01f4e6f32070234b4203507be22cfb9d3d73b4bbd5100f62271e2161ec8813b7

Sharing

Copy URL

Twitter E-mail

General

Target

01f4e6f32070234b4203507be22cfb9d3d73b4bbd5100f62271e2161ec8813b7
Size

524KB
MD5

40574521d5d541355e59e8b9ab510115
SHA1

c1f49698f6d49b69624ca79d8c4dfa11caebe421
SHA256

01f4e6f32070234b4203507be22cfb9d3d73b4bbd5100f62271e2161ec8813b7
SHA512

b2515a51538f9147557b9271ecd4d5ecd8ed0a5ba83fccd10467fe7627f5ca3868f5cd23186dd09bd5a7ddc459dd32947696964c47c429d30f2c42b4cb515b71
SSDEEP

12288:HHjkDjsHHUEoLmxJX0UMc8AWEolcrd+tZnXU9uhvKqFc6iT/SHJBw5XR0m/d921J:HFalcgIl

Score

1^/10

Malware Config

Signatures

Files

01f4e6f32070234b4203507be22cfb9d3d73b4bbd5100f62271e2161ec8813b7
.exe windows:6 windows x64 arch:x64

c2fcd1eabea55874356f99b16f4e4a53

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:b5:c7:f8:c1:8a:7a:2b:fb:b5:27:46
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

04-06-2019 05:45

Not After

04-06-2022 05:45

Subject

SERIALNUMBER=23638777,CN=ASUSTEK COMPUTER INCORPORATION,O=ASUSTEK COMPUTER INCORPORATION,STREET=4F\, NO. 150\, LI-TE RD.\, PEI TOU,L=TAIPEI,ST=TAIPEI,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:42:b0:24:9e:ef:c0:5d:7f:14:a2:2e:06:65:a1:ca:85:25:c3:2f:bb:8a:b6:64:88:e1:d1:d9:27:c4:91:46
Signer

Actual PE Digest

20:42:b0:24:9e:ef:c0:5d:7f:14:a2:2e:06:65:a1:ca:85:25:c3:2f:bb:8a:b6:64:88:e1:d1:d9:27:c4:91:46

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DisplaySwitch.pdb

Imports

user32

ShowWindow
ReleaseCapture
PostQuitMessage
SetForegroundWindow
SendInput
SetCapture
GetDC
ReleaseDC
RegisterDeviceNotificationW
GetWindowRect
ClientToScreen
GetDesktopWindow
GetDisplayConfigBufferSizes
QueryDisplayConfig
SetDisplayConfig
NotifyWinEvent
GetFocus
GetForegroundWindow
GetSysColor
SetRect
SystemParametersInfoW
KillTimer
UnregisterDeviceNotification
SetLayeredWindowAttributes
SetWindowPos
SetTimer
DefWindowProcW
ScreenToClient
GetCursorPos
EndPaint
BeginPaint
GetUpdateRect
FindWindowExW
CreateWindowExW
LoadImageW
RegisterClassW
SetRectEmpty
SetWindowLongPtrW
GetWindowLongPtrW
SetFocus
UpdateWindow
DrawTextExW
PtInRect
LoadCursorW
SetCursor
GetClientRect
InflateRect
FillRect
GetSysColorBrush
LoadStringW
SendMessageW
GetMessageW
PostMessageW
GetKeyState
CallNextHookEx
TranslateMessage
GetAsyncKeyState
SetWindowsHookExW
UnhookWindowsHookEx
GetSystemMetrics
InvalidateRect
DispatchMessageW

kernel32

LockResource
Sleep
SizeofResource
DelayLoadFailureHook
LoadLibraryExA
GetProcAddress
FreeLibrary
CloseHandle
CreateSemaphoreW
GetStartupInfoW
SetUnhandledExceptionFilter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetLastError
ReleaseSemaphore
WaitForSingleObject
LoadResource
FindResourceExW
GetModuleHandleW
LoadLibraryA
QueryPerformanceFrequency
MulDiv
QueryPerformanceCounter
GetLocaleInfoW
GetUserDefaultUILanguage

comctl32

ImageList_CoCreateInstance
ord345
ord344

shlwapi

ord219
SHGetValueW

ole32

CoUninitialize
CoInitialize

imm32

ImmDisableIME

ntdll

WinSqmEndSession
WinSqmStartSession
WinSqmAddToStream

powrprof

GetPwrCapabilities
PowerDeterminePlatformRole

slc

SLGetWindowsInformationDWORD

advapi32

EventRegister
RegCloseKey
EventWrite
EventUnregister
RegQueryValueExA
RegOpenKeyExA

msvcrt

?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__C_specific_handler
__getmainargs
qsort
_vsnwprintf
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
strtok
_stricmp
cosf
sinf
memset
memcpy

gdi32

SetTextColor
SetBkColor
CreateFontIndirectW
GetDeviceCaps
DeleteObject
FillRgn
GetObjectW
GetTextExtentPoint32W
CreateDIBSection
CreateRectRgnIndirect
FrameRgn
SelectObject
CreateRoundRectRgn

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 473KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2fcd1eabea55874356f99b16f4e4a53

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

32:b5:c7:f8:c1:8a:7a:2b:fb:b5:27:46Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

20:42:b0:24:9e:ef:c0:5d:7f:14:a2:2e:06:65:a1:ca:85:25:c3:2f:bb:8a:b6:64:88:e1:d1:d9:27:c4:91:46Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

kernel32

comctl32

shlwapi

ole32

imm32

ntdll

powrprof

slc

advapi32

msvcrt

gdi32

Sections

.text Size: 38KB - Virtual size: 38KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 473KB - Virtual size: 472KB

.reloc Size: 2KB - Virtual size: 1KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

32:b5:c7:f8:c1:8a:7a:2b:fb:b5:27:46
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

20:42:b0:24:9e:ef:c0:5d:7f:14:a2:2e:06:65:a1:ca:85:25:c3:2f:bb:8a:b6:64:88:e1:d1:d9:27:c4:91:46
Signer

.text
Size: 38KB - Virtual size: 38KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 473KB - Virtual size: 472KB

.reloc
Size: 2KB - Virtual size: 1KB