7a96d45d1edd871cb96a67fd3a428b2d

Sharing

Copy URL Twitter E-mail

General

Target

7a96d45d1edd871cb96a67fd3a428b2d
Size

4.9MB
MD5

7a96d45d1edd871cb96a67fd3a428b2d
SHA1

1ec9042a8313deac03a8e6a52c297f8e3dd58c08
SHA256

e80a1fb702937e533080b0c458460054205a572d465f5eeca98a777a4aa43dfa
SHA512

978f59fe48801905e19e6e4e1dd3c6761b2a00f004863b55665f72df91ce0a19809a66220f3ec1b8197567cb16666f5d9fba18c860d4164e5758cf95bc480816
SSDEEP

98304:SoJw3GbI0g2Z8VPJqSDBXP4p0PGnKWZjvUxzj7a3Tu4mowt:SoJw3GbI0g2Z82WJQCeKUwzj7ajuSwt

Score

1^/10

Malware Config

Signatures

Files

7a96d45d1edd871cb96a67fd3a428b2d
.exe windows:6 windows x86 arch:x86

1957a3da4e7db6c044b5e3ea941028da

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:ee:cc:f7:3f:05:11:35:54:88:70:d3:38:6e:4a:9c
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2019, 00:00

Not After

04/01/2023, 12:00

Subject

CN=SHENZHEN THUNDER NETWORKING TECHNOLOGIES LTD.,O=SHENZHEN THUNDER NETWORKING TECHNOLOGIES LTD.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:8b:b5:c7:e9:a7:cb:34:5e:78:d0:20:04:20:24:00
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/12/2019, 00:00

Not After

04/01/2023, 12:00

Subject

SERIALNUMBER=91440300746612636Q,CN=SHENZHEN THUNDER NETWORKING TECHNOLOGIES LTD.,O=SHENZHEN THUNDER NETWORKING TECHNOLOGIES LTD.,L=Shenzhen,ST=Guangdong,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e4:fd:9b:3a:85:6f:53:35:21:ed:32:4f:d4:bb:bd:36:f4:4e:4a:f7:1f:d0:7a:b5:5b:38:41:ec:82:16:d3:69
Signer

Actual PE Digest

e4:fd:9b:3a:85:6f:53:35:21:ed:32:4f:d4:bb:bd:36:f4:4e:4a:f7:1f:d0:7a:b5:5b:38:41:ec:82:16:d3:69

Digest Algorithm

sha256

PE Digest Matches

true

a7:f4:4a:f9:87:42:b0:29:b8:85:a7:d7:c6:0d:8e:71:77:00:f2:46
Signer

Actual PE Digest

a7:f4:4a:f9:87:42:b0:29:b8:85:a7:d7:c6:0d:8e:71:77:00:f2:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

xlliveupdateagent

??0TbcString@@QAE@XZ
??1TbcString@@QAE@XZ
??0TbcString@@QAE@ABV0@@Z
??4TbcString@@QAEAAV0@ABV0@@Z
??YTbcString@@QAEAAV0@PB_W@Z
??4TbcString@@QAEAAV0@PB_W@Z
?GetInstance@XLLiveUpdateAgent@XLLiveUpdate@@SAPAV12@XZ
??0TbcString@@QAE@PB_W@Z
??YTbcString@@QAEAAV0@ABV0@@Z
?c_str@TbcString@@QBEPB_WXZ

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

gethostbyname
gethostname
WSAStartup

iphlpapi

GetAdaptersInfo

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
InternetOpenW
InternetCrackUrlW
InternetCloseHandle

kernel32

SetDllDirectoryW
GetPrivateProfileStringW
CreateDirectoryW
FindClose
GetProcessId
VerifyVersionInfoW
CreateFileMappingW
MapViewOfFile
WritePrivateProfileStringW
GetCurrentDirectoryW
GetFileAttributesW
RemoveDirectoryW
SetFileAttributesW
FormatMessageW
lstrcatA
GetFileAttributesA
lstrcpyA
WritePrivateProfileStringA
CreateDirectoryA
GetPrivateProfileStringA
SetPriorityClass
DeviceIoControl
GetVolumeInformationA
CreateFileA
GetVersionExA
ReadProcessMemory
OpenProcess
TerminateProcess
GetCurrentThread
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
SetFilePointer
HeapDestroy
Sleep
LoadLibraryExW
FindResourceW
SizeofResource
LockResource
LoadResource
InterlockedPushEntrySList
LocalFree
WideCharToMultiByte
WaitForMultipleObjects
GetProcAddress
GetModuleHandleW
SetEvent
CreateEventW
WriteFile
WaitForSingleObject
CreateFileW
GetCommandLineW
CopyFileW
FindNextFileW
GetTempPathW
InitializeCriticalSection
SetLastError
GetCurrentThreadId
GetModuleFileNameW
FindFirstFileW
DeleteFileW
CloseHandle
IsWow64Process
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentProcess
DecodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
MultiByteToWideChar
HeapAlloc
CreateMutexW
FreeLibraryAndExitThread
GetModuleHandleExW
Process32NextW
Process32FirstW
LoadLibraryW
CreateToolhelp32Snapshot
GetStdHandle
VerSetConditionMask
SetEndOfFile
WriteConsoleW
SetFilePointerEx
GetConsoleCP
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
ExitThread
CreateThread
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
GlobalLock
GlobalUnlock
MulDiv
lstrlenW
GetACP
ExitProcess
GetCurrentProcessId
GetFileType
ReadFile
SetFileTime
DuplicateHandle
DosDateTimeToFileTime
SystemTimeToFileTime
GetFileSize
FreeResource
GlobalAlloc
GetLocalTime
lstrcpyW
MoveFileExW
UnmapViewOfFile
IsDebuggerPresent
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
RtlUnwind
FreeLibrary

user32

SetWindowPos
GetSystemMenu
UnregisterClassW
ShowWindow
BringWindowToTop
IsIconic
IsZoomed
CharNextW
SetFocus
GetFocus
GetKeyState
SetCapture
ReleaseCapture
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetWindowRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
SetCaretPos
ScreenToClient
MapWindowPoints
GetSysColor
IntersectRect
UnionRect
IsRectEmpty
PtInRect
GetParent
GetWindow
LoadImageW
SetCursor
InflateRect
OffsetRect
SetWindowRgn
MonitorFromWindow
GetMonitorInfoW
RegisterClassW
EnableWindow
SetPropW
GetPropW
MonitorFromPoint
UpdateLayeredWindow
MoveWindow
GetWindowRgn
LoadIconW
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
AppendMenuW
TrackPopupMenu
HideCaret
ShowCaret
GetCaretPos
ClientToScreen
SystemParametersInfoW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
IsWindowEnabled
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
SetForegroundWindow
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
PostQuitMessage
SendMessageW
GetDesktopWindow
FindWindowExW
PostThreadMessageW
GetWindowThreadProcessId
FindWindowW
TranslateMessage
PeekMessageW
DispatchMessageW
GetMessageW
CallWindowProcW
RegisterClassExW
IsWindowVisible
GetClassInfoExW
DefWindowProcW
PostMessageW
DestroyWindow
CreateWindowExW
GetWindowLongW
SetWindowLongW
GetActiveWindow
EnableMenuItem
wsprintfW
IsWindow
KillTimer
SetTimer
LoadCursorW

advapi32

FreeSid
AllocateAndInitializeSid
SetNamedSecurityInfoW
RegCloseKey
RegQueryValueExW
TraceEvent
GetTraceEnableLevel
GetNamedSecurityInfoW
OpenThreadToken
OpenProcessToken
DuplicateToken
CheckTokenMembership
GetTokenInformation
GetAce
GetTraceLoggerHandle
RegisterTraceGuidsW
GetAclInformation
AddAce
UnregisterTraceGuids
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
RegOpenKeyExW
CopySid
GetLengthSid
IsValidSid
EqualSid
InitializeAcl

shell32

Shell_NotifyIconW
DragQueryFileW
ShellExecuteExW
ShellExecuteW
SHCreateDirectoryExW
SHGetSpecialFolderPathA
CommandLineToArgvW

ole32

CoUninitialize
CoInitialize
RegisterDragDrop
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
DoDragDrop

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

shlwapi

PathAddBackslashW
PathAppendW
PathFindFileNameW
PathRemoveBackslashW
PathCombineW
StrCmpIW
PathFileExistsW
PathIsDirectoryW
StrCmpW

userenv

UnloadUserProfile

gdi32

SetTextColor
GetObjectA
MoveToEx
GdiFlush
StretchBlt
GetBitmapBits
SetBitmapBits
SetStretchBltMode
SetBkMode
ExtSelectClipRgn
EnumFontFamiliesExW
SetBkColor
TextOutW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateFontIndirectW
CreatePen
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
RestoreDC
SaveDC
SelectObject
CloseEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
CreateRectRgn
PtInRegion
CreateDIBSection
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
RoundRect
SelectClipRgn
GetTextMetricsW

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

comctl32

_TrackMouseEvent
ord17
InitCommonControlsEx

gdiplus

GdipImageGetFrameDimensionsList
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipImageGetFrameCount
GdipImageGetFrameDimensionsCount
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesColorKeys
GdipSetImageAttributesWrapMode
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImageRectRect
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipLoadImageFromStream
GdipLoadImageFromStreamICM

Exports

Exports

??0UpdateInfo@XLLiveUpdate@@QAE@$$QAU01@@Z
??0UpdateInfo@XLLiveUpdate@@QAE@ABU01@@Z
??0UpdateInfo@XLLiveUpdate@@QAE@XZ
??0XLLiveUpdateAgent@XLLiveUpdate@@QAE@$$QAV01@@Z
??0XLLiveUpdateAgent@XLLiveUpdate@@QAE@ABV01@@Z
??0XLLiveUpdateAgent@XLLiveUpdate@@QAE@XZ
??1UpdateInfo@XLLiveUpdate@@QAE@XZ
??4UpdateInfo@XLLiveUpdate@@QAEAAU01@$$QAU01@@Z
??4UpdateInfo@XLLiveUpdate@@QAEAAU01@ABU01@@Z
??4XLLiveUpdateAgent@XLLiveUpdate@@QAEAAV01@$$QAV01@@Z
??4XLLiveUpdateAgent@XLLiveUpdate@@QAEAAV01@ABV01@@Z
??_7XLLiveUpdateAgent@XLLiveUpdate@@6B@
?__autoclassinit2@TbcString@@QAEXI@Z

Sections

.text
Size: 885KB - Virtual size: 885KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1957a3da4e7db6c044b5e3ea941028da

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

0d:ee:cc:f7:3f:05:11:35:54:88:70:d3:38:6e:4a:9cCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

07:8b:b5:c7:e9:a7:cb:34:5e:78:d0:20:04:20:24:00Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

e4:fd:9b:3a:85:6f:53:35:21:ed:32:4f:d4:bb:bd:36:f4:4e:4a:f7:1f:d0:7a:b5:5b:38:41:ec:82:16:d3:69Signer

a7:f4:4a:f9:87:42:b0:29:b8:85:a7:d7:c6:0d:8e:71:77:00:f2:46Signer

Headers

DLL Characteristics

File Characteristics

Imports

xlliveupdateagent

version

ws2_32

iphlpapi

wininet

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

gdi32

imm32

comctl32

gdiplus

Exports

Exports

Sections

.text Size: 885KB - Virtual size: 885KB

.rdata Size: 181KB - Virtual size: 180KB

.data Size: 9KB - Virtual size: 24KB

.gfids Size: 1024B - Virtual size: 652B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 3.8MB - Virtual size: 3.8MB

.reloc Size: 44KB - Virtual size: 44KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

0d:ee:cc:f7:3f:05:11:35:54:88:70:d3:38:6e:4a:9c
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

07:8b:b5:c7:e9:a7:cb:34:5e:78:d0:20:04:20:24:00
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

e4:fd:9b:3a:85:6f:53:35:21:ed:32:4f:d4:bb:bd:36:f4:4e:4a:f7:1f:d0:7a:b5:5b:38:41:ec:82:16:d3:69
Signer

a7:f4:4a:f9:87:42:b0:29:b8:85:a7:d7:c6:0d:8e:71:77:00:f2:46
Signer

.text
Size: 885KB - Virtual size: 885KB

.rdata
Size: 181KB - Virtual size: 180KB

.data
Size: 9KB - Virtual size: 24KB

.gfids
Size: 1024B - Virtual size: 652B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 3.8MB - Virtual size: 3.8MB

.reloc
Size: 44KB - Virtual size: 44KB