a6494dc36f12e5cc4ad8b71e1a4d12d84634af26172349aee4e13bbcc269e5ad

Sharing

Copy URL

Twitter E-mail

General

Target

a6494dc36f12e5cc4ad8b71e1a4d12d84634af26172349aee4e13bbcc269e5ad
Size

216KB
MD5

3143d414f84caa5554a083ab55754bf1
SHA1

c1d2114d4a8b16d963d6b2afc2e0b371cf1cff8e
SHA256

a6494dc36f12e5cc4ad8b71e1a4d12d84634af26172349aee4e13bbcc269e5ad
SHA512

1c098f366399670313d4e3b60b64deddaa34683f7590f02f6e8577069d0492b8cdc38ea794f7a8a7f7653a79af28ab4fc0174a9fa3561bf37015ec449139a813
SSDEEP

6144:T++5k/60Y/WEI0uIrm1e5xZNWVYOZIlV0WBV+UdvrEFp7hK1:T++I0uIi10xZNWVKlKWBjvrEH7G

Score

1^/10

Malware Config

Signatures

Files

a6494dc36f12e5cc4ad8b71e1a4d12d84634af26172349aee4e13bbcc269e5ad
.dll windows:5 windows x86 arch:x86

f20a3b53849e6e21f5801d065f7ad1b8

Code Sign

29:2a:98:7b:be:56:94:11:24:cb:7a:5f:2d:6f:87:17
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

20-03-2020 00:00

Not After

11-05-2023 23:59

Subject

CN=UUMART LIMITED,O=UUMART LIMITED,L=Kowloon,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

22-07-2014 00:00

Not After

21-07-2024 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

aa:c4:34:3f:93:09:54:41:86:bd:8f:c0:eb:29:05:b0:43:10:cd:09
Signer

Actual PE Digest

aa:c4:34:3f:93:09:54:41:86:bd:8f:c0:eb:29:05:b0:43:10:cd:09

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libzvc125

ord84
ord83
ord134
ord82
ord3
ord21
ord19
ord20
ord131

gdiplus

GdipCreateBitmapFromFile
GdipDisposeImageAttributes
GdipGetImageVerticalResolution
GdipGetImageWidth
GdipCreateTexture
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipBitmapSetResolution
GdipCreateImageAttributes
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipCreateTextureIA
GdipGetImageHorizontalResolution
GdipDeleteBrush
GdipCloneImage
GdipGetImageEncoders
GdipDisposeImage
GdipDrawImageRectRectI
GdipFillRectangleI
GdipGetImageEncodersSize
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipSaveImageToStream
GdipLoadImageFromStream
GdipScaleTextureTransform

dbghelp

MiniDumpWriteDump

pthreadvc2

pthread_mutex_lock
pthread_mutex_unlock
pthread_mutex_destroy
pthread_mutex_init

msvcp100

?_BADOFF@std@@3_JB
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Xmem@tr1@std@@YAXXZ
?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?id@?$collate@_W@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
_Wcscoll
_Wcsxfrm
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@UAE@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Incref@facet@locale@std@@QAEXXZ
??Bid@locale@std@@QAEIXZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AAV21@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?widen@?$ctype@_W@std@@QBE_WD@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

msvcr100

fseek
fclose
wcschr
towlower
_wtoi
strstr
_vswprintf
wcsrchr
wcsstr
printf
_waccess
strrchr
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
_vsnwprintf
strftime
_localtime64
_time64
_errno
strncpy
feof
_ftelli64
_fseeki64
fopen
ferror
__CxxFrameHandler3
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
realloc
longjmp
ftell
fwrite
fread
_wfopen
_setjmp3
strchr
sprintf_s
malloc
free
??2@YAPAXI@Z
??3@YAXPAX@Z
_wsplitpath
memmove
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
memset
memcpy
floor
_CxxThrowException
atoi

user32

ScreenToClient
SendMessageW
ReleaseDC
GetWindowRect
GetParent
GetDC

ole32

CoTaskMemFree
CreateStreamOnHGlobal

kernel32

GlobalAlloc
GlobalUnlock
GlobalFree
CreateDirectoryW
GlobalLock
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
SetFilePointer
FileTimeToLocalFileTime
FindNextFileW
FindClose
FindFirstFileW
FileTimeToDosDateTime
LocalFileTimeToFileTime
GetFileTime
DosDateTimeToFileTime
GetTempPathW
MultiByteToWideChar
WriteFile
GetSystemTime
GetCurrentDirectoryW
GetLastError
ReadFile
TzSpecificLocalTimeToSystemTime
SetFileTime
SystemTimeToFileTime
lstrcpyW
lstrlenW
GetModuleFileNameW
SetUnhandledExceptionFilter
GetCurrentProcess
CreateFileW
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
WideCharToMultiByte

advapi32

CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData

shell32

SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
ShellExecuteA
SHCreateDirectoryExW

shlwapi

PathRemoveFileSpecW

gdi32

GetDeviceCaps
GetDIBits
DeleteDC
CreateDCW
RealizePalette
SelectPalette
GetObjectW
GetStockObject
CreateFontIndirectW
GetCurrentObject

Exports

Exports

??0BASLock@@QAE@PAX@Z
??0BASTask@@QAE@ABV0@@Z
??0BASTask@@QAE@XZ
??0BASTaskPackage@@QAE@ABV0@@Z
??0BASTaskPackage@@QAE@XZ
??0BASUserDefaults@@AAE@PBDPB_WPAH@Z
??0BASUtilityZip@@QAE@XZ
??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z
??1BASLock@@QAE@XZ
??1BASTask@@UAE@XZ
??1BASTaskPackage@@UAE@XZ
??1BASUserDefaults@@QAE@XZ
??1BASUtilityZip@@QAE@XZ
??4BASDbgReport@@QAEAAV0@ABV0@@Z
??4BASLock@@QAEAAV0@ABV0@@Z
??4BASMemImage@@QAEAAV0@ABV0@@Z
??4BASTask@@QAEAAV0@ABV0@@Z
??4BASTaskManager@@QAEAAV0@ABV0@@Z
??4BASTaskPackage@@QAEAAV0@ABV0@@Z
??4BASUserDefaults@@QAEAAV0@ABV0@@Z
??4BASUtilityApp@@QAEAAV0@ABV0@@Z
??4BASUtilityFile@@QAEAAV0@ABV0@@Z
??4BASUtilityImage@@QAEAAV0@ABV0@@Z
??4BASUtilityString@@QAEAAV0@ABV0@@Z
??4BASUtilitySys@@QAEAAV0@ABV0@@Z
??4BASUtilityUnzip@@QAEAAV0@ABV0@@Z
??4BASUtilityWindow@@QAEAAV0@ABV0@@Z
??4BASUtilityZip@@QAEAAV0@ABV0@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
??_7BASTask@@6B@
??_7BASTaskPackage@@6B@
?AddDir@BASUtilityZip@@QAEAAV1@PBD0@Z
?AddFile@BASUtilityZip@@QAEAAV1@PBD0@Z
?AddTask@BASTaskManager@@QAEXPAVBASTask@@@Z
?AddTask@BASTaskPackage@@QAEXPAVBASTask@@@Z
?CalcFileMD5@BASUtilityFile@@SAPADPBD@Z
?Cancel@BASTask@@UAE_JXZ
?Cancel@BASTaskPackage@@UAE_JXZ
?CompareVersion@BASUtilityString@@SAHPBD0@Z
?ConvertToGray@BASUtilityImage@@SAPAVBitmap@Gdiplus@@PAV23@@Z
?ConvertUnicodeToUtf8@BASUtilityString@@SAPADPB_W@Z
?ConvertUtf8ToAnsi@BASUtilityString@@SAPADPBD@Z
?ConvertUtf8ToUnicode@BASUtilityString@@SAPA_WPBD@Z
?CopyDir@BASUtilityFile@@SAHPB_W0@Z
?CutImage@BASUtilityImage@@SAPAVBitmap@Gdiplus@@PAVImage@3@HHHH@Z
?Exec@BASTask@@UAEXXZ
?Exec@BASTaskPackage@@UAEXXZ
?ExecTaskPackage@BASTaskManager@@QAEXPAVBASTaskPackage@@@Z
?FindTask@BASTaskManager@@QAEPAVBASTask@@_J@Z
?Format@BASUtilityString@@SAPA_WPB_WZZ
?Free@BASUtilityString@@SAXPAX@Z
?GLock@BASLock@@SAXPAX@Z
?GUnLock@BASLock@@SAXPAX@Z
?GetAllTask@BASTaskPackage@@QAEPAXXZ
?GetAppDataDir@BASUtilitySys@@SAPA_WXZ
?GetAppModule@BASUtilityApp@@SAPA_WXZ
?GetBitmap@BASUtilityImage@@SAPAVBitmap@Gdiplus@@PB_WHH@Z
?GetCompileYear@BASUtilitySys@@SAPA_WXZ
?GetCurrentTask@BASTaskPackage@@QAEPAVBASTask@@XZ
?GetCurrentTaskIndex@BASTaskPackage@@QAEHXZ
?GetDCBitmapSize@BASUtilityImage@@SA?AUtagBITMAP@@PAUHDC__@@@Z
?GetDownloadDir@BASUtilitySys@@SAPA_WXZ
?GetEncoderClsid@BASUtilityImage@@SAHPB_WPAU_GUID@@@Z
?GetFileInfo@BASUtilityFile@@SA?AUBASFileInfo1@@PB_W_W@Z
?GetFilePathNewName@BASUtilityFile@@SAPA_WPB_W@Z
?GetFileSize@BASUtilityFile@@SA_JPB_W@Z
?GetFont@BASUtilityApp@@SAPAUHFONT__@@H_NPB_W@Z
?GetInstance@BASTaskManager@@SAPAV1@XZ
?GetInt@BASUserDefaults@@QAEHPBD@Z
?GetNowDateTime@BASUtilitySys@@SAXPADPBD@Z
?GetPath@BASUserDefaults@@QAEPB_WXZ
?GetProductBinDir@BASUtilityApp@@SAPA_WXZ
?GetProductInstallDir@BASUtilityApp@@SAPA_WXZ
?GetProductPluginsDir@BASUtilityApp@@SAPA_WXZ
?GetProductThemesDir@BASUtilityApp@@SAPA_WXZ
?GetRGB@BASUserDefaults@@QAEKPBD@Z
?GetString@BASUserDefaults@@QAEPBDPBD@Z
?GetTaskCount@BASTask@@UAEHXZ
?GetTaskCount@BASTaskPackage@@UAEHXZ
?GetTempDir@BASUtilitySys@@SAPA_WXZ
?GetUserDefaults@BASUserDefaults@@SAPAV1@PBD@Z
?GetValueObject@BASUserDefaults@@QAEPAXPBD@Z
?GetWindowRelativeRect@BASUtilityWindow@@SA?AVCRect@WTL@@PAUHWND__@@@Z
?HasMember@BASUserDefaults@@QAE_NPBD@Z
?InitStandardUserDefaults@BASUserDefaults@@SA_NPB_W0@Z
?InitUserDefaults@BASUserDefaults@@SA_NPBDPB_W@Z
?IsFileExist@BASUtilityFile@@SA_NPBD@Z
?IsFileExist@BASUtilityFile@@SA_NPB_W@Z
?IsNullOrEmpty@BASUtilityString@@SA_NPBD@Z
?IsOk@BASUserDefaults@@QAE_NXZ
?IsSimpleEmailFormat@BASUtilityString@@SA_NPB_W@Z
?IsSpace@BASUtilityString@@SAHH@Z
?IsSupportFilePosfix@BASUtilityFile@@SA_NPBD0@Z
?IsSupportFilePosfix@BASUtilityFile@@SA_NPB_W0@Z
?Notify@BASTask@@UAEXXZ
?OpenFolder@BASUtilityApp@@SAXPB_W@Z
?OpenUrl@BASUtilityApp@@SAXPBD@Z
?ReadAll@BASUserDefaults@@AAE_NXZ
?RecvMessage@BASTaskPackage@@QAEXPAVBASTask@@@Z
?RegisterCrashFilter@BASDbgReport@@QAEXPB_WP6AX0@ZP6AX0PAPA_W@Z@Z
?RemoveDir@BASUtilityFile@@SAHPB_W@Z
?SaveBitmapToFile@BASUtilityImage@@SA_NPAUHBITMAP__@@PA_W@Z
?ScaleImage@BASUtilityImage@@SAPAVBitmap@Gdiplus@@PAVImage@3@HH@Z
?SelectFolder@BASUtilityFile@@SAPA_WPAUHWND__@@PB_W@Z
?SetFileCreateAndModifyTime@BASUtilityFile@@SA_NPB_W0@Z
?SetInt@BASUserDefaults@@QAEXPBDH@Z
?SetString@BASUserDefaults@@QAEXPBD0@Z
?StandardUserDefaults@BASUserDefaults@@SAPAV1@XZ
?Strdup@BASUtilityString@@SAPADPBD@Z
?TimeFormat@BASUtilitySys@@SAX_JPADPBD@Z
?ToZip@BASUtilityZip@@QAE_NPBD0@Z
?UnicodeToAnsi@BASUtilityString@@SAPADPB_W@Z
?UnzipFile@BASUtilityUnzip@@SA_NPB_W0@Z
?Wcsdup@BASUtilityString@@SAPA_WPB_W@Z
?WriteAll@BASUserDefaults@@QAEXXZ
?ZLGetFormatSizeFromBytes@BASUtilityFile@@SAPA_W_K@Z
?mi_from_memory@BASMemImage@@SAPAVImage@Gdiplus@@PBXI@Z
?mi_to_memory@BASMemImage@@SAPAXPAVImage@Gdiplus@@PAPAXPAI@Z

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f20a3b53849e6e21f5801d065f7ad1b8

Code Sign

29:2a:98:7b:be:56:94:11:24:cb:7a:5f:2d:6f:87:17Certificate

Extended Key Usages

Key Usages

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8Certificate

Extended Key Usages

Key Usages

aa:c4:34:3f:93:09:54:41:86:bd:8f:c0:eb:29:05:b0:43:10:cd:09Signer

Headers

DLL Characteristics

File Characteristics

Imports

libzvc125

gdiplus

dbghelp

pthreadvc2

msvcp100

msvcr100

user32

ole32

kernel32

advapi32

shell32

shlwapi

gdi32

Exports

Exports

Sections

.text Size: 94KB - Virtual size: 93KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

29:2a:98:7b:be:56:94:11:24:cb:7a:5f:2d:6f:87:17
Certificate

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8
Certificate

aa:c4:34:3f:93:09:54:41:86:bd:8f:c0:eb:29:05:b0:43:10:cd:09
Signer

.text
Size: 94KB - Virtual size: 93KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB