499f13b51ecd878bf84c25a3039e6902aced1d33d06fc89210b26103a8b4dde0

Sharing

Copy URL Twitter E-mail

General

Target

499f13b51ecd878bf84c25a3039e6902aced1d33d06fc89210b26103a8b4dde0
Size

216KB
MD5

bc362aab86359d0981e1eb20d5bf25c7
SHA1

cb87e8d4bd148a9befe636158734a3f09ad77227
SHA256

499f13b51ecd878bf84c25a3039e6902aced1d33d06fc89210b26103a8b4dde0
SHA512

35191800f17e8d3302f8f6f9348cb6d7ab08c5f8c4d5d420e8c5a43428fadd9f4c535d5ef77792a4a6863fbb2cb27451d4d88d28c51ac917563613ef430917ed
SSDEEP

6144:T+d3H0uIrm1edxZNWVYOZIlV0WBV+UdvrEFp7hK5x:T+d3H0uIi1IxZNWVKlKWBjvrEH74x

Score

1^/10

Malware Config

Signatures

Files

499f13b51ecd878bf84c25a3039e6902aced1d33d06fc89210b26103a8b4dde0
.dll windows:5 windows x86 arch:x86

f20a3b53849e6e21f5801d065f7ad1b8

Code Sign

29:2a:98:7b:be:56:94:11:24:cb:7a:5f:2d:6f:87:17
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

20/03/2020, 00:00

Not After

11/05/2023, 23:59

Subject

CN=UUMART LIMITED,O=UUMART LIMITED,L=Kowloon,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

22/07/2014, 00:00

Not After

21/07/2024, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:09:13:fd:29:61:6d:95:ad:c8:c6:db:a0:31:32:2b:d7:bd:61:97
Signer

Actual PE Digest

0c:09:13:fd:29:61:6d:95:ad:c8:c6:db:a0:31:32:2b:d7:bd:61:97

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libzvc125

ord84
ord83
ord134
ord82
ord3
ord21
ord19
ord20
ord131

gdiplus

GdipCreateBitmapFromFile
GdipDisposeImageAttributes
GdipGetImageVerticalResolution
GdipGetImageWidth
GdipCreateTexture
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipBitmapSetResolution
GdipCreateImageAttributes
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipCreateTextureIA
GdipGetImageHorizontalResolution
GdipDeleteBrush
GdipCloneImage
GdipGetImageEncoders
GdipDisposeImage
GdipDrawImageRectRectI
GdipFillRectangleI
GdipGetImageEncodersSize
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipSaveImageToStream
GdipLoadImageFromStream
GdipScaleTextureTransform

dbghelp

MiniDumpWriteDump

pthreadvc2

pthread_mutex_lock
pthread_mutex_unlock
pthread_mutex_destroy
pthread_mutex_init

msvcp100

?_BADOFF@std@@3_JB
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Xmem@tr1@std@@YAXXZ
?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?id@?$collate@_W@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
_Wcscoll
_Wcsxfrm
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@UAE@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Incref@facet@locale@std@@QAEXXZ
??Bid@locale@std@@QAEIXZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AAV21@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?widen@?$ctype@_W@std@@QBE_WD@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

msvcr100

fseek
fclose
wcschr
towlower
_wtoi
strstr
_vswprintf
wcsrchr
wcsstr
printf
_waccess
strrchr
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
_vsnwprintf
strftime
_localtime64
_time64
_errno
strncpy
feof
_ftelli64
_fseeki64
fopen
ferror
__CxxFrameHandler3
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
realloc
longjmp
ftell
fwrite
fread
_wfopen
_setjmp3
strchr
sprintf_s
malloc
free
??2@YAPAXI@Z
??3@YAXPAX@Z
_wsplitpath
memmove
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
memset
memcpy
floor
_CxxThrowException
atoi

user32

ScreenToClient
SendMessageW
ReleaseDC
GetWindowRect
GetParent
GetDC

ole32

CoTaskMemFree
CreateStreamOnHGlobal

kernel32

GlobalAlloc
GlobalUnlock
GlobalFree
CreateDirectoryW
GlobalLock
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
SetFilePointer
FileTimeToLocalFileTime
FindNextFileW
FindClose
FindFirstFileW
FileTimeToDosDateTime
LocalFileTimeToFileTime
GetFileTime
DosDateTimeToFileTime
GetTempPathW
MultiByteToWideChar
WriteFile
GetSystemTime
GetCurrentDirectoryW
GetLastError
ReadFile
TzSpecificLocalTimeToSystemTime
SetFileTime
SystemTimeToFileTime
lstrcpyW
lstrlenW
GetModuleFileNameW
SetUnhandledExceptionFilter
GetCurrentProcess
CreateFileW
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
WideCharToMultiByte

advapi32

CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData

shell32

SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
ShellExecuteA
SHCreateDirectoryExW

shlwapi

PathRemoveFileSpecW

gdi32

GetDeviceCaps
GetDIBits
DeleteDC
CreateDCW
RealizePalette
SelectPalette
GetObjectW
GetStockObject
CreateFontIndirectW
GetCurrentObject

Exports

Exports

??0BASLock@@QAE@PAX@Z
??0BASTask@@QAE@ABV0@@Z
??0BASTask@@QAE@XZ
??0BASTaskPackage@@QAE@ABV0@@Z
??0BASTaskPackage@@QAE@XZ
??0BASUserDefaults@@AAE@PBDPB_WPAH@Z
??0BASUtilityZip@@QAE@XZ
??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z
??1BASLock@@QAE@XZ
??1BASTask@@UAE@XZ
??1BASTaskPackage@@UAE@XZ
??1BASUserDefaults@@QAE@XZ
??1BASUtilityZip@@QAE@XZ
??4BASDbgReport@@QAEAAV0@ABV0@@Z
??4BASLock@@QAEAAV0@ABV0@@Z
??4BASMemImage@@QAEAAV0@ABV0@@Z
??4BASTask@@QAEAAV0@ABV0@@Z
??4BASTaskManager@@QAEAAV0@ABV0@@Z
??4BASTaskPackage@@QAEAAV0@ABV0@@Z
??4BASUserDefaults@@QAEAAV0@ABV0@@Z
??4BASUtilityApp@@QAEAAV0@ABV0@@Z
??4BASUtilityFile@@QAEAAV0@ABV0@@Z
??4BASUtilityImage@@QAEAAV0@ABV0@@Z
??4BASUtilityString@@QAEAAV0@ABV0@@Z
??4BASUtilitySys@@QAEAAV0@ABV0@@Z
??4BASUtilityUnzip@@QAEAAV0@ABV0@@Z
??4BASUtilityWindow@@QAEAAV0@ABV0@@Z
??4BASUtilityZip@@QAEAAV0@ABV0@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
??_7BASTask@@6B@
??_7BASTaskPackage@@6B@
?AddDir@BASUtilityZip@@QAEAAV1@PBD0@Z
?AddFile@BASUtilityZip@@QAEAAV1@PBD0@Z
?AddTask@BASTaskManager@@QAEXPAVBASTask@@@Z
?AddTask@BASTaskPackage@@QAEXPAVBASTask@@@Z
?CalcFileMD5@BASUtilityFile@@SAPADPBD@Z
?Cancel@BASTask@@UAE_JXZ
?Cancel@BASTaskPackage@@UAE_JXZ
?CompareVersion@BASUtilityString@@SAHPBD0@Z
?ConvertToGray@BASUtilityImage@@SAPAVBitmap@Gdiplus@@PAV23@@Z
?ConvertUnicodeToUtf8@BASUtilityString@@SAPADPB_W@Z
?ConvertUtf8ToAnsi@BASUtilityString@@SAPADPBD@Z
?ConvertUtf8ToUnicode@BASUtilityString@@SAPA_WPBD@Z
?CopyDir@BASUtilityFile@@SAHPB_W0@Z
?CutImage@BASUtilityImage@@SAPAVBitmap@Gdiplus@@PAVImage@3@HHHH@Z
?Exec@BASTask@@UAEXXZ
?Exec@BASTaskPackage@@UAEXXZ
?ExecTaskPackage@BASTaskManager@@QAEXPAVBASTaskPackage@@@Z
?FindTask@BASTaskManager@@QAEPAVBASTask@@_J@Z
?Format@BASUtilityString@@SAPA_WPB_WZZ
?Free@BASUtilityString@@SAXPAX@Z
?GLock@BASLock@@SAXPAX@Z
?GUnLock@BASLock@@SAXPAX@Z
?GetAllTask@BASTaskPackage@@QAEPAXXZ
?GetAppDataDir@BASUtilitySys@@SAPA_WXZ
?GetAppModule@BASUtilityApp@@SAPA_WXZ
?GetBitmap@BASUtilityImage@@SAPAVBitmap@Gdiplus@@PB_WHH@Z
?GetCompileYear@BASUtilitySys@@SAPA_WXZ
?GetCurrentTask@BASTaskPackage@@QAEPAVBASTask@@XZ
?GetCurrentTaskIndex@BASTaskPackage@@QAEHXZ
?GetDCBitmapSize@BASUtilityImage@@SA?AUtagBITMAP@@PAUHDC__@@@Z
?GetDownloadDir@BASUtilitySys@@SAPA_WXZ
?GetEncoderClsid@BASUtilityImage@@SAHPB_WPAU_GUID@@@Z
?GetFileInfo@BASUtilityFile@@SA?AUBASFileInfo1@@PB_W_W@Z
?GetFilePathNewName@BASUtilityFile@@SAPA_WPB_W@Z
?GetFileSize@BASUtilityFile@@SA_JPB_W@Z
?GetFont@BASUtilityApp@@SAPAUHFONT__@@H_NPB_W@Z
?GetInstance@BASTaskManager@@SAPAV1@XZ
?GetInt@BASUserDefaults@@QAEHPBD@Z
?GetNowDateTime@BASUtilitySys@@SAXPADPBD@Z
?GetPath@BASUserDefaults@@QAEPB_WXZ
?GetProductBinDir@BASUtilityApp@@SAPA_WXZ
?GetProductInstallDir@BASUtilityApp@@SAPA_WXZ
?GetProductPluginsDir@BASUtilityApp@@SAPA_WXZ
?GetProductThemesDir@BASUtilityApp@@SAPA_WXZ
?GetRGB@BASUserDefaults@@QAEKPBD@Z
?GetString@BASUserDefaults@@QAEPBDPBD@Z
?GetTaskCount@BASTask@@UAEHXZ
?GetTaskCount@BASTaskPackage@@UAEHXZ
?GetTempDir@BASUtilitySys@@SAPA_WXZ
?GetUserDefaults@BASUserDefaults@@SAPAV1@PBD@Z
?GetValueObject@BASUserDefaults@@QAEPAXPBD@Z
?GetWindowRelativeRect@BASUtilityWindow@@SA?AVCRect@WTL@@PAUHWND__@@@Z
?HasMember@BASUserDefaults@@QAE_NPBD@Z
?InitStandardUserDefaults@BASUserDefaults@@SA_NPB_W0@Z
?InitUserDefaults@BASUserDefaults@@SA_NPBDPB_W@Z
?IsFileExist@BASUtilityFile@@SA_NPBD@Z
?IsFileExist@BASUtilityFile@@SA_NPB_W@Z
?IsNullOrEmpty@BASUtilityString@@SA_NPBD@Z
?IsOk@BASUserDefaults@@QAE_NXZ
?IsSimpleEmailFormat@BASUtilityString@@SA_NPB_W@Z
?IsSpace@BASUtilityString@@SAHH@Z
?IsSupportFilePosfix@BASUtilityFile@@SA_NPBD0@Z
?IsSupportFilePosfix@BASUtilityFile@@SA_NPB_W0@Z
?Notify@BASTask@@UAEXXZ
?OpenFolder@BASUtilityApp@@SAXPB_W@Z
?OpenUrl@BASUtilityApp@@SAXPBD@Z
?ReadAll@BASUserDefaults@@AAE_NXZ
?RecvMessage@BASTaskPackage@@QAEXPAVBASTask@@@Z
?RegisterCrashFilter@BASDbgReport@@QAEXPB_WP6AX0@ZP6AX0PAPA_W@Z@Z
?RemoveDir@BASUtilityFile@@SAHPB_W@Z
?SaveBitmapToFile@BASUtilityImage@@SA_NPAUHBITMAP__@@PA_W@Z
?ScaleImage@BASUtilityImage@@SAPAVBitmap@Gdiplus@@PAVImage@3@HH@Z
?SelectFolder@BASUtilityFile@@SAPA_WPAUHWND__@@PB_W@Z
?SetFileCreateAndModifyTime@BASUtilityFile@@SA_NPB_W0@Z
?SetInt@BASUserDefaults@@QAEXPBDH@Z
?SetString@BASUserDefaults@@QAEXPBD0@Z
?StandardUserDefaults@BASUserDefaults@@SAPAV1@XZ
?Strdup@BASUtilityString@@SAPADPBD@Z
?TimeFormat@BASUtilitySys@@SAX_JPADPBD@Z
?ToZip@BASUtilityZip@@QAE_NPBD0@Z
?UnicodeToAnsi@BASUtilityString@@SAPADPB_W@Z
?UnzipFile@BASUtilityUnzip@@SA_NPB_W0@Z
?Wcsdup@BASUtilityString@@SAPA_WPB_W@Z
?WriteAll@BASUserDefaults@@QAEXXZ
?ZLGetFormatSizeFromBytes@BASUtilityFile@@SAPA_W_K@Z
?mi_from_memory@BASMemImage@@SAPAVImage@Gdiplus@@PBXI@Z
?mi_to_memory@BASMemImage@@SAPAXPAVImage@Gdiplus@@PAPAXPAI@Z

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f20a3b53849e6e21f5801d065f7ad1b8

Code Sign

29:2a:98:7b:be:56:94:11:24:cb:7a:5f:2d:6f:87:17Certificate

Extended Key Usages

Key Usages

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8Certificate

Extended Key Usages

Key Usages

0c:09:13:fd:29:61:6d:95:ad:c8:c6:db:a0:31:32:2b:d7:bd:61:97Signer

Headers

DLL Characteristics

File Characteristics

Imports

libzvc125

gdiplus

dbghelp

pthreadvc2

msvcp100

msvcr100

user32

ole32

kernel32

advapi32

shell32

shlwapi

gdi32

Exports

Exports

Sections

.text Size: 94KB - Virtual size: 93KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

29:2a:98:7b:be:56:94:11:24:cb:7a:5f:2d:6f:87:17
Certificate

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8
Certificate

0c:09:13:fd:29:61:6d:95:ad:c8:c6:db:a0:31:32:2b:d7:bd:61:97
Signer

.text
Size: 94KB - Virtual size: 93KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB