399163a85653036860b1828490cef1472ea930b27814a962a06113d3a57f41c9

Sharing

Copy URL Twitter E-mail

General

Target

399163a85653036860b1828490cef1472ea930b27814a962a06113d3a57f41c9
Size

1.1MB
MD5

d6362a5282cc9945cd4e6b90e5e66636
SHA1

3b412ceb77c8a6a3379b67f503635410c686ebd2
SHA256

399163a85653036860b1828490cef1472ea930b27814a962a06113d3a57f41c9
SHA512

f95bbf62707e1cdef82d1b8e56b16b83850c11de2d5714359aafea040d6f3483cdfbce6cc22b36a922d719d45895dadb124da5884c0633c70ddae6d2b0c4d146
SSDEEP

24576:Tvx05M3Ti3MZuH89xwu2coe+eTIb5FY/wyvq/t:1oMWYB+eTH+

Score

1^/10

Malware Config

Signatures

Files

399163a85653036860b1828490cef1472ea930b27814a962a06113d3a57f41c9
.exe windows:4 windows x86 arch:x86

8b1e9e22ff11b4ebd44de2ca9aab3917

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:26:d0:80:d8:92:9b:42:de:b1:ca:08:cd:61:54:5a
Certificate

Issuer

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Not Before

25/01/2022, 12:22

Not After

24/01/2025, 12:22

Subject

CN=珠海市莫停之科技有限公司,O=珠海市莫停之科技有限公司,L=珠海市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

26/05/2021, 06:46

Not After

18/05/2027, 06:46

Subject

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9d:af:55:0e:cc:92:ef:b0:cb:cb:a8:f2:84:4d:5d:d0:f0:e2:62:2a:99:36:32:73:7b:99:9c:41:41:c3:2b:32
Signer

Actual PE Digest

9d:af:55:0e:cc:92:ef:b0:cb:cb:a8:f2:84:4d:5d:d0:f0:e2:62:2a:99:36:32:73:7b:99:9c:41:41:c3:2b:32

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\jekins_work\workspace\mtz_pdfcvt_convert\product\win32\dbginfo\pmupdate.pdb

Imports

kernel32

VirtualAlloc
VirtualFree
LocalFree
InterlockedCompareExchange
FormatMessageW
GetFileSizeEx
LocalAlloc
InterlockedIncrement
InterlockedDecrement
OutputDebugStringW
GetSystemDirectoryW
GetExitCodeThread
SleepEx
TerminateThread
DuplicateHandle
GetStdHandle
GetFileType
PeekNamedPipe
GetWindowsDirectoryW
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
OpenProcess
RemoveDirectoryW
FindNextFileW
WaitForMultipleObjects
SetFilePointer
SetEndOfFile
SetEvent
CreateThread
CreateEventW
GetCurrentProcessId
ResetEvent
DeleteFileW
ExpandEnvironmentStringsW
Module32NextW
CreateDirectoryW
Module32FirstW
CreateToolhelp32Snapshot
GetFileAttributesW
QueryDosDeviceW
GetLogicalDriveStringsW
WaitForSingleObject
MoveFileExW
CopyFileW
SetFileAttributesW
MoveFileW
ReleaseMutex
Sleep
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
GetLocalTime
FreeLibrary
FreeResource
GetCommandLineW
GetProcAddress
GetModuleHandleW
FlushInstructionCache
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
GetModuleFileNameW
InterlockedExchange
RaiseException
GetVersionExW
GetCurrentThreadId
CreateMutexW
GetPrivateProfileIntW
SetLastError
GetFileSize
GetPrivateProfileStringW
MultiByteToWideChar
CloseHandle
ReadFile
GetLastError
CreateFileW
WideCharToMultiByte
FindClose
FindFirstFileW
WriteFile
lstrlenW
FindResourceW
lstrlenA
FindResourceExW
LoadResource
LockResource
GetDiskFreeSpaceExW
SizeofResource

user32

OffsetRect
SetRectEmpty
SetCapture
SetCursor
GetCursorPos
PtInRect
IntersectRect
ScreenToClient
SetTimer
ReleaseCapture
UnionRect
SetRect
GetFocus
IsChild
DrawTextW
DrawFrameControl
IsDialogMessageW
CallWindowProcW
EndPaint
DrawIconEx
BeginPaint
GetDlgCtrlID
SetFocus
ClientToScreen
GetNextDlgTabItem
DestroyIcon
KillTimer
IsRectEmpty
GetDlgItem
MonitorFromWindow
GetMonitorInfoW
IsWindowVisible
EqualRect
UpdateLayeredWindow
LoadIconW
ShowWindow
LoadImageW
PostThreadMessageW
DispatchMessageW
TranslateMessage
PeekMessageW
GetMessageW
ExitWindowsEx
GetClassInfoExW
ReleaseDC
GetDC
FindWindowW
GetWindowRect
IsWindow
MoveWindow
SetWindowLongW
CopyRect
SendMessageW
CreateWindowExW
GetDesktopWindow
UnregisterClassA
SetWindowPos
GetActiveWindow
EnableWindow
GetClientRect
DefWindowProcW
InvalidateRect
GetWindowThreadProcessId
LoadCursorW
GetForegroundWindow
RegisterClassExW
SystemParametersInfoW
AttachThreadInput
GetWindow
IsWindowEnabled
SetForegroundWindow
MapWindowPoints
RegisterWindowMessageW
PostMessageW
DestroyWindow
GetWindowLongW
SetActiveWindow
InflateRect
GetParent

gdi32

CreateRectRgnIndirect
LineTo
GetTextExtentPoint32W
MoveToEx
CreatePen
TextOutW
RoundRect
Rectangle
CreateFontIndirectW
ExtSelectClipRgn
GetStockObject
GetClipRgn
SetViewportOrgEx
OffsetRgn
GetObjectW
SelectClipRgn
GetTextColor
DeleteObject
GetDeviceCaps
CreateRoundRectRgn
CreateCompatibleDC
SelectObject
SetBkColor
ExtTextOutW
DeleteDC
BitBlt
CreateRectRgn
RectInRegion
GetViewportOrgEx
CombineRgn
CreateDIBSection
GetCurrentObject
SaveDC
SetBkMode
RestoreDC
SetTextColor

advapi32

RegCreateKeyExW
RegOpenKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

ShellExecuteW

shlwapi

StrToIntA
PathAddBackslashW
PathRemoveFileSpecW
PathFindFileNameW
PathAppendW
StrToIntW
PathFileExistsW

msvcp80

?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?uncaught_exception@std@@YA_NXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z

comctl32

_TrackMouseEvent

msimg32

AlphaBlend

msvcr80

_errno
floor
_CxxThrowException
__CxxFrameHandler3
_putenv
_open
_close
_read
_strnicmp
_strdup
_stricmp
_wcslwr
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
_stat64
getenv
_fstat64
_lseeki64
fflush
_gmtime64
__sys_nerr
strncpy
strerror
strcat
sprintf
strcmp
fgets
fputs
_local_unwind4
memchr
_strtoi64
memcmp
strtoul
memcpy
strstr
toupper
strrchr
isxdigit
strlen
realloc
memset
strcpy
__iob_func
_wcsupr_s
isdigit
rand
srand
__wargv
__argc
__RTDynamicCast
_mbschr
_exit
strncpy_s
_snwprintf
??3@YAXPAX@Z
calloc
free
??1exception@std@@UAE@XZ
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
memcpy_s
??0exception@std@@QAE@ABV01@@Z
memmove_s
_recalloc
_wtof
swprintf_s
?what@exception@std@@UBEPBDXZ
_mbsicmp
??_V@YAXPAX@Z
??2@YAPAXI@Z
_vscwprintf
vswprintf_s
wcsstr
_wtoi
wcsspn
_mbscmp
_vscprintf
vsprintf_s
wcscspn
??0exception@std@@QAE@ABQBD@Z
wcsrchr
_wcslwr_s
_vswprintf
_beginthreadex
_wfopen_s
wcscpy_s
fclose
fwrite
fseek
ftell
ceil
_wrename
_purecall
strtol
_wcsnicmp
wcstol
_waccess
_wcsicmp
malloc
iswspace
wcschr
_wfopen
setlocale
wcspbrk
tolower
wcstok
_wtol
wcsncpy
wcscat_s
_mktime64
_time64
_vsnprintf_s
fopen
sscanf
atoi
fread
fputc
fprintf
isalpha
isalnum
strncmp
strchr
isspace
_wtoi64
memmove

gdiplus

GdipCreateImageAttributes
GdipAddPathArcI
GdipDisposeImage
GdipSetCompositingQuality
GdipFillRectangleI
GdipGetImageHeight
GdipFillRectangle
GdipSetPenMode
GdipGetImageWidth
GdipGraphicsClear
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipClosePathFigure
GdipAlloc
GdipCreateFromHDC
GdipCloneImage
GdipDrawPath
GdipDeletePath
GdipSetPenEndCap
GdipLoadImageFromFile
GdipDrawLinesI
GdipSetClipPath
GdipCreateSolidFill
GdipCreatePath
GdipDrawImageRectRectI
GdipGetFontSize
GdipDeletePen
GdipCloneBrush
GdipDrawRectangleI
GdipDeleteBrush
GdipDrawLineI
GdipCreatePen1
GdipDeleteFont
GdipSetStringFormatTrimming
GdipCreateFont
GdipCreateFontFromLogfontW
GdipDrawLine
GdipAddPathStringI
GdipDisposeImageAttributes
GdipSetPenStartCap
GdipSetTextRenderingHint
GdipSetStringFormatLineAlign
GdipCreateBitmapFromScan0
GdipDrawImageRectRect
GdipSetStringFormatAlign
GdipAddPathPieI
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipDrawImageRectI
GdiplusShutdown
GdipDrawImageI
GdipCreateStringFormat
GdiplusStartup
GdipAddPathRectangleI
GdipPrivateAddFontFile
GdipRotateWorldTransform
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipTranslateWorldTransform
GdipMeasureString
GdipResetWorldTransform
GdipDrawString
GdipSetPixelOffsetMode
GdipSetPenDashStyle
GdipCloneFontFamily
GdipSetSmoothingMode
GdipCreateLineBrushFromRectWithAngleI
GdipGetFontCollectionFamilyList
GdipGetFontCollectionFamilyCount
GdipSetInterpolationMode
GdipSetImageAttributesColorMatrix
GdipFillPath
GdipFree
GdipDeleteFontFamily
GdipGetFamily

ws2_32

sendto
select
__WSAFDIsSet
recvfrom
listen
accept
WSAGetLastError
WSASetLastError
getsockopt
ioctlsocket
connect
inet_addr
getsockname
setsockopt
bind
htons
ntohs
recv
send
inet_ntoa
WSACleanup
gethostbyname
closesocket
socket
WSAStartup

winmm

timeGetTime

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 564KB - Virtual size: 561KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8b1e9e22ff11b4ebd44de2ca9aab3917

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

7f:26:d0:80:d8:92:9b:42:de:b1:ca:08:cd:61:54:5aCertificate

Extended Key Usages

Key Usages

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

9d:af:55:0e:cc:92:ef:b0:cb:cb:a8:f2:84:4d:5d:d0:f0:e2:62:2a:99:36:32:73:7b:99:9c:41:41:c3:2b:32Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

msvcp80

comctl32

msimg32

msvcr80

gdiplus

ws2_32

winmm

version

Sections

.text Size: 564KB - Virtual size: 561KB

.rdata Size: 132KB - Virtual size: 130KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 455KB - Virtual size: 455KB

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

7f:26:d0:80:d8:92:9b:42:de:b1:ca:08:cd:61:54:5a
Certificate

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

9d:af:55:0e:cc:92:ef:b0:cb:cb:a8:f2:84:4d:5d:d0:f0:e2:62:2a:99:36:32:73:7b:99:9c:41:41:c3:2b:32
Signer

.text
Size: 564KB - Virtual size: 561KB

.rdata
Size: 132KB - Virtual size: 130KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 455KB - Virtual size: 455KB