f95441b1cd6399887e99dbe6aa0ceb0ca907e8175192e71f8f1a4cca49e8fc82

Sharing

Copy URL Twitter E-mail

General

Target

f95441b1cd6399887e99dbe6aa0ceb0ca907e8175192e71f8f1a4cca49e8fc82
Size

1.6MB
MD5

8b6a63e522fd6b3f23f476a101720bf9
SHA1

1f8b83c01b213210be84c50333f01a92537c2ec3
SHA256

f95441b1cd6399887e99dbe6aa0ceb0ca907e8175192e71f8f1a4cca49e8fc82
SHA512

ec55fb7f2fb58423aaca94309d799564514ecc8fddd81f9e4abee71c25e92abcebc8b32d60f5c98aff24725d900383270e27faf94a21310621463db93e4fdd4b
SSDEEP

24576:eMTcEX9+dV4D1I4rIzznMogZXcbz3ipmBSW33HcVojnHBOPW:lglz4KMPZAzyIXH8ojnhOPW

Score

1^/10

Malware Config

Signatures

Files

f95441b1cd6399887e99dbe6aa0ceb0ca907e8175192e71f8f1a4cca49e8fc82
.exe windows:5 windows x64 arch:x64

cae228c2694fc497ba2078c2b1a03169

Code Sign

75:36:79:6c:4e:c8:a8:fb:05:35:cb:4f:1a:56:82:a7
Certificate

Issuer

CN=WoTrus OV SSL CA,O=WoTrus CA Limited,C=CN

Not Before

05/11/2019, 12:51

Not After

05/02/2022, 12:51

Subject

CN=*.360.cn,O=北京奇虎科技有限公司,L=北京市,ST=北京市,C=CN

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a9:08:2a:c2:e1:7c:0f:1c:de:6f:74:1c:a4:fc:8b:33:0c:53:3a:82
Signer

Actual PE Digest

a9:08:2a:c2:e1:7c:0f:1c:de:6f:74:1c:a4:fc:8b:33:0c:53:3a:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Z:\Disk\pangolin_reload\Release\core\ldr\Mfcldrx64.pdb

Imports

kernel32

UnlockFile
DuplicateHandle
VirtualProtect
FileTimeToSystemTime
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
SystemTimeToTzSpecificLocalTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
GetModuleHandleA
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
SetEndOfFile
GetThreadPriority
SignalObjectAndWait
CreateTimerQueue
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetStringTypeW
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetTimeZoneInformation
LCMapStringW
GetFileType
GetStdHandle
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
GetCommandLineW
GetCommandLineA
InterlockedFlushSList
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
TryEnterCriticalSection
SwitchToThread
OutputDebugStringW
LockFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
FindFirstFileW
FindClose
GetThreadLocale
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
SetFilePointer
TlsAlloc
InitializeCriticalSection
FormatMessageW
CompareStringW
GlobalFindAtomW
EncodePointer
MulDiv
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
SetThreadPriority
CreateEventW
SetEvent
GlobalUnlock
GlobalFree
FreeResource
lstrcmpW
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
FindResourceW
LoadLibraryExW
FreeLibrary
GetVersionExW
GetCurrentThreadId
GetCurrentThread
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GetModuleHandleExW
SetLastError
OutputDebugStringA
GetACP
WideCharToMultiByte
MultiByteToWideChar
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
LeaveCriticalSection
EnterCriticalSection
HeapFree
WTSGetActiveConsoleSessionId
ExitProcess
ProcessIdToSessionId
GetTickCount
CreateThread
VirtualFree
CreateDirectoryW
GetWindowsDirectoryW
lstrcpyW
DeleteFileW
InitializeCriticalSectionAndSpinCount
LocalFree
LocalAlloc
GetCurrentProcess
TerminateProcess
Sleep
CreateProcessW
GetModuleFileNameW
GetEnvironmentVariableW
SetFileTime
GetFileTime
SetFileAttributesW
GetFileAttributesW
GetSystemDirectoryW
LoadLibraryW
GetCurrentProcessId
GetProcAddress
LockResource
LoadResource
SizeofResource
FindResourceExW
GetModuleHandleW
GetNativeSystemInfo
WriteFile
ReadFile
GetFileSize
CreateFileW
GetLogicalProcessorInformation
CloseHandle

user32

GetWindowLongPtrW
PtInRect
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
GetWindowRect
RemovePropW
GetPropW
SetPropW
GetScrollPos
RedrawWindow
SetForegroundWindow
GetForegroundWindow
UpdateWindow
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
GetCapture
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsChild
IsMenu
SetWindowLongPtrW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
GetSysColor
ScreenToClient
ClientToScreen
wsprintfW
GetSystemMetrics
SetThreadDesktop
LoadIconW
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextW
IsDialogMessageW
SetWindowLongW
RegisterClipboardFormatW
GetWindowTextW
SetWindowTextW
SetFocus
GetDlgCtrlID
GetClassLongPtrW
GetClassNameW
GetTopWindow
WinHelpW
MonitorFromWindow
GetMonitorInfoW
CreateWindowExW
CreateDesktopW
SendMessageW
IsIconic
GetClientRect
DrawIcon
ShowWindow
EnableWindow
UnregisterClassW
SendDlgItemMessageA
SetRectEmpty
OffsetRect
GetParent
PostMessageW
PostQuitMessage
SetWindowPos
SetWindowContextHelpId
GetWindow
MapDialogRect
IsWindow
DestroyWindow
CreateDialogIndirectParamW
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
SetActiveWindow
GetWindowLongW
GetDesktopWindow
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
IsWindowVisible
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
SetCapture
ReleaseCapture
LoadCursorW
RealChildWindowFromPoint
SetTimer
KillTimer
InvalidateRect
CharNextW
CopyAcceleratorTableW
InvalidateRgn
SetRect
IntersectRect
IsRectEmpty
GetNextDlgGroupItem
MessageBeep
GetSysColorBrush
CharUpperW
DestroyMenu
PostThreadMessageW
DrawTextExW
SetCursor
MessageBoxW
GetWindowThreadProcessId
GetLastActivePopup
UnhookWindowsHookEx
MoveWindow

gdi32

GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
RestoreDC
SaveDC
ExtSelectClipRgn
SelectObject
SetBkColor
SetMapMode
SetTextColor
GetStockObject
GetObjectW
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetDeviceCaps
GetClipBox
Escape
DeleteObject
DeleteDC
CreateBitmap

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegSetValueExW
GetUserNameW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW

ole32

CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoGetObject
CoUninitialize
CoInitializeEx
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoCreateGuid

oleaut32

VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
OleCreateFontIndirect
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
SysFreeString

oledlg

OleUIBusyW

ntdll

NtQuerySystemInformation

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 440KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 997KB - Virtual size: 996KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cae228c2694fc497ba2078c2b1a03169

Code Sign

75:36:79:6c:4e:c8:a8:fb:05:35:cb:4f:1a:56:82:a7Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

a9:08:2a:c2:e1:7c:0f:1c:de:6f:74:1c:a4:fc:8b:33:0c:53:3a:82Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

ntdll

wtsapi32

oleacc

Sections

.text Size: 440KB - Virtual size: 439KB

.rdata Size: 187KB - Virtual size: 186KB

.data Size: 18KB - Virtual size: 40KB

.pdata Size: 29KB - Virtual size: 29KB

.rsrc Size: 997KB - Virtual size: 996KB

.reloc Size: 8KB - Virtual size: 8KB

75:36:79:6c:4e:c8:a8:fb:05:35:cb:4f:1a:56:82:a7
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

a9:08:2a:c2:e1:7c:0f:1c:de:6f:74:1c:a4:fc:8b:33:0c:53:3a:82
Signer

.text
Size: 440KB - Virtual size: 439KB

.rdata
Size: 187KB - Virtual size: 186KB

.data
Size: 18KB - Virtual size: 40KB

.pdata
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 997KB - Virtual size: 996KB

.reloc
Size: 8KB - Virtual size: 8KB