fd2d87402616a67e5d0743003a65750f0811741260290381435d6a9eac455e53

Sharing

Copy URL

Twitter E-mail

General

Target

fd2d87402616a67e5d0743003a65750f0811741260290381435d6a9eac455e53
Size

471KB
MD5

609e938049d9266b1dc8a99458e3c856
SHA1

f492bad51b5cdc5991e9571e076287935811abab
SHA256

fd2d87402616a67e5d0743003a65750f0811741260290381435d6a9eac455e53
SHA512

9c599e2726f1af5cccc0c5c5e70db0c46d60e4d200b46a90fd699c00a034476e9acd65d054d0830c23b110fa0c1ce0f4be4a2276d1e4e2d7122f8e466e805b7b
SSDEEP

12288:JE50SkHOAi9bqNiya7FFvvevheLDr+l1PQply:bSNAEbqNiyaxFvvevheLDr+l1PQply

Score

1^/10

Malware Config

Signatures

Files

fd2d87402616a67e5d0743003a65750f0811741260290381435d6a9eac455e53
.dll windows:4 windows x86 arch:x86

73307b439a3cfc416021b2ba827a65fc

Code Sign

cf:31:c2:6a:9c:ed:0d:07:0f:61:27:e6:02:ae:32:bd
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

10/05/2023, 00:00

Not After

09/05/2024, 23:59

Subject

SERIALNUMBER=3213630,CN=KUD LIMITED,O=KUD LIMITED,ST=Hong Kong,C=HK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302484b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cf:31:c2:6a:9c:ed:0d:07:0f:61:27:e6:02:ae:32:bd
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

10/05/2023, 00:00

Not After

09/05/2024, 23:59

Subject

SERIALNUMBER=3213630,CN=KUD LIMITED,O=KUD LIMITED,ST=Hong Kong,C=HK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302484b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

56:33:55:b0:26:b8:52:03:76:2b:ef:17:f1:7a:31:be:7e:a1:24:4a:df:dc:45:37:fe:ca:13:4b:34:04:40:63
Signer

Actual PE Digest

56:33:55:b0:26:b8:52:03:76:2b:ef:17:f1:7a:31:be:7e:a1:24:4a:df:dc:45:37:fe:ca:13:4b:34:04:40:63

Digest Algorithm

sha256

PE Digest Matches

true

18:5b:d8:10:dd:41:c5:d5:09:21:34:1f:97:a1:56:dc:15:be:97:3a
Signer

Actual PE Digest

18:5b:d8:10:dd:41:c5:d5:09:21:34:1f:97:a1:56:dc:15:be:97:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetStdHandle
GetConsoleMode
TlsGetValue
GetLastError
SetLastError
GetCurrentThreadId
GetStartupInfoA
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
GetSystemInfo
LoadLibraryW
LoadLibraryA
GetProcAddress
FreeLibrary
FormatMessageW
CreateFileW
GetFileAttributesW
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsFree
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
OpenProcess
GetProcessId
IsWow64Process
Module32FirstW
Module32NextW
CreateToolhelp32Snapshot
OutputDebugStringA
GetWindowsDirectoryA
GetVersionExA
CompareStringA
GetLocaleInfoA
EnumCalendarInfoA
GetWindowsDirectoryW
CompareStringW
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtectEx
VirtualQueryEx
CreateRemoteThread
GetExitCodeThread
WriteProcessMemory
GetCPInfo
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
MsgWaitForMultipleObjects
GetSystemMetrics
MessageBeep

imagehlp

SymGetOptions
SymCleanup
SymSetOptions
SymEnumerateModules64
SymEnumerateSymbols64
SymLoadModule64
SymInitialize

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

Exports

Exports

WeMod_1
WeMod_2
WeMod_3
WeMod_4
WeMod_5
WeMod_6
WeMod_7

Sections

.text
Size: 283KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 87KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��H
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��H
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.SCY
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

73307b439a3cfc416021b2ba827a65fc

Code Sign

cf:31:c2:6a:9c:ed:0d:07:0f:61:27:e6:02:ae:32:bdCertificate

Extended Key Usages

Key Usages

cf:31:c2:6a:9c:ed:0d:07:0f:61:27:e6:02:ae:32:bdCertificate

Extended Key Usages

Key Usages

56:33:55:b0:26:b8:52:03:76:2b:ef:17:f1:7a:31:be:7e:a1:24:4a:df:dc:45:37:fe:ca:13:4b:34:04:40:63Signer

18:5b:d8:10:dd:41:c5:d5:09:21:34:1f:97:a1:56:dc:15:be:97:3aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

user32

imagehlp

advapi32

Exports

Exports

Sections

.text Size: 283KB - Virtual size: 284KB

.data Size: 68KB - Virtual size: 72KB

.idata Size: 87KB - Virtual size: 88KB

����H Size: - Virtual size: 12KB

����H Size: - Virtual size: 4KB

.rdata Size: 1KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 832B

.reloc Size: 20KB - Virtual size: 24KB

.SCY Size: 3KB - Virtual size: 4KB

cf:31:c2:6a:9c:ed:0d:07:0f:61:27:e6:02:ae:32:bd
Certificate

cf:31:c2:6a:9c:ed:0d:07:0f:61:27:e6:02:ae:32:bd
Certificate

56:33:55:b0:26:b8:52:03:76:2b:ef:17:f1:7a:31:be:7e:a1:24:4a:df:dc:45:37:fe:ca:13:4b:34:04:40:63
Signer

18:5b:d8:10:dd:41:c5:d5:09:21:34:1f:97:a1:56:dc:15:be:97:3a
Signer

.text
Size: 283KB - Virtual size: 284KB

.data
Size: 68KB - Virtual size: 72KB

.idata
Size: 87KB - Virtual size: 88KB

��H
Size: - Virtual size: 12KB

��H
Size: - Virtual size: 4KB

.rdata
Size: 1KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 832B

.reloc
Size: 20KB - Virtual size: 24KB

.SCY
Size: 3KB - Virtual size: 4KB