645a3f2400d9f1fa62f8b2a0ee415e2694ac3479ef8d11b7e6b486ed21d30265

Sharing

Copy URL

Twitter E-mail

General

Target

645a3f2400d9f1fa62f8b2a0ee415e2694ac3479ef8d11b7e6b486ed21d30265
Size

913KB
MD5

00265b146acb5de043680da9ff1d9a19
SHA1

d1ce487ce1de34fb4e48b19e6ee052454ccdface
SHA256

645a3f2400d9f1fa62f8b2a0ee415e2694ac3479ef8d11b7e6b486ed21d30265
SHA512

eea4bccb007e415308ca1435f15e180d55cc22abe5da0090d0055c9570d7044814f93ecc590d210a954bf5ac3092cf0451eaff1259606bdc60ebb053ee8d0fdc
SSDEEP

24576:wtE1vQMb1fGI3NJXlVOCxfLQLrAlZYI/zMYxUh3tMArEH7s:wt2QCZV5fLQLrAlZz/zMYEd9

Score

1^/10

Malware Config

Signatures

Files

645a3f2400d9f1fa62f8b2a0ee415e2694ac3479ef8d11b7e6b486ed21d30265
.dll windows x86

020cf2c23a6da7329aeecc0dfa3878a7

Code Sign

0f:5e:af:81:a5:70:64:9e:8e:c0:ba:5d:ac:d4:e7:34
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25-11-2020 00:00

Not After

27-11-2023 23:59

Subject

SERIALNUMBER=1840921,CN=Apowersoft Ltd,O=Apowersoft Ltd,L=Tsim Sha Tsui,C=HK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302484b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:d1:8b:17:ce:c9:b3:e4:e3:9e:a6:ec:e7:f7:6b:00:e6:30:58:7d
Signer

Actual PE Digest

42:d1:8b:17:ce:c9:b3:e4:e3:9e:a6:ec:e7:f7:6b:00:e6:30:58:7d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
GetVersionExW
VirtualProtect
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadLibraryA
LocalFree
FormatMessageW
TryEnterCriticalSection
ReleaseSemaphore
WaitForSingleObject
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
DeleteFileA
FlushFileBuffers
GetFileInformationByHandle
GetFileSizeEx
SetFileAttributesA
SetFilePointerEx
MoveFileExA
lstrcpynA
DecodePointer
RaiseException
SetLastError
InitializeCriticalSectionEx
FindClose
FindFirstFileW
ReleaseMutex
CreateMutexW
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InitializeCriticalSection
QueryPerformanceFrequency
CreateFileW
GetTimeZoneInformation
WriteConsoleW
HeapSize
GetProcessHeap
SetEnvironmentVariableW
GetTempPathA
FormatMessageA
OutputDebugStringW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleMode
GetModuleFileNameW
GetCurrentThreadId
GetCurrentProcessId
Sleep
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
HeapReAlloc
GetFileAttributesExW
CreateDirectoryW
SetStdHandle
GetConsoleOutputCP
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
GetLastError
CloseHandle
WriteFile
GetFileAttributesA
CreateFileA
QueryPerformanceCounter
GetStdHandle
ExitThread
VirtualQuery
InterlockedFlushSList
RtlUnwind
TerminateProcess
GetCurrentProcess
InitializeSListHead
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
GetLocaleInfoEx
GetCPInfo
CompareStringEx
LCMapStringEx
EncodePointer
GetSystemTimeAsFileTime
GetStringTypeW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
WaitForSingleObjectEx

advapi32

EnumServicesStatusW
OpenSCManagerW
OpenServiceA
QueryServiceStatus
StartServiceW
RegCloseKey
CloseServiceHandle
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW

ws2_32

WSAGetLastError
htonl
setsockopt
gethostname
WSACleanup
__WSAFDIsSet
send
WSAStartup
socket
inet_addr
htons
getsockname
connect
closesocket
bind
accept
select
recv
WSASetLastError
ntohl
ntohs
inet_ntoa
gethostbyname
shutdown
listen

iphlpapi

GetNetworkParams
GetAdaptersInfo
IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho
SendARP

winmm

timeGetTime

libplist

plist_get_string_val
plist_get_data_val
plist_set_string_val
plist_set_uint_val
plist_dict_get_item
plist_to_xml
plist_to_bin
plist_from_bin
plist_free
plist_set_data_val
plist_dict_get_size

libeay32

ord3024
ord3216

wxmedia

WXPlayerStart
WXPlayerSeek
WXPlayerCurrTime
WXPlayerTotalTime2
WXPlayerTotalTime
WXPlayerDestroy
WXPlayerCreate2
WXPlayerResume
WXSoundPlayerCreate
WXSoundPlayerWriteData
WXSoundPlayerDestroy
WXDeviceInitMirror
WXGetTimeMs
WXSleepMs
WXI420Copy
WXMediaUtilsSaveAsPicture
WXMediaUtilsAllocVideoFrame
WXMediaFreeFrame
H264GetSize
WXAirplayPush
WXVideoRenderCreateEx
WXVideoRenderCreate
WXVideoRenderDestroy
WXVideoRenderChangeMode
WXGetRotateFilp
WXVideoRenderDisplay
WXH264DecSetHw
WXPlayerStop
WXH264DecCreate
WXH264DecDestroy
WXH264DecGetWidth
WXH264DecGetHeight
WXH264DecSendPacket
WXH264DecGetFrame
WXPlayerPause

libffmpeg

IMG_Quit
IMG_LoadTexture
SDL_CreateMutex
SDL_LockMutex
SDL_RenderPresent
SDL_RenderCopy
SDL_SetWindowSize
SDL_QueryTexture
SDL_Quit
SDL_Init
SDL_EventState
SDL_DestroyRenderer
SDL_CreateRenderer
SDL_CreateWindowFrom
SDL_UnlockMutex
SDL_PollEvent

Exports

Exports

ChangeSize
DisconnectAirplay
DisconnectAirplayMirror
GetCurrentWindowsPicture
GetRecordHeight
GetRecordWidth
LockSDL
MD5_Final
MD5_Init
MD5_Update
SetDisplayByIniA
SetDisplayByIniW
SetDisplayHighFPS
SetDisplayMode
SetDisplayRotate
SetH264DecodeHwMode
SetRecording
SetWindowsParentHandle
StartAirplay
StartMirror
StopAirplay
UnLockSDL
WXAirplaySetBroadcastSize
WXAirplaySetDisplayRotateFlip
WXAirplaySetLogDrop
WXAirplaySetRefreshTime
WXAirplaySetShowJ420
WXAirplaySetVideoRenderFixed
WXAirplayShotPicture
airplay_destroy
airplay_disconnect
airplay_init
airplay_init_from_keyfile
airplay_is_running
airplay_set_log_callback
airplay_set_log_level
airplay_start
airplay_stop
mirror_disconnect
mirror_exit

Sections

.text
Size: 602KB - Virtual size: 602KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

020cf2c23a6da7329aeecc0dfa3878a7

Code Sign

0f:5e:af:81:a5:70:64:9e:8e:c0:ba:5d:ac:d4:e7:34Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

42:d1:8b:17:ce:c9:b3:e4:e3:9e:a6:ec:e7:f7:6b:00:e6:30:58:7dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ws2_32

iphlpapi

winmm

libplist

libeay32

wxmedia

libffmpeg

Exports

Exports

Sections

.text Size: 602KB - Virtual size: 602KB

.rdata Size: 176KB - Virtual size: 175KB

.data Size: 17KB - Virtual size: 24KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 29KB - Virtual size: 29KB

0f:5e:af:81:a5:70:64:9e:8e:c0:ba:5d:ac:d4:e7:34
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

42:d1:8b:17:ce:c9:b3:e4:e3:9e:a6:ec:e7:f7:6b:00:e6:30:58:7d
Signer

.text
Size: 602KB - Virtual size: 602KB

.rdata
Size: 176KB - Virtual size: 175KB

.data
Size: 17KB - Virtual size: 24KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 29KB - Virtual size: 29KB