eb21949deb16230b33aea1b6071aeb4aa3ce398685b6465db51626be0526f0cb

Sharing

Copy URL Twitter E-mail

General

Target

eb21949deb16230b33aea1b6071aeb4aa3ce398685b6465db51626be0526f0cb
Size

804KB
MD5

b124557b54d7c7e800ce9af6c4d7304e
SHA1

7366e277d2d60511d059b368a64f2b9cb501c1fd
SHA256

eb21949deb16230b33aea1b6071aeb4aa3ce398685b6465db51626be0526f0cb
SHA512

735cc18f0f24ccf6d46de76afd5ae021c7a197e159ba755fe90fc8afe81fc04a8a6a1d6d7a2a09d92dd601bbfa9b4d2b14bd7d9f9836e99726f70fc5abc71946
SSDEEP

12288:6MN0LmefxzyTNnlqOzcLysu2XNGvF+8n3spHcOpFFucoEHwBjvrEH7O:6MGdMzqO6ysu2doICLYFoGyrEH7O

Score

1^/10

Malware Config

Signatures

Files

eb21949deb16230b33aea1b6071aeb4aa3ce398685b6465db51626be0526f0cb
.exe windows:5 windows x86 arch:x86

0d38b6a5544cf6f8eceb679c6c693c47

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:40:77:8c:27:6d:e4:fd:1e:a8:08:09
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

30/09/2020, 02:38

Not After

01/10/2023, 02:38

Subject

SERIALNUMBER=91110108700000458B,CN=Lenovo (Beijing) Co.\, Ltd.,OU=System Operation Department,O=Lenovo (Beijing) Co.\, Ltd.,STREET=海淀区上地西路6号2幢2层201-H2-6,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074245494a494e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cb:5b:13:b2:1a:54:3b:6e:70:50:dc:14:76:6f:0e:6a:f5:c3:93:2f:e8:3d:bf:84:f3:d4:88:30:97:c0:cd:03
Signer

Actual PE Digest

cb:5b:13:b2:1a:54:3b:6e:70:50:dc:14:76:6f:0e:6a:f5:c3:93:2f:e8:3d:bf:84:f3:d4:88:30:97:c0:cd:03

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
GetFileAttributesW
SetFileAttributesW
WritePrivateProfileStringW
GetPrivateProfileStringW
CopyFileW
MoveFileExW
CreateThread
ExitProcess
SetEnvironmentVariableW
CompareStringW
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetConsoleMode
GetConsoleCP
UnmapViewOfFile
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
IsProcessorFeaturePresent
HeapCreate
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetSystemTimeAsFileTime
RtlUnwind
EncodePointer
DecodePointer
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
CreateFileMappingW
MapViewOfFileEx
SetEndOfFile
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
lstrcpyW
OpenProcess
TerminateProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
CreateMutexW
GetThreadLocale
DeleteFileW
LoadLibraryExW
FreeLibrary
lstrcmpiW
lstrlenW
InitializeCriticalSectionAndSpinCount
RaiseException
SetFileTime
CreateDirectoryW
DosDateTimeToFileTime
SystemTimeToFileTime
GetCurrentProcess
DuplicateHandle
GetFileType
IsBadReadPtr
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
GetVersionExW
GetFileSize
ReadFile
GetModuleHandleW
GetCurrentDirectoryW
CreateFileW
SetFilePointer
EnterCriticalSection
WriteFile
WideCharToMultiByte
LeaveCriticalSection
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
FreeResource
GetLastError
GlobalLock
GlobalUnlock
GetTickCount
LoadLibraryW
GetProcAddress
MulDiv
Sleep
OutputDebugStringW
GetModuleFileNameW
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
SetHandleCount
SetEnvironmentVariableA

user32

ClientToScreen
SetCaretPos
ShowCaret
HideCaret
CreateCaret
SetRect
CharPrevW
DrawTextW
GetMessageW
TranslateMessage
DispatchMessageW
GetWindow
UpdateLayeredWindow
GetFocus
KillTimer
SetTimer
GetCapture
LoadImageW
IsWindowVisible
GetSysColor
PostMessageW
GetClassInfoExW
RegisterClassExW
GetWindowThreadProcessId
EqualRect
GetSystemMetrics
PostQuitMessage
SystemParametersInfoW
RegisterClassW
ReleaseDC
MoveWindow
ScreenToClient
GetParent
GetWindowRect
ShowWindow
GetClientRect
GetDC
SetLayeredWindowAttributes
FindWindowW
ExitWindowsEx
MessageBoxW
IsIconic
IsZoomed
GetDesktopWindow
IsRectEmpty
SetPropW
GetPropW
SetWindowPos
GetWindowLongW
SetWindowRgn
MonitorFromPoint
DrawIconEx
DestroyWindow
CreateWindowExW
IntersectRect
PtInRect
ReleaseCapture
SetCapture
FillRect
InvalidateRect
InvalidateRgn
DefWindowProcW
EndPaint
BeginPaint
CreateAcceleratorTableW
OffsetRect
CharNextW
SetCursor
LoadCursorW
wvsprintfW
IsWindow
SendMessageW
GetMonitorInfoW
MonitorFromWindow
MapWindowPoints
GetCursorPos
SetWindowLongW
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
DestroyCursor
SetFocus
EnableWindow
CallWindowProcW
GetKeyState
ShowScrollBar

gdi32

GetClipBox
CombineRgn
CreateRoundRectRgn
StretchBlt
GetBitmapBits
LineTo
MoveToEx
RoundRect
CreateRectRgnIndirect
GetTextExtentPoint32W
SetStretchBltMode
ExtTextOutW
GetTextColor
TextOutW
GetCharABCWidthsW
ExtSelectClipRgn
SelectClipRgn
Rectangle
SaveDC
SetWindowOrgEx
RestoreDC
CreatePen
GetStockObject
CreateFontIndirectW
SetPixel
SetBkColor
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetDeviceCaps
CreateSolidBrush
SetTextColor
SetBkMode
CreateDIBSection
GetTextMetricsW
GetObjectW

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegDeleteKeyW
LookupPrivilegeValueW
RegOpenKeyExW
OpenProcessToken
DuplicateTokenEx
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW

shell32

ord165
ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHFileOperationW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
OleLockRunning
CLSIDFromString
CLSIDFromProgID

oleaut32

SysAllocString
VarUI4FromStr
VariantClear
VariantInit
SysFreeString

shlwapi

ord12
PathAddBackslashW
PathFileExistsW
PathRemoveBackslashW
PathRemoveFileSpecW
PathAppendW

comctl32

_TrackMouseEvent
ord17
InitCommonControlsEx

msimg32

AlphaBlend

riched20

ord4

gdiplus

GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusStartup
GdiplusShutdown
GdipCloneBrush
GdipDrawImagePointsI
GdipSetSmoothingMode
GdipGetImageGraphicsContext
GdipTransformPath
GdipAddPathRectangleI
GdipCreateTexture
GdipShearMatrix
GdipCreateMatrix
GdipBitmapGetPixel
GdipCreateBitmapFromHBITMAP
GdipDeleteGraphics
GdipDeletePath
GdipCreatePath
GdipTranslateTextureTransform
GdipMultiplyTextureTransform
GdipDeleteBrush
GdipDeleteMatrix
GdipCloneImage
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipAlloc
GdipFree
GdipCreateHBITMAPFromBitmap

winhttp

WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetOption
WinHttpOpenRequest
WinHttpConnect
WinHttpSetTimeouts
WinHttpOpen
WinHttpQueryOption
WinHttpCloseHandle
WinHttpCrackUrl
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpAddRequestHeaders

Sections

.text
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d38b6a5544cf6f8eceb679c6c693c47

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0a:40:77:8c:27:6d:e4:fd:1e:a8:08:09Certificate

Extended Key Usages

Key Usages

cb:5b:13:b2:1a:54:3b:6e:70:50:dc:14:76:6f:0e:6a:f5:c3:93:2f:e8:3d:bf:84:f3:d4:88:30:97:c0:cd:03Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

riched20

gdiplus

winhttp

Sections

.text Size: 514KB - Virtual size: 513KB

.rdata Size: 102KB - Virtual size: 102KB

.data Size: 10KB - Virtual size: 20KB

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 44KB - Virtual size: 44KB

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0a:40:77:8c:27:6d:e4:fd:1e:a8:08:09
Certificate

cb:5b:13:b2:1a:54:3b:6e:70:50:dc:14:76:6f:0e:6a:f5:c3:93:2f:e8:3d:bf:84:f3:d4:88:30:97:c0:cd:03
Signer

.text
Size: 514KB - Virtual size: 513KB

.rdata
Size: 102KB - Virtual size: 102KB

.data
Size: 10KB - Virtual size: 20KB

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 44KB - Virtual size: 44KB