934f7ab60afd15654cdc6faa137efca18ae9c68e3e6c1e63dce492a590bc88c1

Sharing

Copy URL Twitter E-mail

General

Target

934f7ab60afd15654cdc6faa137efca18ae9c68e3e6c1e63dce492a590bc88c1
Size

1.2MB
MD5

1824aebe79485116ecd163c8a1bae879
SHA1

411ae865e3f00ccad4c9983bdf083ff1084bef73
SHA256

934f7ab60afd15654cdc6faa137efca18ae9c68e3e6c1e63dce492a590bc88c1
SHA512

46e7451f27d9d62dd48f0d0962fb003553abe919c94bb3b2a3bbe80c9a688ce6fcf9ce37a7b71a92398aa8841b333e85e1e61cf76a0513553223a4aec9b1dca6
SSDEEP

24576:e+c92swAw2/h4JY2NAF6jeThHkZWjTztFpTW+O3CGoJ26JrEH7x:e+4/MYkqGNZ

Score

1^/10

Malware Config

Signatures

Files

934f7ab60afd15654cdc6faa137efca18ae9c68e3e6c1e63dce492a590bc88c1
.exe windows:5 windows x86 arch:x86

dbecc0e6818d65af385247ac7934152e

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:95:6e:a2:09:02:45:59:88:58:5f:ec:c9:3d:db:b7
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08/11/2018, 00:00

Not After

07/11/2021, 23:59

Subject

SERIALNUMBER=91440605MA4UTBEQ1U,CN=FOSHAN CHENXING TECH\,CO.\,LTD,OU=IT Dept,O=FOSHAN CHENXING TECH\,CO.\,LTD,L=FoShan,ST=GuangDong,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130c466f5368616e4e616e486169,1.3.6.1.4.1.311.60.2.1.2=#13094775616e67446f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:95:6e:a2:09:02:45:59:88:58:5f:ec:c9:3d:db:b7
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08/11/2018, 00:00

Not After

07/11/2021, 23:59

Subject

SERIALNUMBER=91440605MA4UTBEQ1U,CN=FOSHAN CHENXING TECH\,CO.\,LTD,OU=IT Dept,O=FOSHAN CHENXING TECH\,CO.\,LTD,L=FoShan,ST=GuangDong,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130c466f5368616e4e616e486169,1.3.6.1.4.1.311.60.2.1.2=#13094775616e67446f6e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ab:91:42:c2:3e:85:37:a0:7a:cf:bb:e4:68:ac:f3:bb:2e:78:9f:0b:63:63:bf:ef:35:cf:2d:7e:d6:7a:83:eb
Signer

Actual PE Digest

ab:91:42:c2:3e:85:37:a0:7a:cf:bb:e4:68:ac:f3:bb:2e:78:9f:0b:63:63:bf:ef:35:cf:2d:7e:d6:7a:83:eb

Digest Algorithm

sha256

PE Digest Matches

false

0f:74:dd:40:f5:fe:33:5a:23:02:f6:86:68:8e:ff:87:1f:b1:22:15
Signer

Actual PE Digest

0f:74:dd:40:f5:fe:33:5a:23:02:f6:86:68:8e:ff:87:1f:b1:22:15

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHBrowseForFolderA

kernel32

SetEndOfFile
GetCurrentProcess
GetModuleHandleW
SetErrorMode
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFileType
HeapReAlloc
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
ExitProcess
GetCommandLineA
RtlUnwind
RaiseException
VirtualAlloc
HeapSize
HeapCreate
VirtualFree
GetStdHandle
GetACP
IsValidCodePage
LCMapStringW
SetHandleCount
LCMapStringA
SetStdHandle
GetProcessHeap
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetStringTypeA
GetStringTypeW
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
SetFilePointer
ReadFile
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
GetModuleFileNameW
MulDiv
WritePrivateProfileStringA
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GlobalAlloc
lstrlenA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GetVersionExA
GlobalLock
GlobalUnlock
GlobalFree
lstrcpyA
LoadLibraryExA
FreeLibrary
LocalFree
WinExec
GetModuleHandleA
LoadLibraryA
GetProcAddress
SetLastError
CreateDirectoryA
FormatMessageA
FindNextVolumeA
FindFirstVolumeA
GetVolumePathNamesForVolumeNameA
DeviceIoControl
SetVolumeMountPointA
GetDriveTypeA
DeleteVolumeMountPointA
FindVolumeClose
DeleteFileA
FileTimeToLocalFileTime
CloseHandle
LockResource
CopyFileA
GetLastError
GetLogicalDriveStringsA
FileTimeToSystemTime
CreateProcessA
SizeofResource
Sleep
WideCharToMultiByte
WriteFile
WaitForSingleObject
LoadResource
FreeResource
FindResourceA
CreateFileA
MultiByteToWideChar
GetStartupInfoA

shlwapi

StrStrIA
PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecW
PathFileExistsA

user32

UnregisterClassA
DestroyMenu
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
GetWindowThreadProcessId
SetCursor
PostQuitMessage
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
GetDlgItemTextA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetWindowTextLengthA
GetWindowTextA
GetWindow
GetWindowLongA
SetFocus
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuA
GetMenuState
CheckMenuItem
GetParent
DrawStateA
InvalidateRect
SetWindowRgn
GetWindowRect
GetWindowDC
IsIconic
IsZoomed
GetSubMenu
LoadBitmapA
LoadMenuA
LoadIconA
DrawIcon
GetClientRect
ExitWindowsEx
PtInRect
GetDC
ReleaseDC
EnableMenuItem
PostMessageA
GetSystemMetrics
SendMessageA
EnableWindow
LoadCursorA
GetSysColorBrush
GetSysColor

gdi32

DeleteDC
GetDeviceCaps
ScaleWindowExtEx
Escape
ExtTextOutA
TextOutA
SetWindowExtEx
RectVisible
PtVisible
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetStockObject
GetTextExtentPoint32A
StretchBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateRectRgn
GetObjectA
CreateSolidBrush
DeleteObject
SetMapMode
SetStretchBltMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
CreateFontIndirectA
SelectObject

msimg32

TransparentBlt

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA

comctl32

InitCommonControlsEx
_TrackMouseEvent

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx

oleaut32

VariantClear
VariantChangeType
VariantInit

winmm

mciSendStringA

Sections

.text
Size: 330KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 645KB - Virtual size: 644KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbecc0e6818d65af385247ac7934152e

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

5f:95:6e:a2:09:02:45:59:88:58:5f:ec:c9:3d:db:b7Certificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

5f:95:6e:a2:09:02:45:59:88:58:5f:ec:c9:3d:db:b7Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

ab:91:42:c2:3e:85:37:a0:7a:cf:bb:e4:68:ac:f3:bb:2e:78:9f:0b:63:63:bf:ef:35:cf:2d:7e:d6:7a:83:ebSigner

0f:74:dd:40:f5:fe:33:5a:23:02:f6:86:68:8e:ff:87:1f:b1:22:15Signer

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

shlwapi

user32

gdi32

msimg32

winspool.drv

advapi32

comctl32

ole32

oleaut32

winmm

Sections

.text Size: 330KB - Virtual size: 330KB

.rdata Size: 124KB - Virtual size: 124KB

.data Size: 36KB - Virtual size: 51KB

.rsrc Size: 645KB - Virtual size: 644KB

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

5f:95:6e:a2:09:02:45:59:88:58:5f:ec:c9:3d:db:b7
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

5f:95:6e:a2:09:02:45:59:88:58:5f:ec:c9:3d:db:b7
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

ab:91:42:c2:3e:85:37:a0:7a:cf:bb:e4:68:ac:f3:bb:2e:78:9f:0b:63:63:bf:ef:35:cf:2d:7e:d6:7a:83:eb
Signer

0f:74:dd:40:f5:fe:33:5a:23:02:f6:86:68:8e:ff:87:1f:b1:22:15
Signer

.text
Size: 330KB - Virtual size: 330KB

.rdata
Size: 124KB - Virtual size: 124KB

.data
Size: 36KB - Virtual size: 51KB

.rsrc
Size: 645KB - Virtual size: 644KB