038c31756762debd2dea37c53085a4d0e42b475b2bc727a322dcf54d10a2ac16

Sharing

Copy URL Twitter E-mail

General

Target

038c31756762debd2dea37c53085a4d0e42b475b2bc727a322dcf54d10a2ac16
Size

1.9MB
MD5

98f6c2de126af2acbe1b79e4be555d52
SHA1

eaa09255ac5cbac47c3ac8a87fab5b2fdfc41c62
SHA256

038c31756762debd2dea37c53085a4d0e42b475b2bc727a322dcf54d10a2ac16
SHA512

b31e923cdafbbcf2b5c0bf45f33500f5e959198cc607a48b9a976a82bdfa50c8188d20cd873235d8a8851dfa00d61eae3295a9191156f0bd2258077333ffa529
SSDEEP

49152:xxTeZUleSnK57FwePOJRKYLG5282r2wrASq:HleSnKZFnmRk28w8

Score

3^/10

qr link

Malware Config

Signatures

One or more HTTP URLs in qr code identified
Detects presence of HTTP links in QR codes.
qr link

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/激活工具.exe

Files

038c31756762debd2dea37c53085a4d0e42b475b2bc727a322dcf54d10a2ac16
.zip
StartAllBack_3.6.12安装包.exe
.exe windows:6 windows x64 arch:x64

ad3431370c5650939f6ad3d7023cc918

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02/02/2023, 13:11

Not After

03/02/2024, 13:11

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:c4:07:0a:b0:af:63:1d:be:74:64:87:bf:16:b5:6b:6e:ba:f1:0a:67:96:62:7d:67:da:40:47:05:95:81:fe
Signer

Actual PE Digest

d8:c4:07:0a:b0:af:63:1d:be:74:64:87:bf:16:b5:6b:6e:ba:f1:0a:67:96:62:7d:67:da:40:47:05:95:81:fe

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
_exit
_ismbblead
_cexit
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
free
_commode
_fmode
__getmainargs
wcsncpy_s
wcscat_s
__set_app_type
memmove
?terminate@@YAXXZ
memcpy
_XcptFilter
wcscpy_s
_beginthreadex
malloc
memset

kernel32

GetCurrentDirectoryW
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetExitCodeProcess
GetTickCount
GetModuleHandleW
GetCurrentProcessId
SetCurrentDirectoryW
GetCurrentThreadId
GetFileAttributesW
WaitForSingleObject
GetTempPathW
GetModuleFileNameW
GetCommandLineW
CreateDirectoryW
CloseHandle
ReadFile
WriteFile
SetFilePointer
CreateFileW
GetLastError

user32

GetSysColorBrush
PostQuitMessage
GetMessageW
CreateDialogParamW
FindWindowExW
FillRect
SendMessageW
ShowWindow
DispatchMessageW

gdi32

GetStockObject
GetClipBox

shell32

ShellExecuteExW
SHFileOperationW

ole32

CoInitialize

comctl32

ord344
ord17

shlwapi

StrStrIW

dwmapi

DwmSetWindowAttribute
DwmExtendFrameIntoClientArea

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
安装方法.txt
激活工具.exe
.exe windows:5 windows x86 arch:x86

dc73a9bd8de0fd640549c85ac4089b87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
ExitProcess
FindResourceA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetTempPathA
LoadLibraryA
LoadResource
RtlMoveMemory
SizeofResource
VirtualAlloc
lstrcatA
CloseHandle
CreateFileA
FlushFileBuffers
WriteFile

Sections

.text
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
（官方）关注公众获取更多正版软件，不定时还有正版软件抽奖赠送.jpg
.jpg
- http://weixin.qq.com/r/wztKUinEQXQ_rW0x927R

Sharing

General

Malware Config

Signatures

Files

ad3431370c5650939f6ad3d7023cc918

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

09:63:74:f3:62:b9:30:81:d4:3c:a2:16Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

d8:c4:07:0a:b0:af:63:1d:be:74:64:87:bf:16:b5:6b:6e:ba:f1:0a:67:96:62:7d:67:da:40:47:05:95:81:feSigner

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

shell32

ole32

comctl32

shlwapi

dwmapi

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 512B - Virtual size: 8KB

.pdata Size: 1KB - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 40KB - Virtual size: 39KB

.reloc Size: 512B - Virtual size: 52B

dc73a9bd8de0fd640549c85ac4089b87

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 512B - Virtual size: 502B

.rdata Size: 512B - Virtual size: 472B

.data Size: 512B - Virtual size: 52B

.rsrc Size: 124KB - Virtual size: 123KB

.reloc Size: 512B - Virtual size: 82B

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

d8:c4:07:0a:b0:af:63:1d:be:74:64:87:bf:16:b5:6b:6e:ba:f1:0a:67:96:62:7d:67:da:40:47:05:95:81:fe
Signer

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 8KB

.pdata
Size: 1KB - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 40KB - Virtual size: 39KB

.reloc
Size: 512B - Virtual size: 52B

.text
Size: 512B - Virtual size: 502B

.rdata
Size: 512B - Virtual size: 472B

.data
Size: 512B - Virtual size: 52B

.rsrc
Size: 124KB - Virtual size: 123KB

.reloc
Size: 512B - Virtual size: 82B