7554737159418757b266dca843158e75f82b47ba51e8680fd6a9ec83508b7c5e

Sharing

Copy URL Twitter E-mail

General

Target

7554737159418757b266dca843158e75f82b47ba51e8680fd6a9ec83508b7c5e
Size

1.6MB
MD5

7915e8c2bd736344693ed0f28707337c
SHA1

e385f3bb991129d1c4f3bf8b6632a3977fec62f3
SHA256

7554737159418757b266dca843158e75f82b47ba51e8680fd6a9ec83508b7c5e
SHA512

577100168f6bdeefecb5024181c701ca0beb5a5d0b7a2f52bced9e32633bfbde3ecf75c74ad415029edfd6be27b8795214239ee943c1672b7384fb378d2aba19
SSDEEP

49152:zrwo3ecMndby4r4+UjAwj0Oylh2u8G+h0ma7sEj:zp3eZby4klAwIBhWG+6TQG

Score

1^/10

Malware Config

Signatures

Files

7554737159418757b266dca843158e75f82b47ba51e8680fd6a9ec83508b7c5e
.zip
winlog.dll
.dll windows:6 windows x86 arch:x86

84c8bc3d59f56f59cb961e76d2fd16dc

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:df:5f:97:fb:73:8d:73:04:94:13:de:a5:ce:46:4c
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/11/2020, 00:00

Not After

05/12/2023, 23:59

Subject

CN=天津斐文网络科技有限公司,O=天津斐文网络科技有限公司,ST=天津市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:30:e6:02:78:74:57:f6:fa:17:36:45:4d:7f:65:ec
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/11/2020, 00:00

Not After

05/12/2023, 23:59

Subject

CN=天津斐文网络科技有限公司,O=天津斐文网络科技有限公司,ST=天津市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:58:b5:a9:fb:26:ff:0a:c4:d2:dd:9e:87:19:bd:6c:83:26:39:96:e4:26:89:1a:7d:0f:93:cf:96:a7:9a:48
Signer

Actual PE Digest

17:58:b5:a9:fb:26:ff:0a:c4:d2:dd:9e:87:19:bd:6c:83:26:39:96:e4:26:89:1a:7d:0f:93:cf:96:a7:9a:48

Digest Algorithm

sha256

PE Digest Matches

true

cd:63:e8:58:bd:eb:12:a0:c6:68:40:a0:4e:b3:ab:c8:7f:38:3c:3e
Signer

Actual PE Digest

cd:63:e8:58:bd:eb:12:a0:c6:68:40:a0:4e:b3:ab:c8:7f:38:3c:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameW
GetPrivateProfileStringW
GetSystemDefaultLocaleName
InitializeCriticalSectionEx
GetLastError
RaiseException
DecodePointer
FindResourceExW
LocalFree
GetWindowsDirectoryW
FileTimeToSystemTime
SystemTimeToFileTime
CreateFileW
WriteConsoleW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
SetStdHandle
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
CloseHandle
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetStdHandle
GetFileType
LCMapStringW

user32

CharLowerBuffW

advapi32

RegQueryInfoKeyW
ConvertSidToStringSidW
LookupAccountNameW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHChangeNotify
SHGetFolderPathW

shlwapi

PathAppendW
PathAddBackslashW
SHDeleteValueW
PathFileExistsW
SHGetValueW
StrCmpIW
StrToIntW
PathCanonicalizeW
SHDeleteKeyW
StrStrIW
PathFindExtensionW
PathRemoveFileSpecW

secur32

GetUserNameExW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

IsAllAssociationOK
IsAssociationOK
RegisterTypes
SetAllImageViewer
SetAssociation
SetDefaultImageViewer
UnInstall

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winlog2.dll
.dll windows:5 windows x86 arch:x86

147e8a8caf3aadd4f149547628c13912

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:6b:25:fe:94:a3:6f:3e:63:39:da:90:56:f9:de:02
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14/12/2022, 00:00

Not After

14/12/2024, 23:59

Subject

CN=深圳市常青藤软件科技有限公司,O=深圳市常青藤软件科技有限公司,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

67:24:e0:7f:8e:3d:7e:a2:18:d5:3a:15:4c:cf:3f:1f:b8:66:70:b5:97:42:9f:0c:5c:0e:d2:78:d0:59:2d:9a
Signer

Actual PE Digest

67:24:e0:7f:8e:3d:7e:a2:18:d5:3a:15:4c:cf:3f:1f:b8:66:70:b5:97:42:9f:0c:5c:0e:d2:78:d0:59:2d:9a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapSize
CreateToolhelp32Snapshot
GetLastError
Process32NextW
LockResource
DeleteFileW
Process32FirstW
HeapReAlloc
CloseHandle
RaiseException
LoadLibraryW
FindResourceExW
LoadResource
OpenProcess
HeapAlloc
DecodePointer
HeapDestroy
GetProcAddress
LocalFree
DeleteCriticalSection
GetProcessHeap
FreeLibrary
lstrcpyW
CreateFileW
WriteConsoleW
SetFilePointerEx
LocalAlloc
InitializeCriticalSectionAndSpinCount
ExpandEnvironmentStringsW
HeapFree
FindResourceW
SizeofResource
SetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
GetStdHandle
GetFileType
GetACP
FindClose
FindFirstFileExA

user32

LoadStringW

advapi32

SetNamedSecurityInfoW
GetNamedSecurityInfoW
OpenProcessToken
GetTokenInformation
SetEntriesInAclW

shell32

ord190
SHGetFolderPathW
ord165
ord155
SHGetPropertyStoreFromParsingName

ole32

CoUninitialize
CoCreateInstance
CoInitialize
PropVariantClear

oleaut32

SysAllocString
SysFreeString
VariantClear

shlwapi

SHStrDupW
PathRemoveFileSpecW
PathFileExistsW

Exports

Exports

AllowAccountPrivilege
CreateDesktopShortcut
CreateStartShortcut
CreateTaskbarShortcut
IsOSWin11
IsOSWin7
UnpinFromTaskbar

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winlogon.exe
.exe windows:4 windows x86 arch:x86

ddc58f86d3fbb93d7c1dc2f2c9b186ee

Code Sign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:da:d3:e9:0a:39:04:28:c4:d2:2d:f6:ac:7d:11:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

01/09/2014, 00:00

Not After

30/11/2017, 23:59

Subject

CN=xiamen chinasource internet service co.\,ltd.,OU=technology development center,O=xiamen chinasource internet service co.\,ltd.,L=Xiamen,ST=Fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:6f:b3:44:fe:f5:41:00:34:8d:03:59:8a:51:49:9c:97:69:da:73
Signer

Actual PE Digest

31:6f:b3:44:fe:f5:41:00:34:8d:03:59:8a:51:49:9c:97:69:da:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
RtlUnwind
RaiseException
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
GetThreadLocale
GetModuleHandleA
InterlockedDecrement
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GetCurrentProcessId
SetLastError
FormatMessageW
LocalFree
MulDiv
GlobalAddAtomW
FreeResource
WritePrivateProfileStringW
GlobalDeleteAtom
GetCurrentThreadId
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
CompareStringA
FreeLibrary
GetModuleHandleW
GetProcAddress
GetTickCount
lstrlenW
InterlockedExchange
GetPrivateProfileIntW
EnterCriticalSection
LeaveCriticalSection
FindNextFileW
FindFirstFileW
Sleep
FindClose
CreateThread
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetPrivateProfileStringW
GetCurrentDirectoryW
Process32NextW
lstrcmpW
CloseHandle
Process32FirstW
CreateToolhelp32Snapshot
GetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
GetLastError
ReadFile
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
CreatePipe
lstrcatW
lstrcpyW
GetEnvironmentVariableW
GetShortPathNameW
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentThread
SetThreadPriority
GetCurrentProcess
GetFileType
SetPriorityClass

user32

RegisterClipboardFormatW
PostThreadMessageW
GetSysColorBrush
CharUpperW
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DestroyMenu
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
DefWindowProcW
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowTextW
SetFocus
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
CheckMenuItem
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
PostQuitMessage
GetSystemMetrics
CallWindowProcW
GetWindowLongW
GetWindow
SetWindowLongW
ScreenToClient
CopyRect
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
ReleaseDC
GetDC
IsRectEmpty
SetRect
CopyAcceleratorTableW
CharNextW
GetWindowPlacement
OffsetRect
GetKeyState
IsZoomed
LoadBitmapW
PtInRect
ReleaseCapture
GetCapture
SetCapture
LoadCursorW
SetCursor
ClientToScreen
IsWindowVisible
WindowFromPoint
GetCursorPos
SendMessageW
GetFocus
SetTimer
GetWindowRect
KillTimer
GetForegroundWindow
DrawFocusRect
InvalidateRect
PostMessageW
SetForegroundWindow
GetParent
RedrawWindow
EnableWindow
LoadIconW
EnableMenuItem
FillRect
GetSystemMenu
GetClientRect
UnregisterClassA

gdi32

Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
TextOutW
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
SetMapMode
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
CreateFontW
SetBkMode
RestoreDC
SaveDC
ExtTextOutW
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateBitmap
CreateCompatibleBitmap
SetDIBColorTable
DeleteDC
CreateDIBSection
StretchBlt
BitBlt
GetObjectW
CreateCompatibleDC
Rectangle
GetStockObject
SelectObject
CreatePen
CreateSolidBrush
DeleteObject
GetTextExtentPoint32W

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyW
RegQueryValueExW
RegQueryValueW
RegOpenKeyW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

shell32

SHChangeNotify
ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoUninitialize
OleFlushClipboard
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
CoRegisterMessageFilter
CoInitialize

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen

gdiplus

GdipGetImageGraphicsContext
GdipDrawImageI
GdipGetImagePaletteSize
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRect
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromFile
GdipLoadImageFromStream
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePixelFormat
GdipCreateFromHDC
GdipGetImagePalette

Sections

.text
Size: 276KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
winlogonCHS.dll
.dll windows:6 windows x86 arch:x86

d324b3c00a15a2cdd5591d877244fbdc

Code Sign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:da:d3:e9:0a:39:04:28:c4:d2:2d:f6:ac:7d:11:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

01/09/2014, 00:00

Not After

30/11/2017, 23:59

Subject

CN=xiamen chinasource internet service co.\,ltd.,OU=technology development center,O=xiamen chinasource internet service co.\,ltd.,L=Xiamen,ST=Fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:be:23:e5:77:f3:e1:ac:ad:03:2f:6f:bb:20:e8:f7:97:8b:23:bc
Signer

Actual PE Digest

4f:be:23:e5:77:f3:e1:ac:ad:03:2f:6f:bb:20:e8:f7:97:8b:23:bc

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

AcquireSRWLockExclusive
CloseHandle
CreateFileW
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
MultiByteToWideChar
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSRWLockExclusive
RtlUnwind
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WakeAllConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

user32

UnregisterClassA

ws2_32

closesocket
recv

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84c8bc3d59f56f59cb961e76d2fd16dc

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

09:df:5f:97:fb:73:8d:73:04:94:13:de:a5:ce:46:4cCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

01:30:e6:02:78:74:57:f6:fa:17:36:45:4d:7f:65:ecCertificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

17:58:b5:a9:fb:26:ff:0a:c4:d2:dd:9e:87:19:bd:6c:83:26:39:96:e4:26:89:1a:7d:0f:93:cf:96:a7:9a:48Signer

cd:63:e8:58:bd:eb:12:a0:c6:68:40:a0:4e:b3:ab:c8:7f:38:3c:3eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

secur32

version

Exports

Exports

Sections

.text Size: 122KB - Virtual size: 121KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

147e8a8caf3aadd4f149547628c13912

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

02:6b:25:fe:94:a3:6f:3e:63:39:da:90:56:f9:de:02Certificate

Extended Key Usages

Key Usages

67:24:e0:7f:8e:3d:7e:a2:18:d5:3a:15:4c:cf:3f:1f:b8:66:70:b5:97:42:9f:0c:5c:0e:d2:78:d0:59:2d:9aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

09:df:5f:97:fb:73:8d:73:04:94:13:de:a5:ce:46:4c
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

01:30:e6:02:78:74:57:f6:fa:17:36:45:4d:7f:65:ec
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

17:58:b5:a9:fb:26:ff:0a:c4:d2:dd:9e:87:19:bd:6c:83:26:39:96:e4:26:89:1a:7d:0f:93:cf:96:a7:9a:48
Signer

cd:63:e8:58:bd:eb:12:a0:c6:68:40:a0:4e:b3:ab:c8:7f:38:3c:3e
Signer

.text
Size: 122KB - Virtual size: 121KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

02:6b:25:fe:94:a3:6f:3e:63:39:da:90:56:f9:de:02
Certificate

67:24:e0:7f:8e:3d:7e:a2:18:d5:3a:15:4c:cf:3f:1f:b8:66:70:b5:97:42:9f:0c:5c:0e:d2:78:d0:59:2d:9a
Signer

.text
Size: 78KB - Virtual size: 77KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

56:da:d3:e9:0a:39:04:28:c4:d2:2d:f6:ac:7d:11:3e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

31:6f:b3:44:fe:f5:41:00:34:8d:03:59:8a:51:49:9c:97:69:da:73
Signer

.text
Size: 276KB - Virtual size: 273KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 28KB - Virtual size: 26KB

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

56:da:d3:e9:0a:39:04:28:c4:d2:2d:f6:ac:7d:11:3e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4f:be:23:e5:77:f3:e1:ac:ad:03:2f:6f:bb:20:e8:f7:97:8b:23:bc
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 30KB - Virtual size: 33KB

.00cfg
Size: 512B - Virtual size: 8B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 32KB - Virtual size: 32KB