2cef59d8597b859e3ae8552c5f2c23b3

Sharing

Copy URL Twitter E-mail

General

Target

2cef59d8597b859e3ae8552c5f2c23b3
Size

1.3MB
MD5

2cef59d8597b859e3ae8552c5f2c23b3
SHA1

b7c9695937024d22cbef1bad501179897b74b49e
SHA256

8bbc4b49489a0385cdc29055035b6a7e879c58780f59ca8c43353f6cbede57bc
SHA512

a72853132846e910207cd2e1bb9e68caaa27596fcc827aa64e52f82aba5de6f2ef9da67bf363b173ee72e6f6d0e7417828a79846650e0ed19d20d264bcbf44e8
SSDEEP

24576:cnoTJ/QTv3j4vqB9X7a1huwJodrJaxTc6iO4w:c2QTvEvq/7a1huQs6TDiO4w

Score

1^/10

Malware Config

Signatures

Files

2cef59d8597b859e3ae8552c5f2c23b3
.exe windows:5 windows x86 arch:x86

59fb259a54ae13dff8320aad50129a05

Code Sign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

22/10/2008, 12:07

Not After

10/06/2027, 10:46

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:50:df:f8:e7:59:c8:51:be:9e:ed:59:0e:7c:11:8e
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

12/06/2019, 12:24

Not After

11/06/2020, 12:24

Subject

CN=重庆福晟达科技有限公司,O=重庆福晟达科技有限公司,L=重庆市,ST=重庆市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

22/10/2008, 12:07

Not After

10/06/2027, 10:46

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:50:df:f8:e7:59:c8:51:be:9e:ed:59:0e:7c:11:8e
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

12/06/2019, 12:24

Not After

11/06/2020, 12:24

Subject

CN=重庆福晟达科技有限公司,O=重庆福晟达科技有限公司,L=重庆市,ST=重庆市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:ed:39:be:74:07:2f:4b:a2:09:f6:57:87:19:2e:47:4a:76:09:30:20:f1:de:e6:07:41:e2:f7:0d:34:86:5b
Signer

Actual PE Digest

11:ed:39:be:74:07:2f:4b:a2:09:f6:57:87:19:2e:47:4a:76:09:30:20:f1:de:e6:07:41:e2:f7:0d:34:86:5b

Digest Algorithm

sha256

PE Digest Matches

true

f6:6f:1f:51:3d:c7:f4:be:4f:11:c2:00:08:cf:69:12:88:37:39:04
Signer

Actual PE Digest

f6:6f:1f:51:3d:c7:f4:be:4f:11:c2:00:08:cf:69:12:88:37:39:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetVersionExA
FreeLibrary
LoadLibraryW
MulDiv
GetTickCount
GetFullPathNameW
FreeResource
SetLastError
FindResourceW
SizeofResource
LoadResource
LockResource
InitializeCriticalSection
HeapCreate
HeapAlloc
HeapFree
HeapDestroy
DeleteCriticalSection
FlushInstructionCache
Process32Next
Process32First
GlobalAlloc
GlobalLock
GlobalUnlock
LocalFree
SetEnvironmentVariableA
LeaveCriticalSection
CreateFileW
GetProcessHeap
SetEndOfFile
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetStdHandle
GetStringTypeW
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
CreateFileA
IsValidCodePage
GetOEMCP
GetACP
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
SetFilePointer
ReadFile
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RaiseException
RtlUnwind
HeapReAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineW
CreateThread
ResumeThread
EnterCriticalSection
SetCurrentDirectoryW
GetPrivateProfileStringA
CreateMutexW
OutputDebugStringA
DeleteFileW
GetModuleFileNameA
GetSystemInfo
MoveFileA
MoveFileW
GetProcAddress
GetPrivateProfileIntW
WritePrivateProfileStringW
GetModuleFileNameW
GetVersionExW
GetPrivateProfileStringW
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
GetTempFileNameA
DeleteFileA
GetTempPathA
CloseHandle
CreateToolhelp32Snapshot
FindNextFileW
WTSGetActiveConsoleSessionId
Process32NextW
Process32FirstW
GetLocalTime
FindClose
MultiByteToWideChar
TerminateProcess
Sleep
WideCharToMultiByte
OpenProcess
ExitThread
GetSystemTimeAsFileTime
ExitProcess
InterlockedExchange
DecodePointer
EncodePointer
GetCurrentProcess
FindFirstFileW
GetLastError
CompareStringW
lstrlenA

user32

IsWindowEnabled
SetActiveWindow
DestroyWindow
PostQuitMessage
DestroyCursor
LoadCursorW
GetWindowLongW
CopyRect
IsRectEmpty
InflateRect
IntersectRect
UpdateWindow
UnionRect
SetWindowLongW
InvalidateRect
GetWindowRect
GetClientRect
SystemParametersInfoW
SetTimer
KillTimer
GetDC
ReleaseDC
SetCapture
SetFocus
SetWindowTextW
IsIconic
GetCursorPos
ReleaseCapture
GetDesktopWindow
SetWindowPos
ShowWindow
GetCapture
InvertRect
FillRect
DrawIconEx
GetActiveWindow
SendMessageW
EnableWindow
PostMessageW
IsWindow
ScreenToClient
DestroyIcon
GetForegroundWindow
MsgWaitForMultipleObjects
AppendMenuW
CreatePopupMenu
SetMenuContextHelpId
IsMenu
DestroyMenu
SetForegroundWindow
TrackPopupMenu
SetMenuInfo
GetMenuInfo
GetMenuItemCount
GetMenuItemInfoW
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
DrawTextW
IsWindowVisible
SystemParametersInfoA
GetSystemMetrics
EnableMenuItem
GetSysColor
ClientToScreen
GetMessageW
PeekMessageW
TranslateMessage
DispatchMessageW
CreateIconFromResource
LoadImageW
LoadBitmapW
EqualRect
SetRect
CharNextW
GetIconInfo
OffsetRect
PtInRect
RegisterClassExW
CreateWindowExW
GetWindow
MapWindowPoints
UnregisterClassW
CallWindowProcW
DefWindowProcW
GetDlgItem
SetCursor
GetKeyState
GetFocus
SetLayeredWindowAttributes
BeginPaint
EndPaint
GetClassNameW
TrackMouseEvent
AnimateWindow
IsZoomed
MonitorFromWindow
GetMonitorInfoW
GetParent
SetCaretPos
GetCaretBlinkTime
CreateCaret
HideCaret

gdi32

SetBkMode
GetStockObject
CreateFontIndirectW
GetClipBox
CreateRoundRectRgn
GetDeviceCaps
SetGraphicsMode
CreateBitmap
CreateCompatibleDC
SelectObject
Rectangle
StretchBlt
DeleteDC
EnumFontsW
DeleteObject
BitBlt
ExtCreatePen
CreateDIBSection
CombineRgn
PtInRegion
RectInRegion
GetRgnBox
OffsetRgn
SetRectRgn
CreateEllipticRgnIndirect
SetTextColor
GetTextColor
ExtSelectClipRgn
SaveDC
CreateRectRgnIndirect
RestoreDC
ExcludeClipRect
IntersectClipRect
CreateRectRgn
GetTextExtentPoint32W
RoundRect
Ellipse
SetWorldTransform
GetWorldTransform
SetROP2
CreateSolidBrush
SetViewportOrgEx
CreateCompatibleBitmap
CreatePen
Pie
Arc
GetObjectW
GetCurrentObject
GetViewportOrgEx
GetClipRgn
CreatePatternBrush
Polyline

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AdjustTokenPrivileges
RevertToSelf
ImpersonateLoggedOnUser
LookupPrivilegeValueW
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetSpecialFolderPathA
ShellExecuteW
ShellExecuteA
ShellExecuteExA
SHGetPathFromIDListA
SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
OleLockRunning
CoCreateInstance
OleInitialize
OleUninitialize
CreateBindCtx

oleaut32

SysFreeString
SysAllocString

wininet

HttpQueryInfoA
InternetConnectA
InternetReadFileExA
InternetCrackUrlA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetSetOptionW

netapi32

Netbios

imagehlp

MakeSureDirectoryPathExists

wtsapi32

WTSQueryUserToken

shlwapi

PathFileExistsA
PathFileExistsW
PathFindFileNameA
StrToIntExW
PathFindFileNameW
PathFindExtensionA

imm32

ImmAssociateContext
ImmReleaseContext
ImmGetContext

gdiplus

GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGraphicsClear
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipGetImageEncoders
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectI
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusShutdown
GdipCloneImage
GdiplusStartup
GdipImageGetFrameCount
GdipGetImageGraphicsContext
GdipCreateBitmapFromFile
GdipSaveImageToFile

msimg32

GradientFill
AlphaBlend

Sections

.text
Size: 775KB - Virtual size: 774KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59fb259a54ae13dff8320aad50129a05

Code Sign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:afCertificate

Extended Key Usages

Key Usages

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28Certificate

Key Usages

5b:50:df:f8:e7:59:c8:51:be:9e:ed:59:0e:7c:11:8eCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:afCertificate

Extended Key Usages

Key Usages

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28Certificate

Key Usages

5b:50:df:f8:e7:59:c8:51:be:9e:ed:59:0e:7c:11:8eCertificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

11:ed:39:be:74:07:2f:4b:a2:09:f6:57:87:19:2e:47:4a:76:09:30:20:f1:de:e6:07:41:e2:f7:0d:34:86:5bSigner

f6:6f:1f:51:3d:c7:f4:be:4f:11:c2:00:08:cf:69:12:88:37:39:04Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

netapi32

imagehlp

wtsapi32

shlwapi

imm32

gdiplus

msimg32

Sections

.text Size: 775KB - Virtual size: 774KB

.rdata Size: 234KB - Virtual size: 234KB

.data Size: 29KB - Virtual size: 102KB

.rsrc Size: 185KB - Virtual size: 184KB

.reloc Size: 76KB - Virtual size: 75KB

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28
Certificate

5b:50:df:f8:e7:59:c8:51:be:9e:ed:59:0e:7c:11:8e
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28
Certificate

5b:50:df:f8:e7:59:c8:51:be:9e:ed:59:0e:7c:11:8e
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

11:ed:39:be:74:07:2f:4b:a2:09:f6:57:87:19:2e:47:4a:76:09:30:20:f1:de:e6:07:41:e2:f7:0d:34:86:5b
Signer

f6:6f:1f:51:3d:c7:f4:be:4f:11:c2:00:08:cf:69:12:88:37:39:04
Signer

.text
Size: 775KB - Virtual size: 774KB

.rdata
Size: 234KB - Virtual size: 234KB

.data
Size: 29KB - Virtual size: 102KB

.rsrc
Size: 185KB - Virtual size: 184KB

.reloc
Size: 76KB - Virtual size: 75KB