c3fed9c99a898af669f2102488ee2ec93497ed101631323e1282ed1f06f664fe

Sharing

Copy URL Twitter E-mail

General

Target

c3fed9c99a898af669f2102488ee2ec93497ed101631323e1282ed1f06f664fe
Size

5.6MB
MD5

4f976d4deb5ac51abb6f421b3d652269
SHA1

c33f16f8790f9ec1139e9aa91a992b74ac5fe5a3
SHA256

c3fed9c99a898af669f2102488ee2ec93497ed101631323e1282ed1f06f664fe
SHA512

cb8c3035231ea5e94c4e10170c3419168e6812fe4a828f53348e2d859f0480fe14a151ca3ec1ed7a831fda14cd23c00c81c354a6477c9d7ce0fbdb6c598ec63a
SSDEEP

98304:C1fTS0Ij638HZhDX3yBwA7MkOAOuOmpOIe2uM3bl9CVr4:C1fTOllCBwmT/d3xUs

Score

1^/10

Malware Config

Signatures

Files

c3fed9c99a898af669f2102488ee2ec93497ed101631323e1282ed1f06f664fe
.exe windows:5 windows x86

0755c05eb00751be5b43391b59dfac1f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

08:94:a1:11:8b:07:2a:65:46:75:49:a4:f7:77:06:fc
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

11/08/2022, 00:00

Not After

06/09/2024, 23:59

Subject

CN=暴风集团股份有限公司,O=暴风集团股份有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2f:35:2e:aa:b6:09:16:e7:a2:d6:cd:80:e5:8a:52:0f:88:85:76:02
Signer

Actual PE Digest

2f:35:2e:aa:b6:09:16:e7:a2:d6:cd:80:e5:8a:52:0f:88:85:76:02

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecW
PathIsDirectoryA
PathFileExistsA
PathAppendW
PathFileExistsW

ws2_32

getaddrinfo
gethostname
WSAStartup
shutdown
inet_addr
getservbyname
gethostbyaddr
freeaddrinfo
WSAIoctl
WSACloseEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
WSACleanup
WSACreateEvent
gethostbyname

kernel32

GetSystemTime
GlobalMemoryStatus
GetVersion
FlushConsoleInputBuffer
MoveFileExA
SetLastError
FormatMessageA
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
GetEnvironmentVariableA
CompareFileTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetTickCount
SleepEx
QueryPerformanceFrequency
GetModuleHandleA
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
SetEvent
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LoadLibraryW
InterlockedDecrement
GetModuleHandleW
SetFilePointer
ReadFile
CreateFileA
GetFileSizeEx
GetCurrentThreadId
GetCurrentProcessId
WaitForSingleObject
WriteFile
FlushFileBuffers
ReleaseMutex
CreateFileW
CreateMutexW
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
GetVersionExW
GetCurrentProcess
IsWow64Process
RemoveDirectoryA
FindFirstFileA
FindNextFileA
FindClose
GetTempPathW
GetModuleFileNameA
DeleteFileA
FreeResource
GetModuleFileNameW
GetPrivateProfileIntW
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
OpenMutexW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateThread
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CompareStringW
GetDriveTypeW
InterlockedIncrement
GetCommandLineW
CreateProcessW
CloseHandle
GetLastError
DeleteFileW
GetLogicalDriveStringsW
HeapSetInformation
SetEnvironmentVariableW
SetEnvironmentVariableA
EnumSystemLocalesA
GetLocaleInfoA
SetEndOfFile
GetCurrentDirectoryW
GetFullPathNameA
GetOEMCP
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapCreate
IsProcessorFeaturePresent
GetConsoleCP
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetStringTypeW
InterlockedCompareExchange
EncodePointer
DecodePointer
SetErrorMode
ExitProcess
LocalFree
FormatMessageW
OutputDebugStringW
ExpandEnvironmentStringsW
GetFileAttributesW
FindFirstFileW
GetFileTime
GetTempFileNameW
GetCurrentThread
GetEnvironmentVariableW
GetCPInfo
IsValidCodePage
GetComputerNameW
TerminateProcess
GetACP
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
CopyFileW
SetCurrentDirectoryW
FindNextFileW
IsBadReadPtr
IsBadStringPtrA
FreeConsole
ReadConsoleOutputCharacterA
GetConsoleScreenBufferInfo
WriteConsoleA
WriteConsoleW
FillConsoleOutputCharacterW
SetConsoleCursorPosition
MulDiv
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalSize
GlobalFree
RtlUnwind
GetCommandLineA
LocalAlloc
GetStartupInfoW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
ExitThread
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
GetFileAttributesA
GetFileInformationByHandle
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
LCMapStringW
SetStdHandle
MoveFileW
GetFullPathNameW

user32

GetScrollInfo
SetScrollInfo
EnableScrollBar
ScrollWindow
GetParent
SetParent
RedrawWindow
ScreenToClient
ClientToScreen
IsDialogMessageW
IsWindowEnabled
GetMessageTime
GetActiveWindow
GetWindow
ChildWindowFromPointEx
UnhookWindowsHookEx
CallNextHookEx
GetCapture
TrackPopupMenu
CallWindowProcW
InvalidateRect
FillRect
SetWindowTextW
GetSysColor
GetClientRect
SetFocus
ReleaseCapture
SetCursorPos
UpdateWindow
MoveWindow
DeferWindowPos
GetUpdateRgn
MapWindowPoints
BeginDeferWindowPos
EndDeferWindowPos
SystemParametersInfoW
GetMenuItemInfoW
GetMenuItemCount
SetWindowsHookExW
RegisterHotKey
UnregisterHotKey
PtInRect
InflateRect
BringWindowToTop
IsZoomed
FlashWindow
CreateDialogIndirectParamW
GetDialogBaseUnits
GetWindowPlacement
DrawMenuBar
EnableMenuItem
GetSystemMenu
GetDesktopWindow
CreateDialogParamW
GetDlgItem
SetWindowRgn
DrawFrameControl
OffsetRect
DrawIconEx
GetDoubleClickTime
LoadIconW
SetCapture
GetIconInfo
LoadImageW
CreateIconIndirect
GetMenuState
GetMenuItemID
GetSubMenu
GetSysColorBrush
CheckMenuItem
CheckMenuRadioItem
SetMenuItemInfoW
SetRect
DrawStateW
DrawEdge
DestroyIcon
DestroyMenu
CreatePopupMenu
InsertMenuW
InsertMenuItemW
RemoveMenu
ModifyMenuW
AppendMenuW
CreateMenu
MessageBeep
GetWindowTextLengthW
ValidateRect
DestroyAcceleratorTable
CreateAcceleratorTableW
TranslateAcceleratorW
ChangeDisplaySettingsW
EnumDisplaySettingsW
DestroyCursor
BeginPaint
EndPaint
GetWindowDC
SetRectEmpty
IsRectEmpty
UnionRect
ValidateRgn
DrawTextW
CopyRect
DrawFocusRect
HideCaret
keybd_event
ChildWindowFromPoint
GetClipboardFormatNameW
RegisterClipboardFormatW
IsClipboardFormatAvailable
wsprintfW
ShowCursor
AdjustWindowRectEx
ShowWindow
GetFocus
EnableWindow
SetWindowLongW
GetWindowLongW
GetSystemMetrics
GetAsyncKeyState
VkKeyScanW
MapVirtualKeyW
GetMessagePos
SetMenu
GetKeyState
DdePostAdvise
DdeConnect
DdeNameService
DdeCreateStringHandleW
DdeClientTransaction
DdeDisconnect
DdeInitializeW
DdeGetLastError
DdeCreateDataHandle
DdeGetData
DdeFreeDataHandle
DdeQueryStringW
DdeUninitialize
DdeFreeStringHandle
MsgWaitForMultipleObjects
GetMessageW
LoadCursorW
SetCursor
IsIconic
PostMessageW
RegisterWindowMessageW
IsWindow
IsWindowVisible
GetClassNameW
WindowFromPoint
GetCursorPos
PostQuitMessage
GetWindowRect
RegisterClassW
GetWindowTextW
PostThreadMessageW
MessageBoxW
SetForegroundWindow
FindWindowExW
SendMessageW
SetWindowPos
LoadBitmapW
GetDC
ReleaseDC
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
CreateWindowExW
DefWindowProcW
TranslateMessage
DispatchMessageW
KillTimer
SetTimer
DestroyWindow
UnregisterClassW
PeekMessageW

gdi32

SetWindowOrgEx
SetWindowExtEx
SetViewportExtEx
SetMapMode
SelectClipRgn
CreateSolidBrush
GetBkColor
GetObjectType
SetStretchBltMode
ExtSelectClipRgn
ExtFloodFill
BitBlt
Arc
Pie
Polygon
SetPolyFillMode
PolyPolygon
PolyBezier
RoundRect
Ellipse
SetTextColor
SetBkColor
GetOutlineTextMetricsW
CreateFontIndirectW
GetRegionData
ExtCreateRegion
OffsetRgn
ExcludeClipRect
SetBrushOrgEx
CreateRectRgn
GdiFlush
SelectPalette
RealizePalette
SelectObject
GetTextMetricsW
SetPixel
GetPixel
DeleteDC
SetBkMode
GetObjectW
GetClipBox
Polyline
SetROP2
SetViewportOrgEx
Rectangle
CreateCompatibleDC
CloseEnhMetaFile
PlayEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileHeader
DeleteEnhMetaFile
GetEnhMetaFileW
SetLayout
EnumFontFamiliesExW
CreateDCW
EndPage
StartPage
EndDoc
StartDocW
SetAbortProc
GetSystemPaletteEntries
GetDIBColorTable
CreateDIBitmap
CreateDIBSection
CreateICW
CreateRectRgnIndirect
GetTextExtentExPointW
GetCharABCWidthsW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePen
ExtCreatePen
MoveToEx
LineTo
CreateHatchBrush
CreatePatternBrush
GetTextExtentPoint32W
CreateRoundRectRgn
DeleteObject
GetDIBits
CreateCompatibleBitmap
GetDeviceCaps
CreateBitmap
CombineRgn
RectInRegion
PtInRegion
EqualRgn
GetRgnBox
StretchBlt
StretchDIBits
ExtTextOutW
MaskBlt
GetStockObject

shell32

SHGetSpecialFolderLocation
DragAcceptFiles
DragFinish
DragQueryPoint
DragQueryFileW
SHGetPathFromIDListW
SHGetMalloc
ExtractIconW
ExtractIconExW
ShellExecuteExW
SHGetFileInfoW
Shell_NotifyIconW
SHGetFolderPathW
ShellExecuteA
ShellExecuteW

ole32

OleGetClipboard
OleFlushClipboard
OleSetClipboard
ReleaseStgMedium
CoTaskMemAlloc
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoCreateInstance
OleInitialize
OleUninitialize
OleIsCurrentClipboard

oleaut32

SysStringLen
VariantClear
SysFreeString
VarBstrFromCy

advapi32

CryptAcquireContextA
CryptDecrypt
CryptCreateHash
CryptSetHashParam
RegCloseKey
GetUserNameW
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegCreateKeyExW
CryptSignHashA
CryptDestroyHash
CryptExportKey
RegOpenKeyExW
RegQueryValueExW
RegNotifyChangeKeyValue
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CryptEnumProvidersA
CryptReleaseContext
CryptDestroyKey
CryptGetProvParam
CryptGetUserKey

wsock32

sendto
recvfrom
htons
bind
ntohs
getsockname
setsockopt
recv
WSAGetLastError
send
closesocket
select
listen
accept
WSASetLastError
connect
socket
getpeername
getsockopt
__WSAFDIsSet
inet_ntoa
ntohl
htonl

comctl32

ImageList_SetBkColor
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_GetImageInfo
ord17
ord16
ImageList_Destroy
ImageList_Draw
ImageList_Add
ImageList_Create
ImageList_GetImageCount
ImageList_EndDrag
ImageList_DragLeave
ImageList_DragEnter
ImageList_DragMove
ImageList_BeginDrag
ImageList_SetDragCursorImage
ImageList_GetIconSize

rpcrt4

RpcStringFreeW
UuidToStringW

crypt32

CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertOpenSystemStoreA
CertEnumCertificatesInStore
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertCloseStore
CertDuplicateCertificateContext

wldap32

ord32
ord35
ord79
ord200
ord143
ord27
ord60
ord45
ord30
ord26
ord33
ord50
ord217
ord211
ord22
ord46
ord41
ord301

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

comdlg32

PageSetupDlgW
PrintDlgW
ChooseFontW
CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 395KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0755c05eb00751be5b43391b59dfac1f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

08:94:a1:11:8b:07:2a:65:46:75:49:a4:f7:77:06:fcCertificate

Extended Key Usages

Key Usages

2f:35:2e:aa:b6:09:16:e7:a2:d6:cd:80:e5:8a:52:0f:88:85:76:02Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ws2_32

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

wsock32

comctl32

rpcrt4

crypt32

wldap32

winspool.drv

comdlg32

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 96KB - Virtual size: 305KB

.rsrc Size: 173KB - Virtual size: 173KB

.reloc Size: 395KB - Virtual size: 394KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

08:94:a1:11:8b:07:2a:65:46:75:49:a4:f7:77:06:fc
Certificate

2f:35:2e:aa:b6:09:16:e7:a2:d6:cd:80:e5:8a:52:0f:88:85:76:02
Signer

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 96KB - Virtual size: 305KB

.rsrc
Size: 173KB - Virtual size: 173KB

.reloc
Size: 395KB - Virtual size: 394KB