4df3edd02c09a61105a9c9ee6825a4f8f3bda2dea66aaad72df7a7a44fa42f89

Sharing

Copy URL Twitter E-mail

General

Target

4df3edd02c09a61105a9c9ee6825a4f8f3bda2dea66aaad72df7a7a44fa42f89
Size

3.9MB
MD5

e9fcd53447fb6aff17e56586e82e14c2
SHA1

90ced4d3eb89913a12686631b4775a355555bad6
SHA256

4df3edd02c09a61105a9c9ee6825a4f8f3bda2dea66aaad72df7a7a44fa42f89
SHA512

9cc6166f0c5b40fc65bb46dac19588332432d96a579eb0df17b95185b89de2f33cdde6ff987c764dab2dd15c4c6e0ed1e41f1f07699af75ce6641685f5686078
SSDEEP

49152:6kfXYgzVhIx5OehegLBJBQbKFQlHjL4RklmCC/SLw281DY2SPCTJKMIlO4CrnCEe:zQUSIgQAsDLcSLWD1tVKMoEzg1X

Score

1^/10

Malware Config

Signatures

Files

4df3edd02c09a61105a9c9ee6825a4f8f3bda2dea66aaad72df7a7a44fa42f89
.exe windows x86

d78b5883901eaa1af48f984d8224a427

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:12:68:a8:fd:ec:10:4d:9a:3e:83:9d:a4:2c:f5:bc
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

04/01/2022, 00:00

Not After

15/01/2025, 23:59

Subject

SERIALNUMBER=91440300736266709U,CN=WoTrus CA Limited,O=WoTrus CA Limited,L=Shenzhen,ST=Guangdong Province,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13085368656e7a68656e,1.3.6.1.4.1.311.60.2.1.2=#13124775616e67646f6e672050726f76696e6365,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:6d:cf:16:84:58:06:f9:5e:65:b1:e8:49:12:5f:b6:2a:6b:1b:12:fe:7b:80:61:90:bd:1c:a7:94:14:d7:1a
Signer

Actual PE Digest

ad:6d:cf:16:84:58:06:f9:5e:65:b1:e8:49:12:5f:b6:2a:6b:1b:12:fe:7b:80:61:90:bd:1c:a7:94:14:d7:1a

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ord30
ord79
ord35
ord33
ord143
ord32
ord27
ord26
ord22
ord41
ord50
ord200
ord45
ord211
ord46
ord301

ws2_32

connect
closesocket
bind
send
recv
WSASetLastError
__WSAFDIsSet
WSACleanup
WSAStartup
WSAGetLastError
getpeername
select
getsockname
getsockopt
htons
shutdown
ntohs
gethostname
sendto
recvfrom
listen
accept
getnameinfo
freeaddrinfo
getaddrinfo
ioctlsocket
WSAIoctl
socket
setsockopt

kernel32

InterlockedIncrement
InterlockedDecrement
SystemTimeToTzSpecificLocalTime
lstrcmpA
GetFileType
SetFilePointer
GetCurrentDirectoryW
DosDateTimeToFileTime
SetFileTime
MapViewOfFileEx
CreateThread
CreateMutexW
GetCommandLineW
SetUnhandledExceptionFilter
GetFileInformationByHandle
FileTimeToDosDateTime
CreateEventW
SetEvent
WaitForMultipleObjects
ExitProcess
GetModuleHandleExW
GetEnvironmentVariableW
GetTickCount64
InitializeCriticalSectionEx
SleepEx
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetModuleHandleW
SwitchToFiber
DeleteFiber
lstrlenW
QueryPerformanceCounter
GetSystemTimeAsFileTime
FormatMessageA
WaitForSingleObjectEx
ExpandEnvironmentStringsA
VerSetConditionMask
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemTime
FreeLibrary
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
WriteConsoleW
SetStdHandle
MoveFileExW
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
CompareFileTime
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
SetEndOfFile
GetConsoleCP
SetFilePointerEx
GetProcAddress
FileTimeToSystemTime
InitializeSListHead
ResetEvent
IsProcessorFeaturePresent
UnhandledExceptionFilter
MulDiv
OutputDebugStringW
IsDebuggerPresent
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
EncodePointer
FileTimeToLocalFileTime
TerminateThread
GetExitCodeThread
GlobalUnlock
GlobalLock
GlobalAlloc
GetLocalTime
GetCurrentProcessId
LocalAlloc
lstrcpynW
FindClose
FindNextFileW
FindFirstFileW
CopyFileW
GetFileAttributesW
SetFileAttributesW
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
LocalFree
FormatMessageW
CreateProcessW
CreateFileW
WaitForSingleObject
PeekNamedPipe
CreatePipe
TerminateProcess
ReadFile
UnmapViewOfFile
CloseHandle
MapViewOfFile
CreateFileMappingW
DeleteCriticalSection
DecodePointer
RaiseException
DeleteFileW
GetLastError
InitializeCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
TlsAlloc
GetTimeZoneInformation
SwitchToThread
GetStringTypeW
GetCurrentThreadId
FreeResource
SetLastError
GetStartupInfoW
Sleep
QueryDosDeviceW
LoadLibraryExW
LoadLibraryW
GetLogicalDriveStringsW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameW
GetFileSizeEx
ExpandEnvironmentStringsW
GetVersionExW
RtlUnwind
SystemTimeToFileTime
GetSystemInfo
GetCurrentProcess
IsWow64Process
GetACP
OpenProcess
GetGeoInfoW
GetUserGeoID
GetComputerNameExA
WritePrivateProfileStringW
GetDiskFreeSpaceExW
GetTempPathW
GetDiskFreeSpaceExA
GetLogicalDrives
CreateDirectoryW
WriteFile
GetModuleFileNameA
GetDriveTypeW
GetFileSize
CreateFiber

user32

CallWindowProcW
GetWindowTextW
GetClassInfoExW
GetMenu
GetWindowTextLengthW
RegisterClassW
SetWindowTextW
SetRect
SetPropW
InvalidateRgn
GetPropW
AdjustWindowRectEx
LoadImageW
IsZoomed
EnableWindow
InflateRect
GetSysColor
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
CreateCaret
SetCursor
AppendMenuW
CreatePopupMenu
CopyAcceleratorTableW
GetWindow
IsRectEmpty
MapWindowPoints
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseCapture
SetCapture
GetFocus
DrawTextW
OffsetRect
CharPrevW
CreateAcceleratorTableW
FillRect
IsWindow
GetUserObjectInformationW
GetProcessWindowStation
UpdateWindow
SetFocus
GetCursorPos
UpdateLayeredWindow
MonitorFromWindow
GetMonitorInfoW
SetWindowRgn
ScreenToClient
PostQuitMessage
IsIconic
GetClientRect
GetParent
CreateWindowExW
GetWindowRgn
MoveWindow
DestroyWindow
GetWindowLongW
SetWindowPos
GetWindowRect
SetForegroundWindow
FindWindowW
ShowWindow
KillTimer
SetTimer
SendMessageW
CharNextW
GetKeyState
RegisterClassExW
LoadCursorW
DefWindowProcW
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
GetSystemMetrics
ReleaseDC
GetDC
SetWindowLongW
MessageBoxW
wsprintfW
PostMessageW
DispatchMessageW
IntersectRect
PtInRect
GetMessageW
TranslateMessage

gdi32

ExtSelectClipRgn
SelectClipRgn
RoundRect
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
GetObjectA
SetBkColor
SetBkMode
CreateSolidBrush
SetWindowOrgEx
GetObjectW
GetTextMetricsW
SetBitmapBits
SaveDC
RestoreDC
Rectangle
GetStockObject
CreatePen
StretchBlt
SetStretchBltMode
MoveToEx
TextOutW
ExtTextOutW
SetTextColor
GetBitmapBits
CreateFontIndirectW
CreateCompatibleBitmap
BitBlt
CreateRoundRectRgn
PtInRegion
CreateRectRgn
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateDIBSection
GetDeviceCaps

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW

advapi32

CryptEnumProvidersW
CryptReleaseContext
RegQueryValueExW
CryptGetHashParam
RegOpenKeyExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyW
CryptExportKey
CryptGetProvParam
CryptDestroyKey
CryptGetUserKey
CryptSetHashParam
CryptSignHashW
CryptDecrypt
CryptAcquireContextA
CryptSetProvParam
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptGenRandom

shell32

DragFinish
SHGetSpecialFolderPathW
ShellExecuteExW
SHBrowseForFolderW
ShellExecuteW
DragAcceptFiles
DragQueryFileW
SHGetPathFromIDListW
SHFileOperationW

ole32

CLSIDFromProgID
CLSIDFromString
StgCreateDocfile
StgOpenStorageEx
CoInitialize
CoUninitialize
CoCreateInstance
OleLockRunning

oleaut32

VariantInit
SysFreeString
SysAllocStringLen
VariantClear
GetErrorInfo
SysAllocString

crypt32

CryptMsgControl
CertFreeCertificateContext
CertCreateCertificateContext
CertGetCertificateChain
CertFreeCertificateChain
CryptBinaryToStringA
CryptStringToBinaryA
CertOpenStore
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateContextProperty
CryptAcquireCertificatePrivateKey
PFXImportCertStore
CryptSIPRetrieveSubjectGuid
CertFindCertificateInStore
CryptMsgOpenToDecode
CryptMsgUpdate
CryptSignMessage
CertGetNameStringW
CertFindExtension
CryptDecodeObject
CryptQueryObject
CryptMsgClose
CertGetEnhancedKeyUsage
CryptEncodeObject
CryptMemFree
CryptMsgGetParam
CryptMsgVerifyCountersignatureEncoded
CertAlgIdToOID
CertDuplicateCertificateContext
CryptSIPLoad

cryptnet

CryptGetObjectUrl

wintrust

CryptCATPersistStore
CryptCATPutAttrInfo
CryptCATPutMemberInfo
WinVerifyTrust
CryptCATClose
CryptCATOpen

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsA
PathFindFileNameA
PathIsDirectoryW
PathFindExtensionW
PathFileExistsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

iphlpapi

GetAdaptersInfo

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

cryptui

CryptUIWizImport
CryptUIDlgViewContext

imagehlp

ImageEnumerateCertificates
ImageRemoveCertificate
ImageAddCertificate

gdiplus

GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushI
GdipCreateFromHDC
GdipSetTextRenderingHint

oledlg

OleUIAddVerbMenuW

comctl32

ord17
_TrackMouseEvent

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 715KB - Virtual size: 714KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 556KB - Virtual size: 555KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d78b5883901eaa1af48f984d8224a427

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:12:68:a8:fd:ec:10:4d:9a:3e:83:9d:a4:2c:f5:bcCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

ad:6d:cf:16:84:58:06:f9:5e:65:b1:e8:49:12:5f:b6:2a:6b:1b:12:fe:7b:80:61:90:bd:1c:a7:94:14:d7:1aSigner

Headers

DLL Characteristics

File Characteristics

Imports

wldap32

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

crypt32

cryptnet

wintrust

shlwapi

version

rpcrt4

iphlpapi

psapi

cryptui

imagehlp

gdiplus

oledlg

comctl32

imm32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 715KB - Virtual size: 714KB

.data Size: 46KB - Virtual size: 63KB

.rsrc Size: 556KB - Virtual size: 555KB

.reloc Size: 132KB - Virtual size: 131KB

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:12:68:a8:fd:ec:10:4d:9a:3e:83:9d:a4:2c:f5:bc
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

ad:6d:cf:16:84:58:06:f9:5e:65:b1:e8:49:12:5f:b6:2a:6b:1b:12:fe:7b:80:61:90:bd:1c:a7:94:14:d7:1a
Signer

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 715KB - Virtual size: 714KB

.data
Size: 46KB - Virtual size: 63KB

.rsrc
Size: 556KB - Virtual size: 555KB

.reloc
Size: 132KB - Virtual size: 131KB