f70ac3a929a53ffc5ec9612c51827bbfb5fd76c6

Sharing

Copy URL Twitter E-mail

General

Target

f70ac3a929a53ffc5ec9612c51827bbfb5fd76c6
Size

1.6MB
MD5

398fa1c927e938893441e5b43934160b
SHA1

f70ac3a929a53ffc5ec9612c51827bbfb5fd76c6
SHA256

f452c8c12eb15c16b1e346839aa75ad35b868aebb28756827270808794d572ea
SHA512

4ec2cf7aeba19aa01aec522cdc83f1939604759fbd8566e23d80c9f7844a80ec2294a4ca224b42d3ccad8ea4ed07956cd5335cae4f16d127f899a46484554cbf
SSDEEP

49152:foMqgMJWHx8R1lOTxoPqlI2x8KTpghojllKRH9BqGvUfsgHSRV51WPtlrrzH7p9p:NMJWHx8L8TGPqr4hojllKRH9BqGvUfs6

Score

1^/10

Malware Config

Signatures

Files

f70ac3a929a53ffc5ec9612c51827bbfb5fd76c6
.exe windows:6 windows x86 arch:x86

9fc21953f3406e277d5f54e7768e1138

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:19

Not After

29/12/2040, 23:59

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:88:b3:12:86:33:50:0b:7f:e1:83:e5:06:cd:fe:00
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Not Before

22/07/2021, 05:54

Not After

28/06/2023, 05:54

Subject

SERIALNUMBER=91350200705487306K,CN=Yealink Network Technology Co.\,Ltd,O=Yealink Network Technology Co.\,Ltd,L=Xiamen,ST=Fujian,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

16:af:37:12:88:2a:f2:9d:00:87:e9:40:6d:b5:de:2c:e8:91:3c:54:a4:00:63:b2:a1:ba:68:95:2a:88:1a:9f
Signer

Actual PE Digest

16:af:37:12:88:2a:f2:9d:00:87:e9:40:6d:b5:de:2c:e8:91:3c:54:a4:00:63:b2:a1:ba:68:95:2a:88:1a:9f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

kernel32

IsDebuggerPresent
OutputDebugStringA
GetCurrentProcessId
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThreadId
TerminateProcess
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
MultiByteToWideChar
WideCharToMultiByte
RtlCaptureContext
CreateFileW
SetUnhandledExceptionFilter
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
GetCurrentProcess
CreateThread
OpenThread
TerminateThread
GetProcessId
VirtualQueryEx
FreeLibrary
GetProcAddress
LoadLibraryW
RaiseException
ProcessIdToSessionId
LocalFileTimeToFileTime
DosDateTimeToFileTime
WriteFile
DuplicateHandle
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
SetEvent
ResetEvent
CreateEventA
CreateMutexA
GetDriveTypeA
DeviceIoControl
Sleep
GetLogicalDriveStringsA
ReadFile
SetFilePointer
GetSystemTimeAsFileTime
FormatMessageA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
GetModuleHandleW
MoveFileW
CancelIo
LoadLibraryA
GetOverlappedResult
SetThreadPriority
TlsGetValue
SetThreadAffinityMask
VerifyVersionInfoA
GetProcessAffinityMask
GetVersionExA
VerSetConditionMask
CreateSemaphoreA
SleepEx
TryEnterCriticalSection
TlsSetValue
TlsAlloc
TlsFree
LoadResource
LockResource
SizeofResource
FindResourceA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
HeapSize
SetEndOfFile
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetProcessHeap
EnumSystemLocalesW
IsValidLocale
ReadConsoleW
SetFilePointerEx
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetACP
GetCommandLineW
GetCommandLineA
HeapReAlloc
HeapFree
HeapAlloc
ExitThread
GetTimeZoneInformation
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindFirstFileExW
FindClose
GetTempPathW
SetFileTime
RemoveDirectoryW
GetFileTime
GetFileAttributesW
DeleteFileW
CreateFileA
CreateDirectoryW
GetCurrentDirectoryW
OpenProcess
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameA
WaitForMultipleObjects
CloseHandle
CreateMutexW
ReleaseMutex
GetLastError
GetLocalTime
GetUserDefaultLCID
FreeResource
GetModuleHandleA
GetExitCodeThread
GetCurrentThread
WaitForSingleObjectEx
CreateEventW
GetFileType
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
LoadLibraryExW
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
OutputDebugStringW
UnregisterWait
RegisterWaitForSingleObject
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTickCount
InitializeCriticalSectionAndSpinCount
SetLastError
GetStringTypeW
DecodePointer
EncodePointer
FormatMessageW

user32

LoadIconA
TranslateMessage
RegisterClassW
DispatchMessageW
RegisterDeviceNotificationW
CreateWindowExW
PostMessageW
DefWindowProcW
GetMessageW
PostQuitMessage
SystemParametersInfoA
SetTimer
KillTimer
DispatchMessageA
PeekMessageA
TrackMouseEvent
DefWindowProcA
RegisterClassA
ReleaseDC
ShowWindow
SetWindowPos
UpdateWindow
SetActiveWindow
InvalidateRect
SetWindowTextW
GetWindowRect
GetWindowLongA
SetWindowLongA
LoadCursorA
BeginPaint
EndPaint
GetDesktopWindow
GetDC
DestroyWindow

gdi32

DeleteObject
GetDIBits
CreateCompatibleBitmap
CreateDIBSection
SelectObject
GetDeviceCaps
DeleteDC
CreateCompatibleDC
BitBlt
GetStockObject

shell32

SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal

advapi32

GetUserNameW
CloseServiceHandle
OpenSCManagerW
OpenServiceA
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

ws2_32

htonl
ntohs
WSAGetLastError
closesocket
shutdown
inet_ntoa
gethostbyname
WSAStartup
accept
bind
getsockname
listen
recv
send
setsockopt
connect
ioctlsocket
WSASetLastError
WSASocketW
WSAPoll
WSACleanup
sendto
inet_addr
htons
ntohl
gethostname
socket

shlwapi

PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

gdiplus

GdipAlloc
GdipFree
GdipCloneImage
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImage
GdipCreateFromHDC
GdipGetImagePixelFormat
GdipImageGetFrameCount
GdipSetClipRegion
GdipDrawImageRectRectI
GdipFillPath
GdipFillEllipse
GdipFillPolygon
GdipFillRectangleI
GdipDrawPath
GdipDrawPolygon
GdipDrawEllipse
GdipDrawRectangleI
GdipDrawLines
GdipDrawLineI
GdipSetTextRenderingHint
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipGetCompositingMode
GdipSetCompositingMode
GdipDeletePen
GdipCreatePen1
GdipSetLinePresetBlend
GdipCreateLineBrushFromRectI
GdipCreateSolidFill
GdipDeleteBrush
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCloneBrush
GdipCombineRegionRectI
GdipCombineRegionRect
GdipSetEmpty
GdipDeleteRegion
GdipCloneRegion
GdipCreateRegion
GdipAddPathArcI
GdipAddPathBezier
GdipAddPathLine
GdipClosePathFigure
GdipStartPathFigure
GdipDeletePath
GdipCreatePath
GdiplusShutdown
GdiplusStartup
GdipSetStringFormatTabStops
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipBitmapGetPixel
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipImageSelectActiveFrame

imm32

ImmAssociateContext

dwmapi

DwmExtendFrameIntoClientArea

Exports

Exports

?acceptRomUpgrade@@YAXXZ
?getConnectErrorCode@@YA?AW4ConnectErrorCode@@XZ
?getDeviceType@@YA?AW4WPPDeviceType@@XZ
?getDownloadProgress@@YA_NAAH00@Z
?getHostType@@YA?AW4HostType@@XZ
?getVersion@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?initLoader@@YA_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?isHostNeedWiFiAdapter@@YA_NXZ
?loader_trace@@YAXHPBD0ZZ
?rejectRomUpgrade@@YAXXZ
?retryUpgrade@@YAXXZ
?setAppNameW@@YAXV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z
?setLoaderEventListener@@YAXV?$function@$$A6AXW4LoaderEvent@@W4WorkState@@@Z@std@@@Z
?setResetScreenCapture@@YAX_N@Z
?uninitLoader@@YAXXZ
comb_create
comb_destroy
comb_process
gbase_evt_canceler
gbase_evt_register
gbase_exit
gbase_init
gbase_log_get
gbase_log_open
gbase_log_set
ghigh_create
ghigh_create2
ghigh_destry
ghigh_destry2
ghigh_recv
ghigh_send
ghigh_send2
ghigh_stat
gmisc_bootram
gmisc_devip
gmisc_file_pull
gmisc_file_pull2
gmisc_file_push
gmisc_file_push2
gmisc_get_location
gmisc_hstip
gmisc_hwver
gmisc_led_get
gmisc_led_set
gmisc_loop_close
gmisc_loop_open
gmisc_loop_send
gmisc_mac
gmisc_reboot
gmisc_runcmd
gmisc_swver
gmisc_upgrade
gmisc_wificonn_set
gmisc_wifidiag_get
gmisc_wifiinfo
heap_callocx
heap_freex
heap_mallocx
heap_reallocx
heap_show
heap_strdupx
hid_close
hid_get_location
hid_get_report_length
hid_init
hid_open
hid_read_timeout
hid_write
mutx_create
mutx_destroy
mutx_lock
mutx_unlock
spin_create
spin_destroy
spin_lock
spin_unlock
tsklet_create
tsklet_destroy
usbio_alloc
usbio_exit
usbio_free
usbio_init
usbio_xmit
usbio_xmit2
vmem_exit
vmem_get
vmem_init
vmem_put
wait_create
wait_destroy
wait_post
wait_wait
wait_wait_timeout

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9fc21953f3406e277d5f54e7768e1138

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate

Extended Key Usages

Key Usages

34:88:b3:12:86:33:50:0b:7f:e1:83:e5:06:cd:fe:00Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

16:af:37:12:88:2a:f2:9d:00:87:e9:40:6d:b5:de:2c:e8:91:3c:54:a4:00:63:b2:a1:ba:68:95:2a:88:1a:9fSigner

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

kernel32

user32

gdi32

shell32

ole32

advapi32

ws2_32

shlwapi

version

gdiplus

imm32

dwmapi

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 266KB - Virtual size: 266KB

.data Size: 27KB - Virtual size: 79KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 251KB - Virtual size: 251KB

.reloc Size: 57KB - Virtual size: 57KB

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

34:88:b3:12:86:33:50:0b:7f:e1:83:e5:06:cd:fe:00
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

16:af:37:12:88:2a:f2:9d:00:87:e9:40:6d:b5:de:2c:e8:91:3c:54:a4:00:63:b2:a1:ba:68:95:2a:88:1a:9f
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 266KB - Virtual size: 266KB

.data
Size: 27KB - Virtual size: 79KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 251KB - Virtual size: 251KB

.reloc
Size: 57KB - Virtual size: 57KB