db47152410e99e94888e255f4e3b46e6cb6fe1f8b8c67f73d4183889524a141f

Sharing

Copy URL Twitter E-mail

General

Target

db47152410e99e94888e255f4e3b46e6cb6fe1f8b8c67f73d4183889524a141f
Size

963KB
MD5

22130139ee084988765a5d9a0510375c
SHA1

5900526161de0f6abb5f8b783e6d9d07893aa381
SHA256

db47152410e99e94888e255f4e3b46e6cb6fe1f8b8c67f73d4183889524a141f
SHA512

fcc81c569a500bdaef9305dc5a22ce243d3d2bd20287d683bbb8a32f018d7d386e25e14a92060152249086c35f432e89be9606a81c30dfd073fd5d4ed724178e
SSDEEP

24576:sKo0OfJc9zzs+c/ocRL6uD4mW5FThYRMht:5odf69nU/DGPThOML

Score

1^/10

Malware Config

Signatures

Files

db47152410e99e94888e255f4e3b46e6cb6fe1f8b8c67f73d4183889524a141f
.exe windows:5 windows x86 arch:x86

9ea75189ed3a714745fc0ba2a19b08cd

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:46:5d:d6:8e:40:9c:e1:6b:42:5a:cf:8d:fc:5a:86
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

14/07/2023, 00:00

Not After

13/07/2024, 23:59

Subject

SERIALNUMBER=91430102559501543M,CN=Changsha Shenghua Yaozhi Software Development Co.\, Ltd.,O=Changsha Shenghua Yaozhi Software Development Co.\, Ltd.,ST=Hunan Sheng,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a0:34:60:d9:be:78:2c:4d:bc:3a:2a:15:19:dc:9a:e1:10:2c:4c:b1:da:18:11:75:aa:53:d9:ea:c4:5d:89
Signer

Actual PE Digest

0c:a0:34:60:d9:be:78:2c:4d:bc:3a:2a:15:19:dc:9a:e1:10:2c:4c:b1:da:18:11:75:aa:53:d9:ea:c4:5d:89

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
LCMapStringW
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetOEMCP
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
GetDriveTypeA
CreateFileA
SetEnvironmentVariableA
GetACP
GetCPInfo
QueryPerformanceCounter
VirtualFree
HeapCreate
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
HeapSize
HeapReAlloc
VirtualQuery
VirtualAlloc
VirtualProtect
RaiseException
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
IsDebuggerPresent
UnhandledExceptionFilter
SetErrorMode
GetFileSizeEx
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetThreadLocale
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
GetModuleHandleA
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
MulDiv
GlobalAddAtomW
FreeResource
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
CompareStringA
InterlockedExchange
lstrcmpW
SetLastError
DuplicateHandle
GetFileInformationByHandle
GetVolumeInformationW
lstrlenA
GetPrivateProfileIntW
GetCommandLineW
GetLocalTime
GetSystemInfo
OpenProcess
GetTickCount
GetFileSize
HeapFree
GetProcessHeap
HeapAlloc
GetPrivateProfileSectionNamesW
GetPrivateProfileStringA
GetLocaleInfoW
WritePrivateProfileStringW
GetPrivateProfileStringW
SystemTimeToFileTime
GetSystemTime
GetModuleHandleW
GetVersionExW
LoadLibraryExW
LocalAlloc
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
SetUnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ExpandEnvironmentStringsW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
WriteFile
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetFullPathNameW
FindClose
FindNextFileW
FindFirstFileW
lstrcatW
ReadFile
GetFileAttributesW
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetDriveTypeW
GetLogicalDrives
GetWindowsDirectoryW
CopyFileW
GetCurrentProcess
DeleteFileW
DeviceIoControl
CreateDirectoryW
CreateProcessW
GetStartupInfoW
LockResource
lstrcpyW
Sleep
LoadLibraryW
CreateFileW
SizeofResource
LoadResource
FindResourceW
GetLastError
GetModuleFileNameW
GetProcAddress
WaitForSingleObject
CreateThread
CloseHandle
lstrlenW
FormatMessageW
LocalFree
InterlockedIncrement
InterlockedDecrement

user32

SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
IsWindowVisible
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetMenuState
CheckMenuItem
GetKeyState
WindowFromPoint
GetDesktopWindow
GetActiveWindow
SetActiveWindow
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
SetWindowPos
PostQuitMessage
PostMessageW
TranslateMessage
PeekMessageW
DispatchMessageW
MessageBoxW
IsMenu
RegisterWindowMessageW
GetWindow
LoadMenuW
GetCursorPos
GetWindowRect
ScreenToClient
EnableMenuItem
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
MoveWindow
IsWindow
GetParent
GetWindowLongW
RedrawWindow
GetScrollPos
InflateRect
DrawFocusRect
DrawEdge
IsRectEmpty
CopyRect
FillRect
GetDlgCtrlID
GetSysColor
ReleaseDC
GetDC
PtInRect
InvalidateRect
DestroyWindow
GetDlgItem
SetForegroundWindow
ShowWindow
CreateDialogIndirectParamW
GetLastActivePopup
GetWindowThreadProcessId
UnhookWindowsHookEx
DefWindowProcW
CreateDesktopW
SendDlgItemMessageW
CallWindowProcW
DrawIcon
GetClientRect
SendDlgItemMessageA
GetMenuStringW
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowLongW
ModifyMenuW
SetScrollInfo
EnableWindow
LoadIconW
GetSystemMenu
AppendMenuW
SendMessageW
IsIconic
GetSystemMetrics
GetScrollInfo
EqualRect
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
UpdateWindow
SetScrollPos
SetMenu
TrackPopupMenu
MapWindowPoints
GetMessagePos
GetMessageTime
GetTopWindow
GetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
SetFocus
RemovePropW
GetPropW
SetPropW
GetClassLongW
GetCapture
IsDialogMessageW
SetWindowTextW
DestroyMenu
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
SetCapture
LoadCursorW
ReleaseCapture
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
CharUpperW
GetSysColorBrush
UnregisterClassW
IsChild
SetRect
WinHelpW
RegisterClipboardFormatW
PostThreadMessageW
GetClassNameW

gdi32

GetRgnBox
GetTextColor
GetBkColor
GetMapMode
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
ExtTextOutW
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateBitmap
CreateRectRgnIndirect
SelectObject
CreateFontIndirectW
GetObjectW
CreateSolidBrush
GetStockObject
GetTextExtentPoint32W
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

SetSecurityInfo
RegCloseKey
RegEnumKeyExW
RegQueryValueW
RegEnumKeyW
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
RegCreateKeyW
FreeSid
AllocateAndInitializeSid
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumValueW
RegQueryInfoKeyW
RegSetKeySecurity
RegGetKeySecurity
RegDeleteKeyW
GetSecurityDescriptorLength
CopySid
MakeSelfRelativeSD
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetNamedSecurityInfoW
RegCreateKeyExW
IsValidSecurityDescriptor
GetNamedSecurityInfoW
GetKernelObjectSecurity
LookupAccountNameW
ConvertStringSidToSidW
MapGenericMask
AddAce
AddAccessAllowedAce
InitializeAcl
GetLengthSid
IsValidAcl
IsValidSid
DeleteAce
EqualSid
GetAce
GetAclInformation
ConvertSidToStringSidW
LookupAccountSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetSecurityDescriptorControl
SetEntriesInAclW
RegConnectRegistryW
MakeAbsoluteSD
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegLoadKeyW
RegUnLoadKeyW
RegOpenKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSaveKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW

shell32

ShellExecuteW
SHFileOperationW

comctl32

ord17

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFileExistsW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoTaskMemAlloc
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CLSIDFromProgID
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoInitialize
CoSetProxyBlanket
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CreateILockBytesOnHGlobal
OleUninitialize
CoQueryProxyBlanket

oleaut32

VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
VarUdateFromDate
VarDateFromStr
VariantChangeType
SysAllocStringLen
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
VariantClear
VariantInit
SysFreeString
SysStringLen
SysAllocStringByteLen
SysAllocString

wsock32

WSACleanup
__WSAFDIsSet
WSASetLastError
shutdown
ntohl
ioctlsocket
select
WSAStartup
setsockopt
accept
listen
closesocket

netapi32

NetApiBufferFree
DsGetDcNameW

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

setupapi

SetupCloseInfFile
SetupGetFieldCount
SetupGetStringFieldW
SetupFindNextLine
SetupGetMultiSzFieldW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
CM_Get_DevNode_Status
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupFindFirstLineW
SetupOpenInfFileW
SetupQueryInfVersionInformationW
SetupGetInfInformationW

winhttp

WinHttpOpen
WinHttpCrackUrl
WinHttpSetOption
WinHttpConnect
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpReadData

psapi

GetProcessMemoryInfo

ws2_32

WSAIoctl

Sections

.text
Size: 715KB - Virtual size: 714KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ea75189ed3a714745fc0ba2a19b08cd

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

11:46:5d:d6:8e:40:9c:e1:6b:42:5a:cf:8d:fc:5a:86Certificate

Extended Key Usages

Key Usages

0c:a0:34:60:d9:be:78:2c:4d:bc:3a:2a:15:19:dc:9a:e1:10:2c:4c:b1:da:18:11:75:aa:53:d9:ea:c4:5d:89Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

netapi32

mpr

setupapi

winhttp

psapi

ws2_32

Sections

.text Size: 715KB - Virtual size: 714KB

.rdata Size: 169KB - Virtual size: 169KB

.data Size: 14KB - Virtual size: 97KB

.rsrc Size: 53KB - Virtual size: 53KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

11:46:5d:d6:8e:40:9c:e1:6b:42:5a:cf:8d:fc:5a:86
Certificate

0c:a0:34:60:d9:be:78:2c:4d:bc:3a:2a:15:19:dc:9a:e1:10:2c:4c:b1:da:18:11:75:aa:53:d9:ea:c4:5d:89
Signer

.text
Size: 715KB - Virtual size: 714KB

.rdata
Size: 169KB - Virtual size: 169KB

.data
Size: 14KB - Virtual size: 97KB

.rsrc
Size: 53KB - Virtual size: 53KB