6a1608d8fb7162b0d5c47e904a6f1c3368a7fee154104034546510b176278860

Sharing

Copy URL

Twitter E-mail

General

Target

6a1608d8fb7162b0d5c47e904a6f1c3368a7fee154104034546510b176278860
Size

12.3MB
MD5

a0cde7f72135c88e2798a0568035e6f7
SHA1

1b3d71e1a15ebc944ba1340b83bcdd110dda2736
SHA256

6a1608d8fb7162b0d5c47e904a6f1c3368a7fee154104034546510b176278860
SHA512

d10122f9a1cddb9dd3389e03318e004e8eb790ce7488146a55739778a6389a194ac2199d43ead71bdcb5f762bbcd158bf8bc6b070d1fe1ed2107dc8a6dcc34aa
SSDEEP

196608:gSrQrHLc37HoVUSaYfsO0iK98vyDTeyd7yI++fTVCVAEc2Pm1LKoadJ:gPHLc3sVRFn0TeylyI5hO+zcoi

Score

1^/10

Malware Config

Signatures

Files

6a1608d8fb7162b0d5c47e904a6f1c3368a7fee154104034546510b176278860
.exe windows:5 windows x86 arch:x86

51a2ca02c103b06d5f2f40794d1bc27a

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:e7:5b:a1:bc:e1:88:5a:a8:03:f7:2e:1a:77:3a:d6
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

04/11/2021, 00:00

Not After

05/09/2024, 23:59

Subject

SERIALNUMBER=97108816,CN=日月晶耀股份有限公司,O=日月晶耀股份有限公司,L=新竹市,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a0:83:25:c6:0a:82:92:57:d2:ad:3c:19:4b:52:b8:f4:ec:39:08:a0:3b:63:a6:9e:5e:0b:82:30:2f:22:00:ff
Signer

Actual PE Digest

a0:83:25:c6:0a:82:92:57:d2:ad:3c:19:4b:52:b8:f4:ec:39:08:a0:3b:63:a6:9e:5e:0b:82:30:2f:22:00:ff

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Project_AutoUpdate\VS2019\wmcInst\Release\wmcInst.pdb

Imports

kernel32

WritePrivateProfileStringW
FindFirstFileA
OpenMutexW
FindNextFileA
GetWindowsDirectoryW
GetExitCodeProcess
GetPrivateProfileStringA
CreateSemaphoreW
lstrlenA
SetEnvironmentVariableA
CompareStringW
HeapReAlloc
IsProcessorFeaturePresent
WriteConsoleW
TerminateProcess
GetTimeZoneInformation
SetEndOfFile
GetDriveTypeW
FlushFileBuffers
SetStdHandle
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFileAttributesW
InitializeCriticalSectionAndSpinCount
HeapSize
GetPrivateProfileStringW
DeleteFileW
WinExec
FindNextFileW
RemoveDirectoryW
MoveFileW
GetSystemDirectoryA
ReadFile
CopyFileW
LoadLibraryW
GetSystemDirectoryW
WriteFile
GetWindowsDirectoryA
SetFileTime
WaitForSingleObject
CreateDirectoryW
CompareFileTime
FreeLibrary
GetCurrentThreadId
GetLocalTime
EnterCriticalSection
CreateFileW
LeaveCriticalSection
FormatMessageW
OutputDebugStringW
GetCurrentProcessId
OpenProcess
GetProcessHeap
GetSystemDefaultLangID
HeapFree
GetCurrentProcess
HeapAlloc
LocalFree
FileTimeToLocalFileTime
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
LocalAlloc
Process32FirstW
FindClose
GetProcAddress
GetLastError
lstrlenW
GetModuleFileNameW
FileTimeToSystemTime
GetVersionExW
Sleep
GetModuleHandleW
GetComputerNameW
GetConsoleMode
GetConsoleCP
GetStringTypeW
RaiseException
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
DeleteCriticalSection
GetFileType
SetHandleCount
LCMapStringW
RtlUnwind
GetStdHandle
HeapCreate
SetLastError
TlsFree
InterlockedDecrement
CreateMutexW
LocalFileTimeToFileTime
ExitProcess
GetPrivateProfileIntW
MultiByteToWideChar
WideCharToMultiByte
SetFilePointer
CreateFileA
DosDateTimeToFileTime
CreateProcessW
ExpandEnvironmentStringsW
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
IsValidCodePage
GetOEMCP
GetACP
InterlockedIncrement
GetCPInfo
FindFirstFileW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetFileAttributesW
GetDriveTypeA
FindFirstFileExA
DecodePointer
ExitThread
CreateThread
GetCommandLineW

user32

ShowWindow
LoadStringW
LoadIconW
RegisterClassExW
CreateWindowExW
wsprintfW
wsprintfA
MessageBoxW
DispatchMessageW
DefWindowProcW
PostThreadMessageW
GetSystemMetrics
TranslateMessage
GetMessageW
PostMessageW
FindWindowW
EndPaint
BeginPaint
PostQuitMessage
SetForegroundWindow
LoadCursorW
SendMessageW

gdi32

GetStockObject
SetBkMode

advapi32

RegSetValueExA
CloseServiceHandle
ChangeServiceConfig2W
QueryServiceObjectSecurity
SetServiceObjectSecurity
DeleteService
ControlService
StartServiceW
RegQueryValueExA
CreateProcessWithLogonW
LookupAccountSidW
GetTokenInformation
RegSetValueExW
RegEnumKeyExW
OpenSCManagerA
RegDeleteValueW
QueryServiceStatus
RegCreateKeyExA
RegDeleteKeyW
InitializeSecurityDescriptor
RegCreateKeyExW
OpenServiceA
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext
CryptAcquireContextW
GetSecurityDescriptorDacl
AdjustTokenPrivileges
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetKernelObjectSecurity
MakeAbsoluteSD
ImpersonateLoggedOnUser
DuplicateTokenEx
LookupPrivilegeValueW
SetSecurityDescriptorDacl
CreateProcessAsUserW
GetKernelObjectSecurity
OpenProcessToken
RegCloseKey
CheckTokenMembership
RegOpenKeyExW
FreeSid
AllocateAndInitializeSid
RegQueryValueExW
OpenServiceW
GetUserNameW
OpenSCManagerW

shell32

ShellExecuteW
SHCreateDirectoryExW
ShellExecuteExW

ole32

CoInitializeEx
CoSetProxyBlanket
CoInitialize
CoUninitialize
CoInitializeSecurity
CoCreateInstance

oleaut32

SafeArrayUnaccessData
SysAllocString
SysFreeString
SafeArrayGetLBound
VariantClear
SafeArrayAccessData
VariantInit
SafeArrayGetUBound

wintrust

WinVerifyTrust

cabinet

ord22
ord23
ord20

crypt32

CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CryptMsgClose
CryptMsgGetParam

version

GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comctl32

ord17

mpr

WNetAddConnection2W
WNetCancelConnection2W

psapi

GetProcessImageFileNameW

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12.0MB - Virtual size: 12.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51a2ca02c103b06d5f2f40794d1bc27a

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29Certificate

Extended Key Usages

Key Usages

07:e7:5b:a1:bc:e1:88:5a:a8:03:f7:2e:1a:77:3a:d6Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

a0:83:25:c6:0a:82:92:57:d2:ad:3c:19:4b:52:b8:f4:ec:39:08:a0:3b:63:a6:9e:5e:0b:82:30:2f:22:00:ffSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wintrust

cabinet

crypt32

version

comctl32

mpr

psapi

Sections

.text Size: 196KB - Virtual size: 195KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 12.0MB - Virtual size: 12.3MB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 45KB - Virtual size: 45KB

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

07:e7:5b:a1:bc:e1:88:5a:a8:03:f7:2e:1a:77:3a:d6
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

a0:83:25:c6:0a:82:92:57:d2:ad:3c:19:4b:52:b8:f4:ec:39:08:a0:3b:63:a6:9e:5e:0b:82:30:2f:22:00:ff
Signer

.text
Size: 196KB - Virtual size: 195KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 12.0MB - Virtual size: 12.3MB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 45KB - Virtual size: 45KB