fd8a2512c2bd5322173299dc01b8a94b708909d8f38e81aec90f3f31221681e5[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

fd8a2512c2bd5322173299dc01b8a94b708909d8f38e81aec90f3f31221681e5.exe
Size

16.6MB
MD5

954b791e7549e9097a109f85aec4d331
SHA1

e6cb59a5ef7cd10c7aba31d617a9c4ddd4a14376
SHA256

fd8a2512c2bd5322173299dc01b8a94b708909d8f38e81aec90f3f31221681e5
SHA512

447c48023789d4637874295c19fa42d325bec5a90cb24283a84dabfd8cbbd2595df5a19054644e9a64b6dedf9994283cf29bfcb02f423628d3ada04b034d7131
SSDEEP

393216:5qjIdbwJbmPQQXjfPmi9sDtEa9OicmriQRuxhPlbqjuMj:QjcbEbmbPMD5O+HeSjhj

Score

1^/10

Malware Config

Signatures

Files

fd8a2512c2bd5322173299dc01b8a94b708909d8f38e81aec90f3f31221681e5.exe
.exe windows:5 windows x86 arch:x86

af35b3d3a6cfdaf815ad09c27be3581a

Code Sign

06:20:7a:1a:88:4d:d9:1f:50:d9:12:a9:cf:5d:5b:fe
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19-11-2019 00:00

Not After

23-11-2020 12:00

Subject

CN=Shanghai Oriental Webcasting Co. Ltd.,OU=IT,O=Shanghai Oriental Webcasting Co. Ltd.,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:16:87:e9:a3:16:b5:d0:50:e2:f0:89:41:5a:b8:ed
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19-11-2019 00:00

Not After

23-11-2020 12:00

Subject

CN=Shanghai Oriental Webcasting Co. Ltd.,OU=IT,O=Shanghai Oriental Webcasting Co. Ltd.,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c4:53:26:02:bf:2b:dc:5f:6c:1d:71:2a:00:01:15:b4:f9:96:6a:de:56:9e:81:19:cf:03:c4:0c:20:65:33:84
Signer

Actual PE Digest

c4:53:26:02:bf:2b:dc:5f:6c:1d:71:2a:00:01:15:b4:f9:96:6a:de:56:9e:81:19:cf:03:c4:0c:20:65:33:84

Digest Algorithm

sha256

PE Digest Matches

true

cb:cb:3f:22:93:c9:6d:c0:ab:37:63:e1:83:7a:93:32:f4:c0:10:e3
Signer

Actual PE Digest

cb:cb:3f:22:93:c9:6d:c0:ab:37:63:e1:83:7a:93:32:f4:c0:10:e3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForMultipleObjects
FormatMessageA
PeekNamedPipe
ExpandEnvironmentStringsA
VerSetConditionMask
VerifyVersionInfoW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
GetFullPathNameW
SetThreadPriority
ReleaseSemaphore
CreateEventA
CreateSemaphoreA
GetDiskFreeSpaceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
WinExec
DeleteFileW
GetTempPathW
WriteFile
LockResource
MultiByteToWideChar
FindResourceW
LoadLibraryExW
LoadLibraryW
lstrcmpiW
SizeofResource
LoadResource
InitializeCriticalSectionAndSpinCount
RaiseException
FreeLibrary
InterlockedDecrement
InterlockedIncrement
DecodePointer
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryDosDeviceW
GetModuleHandleW
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetPrivateProfileIntW
GetPrivateProfileStringW
FindClose
CreateDirectoryW
FindNextFileW
MoveFileExW
WideCharToMultiByte
FileTimeToSystemTime
GlobalAlloc
GlobalFree
WaitForSingleObject
CreateProcessW
ReleaseMutex
CreateMutexW
GetTickCount
AreFileApisANSI
SleepEx
GetWindowsDirectoryW
SetErrorMode
GetLocalTime
GetSystemDirectoryW
GetACP
GetCurrentDirectoryW
FreeResource
ExitProcess
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
MulDiv
GetFileType
SetFilePointer
SetFileTime
DuplicateHandle
SystemTimeToFileTime
DosDateTimeToFileTime
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
GetTimeZoneInformation
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
FlushFileBuffers
WriteConsoleW
SetEndOfFile
GetLogicalDriveStringsW
GetLastError
GetCurrentProcessId
OpenProcess
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetProcAddress
Sleep
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileW
WritePrivateProfileStringW
GetModuleFileNameW
lstrlenW
CloseHandle
ReadFile
GetFileSize
CreateThread

user32

GetCaretBlinkTime
SetCaretPos
ScreenToClient
MapWindowPoints
PtInRect
IsZoomed
SetWindowRgn
MessageBoxW
MoveWindow
GetWindowRgn
FillRect
CharPrevW
DrawTextW
GetSysColorBrush
SetRect
HideCaret
ShowCaret
GetCaretPos
ClientToScreen
GetSysColor
EnableWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
CreateAcceleratorTableW
InvalidateRgn
GetClientRect
GetPropW
SetPropW
GetSystemMetrics
KillTimer
MsgWaitForMultipleObjects
SetFocus
IsIconic
DestroyWindow
CreateWindowExW
CreateCaret
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
SendMessageW
PeekMessageW
TranslateMessage
LoadIconW
LoadCursorW
OffsetRect
UnionRect
InflateRect
SetCursor
wvsprintfW
GetForegroundWindow
GetKeyState
IntersectRect
PostMessageW
PostQuitMessage
ShowWindow
SetWindowPos
SetTimer
InvalidateRect
GetWindowLongW
SetWindowLongW
GetCursorPos
GetUpdateRect
EndPaint
BeginPaint
IsWindow
SetForegroundWindow
FindWindowW
CharNextW
SetRectEmpty
IsRectEmpty
GetWindowRect
ReleaseDC
GetWindowDC
GetDC
ReleaseCapture
SetCapture
GetFocus
IsWindowVisible
UpdateLayeredWindow
GetMessageW
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
DispatchMessageW
GetClassInfoExW
GetParent

advapi32

RevertToSelf
RegQueryValueExW
OpenProcessToken
GetTokenInformation
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyW
RegEnumKeyW
DuplicateTokenEx
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptGetHashParam
CryptImportKey
CryptEncrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ImpersonateLoggedOnUser

shell32

Shell_NotifyIconW
ShellExecuteW
SHGetFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CLSIDFromString
CoUninitialize
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal

oleaut32

SysAllocString
VariantInit
VariantClear
VarUI4FromStr
SysFreeString

shlwapi

PathFileExistsW

gdiplus

GdipSetPenDashStyle
GdipSetPenMode
GdipDeletePen
GdipGetImageHeight
GdipCreatePen1
GdipAddPathLineI
GdipDeletePath
GdipCreateBitmapFromScan0
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDrawLineI
GdipDrawRectangleI
GdipDrawPath
GdipAlloc
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromStream
GdipGetImageWidth
GdipGetImagePixelFormat
GdipAddPathArcI
GdiplusShutdown
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipDeleteBrush
GdipCreateTexture
GdipTranslateTextureTransform
GdipSetSmoothingMode
GdipFillEllipseI
GdiplusStartup
GdipCreatePath

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
EnumProcessModules

crypt32

CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CryptQueryObject
CertFreeCertificateContext
CertGetNameStringW

msimg32

AlphaBlend

d3d9

Direct3DCreate9

winmm

timeEndPeriod
timeGetTime
timeKillEvent
timeSetEvent
timeGetDevCaps
timeBeginPeriod

gdi32

GetViewportOrgEx
SaveDC
SelectObject
GetCurrentObject
SetGraphicsMode
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
SetViewportOrgEx
ExtTextOutW
TextOutW
SetTextColor
SetStretchBltMode
StretchBlt
SetDIBits
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
GetTextExtentPoint32W
GetTextColor
RestoreDC
GetStockObject
GetDIBits
GetClipBox
GetCharABCWidthsW
CreateRectRgnIndirect
CombineRgn
SetPixel
GetPixel
GetTextMetricsW
CreateDIBSection
DeleteObject
PtInRegion
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
BitBlt
DeleteDC
CreateSolidBrush
CreatePen
GetObjectW

comctl32

_TrackMouseEvent
ord17

imm32

ImmAssociateContext
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

wldap32

ord208
ord41
ord14
ord46
ord145
ord26
ord27
ord127
ord167
ord142
ord118
ord79
ord133
ord147
ord301
ord216

ws2_32

htons
gethostname
ioctlsocket
listen
accept
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
WSAStartup
getsockopt
getsockname
getpeername
connect
closesocket
bind
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
send
recv
WSACleanup

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15.2MB - Virtual size: 15.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af35b3d3a6cfdaf815ad09c27be3581a

Code Sign

06:20:7a:1a:88:4d:d9:1f:50:d9:12:a9:cf:5d:5b:feCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:16:87:e9:a3:16:b5:d0:50:e2:f0:89:41:5a:b8:edCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

c4:53:26:02:bf:2b:dc:5f:6c:1d:71:2a:00:01:15:b4:f9:96:6a:de:56:9e:81:19:cf:03:c4:0c:20:65:33:84Signer

cb:cb:3f:22:93:c9:6d:c0:ab:37:63:e1:83:7a:93:32:f4:c0:10:e3Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

psapi

crypt32

msimg32

d3d9

winmm

gdi32

comctl32

imm32

wldap32

ws2_32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 238KB - Virtual size: 237KB

.data Size: 10KB - Virtual size: 106KB

.gfids Size: 512B - Virtual size: 456B

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 512B - Virtual size: 32B

.rsrc Size: 15.2MB - Virtual size: 15.2MB

.reloc Size: 56KB - Virtual size: 55KB

06:20:7a:1a:88:4d:d9:1f:50:d9:12:a9:cf:5d:5b:fe
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:16:87:e9:a3:16:b5:d0:50:e2:f0:89:41:5a:b8:ed
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

c4:53:26:02:bf:2b:dc:5f:6c:1d:71:2a:00:01:15:b4:f9:96:6a:de:56:9e:81:19:cf:03:c4:0c:20:65:33:84
Signer

cb:cb:3f:22:93:c9:6d:c0:ab:37:63:e1:83:7a:93:32:f4:c0:10:e3
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 238KB - Virtual size: 237KB

.data
Size: 10KB - Virtual size: 106KB

.gfids
Size: 512B - Virtual size: 456B

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 15.2MB - Virtual size: 15.2MB

.reloc
Size: 56KB - Virtual size: 55KB