1757cc9a208b661d1d004cee481c5bcd2ed90a27a7c936273e8eb348ab34513d

Sharing

Copy URL Twitter E-mail

General

Target

1757cc9a208b661d1d004cee481c5bcd2ed90a27a7c936273e8eb348ab34513d
Size

216KB
MD5

379517c04a0eaa81f0fdcdf72029e674
SHA1

81fd3e4f5738acad014505660b2acd656c4d3167
SHA256

1757cc9a208b661d1d004cee481c5bcd2ed90a27a7c936273e8eb348ab34513d
SHA512

89a3680660089ebb5554bc5be438206761d947520385089b543f0da7a6c58520e5e52b585900e4ea771c03cadd3c3f4fccc34396ea121a2672a2be4de797cd40
SSDEEP

6144:T+ryk/60Y/WEI0uIrm1euxZNWVYOZIlV0WBV+UdvrEFp7hKK:T+rF0uIi17xZNWVKlKWBjvrEH7R

Score

1^/10

Malware Config

Signatures

Files

1757cc9a208b661d1d004cee481c5bcd2ed90a27a7c936273e8eb348ab34513d
.dll windows:5 windows x86 arch:x86

f20a3b53849e6e21f5801d065f7ad1b8

Code Sign

29:2a:98:7b:be:56:94:11:24:cb:7a:5f:2d:6f:87:17
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

20/03/2020, 00:00

Not After

11/05/2023, 23:59

Subject

CN=UUMART LIMITED,O=UUMART LIMITED,L=Kowloon,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

22/07/2014, 00:00

Not After

21/07/2024, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:65:72:3a:b7:23:94:e2:99:50:09:c4:94:2a:dd:21:50:5c:4d:ae
Signer

Actual PE Digest

0c:65:72:3a:b7:23:94:e2:99:50:09:c4:94:2a:dd:21:50:5c:4d:ae

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libzvc125

ord84
ord83
ord134
ord82
ord3
ord21
ord19
ord20
ord131

gdiplus

GdipCreateBitmapFromFile
GdipDisposeImageAttributes
GdipGetImageVerticalResolution
GdipGetImageWidth
GdipCreateTexture
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipBitmapSetResolution
GdipCreateImageAttributes
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipCreateTextureIA
GdipGetImageHorizontalResolution
GdipDeleteBrush
GdipCloneImage
GdipGetImageEncoders
GdipDisposeImage
GdipDrawImageRectRectI
GdipFillRectangleI
GdipGetImageEncodersSize
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipSaveImageToStream
GdipLoadImageFromStream
GdipScaleTextureTransform

dbghelp

MiniDumpWriteDump

pthreadvc2

pthread_mutex_lock
pthread_mutex_unlock
pthread_mutex_destroy
pthread_mutex_init

msvcp100

?_BADOFF@std@@3_JB
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Xmem@tr1@std@@YAXXZ
?_Xbad@tr1@std@@YAXW4error_type@regex_constants@12@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?id@?$collate@_W@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
_Wcscoll
_Wcsxfrm
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@UAE@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Incref@facet@locale@std@@QAEXXZ
??Bid@locale@std@@QAEIXZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AAV21@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?widen@?$ctype@_W@std@@QBE_WD@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

msvcr100

fseek
fclose
wcschr
towlower
_wtoi
strstr
_vswprintf
wcsrchr
wcsstr
printf
_waccess
strrchr
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
_vsnwprintf
strftime
_localtime64
_time64
_errno
strncpy
feof
_ftelli64
_fseeki64
fopen
ferror
__CxxFrameHandler3
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
realloc
longjmp
ftell
fwrite
fread
_wfopen
_setjmp3
strchr
sprintf_s
malloc
free
??2@YAPAXI@Z
??3@YAXPAX@Z
_wsplitpath
memmove
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
memset
memcpy
floor
_CxxThrowException
atoi

user32

ScreenToClient
SendMessageW
ReleaseDC
GetWindowRect
GetParent
GetDC

ole32

CoTaskMemFree
CreateStreamOnHGlobal

kernel32

GlobalAlloc
GlobalUnlock
GlobalFree
CreateDirectoryW
GlobalLock
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
SetFilePointer
FileTimeToLocalFileTime
FindNextFileW
FindClose
FindFirstFileW
FileTimeToDosDateTime
LocalFileTimeToFileTime
GetFileTime
DosDateTimeToFileTime
GetTempPathW
MultiByteToWideChar
WriteFile
GetSystemTime
GetCurrentDirectoryW
GetLastError
ReadFile
TzSpecificLocalTimeToSystemTime
SetFileTime
SystemTimeToFileTime
lstrcpyW
lstrlenW
GetModuleFileNameW
SetUnhandledExceptionFilter
GetCurrentProcess
CreateFileW
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
WideCharToMultiByte

advapi32

CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData

shell32

SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
ShellExecuteA
SHCreateDirectoryExW

shlwapi

PathRemoveFileSpecW

gdi32

GetDeviceCaps
GetDIBits
DeleteDC
CreateDCW
RealizePalette
SelectPalette
GetObjectW
GetStockObject
CreateFontIndirectW
GetCurrentObject

Exports

Exports

??0BASLock@@QAE@PAX@Z
??0BASTask@@QAE@ABV0@@Z
??0BASTask@@QAE@XZ
??0BASTaskPackage@@QAE@ABV0@@Z
??0BASTaskPackage@@QAE@XZ
??0BASUserDefaults@@AAE@PBDPB_WPAH@Z
??0BASUtilityZip@@QAE@XZ
??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z
??1BASLock@@QAE@XZ
??1BASTask@@UAE@XZ
??1BASTaskPackage@@UAE@XZ
??1BASUserDefaults@@QAE@XZ
??1BASUtilityZip@@QAE@XZ
??4BASDbgReport@@QAEAAV0@ABV0@@Z
??4BASLock@@QAEAAV0@ABV0@@Z
??4BASMemImage@@QAEAAV0@ABV0@@Z
??4BASTask@@QAEAAV0@ABV0@@Z
??4BASTaskManager@@QAEAAV0@ABV0@@Z
??4BASTaskPackage@@QAEAAV0@ABV0@@Z
??4BASUserDefaults@@QAEAAV0@ABV0@@Z
??4BASUtilityApp@@QAEAAV0@ABV0@@Z
??4BASUtilityFile@@QAEAAV0@ABV0@@Z
??4BASUtilityImage@@QAEAAV0@ABV0@@Z
??4BASUtilityString@@QAEAAV0@ABV0@@Z
??4BASUtilitySys@@QAEAAV0@ABV0@@Z
??4BASUtilityUnzip@@QAEAAV0@ABV0@@Z
??4BASUtilityWindow@@QAEAAV0@ABV0@@Z
??4BASUtilityZip@@QAEAAV0@ABV0@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
??_7BASTask@@6B@
??_7BASTaskPackage@@6B@
?AddDir@BASUtilityZip@@QAEAAV1@PBD0@Z
?AddFile@BASUtilityZip@@QAEAAV1@PBD0@Z
?AddTask@BASTaskManager@@QAEXPAVBASTask@@@Z
?AddTask@BASTaskPackage@@QAEXPAVBASTask@@@Z
?CalcFileMD5@BASUtilityFile@@SAPADPBD@Z
?Cancel@BASTask@@UAE_JXZ
?Cancel@BASTaskPackage@@UAE_JXZ
?CompareVersion@BASUtilityString@@SAHPBD0@Z
?ConvertToGray@BASUtilityImage@@SAPAVBitmap@Gdiplus@@PAV23@@Z
?ConvertUnicodeToUtf8@BASUtilityString@@SAPADPB_W@Z
?ConvertUtf8ToAnsi@BASUtilityString@@SAPADPBD@Z
?ConvertUtf8ToUnicode@BASUtilityString@@SAPA_WPBD@Z
?CopyDir@BASUtilityFile@@SAHPB_W0@Z
?CutImage@BASUtilityImage@@SAPAVBitmap@Gdiplus@@PAVImage@3@HHHH@Z
?Exec@BASTask@@UAEXXZ
?Exec@BASTaskPackage@@UAEXXZ
?ExecTaskPackage@BASTaskManager@@QAEXPAVBASTaskPackage@@@Z
?FindTask@BASTaskManager@@QAEPAVBASTask@@_J@Z
?Format@BASUtilityString@@SAPA_WPB_WZZ
?Free@BASUtilityString@@SAXPAX@Z
?GLock@BASLock@@SAXPAX@Z
?GUnLock@BASLock@@SAXPAX@Z
?GetAllTask@BASTaskPackage@@QAEPAXXZ
?GetAppDataDir@BASUtilitySys@@SAPA_WXZ
?GetAppModule@BASUtilityApp@@SAPA_WXZ
?GetBitmap@BASUtilityImage@@SAPAVBitmap@Gdiplus@@PB_WHH@Z
?GetCompileYear@BASUtilitySys@@SAPA_WXZ
?GetCurrentTask@BASTaskPackage@@QAEPAVBASTask@@XZ
?GetCurrentTaskIndex@BASTaskPackage@@QAEHXZ
?GetDCBitmapSize@BASUtilityImage@@SA?AUtagBITMAP@@PAUHDC__@@@Z
?GetDownloadDir@BASUtilitySys@@SAPA_WXZ
?GetEncoderClsid@BASUtilityImage@@SAHPB_WPAU_GUID@@@Z
?GetFileInfo@BASUtilityFile@@SA?AUBASFileInfo1@@PB_W_W@Z
?GetFilePathNewName@BASUtilityFile@@SAPA_WPB_W@Z
?GetFileSize@BASUtilityFile@@SA_JPB_W@Z
?GetFont@BASUtilityApp@@SAPAUHFONT__@@H_NPB_W@Z
?GetInstance@BASTaskManager@@SAPAV1@XZ
?GetInt@BASUserDefaults@@QAEHPBD@Z
?GetNowDateTime@BASUtilitySys@@SAXPADPBD@Z
?GetPath@BASUserDefaults@@QAEPB_WXZ
?GetProductBinDir@BASUtilityApp@@SAPA_WXZ
?GetProductInstallDir@BASUtilityApp@@SAPA_WXZ
?GetProductPluginsDir@BASUtilityApp@@SAPA_WXZ
?GetProductThemesDir@BASUtilityApp@@SAPA_WXZ
?GetRGB@BASUserDefaults@@QAEKPBD@Z
?GetString@BASUserDefaults@@QAEPBDPBD@Z
?GetTaskCount@BASTask@@UAEHXZ
?GetTaskCount@BASTaskPackage@@UAEHXZ
?GetTempDir@BASUtilitySys@@SAPA_WXZ
?GetUserDefaults@BASUserDefaults@@SAPAV1@PBD@Z
?GetValueObject@BASUserDefaults@@QAEPAXPBD@Z
?GetWindowRelativeRect@BASUtilityWindow@@SA?AVCRect@WTL@@PAUHWND__@@@Z
?HasMember@BASUserDefaults@@QAE_NPBD@Z
?InitStandardUserDefaults@BASUserDefaults@@SA_NPB_W0@Z
?InitUserDefaults@BASUserDefaults@@SA_NPBDPB_W@Z
?IsFileExist@BASUtilityFile@@SA_NPBD@Z
?IsFileExist@BASUtilityFile@@SA_NPB_W@Z
?IsNullOrEmpty@BASUtilityString@@SA_NPBD@Z
?IsOk@BASUserDefaults@@QAE_NXZ
?IsSimpleEmailFormat@BASUtilityString@@SA_NPB_W@Z
?IsSpace@BASUtilityString@@SAHH@Z
?IsSupportFilePosfix@BASUtilityFile@@SA_NPBD0@Z
?IsSupportFilePosfix@BASUtilityFile@@SA_NPB_W0@Z
?Notify@BASTask@@UAEXXZ
?OpenFolder@BASUtilityApp@@SAXPB_W@Z
?OpenUrl@BASUtilityApp@@SAXPBD@Z
?ReadAll@BASUserDefaults@@AAE_NXZ
?RecvMessage@BASTaskPackage@@QAEXPAVBASTask@@@Z
?RegisterCrashFilter@BASDbgReport@@QAEXPB_WP6AX0@ZP6AX0PAPA_W@Z@Z
?RemoveDir@BASUtilityFile@@SAHPB_W@Z
?SaveBitmapToFile@BASUtilityImage@@SA_NPAUHBITMAP__@@PA_W@Z
?ScaleImage@BASUtilityImage@@SAPAVBitmap@Gdiplus@@PAVImage@3@HH@Z
?SelectFolder@BASUtilityFile@@SAPA_WPAUHWND__@@PB_W@Z
?SetFileCreateAndModifyTime@BASUtilityFile@@SA_NPB_W0@Z
?SetInt@BASUserDefaults@@QAEXPBDH@Z
?SetString@BASUserDefaults@@QAEXPBD0@Z
?StandardUserDefaults@BASUserDefaults@@SAPAV1@XZ
?Strdup@BASUtilityString@@SAPADPBD@Z
?TimeFormat@BASUtilitySys@@SAX_JPADPBD@Z
?ToZip@BASUtilityZip@@QAE_NPBD0@Z
?UnicodeToAnsi@BASUtilityString@@SAPADPB_W@Z
?UnzipFile@BASUtilityUnzip@@SA_NPB_W0@Z
?Wcsdup@BASUtilityString@@SAPA_WPB_W@Z
?WriteAll@BASUserDefaults@@QAEXXZ
?ZLGetFormatSizeFromBytes@BASUtilityFile@@SAPA_W_K@Z
?mi_from_memory@BASMemImage@@SAPAVImage@Gdiplus@@PBXI@Z
?mi_to_memory@BASMemImage@@SAPAXPAVImage@Gdiplus@@PAPAXPAI@Z

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f20a3b53849e6e21f5801d065f7ad1b8

Code Sign

29:2a:98:7b:be:56:94:11:24:cb:7a:5f:2d:6f:87:17Certificate

Extended Key Usages

Key Usages

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8Certificate

Extended Key Usages

Key Usages

0c:65:72:3a:b7:23:94:e2:99:50:09:c4:94:2a:dd:21:50:5c:4d:aeSigner

Headers

DLL Characteristics

File Characteristics

Imports

libzvc125

gdiplus

dbghelp

pthreadvc2

msvcp100

msvcr100

user32

ole32

kernel32

advapi32

shell32

shlwapi

gdi32

Exports

Exports

Sections

.text Size: 94KB - Virtual size: 93KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

29:2a:98:7b:be:56:94:11:24:cb:7a:5f:2d:6f:87:17
Certificate

7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8
Certificate

0c:65:72:3a:b7:23:94:e2:99:50:09:c4:94:2a:dd:21:50:5c:4d:ae
Signer

.text
Size: 94KB - Virtual size: 93KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB