c49a954020f949a19f9ec33922f89faf1b8b8abf217cb93421f8278735d82a70

Sharing

Copy URL Twitter E-mail

General

Target

c49a954020f949a19f9ec33922f89faf1b8b8abf217cb93421f8278735d82a70
Size

12.8MB
MD5

8707095dae8735c99e23746bab18ad43
SHA1

cec5c3c23f422b8b17b61186e542bb953d0c27a6
SHA256

c49a954020f949a19f9ec33922f89faf1b8b8abf217cb93421f8278735d82a70
SHA512

d860b68fcc2857f2b39ebb3b542ad351ca1eb0ef698b4775600275267cf58468993a447d43159f3ef93b5806b6b612daaa0d7b8ad7b03cc527b49e7358903113
SSDEEP

196608:x91mPxm5DJ3IE1Q/SbSC2bfT7PqTdPxbsfStBr7iOcYWYZWGdvYT7yJ:xWPw5Dq/SeCATDqTd0oBaObWGOM

Score

1^/10

Malware Config

Signatures

Files

c49a954020f949a19f9ec33922f89faf1b8b8abf217cb93421f8278735d82a70
.exe windows:5 windows x86

b2184a5488a3e892793d48719357d5c8

Code Sign

0c:51:67:c0:23:b9:ad:ed:f0:f8:91:8e:e6:57:12:a1
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/03/2019, 00:00

Not After

23/03/2022, 12:00

Subject

SERIALNUMBER=23638777,CN=ASUSTEK COMPUTER INC.,O=ASUSTEK COMPUTER INC.,L=Taipei City,C=TW,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025457

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ac:b0:8c:ac:99:fd:72:fe:85:2d:4b:f0:73:ee:d8:fd:16:06:06:7e:53:46:ec:59:54:78:1e:76:bb:c3:b6:e8
Signer

Actual PE Digest

ac:b0:8c:ac:99:fd:72:fe:85:2d:4b:f0:73:ee:d8:fd:16:06:06:7e:53:46:ec:59:54:78:1e:76:bb:c3:b6:e8

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses

kernel32

TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
QueryPerformanceCounter
GetTimeZoneInformation
LCMapStringW
WriteConsoleW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetDriveTypeW
SetEnvironmentVariableA
GetTickCount
SizeofResource
HeapCreate
IsValidCodePage
SetHandleCount
LockResource
LoadResource
FindResourceW
CreateThread
Sleep
InterlockedIncrement
GetEnvironmentStringsW
InterlockedDecrement
FreeLibrary
LoadLibraryW
CloseHandle
CreateProcessW
OpenProcess
WaitForSingleObject
SetEvent
MultiByteToWideChar
GetModuleFileNameW
GetLastError
CreateEventW
GetProcAddress
GetUserDefaultLangID
GetPrivateProfileStringW
CreateDirectoryW
WritePrivateProfileStringW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleHandleW
GlobalAddAtomW
GetCurrentProcess
LoadLibraryExW
OpenMutexW
OutputDebugStringW
CreateMutexW
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
ResetEvent
WaitForMultipleObjects
CreateFileW
WaitNamedPipeW
WriteFile
CreateNamedPipeW
GetNamedPipeInfo
ConnectNamedPipe
ReadFile
FlushFileBuffers
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
GetSystemTimeAsFileTime
HeapSize
HeapQueryInformation
ExitThread
HeapReAlloc
RaiseException
RtlUnwind
ExitProcess
HeapFree
HeapAlloc
DecodePointer
EncodePointer
HeapSetInformation
GetCommandLineW
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
InitializeCriticalSectionAndSpinCount
GetNumberFormatW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
GetFileTime
GetFileSizeEx
GetFileAttributesW
DisconnectNamedPipe
GetFileSize
CreatePipe
GetFileAttributesExW
SetErrorMode
GetCurrentDirectoryW
GlobalFlags
lstrlenA
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
lstrcmpiW
lstrcpyW
lstrcmpA
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
SetThreadPriority
ReleaseActCtx
CreateActCtxW
GetThreadLocale
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
lstrcmpW
GetCurrentThreadId
GetCurrentProcessId
ActivateActCtx
DeactivateActCtx
WideCharToMultiByte
SetLastError
CopyFileW
GlobalSize
FormatMessageW
MulDiv
LocalFree
LocalAlloc
GetOverlappedResult
CancelIo
SetNamedPipeHandleState
lstrcatW
lstrlenW
lstrcpynW
GetLocalTime
InterlockedExchange
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringA
TerminateThread
FreeResource
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
DeleteFileW
SetFileAttributesW
ResumeThread
SuspendThread
GetPrivateProfileIntW
GetExitCodeProcess
GetStartupInfoW

user32

TranslateAcceleratorW
FrameRect
RegisterClipboardFormatW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
LoadImageW
CopyImage
GetIconInfo
HideCaret
InvertRect
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
SetClassLongW
DestroyAcceleratorTable
SetParent
DestroyIcon
GetNextDlgGroupItem
WaitMessage
UnregisterClassW
InvalidateRgn
SetRect
CopyAcceleratorTableW
GetMenuDefaultItem
SetMenuDefaultItem
CreatePopupMenu
IsMenu
MonitorFromPoint
EnableScrollBar
UnionRect
IsRectEmpty
IsZoomed
NotifyWinEvent
MessageBeep
RedrawWindow
SetWindowRgn
DeleteMenu
IntersectRect
RealChildWindowFromPoint
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
LoadCursorW
GetSysColorBrush
LoadMenuW
CharUpperW
ShowOwnedPopups
SetCursor
SetWindowContextHelpId
MapDialogRect
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
ValidateRect
WindowFromPoint
OffsetRect
CharNextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
ShowWindow
SetWindowTextW
IsDialogMessageW
InsertMenuItemW
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
GetClientRect
GetWindowLongW
SetWindowLongW
GetDC
GetWindowRect
CallWindowProcW
GetMenu
GetWindowTextLengthW
GetWindowTextW
GetScrollPos
SetScrollPos
GetFocus
PtInRect
GetSysColor
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetLastActivePopup
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
ReuseDDElParam
UnpackDDElParam
CopyIcon
CharUpperBuffW
PostThreadMessageW
DefFrameProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
IsClipboardFormatAvailable
GetUpdateRect
GetDoubleClickTime
IsCharLowerW
GetClassNameW
LoadBitmapW
UpdateWindow
FillRect
DrawStateW
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
GetKeyNameTextW
MapVirtualKeyExW
SubtractRect
GetWindowRgn
DestroyCursor
UpdateLayeredWindow
ReleaseDC
ScreenToClient
SetTimer
KillTimer
FindWindowW
EnableWindow
SendMessageW
GetParent
PostMessageW
wsprintfW
LoadIconW
GetSystemMenu
AppendMenuW
GetAsyncKeyState
ClientToScreen
IsWindowVisible
IsIconic
GetSystemMetrics
DrawIcon
SetWindowPos
EnumWindows
GetWindowThreadProcessId
CopyRect
MoveWindow
GetWindow
SetWindowsHookExW
CallNextHookEx
GetActiveWindow
GetForegroundWindow
UnhookWindowsHookEx
ExitWindowsEx
RegisterWindowMessageW
MessageBoxW
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
InvalidateRect
SetFocus
ReleaseCapture
SetCapture
GetCursorPos
DefMDIChildProcW

gdi32

GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreateBitmap
SelectPalette
GetObjectType
CreatePen
CreateHatchBrush
GetBkColor
GetTextColor
CreateFontIndirectW
GetTextExtentPoint32W
CreateDIBitmap
CreateRectRgnIndirect
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
SetRectRgn
CombineRgn
GetMapMode
PatBlt
CreateRectRgn
CreateRoundRectRgn
GetRgnBox
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetTextFaceW
SetPixelV
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
DeleteObject
GetStockObject
GetObjectW
CreateDCW
CopyMetaFileW
GetDeviceCaps
CreateSolidBrush
CreateDIBSection
SelectObject
CreateCompatibleBitmap
DPtoLP
CreateCompatibleDC
DeleteDC

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

FreeSid
RegQueryInfoKeyW
RegEnumValueW
RegCloseKey
RegQueryValueExW
RegCreateKeyW
RegSetValueExW
RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegEnumKeyExW
RegQueryValueW
RegCreateKeyExW
RegOpenKeyExW
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW

shell32

DragFinish
Shell_NotifyIconW
SHGetFolderPathW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
DragQueryFileW
ShellExecuteW
SHAppBarMessage

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_GetIconSize

shlwapi

PathRemoveFileSpecW
PathAddBackslashW
PathAppendW
StrCmpW
StrCatW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

ole32

CoRevokeClassObject
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoCreateGuid
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoInitializeEx
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
CoRegisterMessageFilter
RevokeDragDrop

oleaut32

SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
OleCreateFontIndirect
SysAllocString
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
SysStringLen
SysAllocStringByteLen
SysFreeString
VariantCopy

oledlg

OleUIBusyW

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipSetInterpolationMode
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStream
GdipDrawLineI
GdipAddPathLine
GdipResetClip
GdipSetClipRect
GdipAddPathPolygonI
GdipAddPathRectangle
GdipDrawPath
GdipDeletePen
GdipCreatePen2
GdipFillRegion
GdipDeleteRegion
GdipCreateRegionPath
GdipAddPathPie
GdipDeletePath
GdipCreatePath
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawImageRect
GdipDeleteFont
GdiplusStartup
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipFree
GdipAlloc
GdipReleaseDC
GdipDrawImageRectI
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 435KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.9MB - Virtual size: 9.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2184a5488a3e892793d48719357d5c8

Code Sign

0c:51:67:c0:23:b9:ad:ed:f0:f8:91:8e:e6:57:12:a1Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

ac:b0:8c:ac:99:fd:72:fe:85:2d:4b:f0:73:ee:d8:fd:16:06:06:7e:53:46:ec:59:54:78:1e:76:bb:c3:b6:e8Signer

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

version

oleacc

imm32

winmm

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 435KB - Virtual size: 434KB

.data Size: 33KB - Virtual size: 1.7MB

SHARED Size: 3KB - Virtual size: 2KB

.rsrc Size: 9.9MB - Virtual size: 9.9MB

.reloc Size: 264KB - Virtual size: 264KB

0c:51:67:c0:23:b9:ad:ed:f0:f8:91:8e:e6:57:12:a1
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

ac:b0:8c:ac:99:fd:72:fe:85:2d:4b:f0:73:ee:d8:fd:16:06:06:7e:53:46:ec:59:54:78:1e:76:bb:c3:b6:e8
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 435KB - Virtual size: 434KB

.data
Size: 33KB - Virtual size: 1.7MB

SHARED
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 9.9MB - Virtual size: 9.9MB

.reloc
Size: 264KB - Virtual size: 264KB