b0e5d9ccc0702ae8860a158b5518ca22b6a0dfd435ac93f0b0cea13e0407b0ef

Sharing

Copy URL

Twitter E-mail

General

Target

b0e5d9ccc0702ae8860a158b5518ca22b6a0dfd435ac93f0b0cea13e0407b0ef
Size

2.6MB
MD5

dc8d8a2db3c9cc8c96659b70d6066ebb
SHA1

f140a96df635dab842b10acffff3ac14a2a4a25d
SHA256

b0e5d9ccc0702ae8860a158b5518ca22b6a0dfd435ac93f0b0cea13e0407b0ef
SHA512

2f5e2b2d350f55f11012f7ed99d8a1fd81b51f33c82887a7b5950a679ae3fbd50d39ef66dd678a51a6f6ec0521378d05a5c819ada8751ca773b6c8bb8ebe11e6
SSDEEP

49152:c6cgQXgzmYYw8HYZjL1Y5xVE4YxTEkQ1S/DvH/IkfsTdAC:LaJB6CS/DXIB

Score

1^/10

Malware Config

Signatures

Files

b0e5d9ccc0702ae8860a158b5518ca22b6a0dfd435ac93f0b0cea13e0407b0ef
.exe windows:5 windows x86

4a6ab2cf63da36f728b74fe76c2dbdae

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:e9:04:f2:16:a3:0e:58:2b:37:14:cd
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

16-06-2021 09:36

Not After

13-08-2024 03:24

Subject

CN=Shanghai Wanggu Computer Technology Co.\, Ltd.,O=Shanghai Wanggu Computer Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27-05-2021 09:55

Not After

28-06-2032 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20-02-2019 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c4:66:ea:3a:5c:78:24:d1:f1:68:91:23:91:a3:c2:e1:21:ac:e4:46:32:af:c0:8a:56:ef:9e:1d:52:f5:92:9c
Signer

Actual PE Digest

c4:66:ea:3a:5c:78:24:d1:f1:68:91:23:91:a3:c2:e1:21:ac:e4:46:32:af:c0:8a:56:ef:9e:1d:52:f5:92:9c

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

gsio

?TextParam@CDwgExport@@UAEXPBD0NNNN@Z
?Raster@CDwgExport@@UAEXNNNNHHHHPAX0J0_NK@Z
?SupportTTF@CDwgExport@@UAE_NXZ
?SupportLineWeight@CDwgExport@@UAE_NXZ
?ExportOriginalScaleRaster@CDwgExport@@UAE_NXZ
?ShellCallback@CDwgExport@@UAEXW4ShellType@@@Z
??1CDwgExport@@UAE@XZ
DWG_SetFileAboutFunc_2
?EndEntityDraw@CDwgExport@@UAEXXZ
?CreateDrawing@CDrawing@@SAPAV1@W4CDRAWING_SERVER@@@Z
?SetDpi@CDwgExport@@QAEXH@Z
?SetColorType@CDwgExport@@QAEXH@Z
CommonPenSets_Reset
CommonPenSets_SetDPI
?SaveRasterImage@@YAHPAUHBITMAP__@@HPBDJ@Z
?BeginEntityDraw@CDwgExport@@UAE_NPBD00K00PBN_JW4EntityMask@@@Z
?GetExtendMode@CDwgExport@@UAE_NXZ
?SetExtendMode@CDwgExport@@UAEX_N@Z
??0CDwgExport@@QAE@XZ
DWG_SetSearchDirectories
lppp
DWG_SetBackgroundColor
ppll
DWG_SetProgressCallBackFuns
?DeleteDrawing@CDrawing@@SAXPAV1@@Z
UninitDLL
InitDLL
DWG_SetFileAboutFunc

gsapp

release
create
callBreak
?create@Document@GsApp@@SAPAV12@XZ
?release@Document@GsApp@@SAXPAV12@@Z
draw

gsui

showSearchManager
releaseGsUI
initGsUI
?g_cursor@GsUI@@3VCursor@1@A
replaceFont
?g_systemInfo@GsUI@@3VCSystemInfo@1@A
?getDecimalSep@CSystemInfo@GsUI@@QAEDXZ
getAppDataPath
?GetMinWidth@PrintPenSet@GsUI@@QAENXZ
?getPenWidths@PrintPenSet@GsUI@@QAEPAUtagPENWIDTHS@2@XZ
?getUsePenWidth@PrintPenSet@GsUI@@QAE_NXZ
?g_printPenSet@GsUI@@3VPrintPenSet@1@A
SelectColor
showLayerManager
showSetViewportDialog
showSetPointDialog
showSetRotateViewDialog
?UpdatePenSetsToGsIO@PrintPenSet@GsUI@@QAEXXZ
?getPrintSetDlg@PrintPenSet@GsUI@@QAEAAVCPrintDialog@@XZ
loadPlotStyleDialogFromRegistry
releasePrintManager
showPrintManager
initPrintManager
showDwgSaveDialog
languageText
showDwgOpenDialog
GetColorIndex

kernel32

GetPrivateProfileIntA
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetModuleHandleW
InterlockedIncrement
GetCurrentDirectoryA
GetCPInfo
GetOEMCP
FindResourceExA
GetSystemTimeAsFileTime
RtlUnwind
ExitProcess
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualAlloc
VirtualQuery
GetTimeFormatA
GetDateFormatA
GetCommandLineA
GetStartupInfoA
HeapReAlloc
ExitThread
HeapSize
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapCreate
VirtualFree
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
CompareStringW
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GlobalAddAtomA
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
InterlockedExchange
LocalAlloc
GetCurrentProcessId
CopyFileA
FormatMessageA
LocalFree
lstrlenW
lstrcmpiA
GetModuleFileNameA
GetSystemInfo
GetLogicalDriveStringsA
FindFirstChangeNotificationA
FindCloseChangeNotification
FindNextChangeNotification
WaitForMultipleObjects
lstrcpynA
GetFileAttributesA
Beep
FreeLibrary
ExpandEnvironmentStringsA
GetLocaleInfoA
WriteFile
GlobalSize
CreateFileA
GetFileSize
ReadFile
GlobalReAlloc
SetFilePointer
GlobalHandle
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapFree
GetProcessHeap
HeapAlloc
GetVersion
FileTimeToSystemTime
FindNextFileA
CreateDirectoryA
SetErrorMode
GetVolumeInformationA
GetDriveTypeA
DeleteFileA
Sleep
FindFirstFileA
FileTimeToLocalFileTime
FindClose
CompareFileTime
SetEvent
CreateEventA
CloseHandle
ResumeThread
SuspendThread
CreateThread
CompareStringA
lstrcpyA
MultiByteToWideChar
GetLastError
SetLastError
LoadLibraryA
lstrlenA
FreeResource
GetCurrentThreadId
GetVersionExA
MulDiv
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
GetTickCount
TerminateThread
GetModuleHandleA
GetProcAddress
FindResourceA
LoadResource
LockResource
SizeofResource
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
GetProfileIntA
GetFullPathNameA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
GetStringTypeExA
GetFileTime
GetFileSizeEx
GetFileAttributesExA
GlobalFlags
GetPrivateProfileStringA
lstrcmpA
WritePrivateProfileStringA
TlsGetValue

user32

LockWindowUpdate
DefFrameProcA
DrawMenuBar
TranslateMDISysAccel
CharUpperA
IsClipboardFormatAvailable
GetAsyncKeyState
UnregisterClassA
CharNextA
InvalidateRgn
GetNextDlgGroupItem
PostThreadMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
MapWindowPoints
SetMenu
SetForegroundWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
DeferWindowPos
SetWindowPlacement
GetMenu
IsIconic
GetWindowPlacement
ShowOwnedPopups
GetMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
PostQuitMessage
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
GetMenuStringA
CharLowerA
DestroyCursor
GrayStringA
DrawTextExA
TabbedTextOutA
GetCapture
SetMenuDefaultItem
GetDlgCtrlID
SetWindowPos
EmptyClipboard
SetClipboardData
GetClipboardData
CloseClipboard
OpenClipboard
GetMenuState
RegisterClipboardFormatA
TrackPopupMenu
ModifyMenuA
DeleteMenu
GetClipboardFormatNameA
MessageBoxA
WindowFromPoint
LoadStringA
SendMessageTimeoutA
CallWindowProcA
DrawTextA
MapVirtualKeyA
GetKeyNameTextA
DestroyIcon
CopyAcceleratorTableA
AppendMenuA
CreateMenu
DrawEdge
LoadBitmapA
DrawStateA
SetMenuItemInfoA
GetMenuItemInfoA
IsZoomed
DefWindowProcA
GetClassNameA
IntersectRect
GetWindow
SetWindowLongA
IsMenu
DestroyMenu
GetDlgItem
GetKeyState
MessageBeep
TrackPopupMenuEx
GetDesktopWindow
GetClassLongA
DrawIconEx
GetSystemMenu
RemoveMenu
InsertMenuA
GetMenuItemID
EnableMenuItem
CheckMenuItem
DrawFrameControl
SetRect
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetWindowLongA
LoadMenuA
GetSubMenu
TranslateMessage
DispatchMessageA
GetDC
GetSystemMetrics
GetMenuItemCount
CreatePopupMenu
EqualRect
GetSysColor
GetSysColorBrush
GetMessagePos
BeginDeferWindowPos
EndDeferWindowPos
GetCursorPos
SetCursor
LoadCursorA
IsWindow
wsprintfA
ReleaseCapture
GetParent
IsChild
SetCapture
KillTimer
SetTimer
RedrawWindow
GetDCEx
ReleaseDC
ScreenToClient
ClientToScreen
GetClientRect
FillRect
OffsetRect
InflateRect
SetRectEmpty
PtInRect
IsRectEmpty
CopyRect
SystemParametersInfoA
GetFocus
GetActiveWindow
InvalidateRect
GetWindowRect
PostMessageA
SetParent
EndPaint
BeginPaint
GetWindowDC
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsA
InsertMenuItemA
BringWindowToTop
TranslateAcceleratorA
SetWindowContextHelpId
MapDialogRect
ShowWindow
MoveWindow
LoadIconA
EnableWindow
SendMessageA
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
DrawFocusRect
IsWindowVisible
UpdateWindow
PeekMessageA
CloseWindow

gdi32

SelectObject
GetCharWidthA
CreateFontA
CreatePen
RoundRect
FloodFill
CreateBitmap
Ellipse
Rectangle
SetPolyFillMode
SetBkMode
SelectClipPath
EndPath
PolyPolygon
BeginPath
SetWindowOrgEx
StretchBlt
SetTextColor
CreatePalette
GetDIBits
GetPaletteEntries
RealizePalette
CreateHalftonePalette
GetDIBColorTable
CreateDCA
SetStretchBltMode
SelectPalette
SetBkColor
GetMapMode
DPtoLP
GdiFlush
SetDIBColorTable
CreateDIBSection
PtVisible
RectVisible
TextOutA
Escape
SetROP2
EndDoc
EndPage
GetWindowExtEx
StartPage
StartDocA
IntersectClipRect
CreateBrushIndirect
CreatePenIndirect
StretchDIBits
SetPixelV
EnumFontFamiliesA
ExtSelectClipRgn
GetClipBox
CombineRgn
CreateRectRgn
PlayEnhMetaFile
GetEnhMetaFilePaletteEntries
DeleteEnhMetaFile
SetWinMetaFileBits
SetMapMode
GetEnhMetaFileHeader
SetEnhMetaFileBits
CopyMetaFileA
ExcludeClipRect
SelectClipRgn
GetViewportExtEx
GetPixel
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ScaleWindowExtEx
GetBkColor
SetRectRgn
GetRgnBox
EnumFontFamiliesExA
Polyline
DeleteDC
Polygon
Arc
LineTo
MoveToEx
DeleteObject
GetTextMetricsA
GetObjectA
CreatePatternBrush
CreateSolidBrush
GetStockObject
CreateDIBitmap
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
ExtTextOutA
SetPixel
PatBlt
GetTextColor
GetDeviceCaps
OffsetRgn
CreateRectRgnIndirect
GetTextExtentPoint32A
CreateFontIndirectA
GetCurrentObject
RestoreDC
SaveDC
SetWindowExtEx

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegEnumValueA
RegDeleteValueA
RegOpenKeyA
RegQueryValueA
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumKeyA
RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

shell32

SHFileOperationA
DragQueryPoint
DragQueryFileA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
DragFinish
SHGetFolderPathA
ShellExecuteExA
ShellExecuteA
ExtractIconExA
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetFileInfoA

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindFileNameA
PathRemoveFileSpecW
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromProgID
ReleaseStgMedium
CoRegisterMessageFilter
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleGetClipboard
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoInitializeEx
CoUninitialize
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
OleDuplicateData
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

SysFreeString
OleLoadPicture
GetActiveObject
VarUdateFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
VarBstrFromDate
VarDateFromStr
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
SysAllocString
VariantCopy
SafeArrayDestroy
OleCreateFontIndirect

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 345KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 584KB - Virtual size: 583KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a6ab2cf63da36f728b74fe76c2dbdae

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

33:e9:04:f2:16:a3:0e:58:2b:37:14:cdCertificate

Extended Key Usages

Key Usages

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9fCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

c4:66:ea:3a:5c:78:24:d1:f1:68:91:23:91:a3:c2:e1:21:ac:e4:46:32:af:c0:8a:56:ef:9e:1d:52:f5:92:9cSigner

Headers

DLL Characteristics

File Characteristics

Imports

gsio

gsapp

gsui

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 345KB - Virtual size: 345KB

.data Size: 66KB - Virtual size: 113KB

.rsrc Size: 584KB - Virtual size: 583KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

33:e9:04:f2:16:a3:0e:58:2b:37:14:cd
Certificate

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

c4:66:ea:3a:5c:78:24:d1:f1:68:91:23:91:a3:c2:e1:21:ac:e4:46:32:af:c0:8a:56:ef:9e:1d:52:f5:92:9c
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 345KB - Virtual size: 345KB

.data
Size: 66KB - Virtual size: 113KB

.rsrc
Size: 584KB - Virtual size: 583KB