f73a4aa351bdb39d03d79cdf2b1f86a8fb8372fa8e009ed9b83d523f37673f2b

Sharing

Copy URL Twitter E-mail

General

Target

f73a4aa351bdb39d03d79cdf2b1f86a8fb8372fa8e009ed9b83d523f37673f2b
Size

937KB
MD5

3579576cbcc7405f2d6c8c9a4c59ee6e
SHA1

3bfdfa62abc7adcad07ee2fd54fb96a14110912d
SHA256

f73a4aa351bdb39d03d79cdf2b1f86a8fb8372fa8e009ed9b83d523f37673f2b
SHA512

dee009b3bdb6f04a922a1e5d645a6bfe1c8f4380163640bacbed82756784ee441931b998ce760b359821bb4b2c053d97a76cc552078a6b208b326ea14f40f584
SSDEEP

24576:qpN9+f4bMBhcPijDaPYzq+KwpTft/L5XK:qGjByerpTfFt6

Score

1^/10

Malware Config

Signatures

Files

f73a4aa351bdb39d03d79cdf2b1f86a8fb8372fa8e009ed9b83d523f37673f2b
.dll regsvr32 windows:5 windows x86 arch:x86

53e56e90ddf40e67c52f6d18b50951e6

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:16:a2:1c:51:0e:b5:4f:4a:0a:6b:5c:00:de:6a:1b
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/11/2020, 00:00

Not After

30/11/2023, 23:59

Subject

CN=上海展盟网络科技有限公司,O=上海展盟网络科技有限公司,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:d3:11:76:2b:6e:a0:51:9d:b3:c5:6c:f7:52:8e:42
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/11/2020, 00:00

Not After

30/11/2023, 23:59

Subject

CN=上海展盟网络科技有限公司,O=上海展盟网络科技有限公司,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:1d:9c:c0:33:02:a7:b2:52:42:5c:4c:b4:81:e5:7e:6f:ae:96:34:54:19:fb:93:9a:f1:12:a0:01:04:51:00
Signer

Actual PE Digest

b4:1d:9c:c0:33:02:a7:b2:52:42:5c:4c:b4:81:e5:7e:6f:ae:96:34:54:19:fb:93:9a:f1:12:a0:01:04:51:00

Digest Algorithm

sha256

PE Digest Matches

true

15:71:30:8f:7c:08:6c:7b:b1:5f:4f:58:1a:cb:a2:bb:26:89:46:7a
Signer

Actual PE Digest

15:71:30:8f:7c:08:6c:7b:b1:5f:4f:58:1a:cb:a2:bb:26:89:46:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrIsIntlEqualW
PathAppendA
StrStrIA
PathRemoveFileSpecA
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathFileExistsA

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

kernel32

CreateThread
CreateDirectoryW
ReadFile
GetVolumeInformationW
GetFileAttributesExW
GetCurrentDirectoryW
GetCommandLineW
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
FileTimeToSystemTime
QueryPerformanceFrequency
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileSizeEx
SetEndOfFile
GetCurrentThread
FlushFileBuffers
RaiseException
FindClose
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExpandEnvironmentStringsW
GetModuleHandleA
CreateEventW
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
WaitForMultipleObjects
SetEvent
GetSystemInfo
GetCurrentThreadId
WaitForSingleObject
FreeLibraryAndExitThread
IsDebuggerPresent
VerifyVersionInfoW
GetSystemDirectoryW
VerSetConditionMask
SleepEx
GetTickCount
FormatMessageA
GetCurrentProcessId
CreateFileW
WriteFile
lstrcpyW
WideCharToMultiByte
LocalFree
LoadLibraryW
FreeConsole
CloseHandle
Process32FirstW
Process32NextW
Sleep
MultiByteToWideChar
CreateToolhelp32Snapshot
OpenProcess
GetVersionExW
LocalAlloc
CreateMutexW
GetModuleFileNameW
GetCurrentProcess
GetModuleFileNameA
LoadLibraryExW
GetProcAddress
FreeLibrary
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
PeekNamedPipe
SetThreadAffinityMask
DeviceIoControl
GetComputerNameW
ExitThread
ReadConsoleW
InitializeCriticalSection
WaitForSingleObjectEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetFilePointerEx
LoadLibraryExA
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetLocalTime
ExpandEnvironmentStringsA
SetEnvironmentVariableA
CreateFileA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
OutputDebugStringW
RtlUnwind
InterlockedFlushSList
GetConsoleCP
GetConsoleMode
ExitProcess
GetFullPathNameW
SetStdHandle
GetFileType
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
WriteConsoleW
GetDriveTypeW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA

user32

GetSystemMetrics
CharUpperA
wsprintfW

advapi32

CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
ConvertSidToStringSidA
LookupAccountNameW
RegOpenCurrentUser
CryptEncrypt
CryptImportKey
CryptDestroyKey
GetTokenInformation
DuplicateTokenEx
DeleteService
CreateServiceW
ControlService
QueryServiceStatus
CloseServiceHandle
StartServiceW
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
SetSecurityDescriptorDacl
RevertToSelf
CreateProcessAsUserA
EqualSid
SetTokenInformation
AllocateAndInitializeSid
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenProcessToken
FreeSid
SetThreadToken
InitializeSecurityDescriptor
DuplicateToken
EnumServicesStatusW

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx

ws2_32

htonl
accept
sendto
ntohl
ioctlsocket
listen
gethostname
recvfrom
freeaddrinfo
getaddrinfo
connect
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
WSACleanup
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
WSAStartup

oleaut32

VariantClear

iphlpapi

GetAdaptersInfo

wininet

HttpOpenRequestW
HttpQueryInfoW
InternetCrackUrlW
InternetCheckConnectionW
InternetOpenA
InternetCloseHandle
InternetConnectW
HttpSendRequestA
InternetReadFile

crypt32

CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryW
CertEnumCertificatesInStore

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 730KB - Virtual size: 729KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53e56e90ddf40e67c52f6d18b50951e6

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

08:16:a2:1c:51:0e:b5:4f:4a:0a:6b:5c:00:de:6a:1bCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:d3:11:76:2b:6e:a0:51:9d:b3:c5:6c:f7:52:8e:42Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

b4:1d:9c:c0:33:02:a7:b2:52:42:5c:4c:b4:81:e5:7e:6f:ae:96:34:54:19:fb:93:9a:f1:12:a0:01:04:51:00Signer

15:71:30:8f:7c:08:6c:7b:b1:5f:4f:58:1a:cb:a2:bb:26:89:46:7aSigner

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

wtsapi32

kernel32

user32

advapi32

ole32

ws2_32

oleaut32

iphlpapi

wininet

crypt32

Exports

Exports

Sections

.text Size: 730KB - Virtual size: 729KB

.rdata Size: 154KB - Virtual size: 154KB

.data Size: 5KB - Virtual size: 19KB

.gfids Size: 1KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 30KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

08:16:a2:1c:51:0e:b5:4f:4a:0a:6b:5c:00:de:6a:1b
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:d3:11:76:2b:6e:a0:51:9d:b3:c5:6c:f7:52:8e:42
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

b4:1d:9c:c0:33:02:a7:b2:52:42:5c:4c:b4:81:e5:7e:6f:ae:96:34:54:19:fb:93:9a:f1:12:a0:01:04:51:00
Signer

15:71:30:8f:7c:08:6c:7b:b1:5f:4f:58:1a:cb:a2:bb:26:89:46:7a
Signer

.text
Size: 730KB - Virtual size: 729KB

.rdata
Size: 154KB - Virtual size: 154KB

.data
Size: 5KB - Virtual size: 19KB

.gfids
Size: 1KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 30KB