6a45305ae395ae937f2e4ddd6ec2630ab54c8d25d0a76dad4dbf84ce90c421ed

Sharing

Copy URL Twitter E-mail

General

Target

6a45305ae395ae937f2e4ddd6ec2630ab54c8d25d0a76dad4dbf84ce90c421ed
Size

363KB
MD5

f2789c3fbb0c3d965777fb8ce398d7c7
SHA1

a8a6ada3047fe87cc48e9d7f21abe895a33450e7
SHA256

6a45305ae395ae937f2e4ddd6ec2630ab54c8d25d0a76dad4dbf84ce90c421ed
SHA512

bc486081584401ded3ab29cfe43a71d6255d558962c0a01638e1d76ad0e801896e3a44213bcdbbc4077e9aeec9526d7afc42b25832c8202c46d35652ee080465
SSDEEP

6144:sjpteb9H0ckQ3vPJcId9T2mROtdJ9BV+UdvrEFp7hKPJli:sjpkbBmiPJcIXT2m2BjvrEH7MJli

Score

1^/10

Malware Config

Signatures

Files

6a45305ae395ae937f2e4ddd6ec2630ab54c8d25d0a76dad4dbf84ce90c421ed
.dll windows:5 windows x86 arch:x86

414c38b797eef586702e0b801adac0aa

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:bd:22:19:37:f2:d7:96:fa:70:29:54:7b:19:03:01
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

02/12/2024, 23:59

Subject

SERIALNUMBER=91510107765360104N,CN=CHENGDU YIWO Tech Development Co.\, Ltd.,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=成都市,ST=四川省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e6ada6e4beafe58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e59b9be5b79de79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:a7:a8:b5:98:67:c1:3a:79:b5:3b:05:0b:24:1d:e4:3e:b2:cd:65:0f:11:55:5a:70:35:b0:7f:d0:87:3f:d7
Signer

Actual PE Digest

18:a7:a8:b5:98:67:c1:3a:79:b5:3b:05:0b:24:1d:e4:3e:b2:cd:65:0f:11:55:5a:70:35:b0:7f:d0:87:3f:d7

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\TBNet\TBNet\Output\Release\FlBackup.pdb

Imports

kernel32

GetModuleFileNameW
LoadLibraryW
InterlockedDecrement
InterlockedIncrement
SetFilePointerEx
ReadFile
BackupRead
BackupSeek
GetFileInformationByHandle
LocalFree
CreateEventW
ResetEvent
SetEvent
WaitForSingleObject
WaitForMultipleObjects
GetModuleHandleW
GetCurrentProcess
GetSystemInfo
GetFileAttributesW
GetVolumeInformationW
GetModuleHandleExW
FindNextFileW
FindClose
MultiByteToWideChar
WideCharToMultiByte
FindFirstFileW
GetComputerNameExW
Sleep
GetPrivateProfileIntW
GetPrivateProfileStringW
GetModuleFileNameA
GetLocalTime
GetCurrentThreadId
GetTickCount
SetErrorMode
GetTickCount64
GetDiskFreeSpaceExW
GetLogicalDrives
GlobalMemoryStatusEx
GetDiskFreeSpaceW
CreateFileW
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
DeviceIoControl
InitializeCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange

advapi32

LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
RevertToSelf
ImpersonateLoggedOnUser
GetSecurityDescriptorLength
GetSecurityInfo
AdjustTokenPrivileges

msvcp90

?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB

mpr

WNetAddConnection2W
WNetCancelConnection2W

msvcr90

_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
fopen
fseek
ftell
fclose
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
free
_malloc_crt
__CxxFrameHandler3
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_itow_s
towupper
_beginthreadex
wcsstr
toupper
wcscat_s
_wcsnicmp
_wcsicmp
sprintf_s
swprintf_s
memcpy_s
_vswprintf_c_l
_purecall
?what@exception@std@@UBEPBDXZ
wcsrchr
wcsncpy_s
wcscpy_s
_invalid_parameter_noinfo
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
strcat_s
strcpy_s
??0exception@std@@QAE@XZ
??_V@YAXPAX@Z
memmove_s
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_encoded_null
strrchr
strstr
memset
sprintf
mbstowcs
__RTDynamicCast
strncpy
_stricmp
_CxxThrowException
isspace
fread
memcpy

ws2_32

WSACleanup
WSAStartup
gethostbyname

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
GetImp_IOperate
TBCanUnloadNow
TBCreateObject

Sections

.text
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

414c38b797eef586702e0b801adac0aa

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:bd:22:19:37:f2:d7:96:fa:70:29:54:7b:19:03:01Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

18:a7:a8:b5:98:67:c1:3a:79:b5:3b:05:0b:24:1d:e4:3e:b2:cd:65:0f:11:55:5a:70:35:b0:7f:d0:87:3f:d7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

msvcp90

mpr

msvcr90

ws2_32

Exports

Exports

Sections

.text Size: 203KB - Virtual size: 203KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:bd:22:19:37:f2:d7:96:fa:70:29:54:7b:19:03:01
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

18:a7:a8:b5:98:67:c1:3a:79:b5:3b:05:0b:24:1d:e4:3e:b2:cd:65:0f:11:55:5a:70:35:b0:7f:d0:87:3f:d7
Signer

.text
Size: 203KB - Virtual size: 203KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB