2024-05-15_be2fd337e850485eca49d18c6512bc9a_hellokitty_metamorfo

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-15_be2fd337e850485eca49d18c6512bc9a_hellokitty_metamorfo
Size

1.6MB
MD5

be2fd337e850485eca49d18c6512bc9a
SHA1

5f68c7acbbde4d9312231d1a52d1e51b37c75604
SHA256

2a5b9a2aa9594ca32117de14c24324b7b4ec4b1871d9a5dbceb4c1cbbe34b185
SHA512

8932f63544591dd56c5b8de50b6a8c15cf2e42695f6a5e764f32c80e3fab20aba6d1dc03216fdb80ccb2472ff24dabcdd3dcc1d8db0d866f4ffb09a2748e28d2
SSDEEP

49152:9wVZ9+cofnCuNYAAAAMlNBbwkfvnFrT2CB7:9N7NNBpfvv

Score

1^/10

Malware Config

Signatures

Files

2024-05-15_be2fd337e850485eca49d18c6512bc9a_hellokitty_metamorfo
.exe windows:6 windows x86 arch:x86

c8d3076f9661d372b96ae92d54fe7b97

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:64:73:ab:2c:b6:55:6c:c1:f6:db:57:45:2c:67:7d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/05/2021, 00:00

Not After

15/06/2023, 23:59

Subject

SERIALNUMBER=91440300064998332L,CN=深圳风月科技有限公司,O=深圳风月科技有限公司,L=深圳市,ST=广东省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c09e6b7b1e59cb3e5b882,1.3.6.1.4.1.311.60.2.1.2=#0c09e5b9bfe4b89ce79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:06:6a:f6:90:c0:8a:21:14:cd:28:14:71:3e:ed:d5:c4:65:7f:6e:fb:d7:82:a5:f6:c8:fc:fe:c4:2f:6f:dc
Signer

Actual PE Digest

e7:06:6a:f6:90:c0:8a:21:14:cd:28:14:71:3e:ed:d5:c4:65:7f:6e:fb:d7:82:a5:f6:c8:fc:fe:c4:2f:6f:dc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\my\uclient\Loader\output\Release\Shell.pdb

Imports

kernel32

GetDriveTypeW
SetDllDirectoryW
MapViewOfFile
OpenFileMappingA
FreeLibrary
GetModuleHandleW
CreateFileMappingA
GetProcAddress
LoadLibraryW
CloseHandle
SetFilePointer
WriteConsoleW
GetDiskFreeSpaceExW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
GetLastError
UnmapViewOfFile
CreateMutexW
DeleteFileW
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapReAlloc
HeapFree
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapAlloc
GetFileSizeEx
GetStdHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
ReadFile
GetTimeZoneInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapSize
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
RaiseException
RtlUnwind
LoadLibraryExW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetTickCount
SetLastError
FindFirstFileW
CreateProcessW
GetCurrentProcessId
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
GetTempPathW
AreFileApisANSI
CopyFileW
MoveFileExW
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
LocalFree
FormatMessageA
QueryPerformanceCounter
QueryPerformanceFrequency
InitOnceBeginInitialize
InitOnceComplete
GetStringTypeW
WaitForSingleObjectEx
Sleep
GetCurrentThreadId
GetExitCodeThread
LCMapStringEx
CompareStringEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
GetCPInfo
TryEnterCriticalSection
GetCurrentProcess
WriteFile
CreateFileA
GetCPInfoExW

user32

BeginPaint
ReleaseDC
InvalidateRect
LoadImageW
SetForegroundWindow
UpdateWindow
PostQuitMessage
KillTimer
UpdateLayeredWindow
IsZoomed
GetClientRect
SetWindowLongW
LoadCursorW
LoadIconW
TranslateMessage
TranslateAcceleratorW
MoveWindow
MessageBoxA
IsChild
DestroyIcon
EndPaint
DispatchMessageW
OffsetRect
IsWindow
ShowWindow
LoadAcceleratorsW
RegisterClassExW
SetWindowTextW
GetWindowThreadProcessId
WaitForInputIdle
LoadStringW
EnumWindows
GetSystemMetrics
SendMessageW
CreateWindowExW
MessageBoxW
EqualRect
SetWindowPos
IsWindowVisible
GetDC
GetWindowRect
GetWindow
PostMessageW
GetKeyState
DefWindowProcW
GetMessageW
GetWindowLongW
GetWindowTextW
SetTimer

gdi32

CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject
SetStretchBltMode
StretchBlt
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetFolderPathW
SHChangeNotify
ShellExecuteExW
ExtractIconExW
SHGetPathFromIDListW

gdiplus

GdipSetClipRect
GdipDrawImageRect
GdipCreateFontFamilyFromName
GdipCloneImage
GdipCreateStringFormat
GdiplusShutdown
GdiplusStartup
GdipDeleteBrush
GdipAlloc
GdipDrawImageRectI
GdipDisposeImage
GdipSetStringFormatLineAlign
GdipCreateFont
GdipSetInterpolationMode
GdipCreateSolidFill
GdipGraphicsClear
GdipFillRectangle
GdipGetGenericFontFamilySansSerif
GdipFree
GdipDrawString
GdipCreateFromHDC
GdipCloneBrush
GdipFillRectangleI
GdipCreateBitmapFromHICON
GdipDeleteGraphics
GdipDeleteStringFormat
GdipDeleteFont
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipSetStringFormatAlign
GdipDeleteFontFamily
GdipDrawImageRectRectI

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

send
recvfrom
recv
ioctlsocket
setsockopt
WSACleanup
select
getaddrinfo
WSAStartup
socket
connect
getsockopt
freeaddrinfo
WSAGetLastError
accept
closesocket
__WSAFDIsSet
shutdown

advapi32

CryptGenRandom
RegQueryValueExW
RegCreateKeyW
RegOpenKeyExW
CheckTokenMembership
FreeSid
RegSetValueExW
AllocateAndInitializeSid
RegDeleteKeyW
RegCloseKey
CryptReleaseContext
CryptAcquireContextW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 381KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8d3076f9661d372b96ae92d54fe7b97

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

0c:64:73:ab:2c:b6:55:6c:c1:f6:db:57:45:2c:67:7dCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

e7:06:6a:f6:90:c0:8a:21:14:cd:28:14:71:3e:ed:d5:c4:65:7f:6e:fb:d7:82:a5:f6:c8:fc:fe:c4:2f:6f:dcSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

gdiplus

iphlpapi

version

ws2_32

advapi32

ole32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 381KB - Virtual size: 381KB

.data Size: 47KB - Virtual size: 73KB

.rsrc Size: 35KB - Virtual size: 35KB

.reloc Size: 49KB - Virtual size: 48KB

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

0c:64:73:ab:2c:b6:55:6c:c1:f6:db:57:45:2c:67:7d
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

e7:06:6a:f6:90:c0:8a:21:14:cd:28:14:71:3e:ed:d5:c4:65:7f:6e:fb:d7:82:a5:f6:c8:fc:fe:c4:2f:6f:dc
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 381KB - Virtual size: 381KB

.data
Size: 47KB - Virtual size: 73KB

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 49KB - Virtual size: 48KB