47d28de5f437bef0dfe6b5817c513b74f3ff50bf06dcf2ecac87b1f917c6e091

Sharing

Copy URL Twitter E-mail

General

Target

47d28de5f437bef0dfe6b5817c513b74f3ff50bf06dcf2ecac87b1f917c6e091
Size

5.0MB
MD5

3c768db8b1160ce062c058fc6c87feae
SHA1

c67a529c8fe2b6c88fa86209d90db19e87626c22
SHA256

47d28de5f437bef0dfe6b5817c513b74f3ff50bf06dcf2ecac87b1f917c6e091
SHA512

8d590129b465e4eece49bd37b0b03a1a48411ec6c87e08de44717a9095256038a3c6bf4b537fe8365b2ff8d02a522072b8eea3d6787dc8b6f13a7769a8c52c27
SSDEEP

98304:9eNHdPgkZATnXfSb0jMvrZ/3JY07uuaokFXrcnA6iXZW9yRxK:6HdYqA7XTjyr95f7xaoxA699uA

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CareUEyesPortable/App/ProgramFiles/update.exe
unpack001/CareUEyesPortable/CareUEyesPortable.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/CareUEyesPortable/CareUEyesPortable.exe	nsis_installer_2

Files

47d28de5f437bef0dfe6b5817c513b74f3ff50bf06dcf2ecac87b1f917c6e091
.zip
CareUEyesPortable/App/AppInfo/appicon.ico
CareUEyesPortable/App/AppInfo/appicon_128.png
.png
CareUEyesPortable/App/AppInfo/appicon_16.png
.png
CareUEyesPortable/App/AppInfo/appicon_32.png
.png
CareUEyesPortable/App/AppInfo/appinfo.ini
CareUEyesPortable/App/ProgramFiles/CareUEyes.exe
.exe windows:5 windows x86 arch:x86

d3cb0b396f559caa4dfd6db884d34e4c

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8b:6b:86:23:d0:7b:86:b7:75:16:ca:6b:69:62:2c:8d
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

27/07/2021, 00:00

Not After

26/07/2024, 23:59

Subject

CN=Gazing Tai Technology Co.\, Ltd.,O=Gazing Tai Technology Co.\, Ltd.,L=Zhuhai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8b:6b:86:23:d0:7b:86:b7:75:16:ca:6b:69:62:2c:8d
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

27/07/2021, 00:00

Not After

26/07/2024, 23:59

Subject

CN=Gazing Tai Technology Co.\, Ltd.,O=Gazing Tai Technology Co.\, Ltd.,L=Zhuhai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:1c:a8:49:b2:2c:61:79:eb:77:a0:d2:4a:80:f8:2f:88:6b:58:3c:48:ff:29:1c:3f:a7:ca:01:96:76:bd:5e
Signer

Actual PE Digest

a1:1c:a8:49:b2:2c:61:79:eb:77:a0:d2:4a:80:f8:2f:88:6b:58:3c:48:ff:29:1c:3f:a7:ca:01:96:76:bd:5e

Digest Algorithm

sha256

PE Digest Matches

true

49:29:35:b6:92:bc:cf:8c:53:32:34:69:7b:04:39:98:7e:99:e2:f8
Signer

Actual PE Digest

49:29:35:b6:92:bc:cf:8c:53:32:34:69:7b:04:39:98:7e:99:e2:f8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeSetEvent
timeKillEvent
PlaySoundW

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

kernel32

CreateFileMappingW
CreateFileW
ReadFile
FindClose
FindFirstFileW
FindNextFileW
DeleteFileW
GetFileAttributesExW
GetCurrentDirectoryW
MapViewOfFile
GetVolumeInformationW
GetFileAttributesW
SetFilePointerEx
SetEndOfFile
FlushFileBuffers
GetFileInformationByHandle
CreateToolhelp32Snapshot
GetSystemTimeAsFileTime
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetVersionExW
GetSystemInfo
GetSystemDirectoryW
GetUserDefaultLangID
FindFirstChangeNotificationW
FindNextChangeNotification
Process32FirstW
Process32NextW
OpenFileMappingW
IsBadReadPtr
GetSystemTime
GetCurrentDirectoryA
GetModuleFileNameA
GetVersionExA
VirtualFree
FreeResource
GetFullPathNameW
GetModuleHandleA
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
VerifyVersionInfoW
QueryPerformanceCounter
MoveFileExA
CompareFileTime
GetFileType
GetStdHandle
PeekNamedPipe
FormatMessageA
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
FormatMessageW
VirtualAlloc
FlushInstructionCache
VirtualProtect
GetEnvironmentVariableW
GetEnvironmentVariableA
CreateProcessW
ResumeThread
TerminateProcess
WriteFile
UnmapViewOfFile
SuspendThread
GetFileSize
FindCloseChangeNotification
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetStringTypeW
GetCPInfo
LocalFree
UnhandledExceptionFilter
WaitForSingleObjectEx
GetStartupInfoW
RtlUnwind
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetStdHandle
GetDriveTypeW
GetACP
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetDateFormatW
GetTimeFormatW
GetTimeZoneInformation
SetConsoleCtrlHandler
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
SetConsoleMode
ReadConsoleA
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
ReadProcessMemory
LoadLibraryExA
LoadLibraryA
InterlockedCompareExchange
GetComputerNameA
GetLocalTime
IsBadWritePtr
SetLastError
lstrcmpW
GetCurrentThreadId
ExitProcess
GlobalAddAtomA
GetTickCount
CreateThread
Sleep
WaitForMultipleObjects
SetEvent
ResetEvent
CloseHandle
CreateEventW
WaitForSingleObject
LoadLibraryW
InitializeCriticalSection
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetCommandLineW
SetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
lstrcmpiW
LockResource
SizeofResource
FindResourceExW
DecodePointer
RaiseException
MultiByteToWideChar
LoadResource
FindResourceW
LoadLibraryExW
GetCurrentThread
GetModuleFileNameW
GetFileSizeEx
lstrlenA
VirtualQuery
SetUnhandledExceptionFilter
GetModuleHandleW
GetCommandLineA
GetCurrentProcessId
GetCurrentProcess
GetLastError
FreeLibrary
GetProcAddress
TerminateThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
OutputDebugStringA
WideCharToMultiByte
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetThreadContext
InterlockedIncrement
InterlockedDecrement
OutputDebugStringW
HeapCreate

user32

AppendMenuW
TrackPopupMenu
GetMenuInfo
SetMenuInfo
GetMenuItemInfoW
SetMenuContextHelpId
MsgWaitForMultipleObjects
GetMenuItemCount
DestroyMenu
CreatePopupMenu
IsMenu
GetIconInfo
SetActiveWindow
IsWindowEnabled
EnableWindow
LoadImageW
LoadBitmapW
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
UpdateWindow
GetCapture
IsIconic
SetLayeredWindowAttributes
AnimateWindow
PostQuitMessage
TrackMouseEvent
FindWindowW
MapWindowPoints
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
EnableMenuItem
GetKeyState
EqualRect
IsRectEmpty
UnionRect
IntersectRect
InflateRect
SetRect
DestroyCursor
SetSysColors
IsZoomed
DrawTextW
SystemParametersInfoA
CharLowerBuffW
MapVirtualKeyA
UpdateLayeredWindow
CreateIconFromResource
GetWindowRgn
GetWindowDC
GetAncestor
SendMessageA
GetShellWindow
MonitorFromWindow
WindowFromPoint
KillTimer
SetTimer
GetMonitorInfoW
EnumDisplayDevicesW
GetUserObjectInformationW
GetProcessWindowStation
DrawIconEx
CallWindowProcW
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
DefWindowProcW
CreateAcceleratorTableW
FillRect
DestroyAcceleratorTable
GetSysColor
GetClassNameW
GetDlgItem
GetDlgCtrlID
IsChild
GetWindow
SetFocus
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
GetClientRect
MoveWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateWindowExW
GetWindowLongW
SetWindowLongW
GetDesktopWindow
ReleaseCapture
SetCapture
SetCursor
LockWorkStation
AttachThreadInput
SystemParametersInfoW
GetWindowThreadProcessId
ClientToScreen
ScreenToClient
PtInRect
CopyRect
EnumDisplayMonitors
RegisterHotKey
UnregisterHotKey
GetAsyncKeyState
BringWindowToTop
SetForegroundWindow
GetCursorPos
GetSystemMetrics
GetForegroundWindow
SetWinEventHook
UnhookWinEvent
PostMessageW
MonitorFromRect
GetWindowRect
IsWindow
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
OffsetRect
CharNextW
UnregisterClassW
SendMessageW
DestroyWindow
SetWindowPos
ShowWindow
GetParent
GetFocus
IsWindowVisible
GetActiveWindow
MessageBoxW
ReleaseDC
GetDC
DestroyIcon

gdi32

SelectObject
DeleteObject
GetDeviceCaps
EnumFontFamiliesExW
GetCharABCWidthsW
GetFontData
GetGlyphOutlineW
GetOutlineTextMetricsW
GetFontUnicodeRanges
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC
GetStockObject
GetObjectW
SetDeviceGammaRamp
CreateRectRgn
CreatePen
SetROP2
CreateHatchBrush
FrameRgn
Rectangle
SetGraphicsMode
CreateRoundRectRgn
EnumFontsW
CreateBitmap
GetGlyphIndicesW
GetTextExtentPointI
AddFontMemResourceEx
RemoveFontMemResourceEx
CreateFontIndirectW
SetTextColor
SetTextAlign
GetViewportOrgEx
GetCurrentObject
CreateDIBSection
SelectClipRgn
IntersectClipRect
GetRegionData
ExtCreateRegion
SetBkMode
GetTextMetricsW
SetWorldTransform
ExtTextOutW
GetTextFaceW
GdiFlush
StretchBlt
SetViewportOrgEx

comdlg32

ChooseColorW

advapi32

CryptGetProvParam
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
RegQueryValueExW
GetUserNameA
RegDeleteValueW
RegCreateKeyExW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
RegSetValueExW
CryptEnumProvidersW
RegOpenKeyExW
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW

shell32

SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW

ole32

CoTaskMemAlloc
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoTaskMemRealloc
CLSIDFromString
CoGetClassObject
StringFromGUID2
OleLockRunning
IIDFromString
CoCreateGuid
CreateBindCtx
CoTaskMemFree
CLSIDFromProgID

oleaut32

SysFreeString
VariantInit
SysAllocString
VarUI4FromStr
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
SysAllocStringLen
SysStringLen
LoadRegTypeLi
VariantClear
OleCreateFontIndirect
DispCallFunc
VarUdateFromDate
LoadTypeLi

shlwapi

StrToIntExW
PathFileExistsW
PathAppendW
PathIsDirectoryW
PathRemoveFileSpecW
PathQuoteSpacesW

gdiplus

GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGraphicsClear
GdipSaveImageToFile
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromScan0
GdipImageGetFrameCount
GdipDrawImageRectI
GdipImageSelectActiveFrame

version

GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueW

ws2_32

getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
closesocket
htons
ntohs
setsockopt
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
recvfrom
shutdown
sendto
gethostname
getsockopt
socket
getnameinfo

iphlpapi

GetAdaptersInfo

imm32

ImmReleaseContext
ImmAssociateContext
ImmGetContext

crypt32

CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertCloseStore
CertGetCertificateContextProperty
CertOpenSystemStoreA
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetIntendedKeyUsage

wldap32

ord208
ord41
ord14
ord145
ord117
ord26
ord301
ord147
ord219
ord216
ord133
ord79
ord142
ord27
ord167
ord127
ord46

usp10

ScriptFreeCache
ScriptShape
ScriptItemize

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 602KB - Virtual size: 601KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CareUEyesPortable/App/ProgramFiles/alert_sound.wav
CareUEyesPortable/App/ProgramFiles/config.dat
CareUEyesPortable/App/ProgramFiles/setting_v2.dat
CareUEyesPortable/App/ProgramFiles/update.exe
.exe windows:4 windows x86 arch:x86

5fee50288aa042b63b38bcb450004734

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
TryEnterCriticalSection
Sleep
WriteFile
SetFilePointer
GetTempFileNameW
GetCommandLineW
MoveFileExW
GetTickCount
IsBadReadPtr
TerminateThread
IsBadWritePtr
GetFileAttributesW
SystemTimeToFileTime
GetCurrentDirectoryW
SetFileTime
LocalFileTimeToFileTime
SetEndOfFile
FlushFileBuffers
GetSystemTimeAsFileTime
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
DeleteCriticalSection
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
SetHandleCount
GetConsoleMode
GetConsoleCP
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetFileType
SetStdHandle
CreateThread
ResumeThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExA
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
InterlockedExchange
LocalAlloc
GlobalLock
GlobalUnlock
GetSystemTime
CreateDirectoryW
GlobalFree
CopyFileW
GlobalAlloc
GetSystemDirectoryW
GetTempPathW
DeleteFileW
GetCurrentProcessId
GetModuleFileNameW
GetVersionExW
lstrlenA
RaiseException
GetLastError
FreeResource
MultiByteToWideChar
GetCurrentThreadId
LeaveCriticalSection
CreateFileW
GetFileSize
GetWindowsDirectoryW
ReadFile
lstrlenW
OutputDebugStringW
EnterCriticalSection
FindResourceExW
CloseHandle
SetLastError
FlushInstructionCache
GetLocalTime
GetCurrentProcess
LoadResource
FreeLibrary
LockResource
SizeofResource
FindResourceW
LoadLibraryW
GetModuleHandleW
WideCharToMultiByte
GetProcAddress
InitializeCriticalSection
GetStringTypeA

user32

SetCursor
ReleaseDC
SetTimer
LoadMenuW
GetWindowLongW
LoadCursorW
DrawFrameControl
EqualRect
SetRect
CallWindowProcW
DrawIconEx
RegisterWindowMessageW
IsWindowEnabled
LoadBitmapW
SendMessageA
DestroyMenu
MonitorFromPoint
IsWindowVisible
PostQuitMessage
GetActiveWindow
DispatchMessageW
TrackPopupMenu
GetSubMenu
LoadImageW
GetNextDlgTabItem
InvalidateRect
KillTimer
DefWindowProcW
ShowWindow
SetRectEmpty
UpdateLayeredWindow
DrawTextW
IsMenu
SendMessageW
PostThreadMessageW
ClientToScreen
SetWindowPos
GetParent
GetCursorPos
OffsetRect
MapWindowPoints
GetClientRect
EndPaint
GetClassInfoExW
GetWindow
SetWindowLongW
SetCapture
BeginPaint
MoveWindow
LoadIconW
ReleaseCapture
SystemParametersInfoW
CreateWindowExW
InflateRect
CopyRect
GetDesktopWindow
SetWindowRgn
DestroyIcon
GetDC
MonitorFromWindow
ScreenToClient
GetMonitorInfoW
GetDlgItem
PtInRect
IsWindow
GetDlgCtrlID
SetFocus
RegisterClassExW
GetWindowRect
DestroyWindow
wsprintfW
GetWindowThreadProcessId
GetForegroundWindow
GetFocus
IsChild
IsDialogMessageW
EnableWindow
UnregisterClassA
AttachThreadInput
PostMessageW
SetForegroundWindow
SetActiveWindow
PeekMessageW
GetMessageW
TranslateMessage
IntersectRect

gdi32

CombineRgn
GetCurrentObject
CreateFontIndirectW
CreateRectRgn
SelectClipRgn
LineTo
MoveToEx
SelectObject
CreatePen
CreateDIBSection
CreateRoundRectRgn
DeleteObject
CreateCompatibleDC
GetTextExtentPoint32W
GetViewportOrgEx
GetClipRgn
Rectangle
ExtSelectClipRgn
SetViewportOrgEx
BitBlt
CreateRectRgnIndirect
ExtTextOutW
SetBkColor
TextOutW
RectInRegion
SetTextColor
CreateBitmap
StretchBlt
CreateCompatibleBitmap
SetStretchBltMode
OffsetRgn
SaveDC
RoundRect
SetBkMode
SetRectRgn
RestoreDC
GetTextColor
DeleteDC
GetObjectW
GetStockObject

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

SHCreateDirectoryExW
Shell_NotifyIconW
CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteW
SHFileOperationW

ole32

CreateStreamOnHGlobal

shlwapi

StrToIntA
PathAppendW
PathRemoveFileSpecW
PathAddBackslashW
PathFileExistsW
StrToIntW

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipImageRotateFlip
GdipLoadImageFromStream
GdipCreateHBITMAPFromBitmap
GdipDrawImagePointsRectI
GdipCreatePath
GdiplusShutdown
GdipCreateBitmapFromStream
GdipGraphicsClear
GdipNewPrivateFontCollection
GdipDeletePath
GdipFillRectangleI
GdipDeletePrivateFontCollection
GdipSetCompositingQuality
GdiplusStartup
GdipAddPathPieI
GdipPrivateAddFontFile
GdipClosePathFigure
GdipGetFontCollectionFamilyCount
GdipDrawImageRectRect
GdipDeletePen
GdipCreateStringFormat
GdipDrawImageRectRectI
GdipDeleteFontFamily
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipDeleteStringFormat
GdipAddPathRectangleI
GdipSetPenEndCap
GdipCreateImageAttributes
GdipGetImageHeight
GdipSetPenStartCap
GdipDrawLinesI
GdipSetStringFormatFlags
GdipDrawImageRectI
GdipGetImageWidth
GdipSetPenMode
GdipCreateBitmapFromScan0
GdipSetStringFormatAlign
GdipDisposeImage
GdipSetPenDashStyle
GdipSetSmoothingMode
GdipFree
GdipSetStringFormatLineAlign
GdipCloneImage
GdipSetClipPath
GdipDrawLine
GdipGetImageGraphicsContext
GdipCloneBrush
GdipSetStringFormatTrimming
GdipSetInterpolationMode
GdipAlloc
GdipCreatePen1
GdipSetImageAttributesColorMatrix
GdipLoadImageFromFile
GdipSetPixelOffsetMode
GdipDeleteBrush
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangle
GdipGetFamily
GdipDrawString
GdipAddPathArcI
GdipDeleteGraphics
GdipTranslateWorldTransform
GdipDrawPath
GdipCreateFromHDC
GdipRotateWorldTransform
GdipAddPathStringI
GdipCreateFont
GdipResetWorldTransform
GdipMeasureString
GdipGetFontSize
GdipDeleteFont
GdipCreateSolidFill
GdipDrawImageI
GdipCreateFontFromLogfontW
GdipDisposeImageAttributes
GdipFillPath

Sections

.text
Size: 352KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CareUEyesPortable/App/ProgramFiles/wallpaper/1.jpg
.jpg
CareUEyesPortable/App/ProgramFiles/wallpaper/2.jpg
.jpg
CareUEyesPortable/App/ProgramFiles/wallpaper/3.jpg
.jpg
CareUEyesPortable/App/ProgramFiles/wallpaper/4.jpg
.jpg
CareUEyesPortable/App/ProgramFiles/wallpaper/5.jpg
.jpg
CareUEyesPortable/App/ProgramFiles/wallpaper/6.jpg
.jpg
CareUEyesPortable/App/ProgramFiles/wallpaper/7.jpg
.jpg
CareUEyesPortable/CareUEyesPortable.exe
.exe windows:5 windows x86 arch:x86

039d1617d5f0788dacbd04b35a141ebe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
CompareFileTime
lstrlenA
lstrcpynA
lstrlenW
lstrcpynW
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryA
CreateProcessA
GetTempFileNameA
lstrcatA
GetProcAddress
OpenProcess
lstrcpyA
GetVersionExA
GetSystemDirectoryA
GetVersion
RemoveDirectoryA
SetFileTime
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleA
LoadLibraryExA
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
MulDiv
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
WideCharToMultiByte

user32

ScreenToClient
GetMessagePos
CallWindowProcA
IsWindowVisible
LoadBitmapA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
CheckDlgButton
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharUpperA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
LoadCursorA
SetCursor
GetWindowLongA
GetSysColor
CharNextA
DialogBoxParamA
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
FindWindowExA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumValueA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 468KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CareUEyesPortable/Data/careueyes/setting_v2.dat
CareUEyesPortable/Data/settings/CareUEyesPortableSettings.ini
ʹ˵.txt
ϵͳ.html

Sharing

General

Malware Config

Signatures

Files

d3cb0b396f559caa4dfd6db884d34e4c

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

8b:6b:86:23:d0:7b:86:b7:75:16:ca:6b:69:62:2c:8dCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

8b:6b:86:23:d0:7b:86:b7:75:16:ca:6b:69:62:2c:8dCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

a1:1c:a8:49:b2:2c:61:79:eb:77:a0:d2:4a:80:f8:2f:88:6b:58:3c:48:ff:29:1c:3f:a7:ca:01:96:76:bd:5eSigner

49:29:35:b6:92:bc:cf:8c:53:32:34:69:7b:04:39:98:7e:99:e2:f8Signer

Headers

DLL Characteristics

File Characteristics

Imports

winmm

wtsapi32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

version

ws2_32

iphlpapi

imm32

crypt32

wldap32

usp10

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 83KB - Virtual size: 187KB

.rsrc Size: 602KB - Virtual size: 601KB

.reloc Size: 196KB - Virtual size: 195KB

5fee50288aa042b63b38bcb450004734

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

8b:6b:86:23:d0:7b:86:b7:75:16:ca:6b:69:62:2c:8d
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

8b:6b:86:23:d0:7b:86:b7:75:16:ca:6b:69:62:2c:8d
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

a1:1c:a8:49:b2:2c:61:79:eb:77:a0:d2:4a:80:f8:2f:88:6b:58:3c:48:ff:29:1c:3f:a7:ca:01:96:76:bd:5e
Signer

49:29:35:b6:92:bc:cf:8c:53:32:34:69:7b:04:39:98:7e:99:e2:f8
Signer

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 83KB - Virtual size: 187KB

.rsrc
Size: 602KB - Virtual size: 601KB

.reloc
Size: 196KB - Virtual size: 195KB

.text
Size: 352KB - Virtual size: 349KB

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 12KB - Virtual size: 21KB

.rsrc
Size: 48KB - Virtual size: 45KB

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 167KB

.ndata
Size: - Virtual size: 468KB

.rsrc
Size: 358KB - Virtual size: 358KB

.reloc
Size: 3KB - Virtual size: 2KB