1fd84fe7907fcded56de8c7a89956b2dd1c203e0b7a1640ee26d18dcb745a819

Sharing

Copy URL

Twitter E-mail

General

Target

1fd84fe7907fcded56de8c7a89956b2dd1c203e0b7a1640ee26d18dcb745a819
Size

222KB
MD5

21659aad8f1724dfca9e37885b506f2a
SHA1

2821b0f6fd483400b764db3d8b9028be281e6d3a
SHA256

1fd84fe7907fcded56de8c7a89956b2dd1c203e0b7a1640ee26d18dcb745a819
SHA512

3cfafcd0d21ae9eedbe498b8fc122d91c99bbf1591eb833c62f462ac73b951ddcad3373ae3839b7ea31b8c285d817ab2ff9bb420fec1e3a84d87edfb5d84d0c4
SSDEEP

6144:q877BstdJ8scYUnN3THwuuLmsZ7COyK1pc:lHBstd6sDUnND7sN

Score

1^/10

Malware Config

Signatures

Files

1fd84fe7907fcded56de8c7a89956b2dd1c203e0b7a1640ee26d18dcb745a819
.exe windows:5 windows x64 arch:x64

9e58c38caac271e63a6e94e75956b3ad

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:f9:80:67:6d:7d:7e:8d:5e:b0:42:d2:df:47:78:48
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

23-03-2023 00:00

Not After

22-03-2026 23:59

Subject

CN=Sangfor Technologies Inc.,O=Sangfor Technologies Inc.,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a5:9d:21:19:32:1a:55:4d:b6:54:28:d6:6c:f3:18:a2:b4:4c:cb:ea:ad:bb:bd:32:31:69:8f:90:2b:49:49:5d
Signer

Actual PE Digest

a5:9d:21:19:32:1a:55:4d:b6:54:28:d6:6c:f3:18:a2:b4:4c:cb:ea:ad:bb:bd:32:31:69:8f:90:2b:49:49:5d

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LocalAlloc
GlobalAlloc
GlobalFree
lstrcpynW
GetCurrentProcess
OutputDebugStringW
lstrcpyW
lstrcmpA
GetLocalTime
GetCurrentProcessId
OutputDebugStringA
GetCommandLineW
LoadLibraryExW
FindFirstFileW
SetLastError
FindNextFileW
FindClose
lstrlenA
FlushFileBuffers
WriteConsoleW
SetStdHandle
VerifyVersionInfoW
VerSetConditionMask
GetSystemDefaultLangID
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetModuleHandleW
GetProcAddress
lstrlenW
FreeLibrary
GetSystemDirectoryW
LoadLibraryW
GetSystemDirectoryA
GetLastError
LoadLibraryA
CreateFileW
GetModuleFileNameW
LocalFree
InitializeCriticalSection
GetStringTypeW
LCMapStringW
HeapReAlloc
CloseHandle
UnmapViewOfFile
GetCurrentThreadId
MapViewOfFile
OpenFileMappingW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
DeleteFileW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
EncodePointer
DecodePointer
GetStartupInfoW
RaiseException
RtlPcToFileHeader
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
HeapSize
ExitProcess
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
WriteFile
GetStdHandle
VirtualAlloc
GetVersion
HeapCreate

user32

SetDlgItemTextW
MessageBoxW
SetWindowsHookExW
UnhookWindowsHookEx

advapi32

RegQueryValueExW
RegCloseKey
GetTokenInformation
OpenProcessToken
RegOpenKeyExW

shell32

CommandLineToArgvW

ole32

CLSIDFromProgID

oleaut32

SysAllocString
VariantClear
SysFreeString

crypt32

CertGetNameStringW
CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertCloseStore
CryptMsgClose
CryptDecodeObject
CertFreeCertificateContext

shlwapi

StrStrIW
PathAppendA
PathFileExistsW

wintrust

WinVerifyTrustEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e58c38caac271e63a6e94e75956b3ad

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:f9:80:67:6d:7d:7e:8d:5e:b0:42:d2:df:47:78:48Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

a5:9d:21:19:32:1a:55:4d:b6:54:28:d6:6c:f3:18:a2:b4:4c:cb:ea:ad:bb:bd:32:31:69:8f:90:2b:49:49:5dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

crypt32

shlwapi

wintrust

version

Sections

.text Size: 122KB - Virtual size: 122KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 1KB - Virtual size: 1KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:f9:80:67:6d:7d:7e:8d:5e:b0:42:d2:df:47:78:48
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a5:9d:21:19:32:1a:55:4d:b6:54:28:d6:6c:f3:18:a2:b4:4c:cb:ea:ad:bb:bd:32:31:69:8f:90:2b:49:49:5d
Signer

.text
Size: 122KB - Virtual size: 122KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 1KB - Virtual size: 1KB