Multilingual-PackageiVMS-4200_3[.]10[.]1[.]5[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Multilingual-PackageiVMS-4200_3.10.1.5.exe
Size

41.7MB
MD5

4cb61ee0d723ffac8fec2a730bc4a097
SHA1

c45fcfdde5ed69d602769e2faef2e7f6fd267a28
SHA256

ec997a3ceccb866c494b9336262b94ecde8871f44439934594c63636826753e3
SHA512

659321350f7ec30bfea2b6b69b52d0a36777dde287e57f5fd01abaab537298fddfd968c36c3f0ca398d2694b992946c339ae462539eb8e4853dc193da4f6efdb
SSDEEP

786432:v5WhDSIg6pZrXs++m0mp1fucO0lbka0Pvx6DHeBs9BX394iq:vMhDSjur9ph5O0Xqvx6yK9N+b

Score

1^/10

Malware Config

Signatures

Files

Multilingual-PackageiVMS-4200_3.10.1.5.exe
.exe windows:6 windows x86 arch:x86

c0da6dd2cb3d6ae188876851095ba722

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

76:c1:77:bc:d7:e6:b6:e1:0b:9f:15:45
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 08:09

Not After

27/05/2024, 08:09

Subject

CN=Hangzhou Hikvision Digital Tech.Co.\,Ltd,O=Hangzhou Hikvision Digital Tech.Co.\,Ltd,L=HANGZHOU,ST=ZHEJIANG,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d3:69:74:df:39:ac:e8:e0:8b:bb:c1:29:d7:89:b6:01:9d:2e:e8:77:b2:23:97:96:53:31:65:ce:6f:b8:c9:c5
Signer

Actual PE Digest

d3:69:74:df:39:ac:e8:e0:8b:bb:c1:29:d7:89:b6:01:9d:2e:e8:77:b2:23:97:96:53:31:65:ce:6f:b8:c9:c5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
LCMapStringW
GetStringTypeW
GetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
FindFirstFileExA
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualQuery
VirtualAlloc
GetSystemInfo
GetModuleHandleExW
ExitProcess
RtlUnwind
OutputDebugStringW
GetFileType
GetTimeZoneInformation
FindNextFileA
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CreateFileW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
GetProfileIntA
GetTickCount
SearchPathA
Sleep
GetWindowsDirectoryA
GetTempFileNameA
FindResourceExW
SetErrorMode
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
GetCurrentDirectoryA
GetFileAttributesA
GetACP
VerifyVersionInfoA
lstrcpyA
VerSetConditionMask
GetOEMCP
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
FileTimeToSystemTime
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GlobalFlags
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
GetThreadLocale
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
FindFirstFileA
FindClose
DeleteFileA
InitializeCriticalSectionAndSpinCount
lstrcmpA
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
EncodePointer
ResumeThread
SuspendThread
SetThreadPriority
GetCurrentThreadId
CreateEventA
WaitForSingleObject
SetEvent
LoadLibraryW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
OutputDebugStringA
SetLastError
CopyFileA
FormatMessageA
LocalFree
GlobalFree
GlobalSize
GlobalAlloc
GetCurrentProcessId
MulDiv
GlobalUnlock
GlobalLock
GetEnvironmentVariableA
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
HeapFree
GetSystemWow64DirectoryA
CreateMutexA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetModuleFileNameA
GetSystemDirectoryA
TerminateProcess
OpenProcess
CloseHandle
WriteFile
CreateFileA
GetDiskFreeSpaceA
GetLastError
GetProcAddress
FreeLibrary
LoadLibraryA
GetTempPathA
lstrcmpiA
lstrlenA
FreeResource
FindResourceW
SizeofResource
GetVersion
LockResource
LoadResource
FindResourceA
GetCPInfo
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
SetStdHandle
WriteConsoleW

user32

SetWindowContextHelpId
EndDialog
CreateDialogIndirectParamA
CopyImage
IsRectEmpty
ReleaseCapture
SetCapture
GetNextDlgGroupItem
IsDialogMessageA
SetWindowTextA
SendDlgItemMessageA
CheckDlgButton
MoveWindow
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconA
UnhookWindowsHookEx
GetWindow
GetTopWindow
GetClassNameA
GetClassLongA
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
CallNextHookEx
SetWindowsHookExA
GetCursorPos
ValidateRect
GetKeyState
IsWindowVisible
PeekMessageA
DispatchMessageA
TranslateMessage
GetMessageA
IntersectRect
DestroyMenu
MapVirtualKeyA
GetKeyNameTextA
GetMenuStringA
GetLastActivePopup
GetWindowThreadProcessId
IsWindowEnabled
MapDialogRect
CharUpperA
PostQuitMessage
CopyRect
GetSysColor
FillRect
DrawEdge
SetRect
ScreenToClient
EndPaint
BeginPaint
GetWindowDC
PtInRect
SetRectEmpty
IsWindow
KillTimer
UnregisterClassA
wsprintfA
ShowWindow
DrawIcon
IsIconic
SetTimer
SetWindowRgn
GetSystemMenu
LoadIconW
DrawFrameControl
ShowOwnedPopups
RealChildWindowFromPoint
BringWindowToTop
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
InsertMenuItemA
UnpackDDElParam
ReuseDDElParam
LoadCursorA
GetAsyncKeyState
SetParent
LoadCursorW
EnumDisplayMonitors
MessageBoxA
SetLayeredWindowAttributes
SetWindowLongA
LoadBitmapA
CharToOemBuffA
LoadImageA
CreateIconIndirect
GetIconInfo
DrawStateA
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
LoadImageW
UnionRect
UpdateLayeredWindow
EnableScrollBar
MonitorFromPoint
GetMenuItemInfoA
DrawTextA
SystemParametersInfoA
DrawIconEx
DestroyIcon
GetSystemMetrics
GetDesktopWindow
GetDC
ReleaseDC
AppendMenuA
GetMenuItemCount
InsertMenuA
ModifyMenuA
GetMenuState
GetMenuItemID
CreateMenu
CreatePopupMenu
GetSysColorBrush
LoadBitmapW
RemoveMenu
DeleteMenu
GetSubMenu
EnableWindow
TabbedTextOutA
DrawTextExA
GrayStringA
DestroyCursor
GetWindowLongA
SendMessageA
IsMenu
GetNextDlgTabItem
GetParent
GetDoubleClickTime
SetCursor
InvalidateRect
ClientToScreen
WindowFromPoint
GetActiveWindow
GetWindowRect
PostMessageA
FrameRect
InflateRect
OffsetRect
DrawFocusRect
GetClientRect
CopyIcon
DestroyAcceleratorTable
SetClassLongA
GetUpdateRect
GetKeyboardLayout
GetKeyboardState
ToAsciiEx
LoadAcceleratorsW
CreateAcceleratorTableA
RegisterClipboardFormatA
CharUpperBuffA
PostThreadMessageA
HideCaret
InvertRect
SubtractRect
IsCharLowerA
MapVirtualKeyExA
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
GetComboBoxInfo
GetWindowRgn
LockWindowUpdate
SetCursorPos
WaitMessage
IsClipboardFormatAvailable
InvalidateRgn
CopyAcceleratorTableA
CharNextA
SetMenuDefaultItem
GetMenuDefaultItem
NotifyWinEvent
MessageBeep
LoadMenuW
IsZoomed
TrackMouseEvent

gdi32

CreateBitmap
SetBkColor
SetTextColor
CreateFontA
StretchBlt
CreateRoundRectRgn
CreatePatternBrush
CreateRectRgn
ExcludeClipRect
GetClipBox
GetObjectType
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextAlign
MoveToEx
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
GetStockObject
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CopyMetaFileA
CreateDCA
CreateRectRgnIndirect
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
GetBkColor
CreateEllipticRgn
GetTextColor
CreatePolygonRgn
Polygon
Polyline
GetTextMetricsA
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
RealizePalette
SetDIBColorTable
GetRgnBox
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
EnumFontFamiliesExA
GetNearestPaletteIndex
GetSystemPaletteEntries
LPtoDP
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
GetTextFaceA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
Rectangle
CreateHatchBrush
PatBlt
SetPixel
GetPixel
GetObjectA
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
Ellipse
GetTextExtentPoint32A
CreateFontIndirectA
GetBkMode
CreatePen
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
OffsetViewportOrgEx
GetTextExtentPoint32W
CreateCompatibleDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegEnumValueA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteValueA

shell32

ShellExecuteExA
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHAppBarMessage
DragFinish
DragQueryFileA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHGetFileInfoA

comctl32

ImageList_GetImageCount
ImageList_GetIcon
_TrackMouseEvent
ImageList_Draw
InitCommonControlsEx

shlwapi

PathIsUNCA
PathStripToRootA
PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecW
StrFormatKBSizeA

uxtheme

GetCurrentThemeName
GetThemeSysColor
GetWindowTheme
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
IsAppThemed
DrawThemeParentBackground
GetThemeColor
DrawThemeText

ole32

RevokeDragDrop
OleLockRunning
CoInitializeEx
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoRevokeClassObject
CoRegisterMessageFilter
CoLockObjectExternal
OleGetClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CreateStreamOnHGlobal
CoDisconnectObject
CoCreateGuid
CLSIDFromProgID
CLSIDFromString
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoInitialize
RegisterDragDrop

oleaut32

VarBstrFromDate
VariantCopy
OleCreateFontIndirect
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocString
LoadTypeLi
VariantChangeType
VariantClear
VariantInit
SysAllocStringByteLen
SysFreeString
SysAllocStringLen

oledlg

ord8

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipDrawImageRectI
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipCreateBitmapFromHBITMAP

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundA

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 329KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39.6MB - Virtual size: 39.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0da6dd2cb3d6ae188876851095ba722

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

76:c1:77:bc:d7:e6:b6:e1:0b:9f:15:45Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

d3:69:74:df:39:ac:e8:e0:8b:bb:c1:29:d7:89:b6:01:9d:2e:e8:77:b2:23:97:96:53:31:65:ce:6f:b8:c9:c5Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

version

oleacc

imm32

winmm

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 329KB - Virtual size: 328KB

.data Size: 24KB - Virtual size: 48KB

.gfids Size: 107KB - Virtual size: 107KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 39.6MB - Virtual size: 39.6MB

.reloc Size: 129KB - Virtual size: 129KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

76:c1:77:bc:d7:e6:b6:e1:0b:9f:15:45
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

d3:69:74:df:39:ac:e8:e0:8b:bb:c1:29:d7:89:b6:01:9d:2e:e8:77:b2:23:97:96:53:31:65:ce:6f:b8:c9:c5
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 329KB - Virtual size: 328KB

.data
Size: 24KB - Virtual size: 48KB

.gfids
Size: 107KB - Virtual size: 107KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 39.6MB - Virtual size: 39.6MB

.reloc
Size: 129KB - Virtual size: 129KB