sfh[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

sfh.zip
Size

156.2MB
MD5

87c0671f606356133e8da3a79daee927
SHA1

7b46fa6eafc843a6ea96f4d1d6bea01bf8e51783
SHA256

0e952707336b1eee9117220b1d7d5a3987555b2061d69ac1d73c2bc011710272
SHA512

a487b511f79da303fe195840f80fd24c83e5330faba09e4aa91e3090d0812163025874c95e708a36158a3e7942a474c0707d3d8d034d8fc24cb3cc54eff7099b
SSDEEP

3145728:PxJnX4qynno6DXGxCZwVkXEAPIsDhY5okqpAOJNCCRs9GCYaMZj:T4qOnoQWQZwVk0+3DO5okwL/vRs9GClO

Score

1^/10

Malware Config

Signatures

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/lql/EasyConnectInstaller.exe	nsis_installer_1
static1/unpack001/lql/EasyConnectInstaller.exe	nsis_installer_2

Files

sfh.zip
.zip
lql/EasyConnectInstaller.exe
.exe windows x86

dfb06052e74b26a42b0e490bd1c07959

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

12:18:76:db:06:e8:34:da:35:c1:98:90:e6:e6:50:d0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/07/2015, 00:00

Not After

14/09/2018, 23:59

Subject

CN=Sangfor Technologies Co.\,Ltd,OU=research and development department,O=Sangfor Technologies Co.\,Ltd,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:4d:0d:a7:54:e1:f1:0e:ae:2e:6d:26:bb:cd:1b:18
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

31/12/2015, 00:00

Not After

14/09/2018, 23:59

Subject

CN=Sangfor Technologies Co.\,Ltd,OU=research and development department,O=Sangfor Technologies Co.\,Ltd,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Standard - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fa:9a:bf:10:3b:65:20:8c:87:ff:35:bb:33:a8:5a:0f:85:fc:22:36:47:41:2f:00:91:5d:63:b3:e5:76:c4:fc
Signer

Actual PE Digest

fa:9a:bf:10:3b:65:20:8c:87:ff:35:bb:33:a8:5a:0f:85:fc:22:36:47:41:2f:00:91:5d:63:b3:e5:76:c4:fc

Digest Algorithm

sha256

PE Digest Matches

true

2b:84:9c:20:6c:74:4c:9a:b6:de:fc:c7:ad:9f:8c:f7:56:ce:02:f1
Signer

Actual PE Digest

2b:84:9c:20:6c:74:4c:9a:b6:de:fc:c7:ad:9f:8c:f7:56:ce:02:f1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sfh/172.30.201.141_80_http_IsSetup_Agent.exe
.exe windows x86

13b4dac404c7bca8f5143c8a24f053bb

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:76:60:b6:00:f0:99:e4:0e:42:c9:4f:fe:18:cf:e3
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

05/07/2021, 00:00

Not After

02/08/2024, 23:59

Subject

CN=Hangzhou Yinggao Technology Co.\, Ltd.,O=Hangzhou Yinggao Technology Co.\, Ltd.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:76:60:b6:00:f0:99:e4:0e:42:c9:4f:fe:18:cf:e3
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

05/07/2021, 00:00

Not After

02/08/2024, 23:59

Subject

CN=Hangzhou Yinggao Technology Co.\, Ltd.,O=Hangzhou Yinggao Technology Co.\, Ltd.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c7:0a:be:b7:59:32:d3:52:73:84:27:f3:b9:4e:94:93:39:3f:5a:4b:3e:55:d9:b7:f8:d0:48:2e:45:1d:28:69
Signer

Actual PE Digest

c7:0a:be:b7:59:32:d3:52:73:84:27:f3:b9:4e:94:93:39:3f:5a:4b:3e:55:d9:b7:f8:d0:48:2e:45:1d:28:69

Digest Algorithm

sha256

PE Digest Matches

true

02:11:72:ae:f9:0b:af:88:3e:0b:50:62:ad:48:7b:5b:ba:fa:3b:70
Signer

Actual PE Digest

02:11:72:ae:f9:0b:af:88:3e:0b:50:62:ad:48:7b:5b:ba:fa:3b:70

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
SetCurrentDirectoryA
GetModuleFileNameA
TerminateThread
OpenEventA
MultiByteToWideChar
GetEnvironmentVariableA
FreeLibrary
MoveFileExA
GetCommandLineA
WritePrivateProfileStringA
CreateThread
DeleteFileA
GetSystemDirectoryA
GetTempPathA
OpenMutexA
GetTickCount
LoadLibraryA
CloseHandle
GetLocalTime
SetDllDirectoryA
ResetEvent
SetEvent
GetTempFileNameA
GetExitCodeProcess
WaitForSingleObject
GetFileAttributesA
GetProcAddress
GetLastError
CreateEventA
GetCurrentProcessId
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
OpenFileMappingA
FlushFileBuffers
GetFileAttributesExA
FormatMessageA
WriteFile
CreateFileA
GetFileSize
SetFilePointer
GetCurrentThreadId
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
GetVersion
Process32Next
GetCurrentProcess
QueryDosDeviceA
Process32First
TerminateProcess
ReadFile
GetModuleHandleA
GetWindowsDirectoryA
CreateMutexA
GetCurrentDirectoryA
GetStdHandle
CreateToolhelp32Snapshot
OpenProcess
SetLastError
SetFileTime
RemoveDirectoryA
CopyFileA
LocalFileTimeToFileTime
SetFileAttributesA
SetEndOfFile
FindClose
CreateFileMappingA
SystemTimeToFileTime
MoveFileA
FindNextFileA
CreateDirectoryA
GetFileTime
FindFirstFileA
InitializeCriticalSection
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileStringA
GetVersionExA
GetSystemInfo
GetProcessHeap
HeapReAlloc
HeapSize
HeapAlloc
HeapFree
DosDateTimeToFileTime
GetSystemTimeAsFileTime
GetStartupInfoA
InterlockedIncrement
InterlockedDecrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
ExitProcess
SetEnvironmentVariableA
SetEnvironmentVariableW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter

user32

SetWindowTextA
EndDialog
GetSystemMetrics
ExitWindowsEx
DialogBoxParamA
MessageBoxExA
SendDlgItemMessageA
MessageBoxA
GetDlgItemTextA

advapi32

SetSecurityDescriptorDacl
AllocateAndInitializeSid
LookupPrivilegeValueA
FreeSid
GetTokenInformation
OpenProcessToken
CheckTokenMembership
GetSidSubAuthority
CreateProcessWithLogonW
AdjustTokenPrivileges
RegEnumKeyExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
CreateServiceA
ControlService
QueryServiceConfigA
QueryServiceStatusEx
QueryServiceStatus
OpenServiceA
CloseServiceHandle
OpenSCManagerA
DeleteService
ChangeServiceConfigA
StartServiceA
InitializeSecurityDescriptor
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA

psapi

GetModuleFileNameExA

shlwapi

StrStrIA

ws2_32

select
socket
htons
__WSAFDIsSet
connect
gethostbyname
WSAGetLastError
WSASetLastError
ntohs
ntohl
recvfrom
sendto
setsockopt
closesocket
htonl
inet_addr
WSAStartup
bind

ole32

CoCreateInstance
CoUninitialize
CoInitialize

Sections

.text
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sfh/360EPP1334745767[172.30.201.35-8080]-W.exe
.exe windows x86

61259b55b8912888e90f516ca08dc514

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

05/01/2022, 09:58

Not After

06/01/2024, 09:58

Subject

SERIALNUMBER=911101026662879416,CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,STREET=朝阳区酒仙桥路6号院2号楼1至19层104号内8层801,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074245494a494e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:e3:b9:1f:11:d8:90:ec:e1:3b:5d:7e:94:14:d1:0f:4e:10:7e:fc:9a:48:f7:61:ce:ca:12:1e:a8:13:66:2e
Signer

Actual PE Digest

3e:e3:b9:1f:11:d8:90:ec:e1:3b:5d:7e:94:14:d1:0f:4e:10:7e:fc:9a:48:f7:61:ce:ca:12:1e:a8:13:66:2e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 220KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sfh/YunShu_2.5.2.40_cscec.exe
.exe windows x86

299d17491062bc6feb4f52852c3d5af5

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:3a:df:a8:2b:ed:12:3c:f5:79:11:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

30/07/2021, 08:32

Not After

30/07/2024, 08:32

Subject

SERIALNUMBER=91330110MA2KHXUW41,CN=杭州亿格云科技有限公司,O=杭州亿格云科技有限公司,STREET=余杭区闲林街道西溪欢乐城3幢915B室,L=杭州市,ST=浙江省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#130848414e475a484f55,1.3.6.1.4.1.311.60.2.1.2=#13085a48454a49414e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:98:32:3c:33:79:c0:c1:ee:11:d3:98:aa:70:3b:2b:12:57:6a:97:20:ec:c0:c2:c0:fd:fb:74:14:46:67:a5
Signer

Actual PE Digest

76:98:32:3c:33:79:c0:c1:ee:11:d3:98:aa:70:3b:2b:12:57:6a:97:20:ec:c0:c2:c0:fd:fb:74:14:46:67:a5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

ws2_32

shutdown
select
closesocket
bind
WSASocketW
__WSAFDIsSet
sendto
recvfrom
send
socket
connect
inet_pton
inet_ntoa
inet_addr
WSACloseEvent
WSACreateEvent
freeaddrinfo
getaddrinfo
getnameinfo
gethostname
WSAStartup
WSACleanup
gethostbyname
WSAGetLastError
setsockopt
htons
recv
listen
ioctlsocket
WSAIoctl
getsockopt
getsockname
getpeername
WSASetLastError
accept
ntohs

kernel32

CreateMutexW
ReleaseMutex
GetFullPathNameW
GetShortPathNameW
WTSGetActiveConsoleSessionId
K32GetProcessImageFileNameW
SetFilePointerEx
GetModuleHandleA
IsWow64Process
SetEndOfFile
GetFileInformationByHandle
FlushFileBuffers
OpenMutexW
DeviceIoControl
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
DuplicateHandle
GetFileType
DosDateTimeToFileTime
FileTimeToDosDateTime
SetNamedPipeHandleState
CreateNamedPipeW
ResumeThread
DisconnectNamedPipe
WaitNamedPipeW
ConnectNamedPipe
SetUnhandledExceptionFilter
FormatMessageA
SleepEx
QueryPerformanceFrequency
QueryPerformanceCounter
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetStdHandle
PeekNamedPipe
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetSystemTimeAsFileTime
SwitchToFiber
DeleteFiber
CreateFiber
LoadLibraryA
ConvertFiberToThread
ConvertThreadToFiber
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
OutputDebugStringA
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetConsoleOutputCP
GetTimeZoneInformation
SetConsoleCtrlHandler
SetStdHandle
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
GetStartupInfoW
UnhandledExceptionFilter
ResetEvent
GetCPInfo
LCMapStringEx
GetStringTypeW
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetFileAttributesExW
lstrcmpiA
GetVersionExA
lstrcpynW
GetFileSize
SystemTimeToFileTime
SetFileTime
WriteFile
SetFilePointer
LocalFileTimeToFileTime
FindFirstFileExW
GetLastError
GetSystemTime
GetCurrentProcessId
DeleteFileW
GetTempPathW
CloseHandle
SetEvent
WaitForSingleObject
CreateEventW
CreateThread
TerminateThread
Sleep
GetVersionExW
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
RaiseException
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentThreadId
GlobalUnlock
GlobalLock
ExitProcess
OutputDebugStringW
LocalFree
FormatMessageW
CreateFileA
GetFileSizeEx
ReadFile
FindClose
FindFirstFileW
FindNextFileW
MultiByteToWideChar
GetLocaleInfoA
GetACP
GetCommandLineW
DecodePointer
SetErrorMode
SetProcessShutdownParameters
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
LoadLibraryW
lstrcmpiW
CopyFileW
CreateFileW
GetFileTime
RemoveDirectoryW
GetCurrentProcess
TerminateProcess
OpenProcess
GetFileAttributesW
GetLocalTime
CreateDirectoryW
InitializeCriticalSectionAndSpinCount
VerifyVersionInfoW
MulDiv
VerSetConditionMask
FreeResource
SetCurrentDirectoryW
GetSystemInfo
MoveFileExW
GetWindowsDirectoryW
GetSystemDirectoryW
GetVolumePathNameW
GetTempFileNameW
GetDiskFreeSpaceExW
GetExitCodeProcess
GetTickCount
GetComputerNameExW
InitializeCriticalSection
LockResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
QueryDosDeviceW
lstrcpyW
GetSystemPowerStatus
GetTickCount64
WaitForMultipleObjects
K32GetProcessMemoryInfo
Thread32Next
Thread32First
GetSystemTimes
GetProcessHandleCount
GetProcessTimes
lstrlenW
CreateProcessW
GetCurrentDirectoryW
GetCommandLineA
GlobalAlloc
FileTimeToSystemTime
LocalAlloc

user32

GetMessageW
UnionRect
InflateRect
GetLastInputInfo
DrawIcon
GetClassInfoExW
SendMessageTimeoutW
RemovePropW
MapWindowPoints
ClientToScreen
RegisterWindowMessageW
WindowFromPoint
KillTimer
SetTimer
GetGuiResources
PtInRect
SetRectEmpty
FillRect
DrawFocusRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
PostMessageW
GetWindowTextW
EnumWindows
GetClassNameW
SendMessageW
AttachThreadInput
CallWindowProcW
ShowWindow
MoveWindow
SetWindowPos
IsIconic
BringWindowToTop
SetFocus
EnableWindow
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
UpdateLayeredWindow
GetWindowRgn
CharPrevW
SetRect
EqualRect
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetForegroundWindow
SetForegroundWindow
InvalidateRect
SetWindowTextW
GetClientRect
GetWindowRect
TranslateMessage
IntersectRect
OffsetRect
GetWindowLongW
SetWindowLongW
GetParent
GetWindowThreadProcessId
GetWindow
SystemParametersInfoW
UnregisterClassW
DialogBoxParamW
EndDialog
GetDlgItem
SetDlgItemTextW
SendDlgItemMessageW
GetGUIThreadInfo
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
DispatchMessageW
IsWindowVisible
GetKeyState
GetUpdateRect
IsRectEmpty
wsprintfW
PostQuitMessage
GetSystemMetrics
LoadImageW
SetPropW
IsWindow
IsZoomed
SetWindowRgn
MessageBoxW
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
MessageBeep
GetDlgCtrlID
MessageBoxA
EnumChildWindows
DefWindowProcW
RegisterClassW
GetClassInfoW
RegisterClassExW
CreateWindowExW
DestroyWindow
SetLayeredWindowAttributes
DefDlgProcW
CharNextW
AppendMenuW
SetCursor
LoadCursorW
LoadIconW
DrawTextW
GetDC
ReleaseDC
GetPropW
GetActiveWindow
TrackMouseEvent
ExitWindowsEx
ScreenToClient
GetFocus
GetCapture
SetCapture
GetCursorPos
ReleaseCapture
IsWindowEnabled
UpdateWindow
BeginPaint
GetProcessWindowStation
GetUserObjectInformationW
EndPaint
GetSysColor
GetWindowTextLengthW

gdi32

SetBitmapBits
GetBitmapBits
GetTextExtentPointA
GdiFlush
TextOutW
MoveToEx
GetObjectA
SetBkColor
ExtSelectClipRgn
SelectClipRgn
LineTo
GetClipBox
GetCharABCWidthsW
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
CreateDIBSection
PtInRegion
CreateRectRgn
CreatePatternBrush
SetWindowOrgEx
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
CreatePen
CreateDIBitmap
GetStockObject
GetTextMetricsW
SetStretchBltMode
StretchBlt
SelectObject
GetTextExtentPoint32W
GetDeviceCaps
DeleteDC
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
CreateRoundRectRgn
GetObjectW
SetTextColor
SetBkMode
CreateSolidBrush

advapi32

QueryServiceStatusEx
CreateProcessAsUserW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
SetSecurityDescriptorOwner
CryptDestroyKey
CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetKernelObjectSecurity
DeregisterEventSource
RegisterServiceCtrlHandlerExW
UnlockServiceDatabase
SetServiceStatus
StartServiceCtrlDispatcherW
DuplicateTokenEx
GetUserNameW
RegisterEventSourceW
ReportEventW
LookupAccountNameW
RegEnumValueW
CreateServiceW
QueryServiceStatus
DeleteService
ControlService
StartServiceW
RegCreateKeyW
ChangeServiceConfigW
RevertToSelf
ImpersonateLoggedOnUser
RegGetValueW
RegFlushKey
SetTokenInformation
GetTokenInformation
FreeSid
EqualSid
OpenServiceW

shell32

ord680
DragQueryFileW
ord155
SHGetFolderPathW
CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
ShellExecuteA
SHGetSpecialFolderPathW
Shell_NotifyIconW
ShellExecuteExW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
OleUninitialize
CreateStreamOnHGlobal
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemFree
DoDragDrop
OleDuplicateData
ReleaseStgMedium
CLSIDFromString
CLSIDFromProgID
OleLockRunning
PropVariantClear
CoInitialize
OleInitialize

oleaut32

VarUI4FromStr
SysAllocString
VariantInit
VariantClear
SysFreeString

shlwapi

PathRemoveBackslashW
PathFileExistsA
PathAppendW
PathIsRelativeW
PathRemoveFileSpecW
PathFileExistsW

msimg32

AlphaBlend

gdiplus

GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCloneStringFormat
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathArc
GdipAddPathLine
GdipDeletePath
GdipCreatePath
GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFile
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipImageGetFrameDimensionsCount
GdipCreateFromHDC
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipSetStringFormatFlags

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

wldap32

ord219
ord208
ord41
ord14
ord46
ord145
ord301
ord147
ord133
ord79
ord142
ord216
ord118
ord127
ord26
ord27
ord167

crypt32

CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CertFindCertificateInStore
CertOpenStore
CertCreateCertificateContext
CertAddCertificateContextToStore
CryptStringToBinaryW
CertCloseStore
CryptMsgGetParam
CryptMsgClose

rpcrt4

UuidFromStringW
UuidToStringW
RpcStringFreeW

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho2
GetTcpTable
GetAdaptersInfo

secur32

GetUserNameExW

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

wintrust

WinVerifyTrust

wininet

InternetConnectW
InternetCloseHandle
HttpSendRequestW
InternetSetOptionW
HttpQueryInfoW
InternetOpenW
InternetQueryOptionW
HttpOpenRequestW
InternetReadFile
HttpAddRequestHeadersW
InternetCrackUrlW

bcrypt

BCryptGenRandom

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dfb06052e74b26a42b0e490bd1c07959

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

12:18:76:db:06:e8:34:da:35:c1:98:90:e6:e6:50:d0Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

23:4d:0d:a7:54:e1:f1:0e:ae:2e:6d:26:bb:cd:1b:18Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

fa:9a:bf:10:3b:65:20:8c:87:ff:35:bb:33:a8:5a:0f:85:fc:22:36:47:41:2f:00:91:5d:63:b3:e5:76:c4:fcSigner

2b:84:9c:20:6c:74:4c:9a:b6:de:fc:c7:ad:9f:8c:f7:56:ce:02:f1Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 112KB

.ndata Size: - Virtual size: 56KB

.rsrc Size: 104KB - Virtual size: 104KB

13b4dac404c7bca8f5143c8a24f053bb

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

0e:76:60:b6:00:f0:99:e4:0e:42:c9:4f:fe:18:cf:e3Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:76:60:b6:00:f0:99:e4:0e:42:c9:4f:fe:18:cf:e3Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

c7:0a:be:b7:59:32:d3:52:73:84:27:f3:b9:4e:94:93:39:3f:5a:4b:3e:55:d9:b7:f8:d0:48:2e:45:1d:28:69Signer

02:11:72:ae:f9:0b:af:88:3e:0b:50:62:ad:48:7b:5b:ba:fa:3b:70Signer

Headers

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

12:18:76:db:06:e8:34:da:35:c1:98:90:e6:e6:50:d0
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

23:4d:0d:a7:54:e1:f1:0e:ae:2e:6d:26:bb:cd:1b:18
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

fa:9a:bf:10:3b:65:20:8c:87:ff:35:bb:33:a8:5a:0f:85:fc:22:36:47:41:2f:00:91:5d:63:b3:e5:76:c4:fc
Signer

2b:84:9c:20:6c:74:4c:9a:b6:de:fc:c7:ad:9f:8c:f7:56:ce:02:f1
Signer

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 112KB

.ndata
Size: - Virtual size: 56KB

.rsrc
Size: 104KB - Virtual size: 104KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

0e:76:60:b6:00:f0:99:e4:0e:42:c9:4f:fe:18:cf:e3
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:76:60:b6:00:f0:99:e4:0e:42:c9:4f:fe:18:cf:e3
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

c7:0a:be:b7:59:32:d3:52:73:84:27:f3:b9:4e:94:93:39:3f:5a:4b:3e:55:d9:b7:f8:d0:48:2e:45:1d:28:69
Signer

02:11:72:ae:f9:0b:af:88:3e:0b:50:62:ad:48:7b:5b:ba:fa:3b:70
Signer

.text
Size: 156KB - Virtual size: 152KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 16KB - Virtual size: 46KB

.rsrc
Size: 8KB - Virtual size: 6KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0b
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

3e:e3:b9:1f:11:d8:90:ec:e1:3b:5d:7e:94:14:d1:0f:4e:10:7e:fc:9a:48:f7:61:ce:ca:12:1e:a8:13:66:2e
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 220KB

.rsrc
Size: 196KB - Virtual size: 195KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

02:3a:df:a8:2b:ed:12:3c:f5:79:11:5e
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate