2975f1a947456452031a2cd4a7207d1544bfe1b94f9d955a657c28d3e3a0210d

Sharing

Copy URL Twitter E-mail

General

Target

2975f1a947456452031a2cd4a7207d1544bfe1b94f9d955a657c28d3e3a0210d
Size

1.8MB
MD5

fc1345687fee777ed24e115be44b1b6a
SHA1

3387182e8605f0b1cd0e1a74bbff3cb684d92aa5
SHA256

2975f1a947456452031a2cd4a7207d1544bfe1b94f9d955a657c28d3e3a0210d
SHA512

db623c5db83f7afbbe4a6c04874230ff376a000907f94f1cb4bab732f4f093a962cce1527ec68706ff059e07578b294f7b011eb90bf4f9dc43085c7933cc2644
SSDEEP

24576:SFFKdyBi1/ysl4b/Tx+LLMvCxvZNcrDMCzkD4fqI/3UNVo1T:TAYX4DTx+YaVZMACKY/2o

Score

1^/10

Malware Config

Signatures

Files

2975f1a947456452031a2cd4a7207d1544bfe1b94f9d955a657c28d3e3a0210d
.exe windows:5 windows x86

ce1128dace7d5250086a671cc770d286

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:6b:8b:02:c2:5d:94:70:a9:85:99:b1:35:fe:30:ae
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/03/2023, 00:00

Not After

28/02/2024, 23:59

Subject

CN=上海传英信息技术有限公司,O=上海传英信息技术有限公司,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4b:c0:ce:9f:dd:3d:60:56:b2:a4:a3:c5:b7:dd:0c:15:f2:1d:dd:32
Signer

Actual PE Digest

4b:c0:ce:9f:dd:3d:60:56:b2:a4:a3:c5:b7:dd:0c:15:f2:1d:dd:32

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA

msvcp100

?_Orphan_all@_Container_base0@std@@QAEXXZ

gdiplus

GdiplusStartup

oleaut32

VariantTimeToSystemTime

ole32

CreateStreamOnHGlobal

shlwapi

PathFileExistsA

comctl32

InitCommonControlsEx

shell32

SHBrowseForFolderA

advapi32

RegOpenKeyExA

gdi32

CreateFontA

user32

SetWindowRgn

kernel32

GetSystemDefaultLangID

msvcr100

_cexit

mfc100

ord2088

mes_functions

_ExtractStr@16

qualdll

?QUAL_OperationStart@CQUALComDload@@QAEHXZ

mtkdll_fp

?SetDLPara@CMTK_FPComDload@@QAEXH@Z

sprddllr27

?LoadPackets@CSPRDR27ComDload@@QAEHPAD@Z

netapi32

Netbios

mtkdllv6

?SetDevInfo@CMTKV6ComDload@@QAEXPAUDeviceInfo@@@Z

mtkdll

?SetWDPara@CMTKComDload@@QAEXV?$vector@U_WRITE_DATA_INFO@@V?$allocator@U_WRITE_DATA_INFO@@@std@@@std@@@Z

setupapi

SetupDiGetDeviceRegistryPropertyA

Exports

Exports

??0CMTK_FPComDload@@QAE@ABV0@@Z
??0CPictureEx@@QAE@XZ
??0CQUALComDload@@QAE@ABV0@@Z
??0CSPRDR27ComDload@@QAE@ABV0@@Z
??1CPictureEx@@UAE@XZ
??4CMTK_FPComDload@@QAEAAV0@ABV0@@Z
??4CQUALComDload@@QAEAAV0@ABV0@@Z
??4CSPRDR27ComDload@@QAEAAV0@ABV0@@Z
??_7CPictureEx@@6B@
?Draw@CPictureEx@@QAEHXZ
?GetBkColor@CPictureEx@@QBEKXZ
?GetFrameCount@CPictureEx@@QBEHXZ
?GetMessageMap@CPictureEx@@MBEPBUAFX_MSGMAP@@XZ
?GetNexACElock@CPictureEx@@IBE?AW4GIFBlockTypes@1@XZ
?GetNexACElockLen@CPictureEx@@IBEHXZ
?GetNextGraphicBlock@CPictureEx@@IAEPAXPAI0PAUtagSIZE@@10@Z
?GetPaintRect@CPictureEx@@QAEHPAUtagRECT@@@Z
?GetSize@CPictureEx@@QBE?AUtagSIZE@@XZ
?GetSubBlocksLen@CPictureEx@@IBEII@Z
?GetThisMessageMap@CPictureEx@@KGPBUAFX_MSGMAP@@XZ
?IsAnimatedGIF@CPictureEx@@QBEHXZ
?IsCancel@CMTKComDload@@QAE_NXZ
?IsCancel@CMTK_FPComDload@@QAE_NXZ
?IsCancel@CQUALComDload@@QAE_NXZ
?IsGIF@CPictureEx@@QBEHXZ
?IsPlaying@CPictureEx@@QBEHXZ
?Load@CPictureEx@@QAEHPAXK@Z
?Load@CPictureEx@@QAEHPBD0@Z
?Load@CPictureEx@@QAEHPBD@Z
?OnDestroy@CPictureEx@@IAEXXZ
?OnPaint@CPictureEx@@IAEXXZ
?PrepareDC@CPictureEx@@IAEHHH@Z
?ResetDataPointer@CPictureEx@@IAEXXZ
?SetBkColor@CPictureEx@@QAEXK@Z
?SetIsCancel@CMTKComDload@@QAEX_N@Z
?SetIsCancel@CMTK_FPComDload@@QAEX_N@Z
?SetIsCancel@CQUALComDload@@QAEX_N@Z
?SetPaintRect@CPictureEx@@QAEHPBUtagRECT@@@Z
?SetTaskCancel@CMTKComDload@@QAEX_N@Z
?SetTaskCancel@CMTK_FPComDload@@QAEX_N@Z
?SetTaskCancel@CQUALComDload@@QAEX_N@Z
?SkipNexACElock@CPictureEx@@IAEHXZ
?SkipNextGraphicBlock@CPictureEx@@IAEHXZ
?Stop@CPictureEx@@QAEXXZ
?ThreadAnimation@CPictureEx@@IAEXXZ
?UnLoad@CPictureEx@@QAEXXZ
?_ThreadAnimation@CPictureEx@@KGIPAX@Z

Sections

.text
Size: 559KB - Virtual size: 558KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 689KB - Virtual size: 688KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 338KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ce1128dace7d5250086a671cc770d286

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

05:6b:8b:02:c2:5d:94:70:a9:85:99:b1:35:fe:30:aeCertificate

Extended Key Usages

Key Usages

4b:c0:ce:9f:dd:3d:60:56:b2:a4:a3:c5:b7:dd:0c:15:f2:1d:dd:32Signer

Headers

DLL Characteristics

File Characteristics

Imports

winmm

msvcp100

gdiplus

oleaut32

ole32

shlwapi

comctl32

shell32

advapi32

gdi32

user32

kernel32

msvcr100

mfc100

mes_functions

qualdll

mtkdll_fp

sprddllr27

netapi32

mtkdllv6

mtkdll

setupapi

Exports

Exports

Sections

.text Size: 559KB - Virtual size: 558KB

.rdata Size: 149KB - Virtual size: 149KB

.data Size: 5KB - Virtual size: 28KB

.text Size: 689KB - Virtual size: 688KB

.data Size: 60KB - Virtual size: 60KB

.reloc Size: 39KB - Virtual size: 38KB

.rsrc Size: 338KB - Virtual size: 340KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

05:6b:8b:02:c2:5d:94:70:a9:85:99:b1:35:fe:30:ae
Certificate

4b:c0:ce:9f:dd:3d:60:56:b2:a4:a3:c5:b7:dd:0c:15:f2:1d:dd:32
Signer

.text
Size: 559KB - Virtual size: 558KB

.rdata
Size: 149KB - Virtual size: 149KB

.data
Size: 5KB - Virtual size: 28KB

.text
Size: 689KB - Virtual size: 688KB

.data
Size: 60KB - Virtual size: 60KB

.reloc
Size: 39KB - Virtual size: 38KB

.rsrc
Size: 338KB - Virtual size: 340KB