7f:7d:f6:99Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

07:6d:10:f2:6a:58:9d:ab:29:3f:72:a5:bb:19:c4:72Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

72:e0:f6:ae:bd:50:35:e6:f6:23:a8:34:49:a2:9e:1e:96:0c:f4:45:ed:14:62:3f:53:bd:06:18:30:44:26:68Signer

f1:c6:25:16:d4:a3:28:26:82:64:ca:9c:2a:6f:4b:74:0b:fc:1b:daSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

wininet

gdiplus

ws2_32

riched20

crypt32

version

wintrust

wldap32

netapi32

iphlpapi

psapi

secur32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 513KB - Virtual size: 513KB

.data Size: 61KB - Virtual size: 160KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 557KB - Virtual size: 556KB

.reloc Size: 103KB - Virtual size: 103KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

04:ff:90:1e:ad:ca:ed:ce:57:5f:0b:10:7f:7d:f6:99
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

07:6d:10:f2:6a:58:9d:ab:29:3f:72:a5:bb:19:c4:72
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

72:e0:f6:ae:bd:50:35:e6:f6:23:a8:34:49:a2:9e:1e:96:0c:f4:45:ed:14:62:3f:53:bd:06:18:30:44:26:68
Signer

f1:c6:25:16:d4:a3:28:26:82:64:ca:9c:2a:6f:4b:74:0b:fc:1b:da
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 513KB - Virtual size: 513KB

.data
Size: 61KB - Virtual size: 160KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 557KB - Virtual size: 556KB

.reloc
Size: 103KB - Virtual size: 103KB