c293401d1f17cae451a151ceb2713a83d1f085060701999d0406ddc1fa8061e1

Sharing

Copy URL

Twitter E-mail

General

Target

c293401d1f17cae451a151ceb2713a83d1f085060701999d0406ddc1fa8061e1
Size

216KB
MD5

fd0cff720e49a15781ce18e6c0766c23
SHA1

d1c0244ebd99abaf7e1be1654e241ebb953f467a
SHA256

c293401d1f17cae451a151ceb2713a83d1f085060701999d0406ddc1fa8061e1
SHA512

9bfb0b25223c4cd95851e7be3707ad08ab61e5d3f3383ebe0a7725747bb1adfbc2e7c9a37c2142a4e8f96cab9b57dd73bde124fa562a7ee8959df0a029389d60
SSDEEP

6144:TBzQk/60Y/WEI0uIrm1eBxZNWVYOZIlV0WBV+UdvrEFp7hKQ:TBzj0uIi14xZNWVKlKWBjvrEH7D

Score

1^/10

Malware Config

Signatures

Files

c293401d1f17cae451a151ceb2713a83d1f085060701999d0406ddc1fa8061e1
.dll windows:5 windows x86 arch:x86

f20a3b53849e6e21f5801d065f7ad1b8

Code Sign

29:2a:98:7b:be:56:94:11:24:cb:7a:5f:2d:6f:87:17
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

20-03-2020 00:00

Not After

11-05-2023 23:59

Subject

CN=UUMART LIMITED,O=UUMART LIMITED,L=Kowloon,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

22-07-2014 00:00

Not After

21-07-2024 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

15:74:4c:9a:23:53:63:ef:ca:ae:2a:83:ce:a2:54:64:66:33:82:43
Signer

Actual PE Digest

15:74:4c:9a:23:53:63:ef:ca:ae:2a:83:ce:a2:54:64:66:33:82:43

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libzvc125

ord84
ord83
ord134
ord82
ord3
ord21
ord19
ord20
ord131

gdiplus

GdipCreateBitmapFromFile
GdipDisposeImageAttributes
GdipGetImageVerticalResolution
GdipGetImageWidth
GdipCreateTexture
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipBitmapSetResolution
GdipCreateImageAttributes
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipCreateTextureIA
GdipGetImageHorizontalResolution
GdipDeleteBrush
GdipCloneImage
GdipGetImageEncoders
GdipDisposeImage
GdipDrawImageRectRectI
GdipFillRectangleI
GdipGetImageEncodersSize
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipSaveImageToStream
GdipLoadImageFromStream
GdipScaleTextureTransform

dbghelp

MiniDumpWriteDump

pthreadvc2

pthread_mutex_lock
pthread_mutex_unlock
pthread_mutex_destroy
pthread_mutex_init

msvcp100

?_BADOFF@std@@3_JB
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Xmem@tr1@std@@YAXXZ
?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?id@?$collate@_W@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
_Wcscoll
_Wcsxfrm
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@UAE@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Incref@facet@locale@std@@QAEXXZ
??Bid@locale@std@@QAEIXZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AAV21@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?widen@?$ctype@_W@std@@QBE_WD@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

msvcr100

fseek
fclose
wcschr
towlower
_wtoi
strstr
_vswprintf
wcsrchr
wcsstr
printf
_waccess
strrchr
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
_vsnwprintf
strftime
_localtime64
_time64
_errno
strncpy
feof
_ftelli64
_fseeki64
fopen
ferror
__CxxFrameHandler3
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
realloc
longjmp
ftell
fwrite
fread
_wfopen
_setjmp3
strchr
sprintf_s
malloc
free
??2@YAPAXI@Z
??3@YAXPAX@Z
_wsplitpath
memmove
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
memset
memcpy
floor
_CxxThrowException
atoi

user32

ScreenToClient
SendMessageW
ReleaseDC
GetWindowRect
GetParent
GetDC

ole32

CoTaskMemFree
CreateStreamOnHGlobal

kernel32

GlobalAlloc
GlobalUnlock
GlobalFree
CreateDirectoryW
GlobalLock
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
SetFilePointer
FileTimeToLocalFileTime
FindNextFileW
FindClose
FindFirstFileW
FileTimeToDosDateTime
LocalFileTimeToFileTime
GetFileTime
DosDateTimeToFileTime
GetTempPathW
MultiByteToWideChar
WriteFile
GetSystemTime
GetCurrentDirectoryW
GetLastError
ReadFile
TzSpecificLocalTimeToSystemTime
SetFileTime
SystemTimeToFileTime
lstrcpyW
lstrlenW
GetModuleFileNameW
SetUnhandledExceptionFilter
GetCurrentProcess
CreateFileW
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
WideCharToMultiByte

advapi32

CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData

shell32

SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
ShellExecuteA
SHCreateDirectoryExW

shlwapi

PathRemoveFileSpecW

gdi32

GetDeviceCaps
GetDIBits
DeleteDC
CreateDCW
RealizePalette
SelectPalette
GetObjectW
GetStockObject
CreateFontIndirectW
GetCurrentObject

Exports

Exports

??0BASLock@@QAE@PAX@Z
??0BASTask@@QAE@ABV0@@Z
??0BASTask@@QAE@XZ
??0BASTaskPackage@@QAE@ABV0@@Z
??0BASTaskPackage@@QAE@XZ
??0BASUserDefaults@@AAE@PBDPB_WPAH@Z
??0BASUtilityZip@@QAE@XZ
??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z
??1BASLock@@QAE@XZ
??1BASTask@@UAE@XZ
??1BASTaskPackage@@UAE@XZ
??1BASUserDefaults@@QAE@XZ
??1BASUtilityZip@@QAE@XZ
??4BASDbgReport@@QAEAAV0@ABV0@@Z
??4BASLock@@QAEAAV0@ABV0@@Z
??4BASMemImage@@QAEAAV0@ABV0@@Z
??4BASTask@@QAEAAV0@ABV0@@Z
??4BASTaskManager@@QAEAAV0@ABV0@@Z
??4BASTaskPackage@@QAEAAV0@ABV0@@Z
??4BASUserDefaults@@QAEAAV0@ABV0@@Z
??4BASUtilityApp@@QAEAAV0@ABV0@@Z
??4BASUtilityFile@@QAEAAV0@ABV0@@Z
??4BASUtilityImage@@QAEAAV0@ABV0@@Z
??4BASUtilityString@@QAEAAV0@ABV0@@Z
??4BASUtilitySys@@QAEAAV0@ABV0@@Z
??4BASUtilityUnzip@@QAEAAV0@ABV0@@Z
??4BASUtilityWindow@@QAEAAV0@ABV0@@Z
??4BASUtilityZip@@QAEAAV0@ABV0@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
??_7BASTask@@6B@
??_7BASTaskPackage@@6B@
?AddDir@BASUtilityZip@@QAEAAV1@PBD0@Z
?AddFile@BASUtilityZip@@QAEAAV1@PBD0@Z
?AddTask@BASTaskManager@@QAEXPAVBASTask@@@Z
?AddTask@BASTaskPackage@@QAEXPAVBASTask@@@Z
?CalcFileMD5@BASUtilityFile@@SAPADPBD@Z
?Cancel@BASTask@@UAE_JXZ
?Cancel@BASTaskPackage@@UAE_JXZ
?CompareVersion@BASUtilityString@@SAHPBD0@Z
?ConvertToGray@BASUtilityImage@@SAPAVBitmap@Gdiplus@@PAV23@@Z
?ConvertUnicodeToUtf8@BASUtilityString@@SAPADPB_W@Z
?ConvertUtf8ToAnsi@BASUtilityString@@SAPADPBD@Z
?ConvertUtf8ToUnicode@BASUtilityString@@SAPA_WPBD@Z
?CopyDir@BASUtilityFile@@SAHPB_W0@Z
?CutImage@BASUtilityImage@@SAPAVBitmap@Gdiplus@@PAVImage@3@HHHH@Z
?Exec@BASTask@@UAEXXZ
?Exec@BASTaskPackage@@UAEXXZ
?ExecTaskPackage@BASTaskManager@@QAEXPAVBASTaskPackage@@@Z
?FindTask@BASTaskManager@@QAEPAVBASTask@@_J@Z
?Format@BASUtilityString@@SAPA_WPB_WZZ
?Free@BASUtilityString@@SAXPAX@Z
?GLock@BASLock@@SAXPAX@Z
?GUnLock@BASLock@@SAXPAX@Z
?GetAllTask@BASTaskPackage@@QAEPAXXZ
?GetAppDataDir@BASUtilitySys@@SAPA_WXZ
?GetAppModule@BASUtilityApp@@SAPA_WXZ
?GetBitmap@BASUtilityImage@@SAPAVBitmap@Gdiplus@@PB_WHH@Z
?GetCompileYear@BASUtilitySys@@SAPA_WXZ
?GetCurrentTask@BASTaskPackage@@QAEPAVBASTask@@XZ
?GetCurrentTaskIndex@BASTaskPackage@@QAEHXZ
?GetDCBitmapSize@BASUtilityImage@@SA?AUtagBITMAP@@PAUHDC__@@@Z
?GetDownloadDir@BASUtilitySys@@SAPA_WXZ
?GetEncoderClsid@BASUtilityImage@@SAHPB_WPAU_GUID@@@Z
?GetFileInfo@BASUtilityFile@@SA?AUBASFileInfo1@@PB_W_W@Z
?GetFilePathNewName@BASUtilityFile@@SAPA_WPB_W@Z
?GetFileSize@BASUtilityFile@@SA_JPB_W@Z
?GetFont@BASUtilityApp@@SAPAUHFONT__@@H_NPB_W@Z
?GetInstance@BASTaskManager@@SAPAV1@XZ
?GetInt@BASUserDefaults@@QAEHPBD@Z
?GetNowDateTime@BASUtilitySys@@SAXPADPBD@Z
?GetPath@BASUserDefaults@@QAEPB_WXZ
?GetProductBinDir@BASUtilityApp@@SAPA_WXZ
?GetProductInstallDir@BASUtilityApp@@SAPA_WXZ
?GetProductPluginsDir@BASUtilityApp@@SAPA_WXZ
?GetProductThemesDir@BASUtilityApp@@SAPA_WXZ
?GetRGB@BASUserDefaults@@QAEKPBD@Z
?GetString@BASUserDefaults@@QAEPBDPBD@Z
?GetTaskCount@BASTask@@UAEHXZ
?GetTaskCount@BASTaskPackage@@UAEHXZ
?GetTempDir@BASUtilitySys@@SAPA_WXZ
?GetUserDefaults@BASUserDefaults@@SAPAV1@PBD@Z
?GetValueObject@BASUserDefaults@@QAEPAXPBD@Z
?GetWindowRelativeRect@BASUtilityWindow@@SA?AVCRect@WTL@@PAUHWND__@@@Z
?HasMember@BASUserDefaults@@QAE_NPBD@Z
?InitStandardUserDefaults@BASUserDefaults@@SA_NPB_W0@Z
?InitUserDefaults@BASUserDefaults@@SA_NPBDPB_W@Z
?IsFileExist@BASUtilityFile@@SA_NPBD@Z
?IsFileExist@BASUtilityFile@@SA_NPB_W@Z
?IsNullOrEmpty@BASUtilityString@@SA_NPBD@Z
?IsOk@BASUserDefaults@@QAE_NXZ
?IsSimpleEmailFormat@BASUtilityString@@SA_NPB_W@Z
?IsSpace@BASUtilityString@@SAHH@Z
?IsSupportFilePosfix@BASUtilityFile@@SA_NPBD0@Z
?IsSupportFilePosfix@BASUtilityFile@@SA_NPB_W0@Z
?Notify@BASTask@@UAEXXZ
?OpenFolder@BASUtilityApp@@SAXPB_W@Z
?OpenUrl@BASUtilityApp@@SAXPBD@Z
?ReadAll@BASUserDefaults@@AAE_NXZ
?RecvMessage@BASTaskPackage@@QAEXPAVBASTask@@@Z
?RegisterCrashFilter@BASDbgReport@@QAEXPB_WP6AX0@ZP6AX0PAPA_W@Z@Z
?RemoveDir@BASUtilityFile@@SAHPB_W@Z
?SaveBitmapToFile@BASUtilityImage@@SA_NPAUHBITMAP__@@PA_W@Z
?ScaleImage@BASUtilityImage@@SAPAVBitmap@Gdiplus@@PAVImage@3@HH@Z
?SelectFolder@BASUtilityFile@@SAPA_WPAUHWND__@@PB_W@Z
?SetFileCreateAndModifyTime@BASUtilityFile@@SA_NPB_W0@Z
?SetInt@BASUserDefaults@@QAEXPBDH@Z
?SetString@BASUserDefaults@@QAEXPBD0@Z
?StandardUserDefaults@BASUserDefaults@@SAPAV1@XZ
?Strdup@BASUtilityString@@SAPADPBD@Z
?TimeFormat@BASUtilitySys@@SAX_JPADPBD@Z
?ToZip@BASUtilityZip@@QAE_NPBD0@Z
?UnicodeToAnsi@BASUtilityString@@SAPADPB_W@Z
?UnzipFile@BASUtilityUnzip@@SA_NPB_W0@Z
?Wcsdup@BASUtilityString@@SAPA_WPB_W@Z
?WriteAll@BASUserDefaults@@QAEXXZ
?ZLGetFormatSizeFromBytes@BASUtilityFile@@SAPA_W_K@Z
?mi_from_memory@BASMemImage@@SAPAVImage@Gdiplus@@PBXI@Z
?mi_to_memory@BASMemImage@@SAPAXPAVImage@Gdiplus@@PAPAXPAI@Z

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f20a3b53849e6e21f5801d065f7ad1b8

Code Sign

29:2a:98:7b:be:56:94:11:24:cb:7a:5f:2d:6f:87:17Certificate

Extended Key Usages

Key Usages

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8Certificate

Extended Key Usages

Key Usages

15:74:4c:9a:23:53:63:ef:ca:ae:2a:83:ce:a2:54:64:66:33:82:43Signer

Headers

DLL Characteristics

File Characteristics

Imports

libzvc125

gdiplus

dbghelp

pthreadvc2

msvcp100

msvcr100

user32

ole32

kernel32

advapi32

shell32

shlwapi

gdi32

Exports

Exports

Sections

.text Size: 94KB - Virtual size: 93KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

29:2a:98:7b:be:56:94:11:24:cb:7a:5f:2d:6f:87:17
Certificate

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8
Certificate

15:74:4c:9a:23:53:63:ef:ca:ae:2a:83:ce:a2:54:64:66:33:82:43
Signer

.text
Size: 94KB - Virtual size: 93KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB