5b38a622ef1abd21a24af18441aeb0d97e0da95cfd2c45bdc98babb26292ff1f

Sharing

Copy URL Twitter E-mail

General

Target

5b38a622ef1abd21a24af18441aeb0d97e0da95cfd2c45bdc98babb26292ff1f
Size

907KB
MD5

d7829d8b4d8b0d6788591a6746485b44
SHA1

78b4d84cb619ebbad24bce25dc562793042821d9
SHA256

5b38a622ef1abd21a24af18441aeb0d97e0da95cfd2c45bdc98babb26292ff1f
SHA512

d67069d85ca8ffc6bfeb9006bc65f36059a60324c96b4c8a085ea6a51901d20adf1c18497c2593c6556e0f9493aba4e4fc907ee119da25c7092b2c5f192fab51
SSDEEP

12288:ZgdoA+eQeASRAhhFIUTOoJdF5wguk1oMawAB4EnCt:KAhhF1fdF5wgB9awAB4En

Score

1^/10

Malware Config

Signatures

Files

5b38a622ef1abd21a24af18441aeb0d97e0da95cfd2c45bdc98babb26292ff1f
.exe windows:6 windows x64 arch:x64

bfff8724e8dd9c2780b1eaf130cec5ca

Code Sign

07:20:7b:3a:1a:cb:44:e4:dc:39:eb:d3:89:a9:6d:65
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/05/2021, 00:00

Not After

08/05/2024, 23:59

Subject

SERIALNUMBER=23638777,CN=ASUSTeK COMPUTER INC.,OU=SYS BG-PC BU-SW RD Ctr,O=ASUSTeK COMPUTER INC.,L=Beitou District,ST=Taipei City,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:09:5e:de:a2:12:7e:92:81:cc:00:00:00:00:01:09
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 19:14

Not After

04/09/2024, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:f8:ab:9a:af:2e:a6:18:85:50:a4:56:43:ac:a9:5e:1e:6a:44:1e:d9:cb:90:45:e6:d4:82:fd:5d:2c:f7:cc
Signer

Actual PE Digest

8c:f8:ab:9a:af:2e:a6:18:85:50:a4:56:43:ac:a9:5e:1e:6a:44:1e:d9:cb:90:45:e6:d4:82:fd:5d:2c:f7:cc

Digest Algorithm

sha256

PE Digest Matches

false

8c:f8:ab:9a:af:2e:a6:18:85:50:a4:56:43:ac:a9:5e:1e:6a:44:1e:d9:cb:90:45:e6:d4:82:fd:5d:2c:f7:cc
Signer

Actual PE Digest

8c:f8:ab:9a:af:2e:a6:18:85:50:a4:56:43:ac:a9:5e:1e:6a:44:1e:d9:cb:90:45:e6:d4:82:fd:5d:2c:f7:cc

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Working\Test\AsusSplendid\x64\Release\AsusSplendid.pdb

Imports

user32

GetDisplayConfigBufferSizes
QueryDisplayConfig
ReleaseDC
wsprintfW
RedrawWindow
SendMessageTimeoutW
GetWindowThreadProcessId
GetWindowTextW
DisplayConfigGetDeviceInfo
GetForegroundWindow

gdi32

CreateDCW
SetDeviceGammaRamp
GetDeviceGammaRamp

asuscct

CCTAPI_WIN
CCTAPI_CUI
CCTAPI_AMD
CCTAPI_NV
CCTAPI_IGCL

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventW
CreateMutexW
WaitForSingleObject
OpenMutexW
OpenEventW
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-core-handle-l1-1-0

CloseHandle

ext-ms-win-shell32-shellfolders-l1-1-0

SHGetSpecialFolderPathW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
GetProcAddress
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW

api-ms-win-core-processenvironment-l1-1-0

FreeEnvironmentStringsW
SetStdHandle
GetCommandLineW
GetCurrentDirectoryW
SetEnvironmentVariableA
GetStdHandle
GetEnvironmentStringsW
GetCommandLineA

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CLSIDFromProgID
CoCreateInstance

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation

api-ms-win-core-file-l1-1-0

SetFilePointerEx
FindFirstFileW
ReadFile
GetFileAttributesExW
FindFirstFileExA
GetFullPathNameW
CreateFileW
WriteFile
FindNextFileA
SetEndOfFile
GetFileInformationByHandle
GetFileAttributesW
GetFileSize
GetFileType
DeleteFileW
FindClose
FlushFileBuffers

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId
MoveFileW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-io-l1-1-0

DeviceIoControl

oleaut32

SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
SafeArrayGetElement
SysFreeString
VariantClear
SysAllocString
SafeArrayGetDim

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
GetCurrentProcess
GetStartupInfoW
CreateProcessA
CreateProcessW
GetCurrentProcessId
GetCurrentThreadId
ExitProcess
TlsGetValue
TerminateProcess
TlsSetValue
TlsFree
SwitchToThread

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA
lstrcatW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

mscms

DisassociateColorProfileFromDeviceW
UninstallColorProfileW
AssociateColorProfileWithDeviceW
InstallColorProfileW

shell32

CommandLineToArgvW

api-ms-win-core-localization-l1-2-0

EnumSystemLocalesW
GetLocaleInfoW
IsValidLocale
IsValidCodePage
GetCPInfo
GetUserDefaultLCID
GetACP
GetOEMCP
LCMapStringW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlUnwindEx
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe

api-ms-win-core-console-l1-1-0

WriteConsoleW
ReadConsoleW
GetConsoleMode
GetConsoleCP

Sections

.text
Size: 626KB - Virtual size: 626KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfff8724e8dd9c2780b1eaf130cec5ca

Code Sign

07:20:7b:3a:1a:cb:44:e4:dc:39:eb:d3:89:a9:6d:65Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

33:00:00:01:09:5e:de:a2:12:7e:92:81:cc:00:00:00:00:01:09Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

8c:f8:ab:9a:af:2e:a6:18:85:50:a4:56:43:ac:a9:5e:1e:6a:44:1e:d9:cb:90:45:e6:d4:82:fd:5d:2c:f7:ccSigner

8c:f8:ab:9a:af:2e:a6:18:85:50:a4:56:43:ac:a9:5e:1e:6a:44:1e:d9:cb:90:45:e6:d4:82:fd:5d:2c:f7:ccSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

gdi32

asuscct

api-ms-win-core-synch-l1-1-0

api-ms-win-core-handle-l1-1-0

ext-ms-win-shell32-shellfolders-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-privateprofile-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-shell-shdirectory-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-io-l1-1-0

oleaut32

api-ms-win-core-util-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-sysinfo-l1-2-0

mscms

shell32

api-ms-win-core-localization-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-console-l1-1-0

Sections

.text Size: 626KB - Virtual size: 626KB

.rdata Size: 193KB - Virtual size: 193KB

.data Size: 11KB - Virtual size: 95KB

.pdata Size: 27KB - Virtual size: 26KB

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 3KB - Virtual size: 3KB

07:20:7b:3a:1a:cb:44:e4:dc:39:eb:d3:89:a9:6d:65
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

33:00:00:01:09:5e:de:a2:12:7e:92:81:cc:00:00:00:00:01:09
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

8c:f8:ab:9a:af:2e:a6:18:85:50:a4:56:43:ac:a9:5e:1e:6a:44:1e:d9:cb:90:45:e6:d4:82:fd:5d:2c:f7:cc
Signer

8c:f8:ab:9a:af:2e:a6:18:85:50:a4:56:43:ac:a9:5e:1e:6a:44:1e:d9:cb:90:45:e6:d4:82:fd:5d:2c:f7:cc
Signer

.text
Size: 626KB - Virtual size: 626KB

.rdata
Size: 193KB - Virtual size: 193KB

.data
Size: 11KB - Virtual size: 95KB

.pdata
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 3KB - Virtual size: 3KB