fc1d8a551ec11c3f28969e488c50a4c69bf8a4645f352131070dda30b2697e0b

Sharing

Copy URL Twitter E-mail

General

Target

fc1d8a551ec11c3f28969e488c50a4c69bf8a4645f352131070dda30b2697e0b
Size

3.5MB
MD5

c006c0f4743a3fc563b8123c53c64bfb
SHA1

1c4dbd6ed9094f59b4aaca9d5b4d4283bfb1dbfa
SHA256

fc1d8a551ec11c3f28969e488c50a4c69bf8a4645f352131070dda30b2697e0b
SHA512

20089385a1d8977f9630c766a71bcaf4e8b34201a8c900a7f4b632b5404ff901578533ffe74973900e183a67e394932a82866c965b4cffcd422247aa8d4a1c2f
SSDEEP

49152:Ipcy0SF1CAL5q5BUca6FY07dzE83RT3jxAuCLMq5xdRJna:IGy0SFN5qUca6F97i83t1TCR5xdHna

Score

1^/10

Malware Config

Signatures

Files

fc1d8a551ec11c3f28969e488c50a4c69bf8a4645f352131070dda30b2697e0b
.exe windows:4 windows x86 arch:x86

a85d842709ae1c7015320be4e2097e8d

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:29:ac:5f:14:f6:f7:47:8f:e3:2b:09
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2023, 08:45

Not After

23/08/2026, 08:45

Subject

CN=X-LEGEND ENTERTAINMENT CO.\, LTD.,O=X-LEGEND ENTERTAINMENT CO.\, LTD.,L=Taipei,ST=Taipei,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c5:f2:fc:85:65:28:10:06:97:bd:81:53:8d:43:d5:36:f0:69:2b:bd
Signer

Actual PE Digest

c5:f2:fc:85:65:28:10:06:97:bd:81:53:8d:43:d5:36:f0:69:2b:bd

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wldap32

ord33
ord200
ord79
ord35
ord301
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord27
ord41
ord46
ord32

kernel32

FreeResource
GlobalFree
GlobalUnlock
GlobalLock
MulDiv
GlobalAlloc
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
GetModuleFileNameA
lstrcmpA
LoadLibraryExA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
InterlockedIncrement
GetThreadLocale
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetFileTime
GlobalFlags
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetTempPathA
GetOEMCP
WritePrivateProfileStringA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationA
GetFullPathNameA
SetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
GetSystemTimeAsFileTime
GetDriveTypeA
GetTimeFormatA
GetDateFormatA
GetProcessHeap
ExitThread
HeapSize
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetHandleCount
GetACP
IsValidCodePage
VirtualFree
HeapDestroy
HeapCreate
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetExitCodeProcess
SetEnvironmentVariableA
ExpandEnvironmentStringsA
GetStdHandle
PeekNamedPipe
CreateMutexA
CreateEventA
WaitForMultipleObjects
SetEvent
ReleaseMutex
LoadLibraryA
FreeLibrary
SetLastError
SleepEx
FindNextFileA
GetFileInformationByHandle
DosDateTimeToFileTime
DuplicateHandle
GetFileType
SetFilePointer
GetExitCodeThread
TerminateThread
CreateDirectoryA
FileTimeToSystemTime
SetFileTime
CreateThread
RemoveDirectoryA
InterlockedDecrement
GetTickCount
OutputDebugStringA
GetFileSize
ReadFile
MoveFileA
GetSystemTime
FindFirstFileA
FindClose
SetFileAttributesA
FormatMessageA
LocalFree
DeleteFileA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
FindResourceExA
GetModuleFileNameW
SetCurrentDirectoryW
SetThreadLocale
GetCommandLineA
CopyFileA
GetStartupInfoA
CreateProcessA
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32First
Process32Next
GetVersionExA
GetFileAttributesA
OpenProcess
WaitForSingleObject
TerminateProcess
lstrlenA
CompareStringW
CompareStringA
GetVersion
GetLastError
MultiByteToWideChar
InterlockedExchange
GetCurrentDirectoryA
Sleep
GetLocalTime
SystemTimeToFileTime
CreateFileA
WriteFile
CloseHandle
SetCurrentDirectoryA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetCPInfo

user32

EndPaint
DestroyMenu
GetSysColorBrush
SetCapture
ReleaseCapture
CopyAcceleratorTableA
SetRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
BeginPaint
SetForegroundWindow
IsWindowVisible
GetMenu
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
PtInRect
GetDlgCtrlID
CallWindowProcA
SetWindowPos
IntersectRect
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetActiveWindow
CreateDialogIndirectParamA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetActiveWindow
EnumDisplaySettingsA
SystemParametersInfoA
CreateWindowExA
ShowWindow
GetMessageA
UnregisterClassA
PostQuitMessage
DefWindowProcA
DrawTextA
OffsetRect
CopyRect
FrameRect
LoadBitmapA
IsRectEmpty
SetWindowRgn
PostMessageA
GetWindowLongA
SetWindowLongA
RedrawWindow
InflateRect
LoadImageA
wsprintfA
InvalidateRect
GetSystemMetrics
LoadIconA
KillTimer
GetClientRect
IsIconic
GetSystemMenu
AppendMenuA
DrawIcon
FillRect
LoadCursorA
MessageBoxA
FindWindowA
GetWindowThreadProcessId
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
CharNextA
CharUpperA
SetWindowContextHelpId
MapDialogRect
SetCursor
GetWindowTextLengthA
GetWindowTextA
IsWindow
SetWindowTextA
PeekMessageA
TranslateMessage
DispatchMessageA
UpdateWindow
GetParent
GetWindowRect
GetDesktopWindow
MoveWindow
EnableWindow
SendMessageA
DestroyWindow

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetWindowExtEx
CreateFontIndirectA
CreateRectRgnIndirect
GetMapMode
DPtoLP
GetRgnBox
GetViewportExtEx
GetBkColor
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateCompatibleBitmap
GetPixel
BitBlt
CombineRgn
CreateRectRgn
CreateSolidBrush
GetStockObject
GetObjectA
StretchBlt
SelectObject
CreateCompatibleDC
CreateBitmap
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetTextColor

comdlg32

GetFileTitleA
GetOpenFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegDeleteKeyA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
CryptGetHashParam
RegFlushKey
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
CryptAcquireContextA
CryptCreateHash
CryptHashData

shell32

ShellExecuteA
ShellExecuteExA
DragQueryFileA

comctl32

_TrackMouseEvent

shlwapi

PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathFileExistsA
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromString
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CLSIDFromProgID
CoTaskMemFree

oleaut32

VariantTimeToSystemTime
VariantCopy
OleCreateFontIndirect
VariantChangeType
SysAllocStringByteLen
SysStringLen
VariantInit
VariantClear
SysAllocStringLen
SysFreeString
SysAllocString
VarUdateFromDate
SystemTimeToVariantTime
SafeArrayDestroy

ws2_32

ioctlsocket
select
__WSAFDIsSet
listen
accept
recvfrom
sendto
WSASetLastError
setsockopt
getsockopt
htons
bind
getsockname
WSAStartup
WSACleanup
socket
ntohs
connect
closesocket
WSAGetLastError
send
recv
gethostbyname

hooklauncher

HookComboBox

Sections

.text
Size: 588KB - Virtual size: 586KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a85d842709ae1c7015320be4e2097e8d

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

70:29:ac:5f:14:f6:f7:47:8f:e3:2b:09Certificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

c5:f2:fc:85:65:28:10:06:97:bd:81:53:8d:43:d5:36:f0:69:2b:bdSigner

Headers

File Characteristics

Imports

version

wldap32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

hooklauncher

Sections

.text Size: 588KB - Virtual size: 586KB

.rdata Size: 140KB - Virtual size: 136KB

.data Size: 20KB - Virtual size: 35KB

.rsrc Size: 2.7MB - Virtual size: 2.7MB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

70:29:ac:5f:14:f6:f7:47:8f:e3:2b:09
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

c5:f2:fc:85:65:28:10:06:97:bd:81:53:8d:43:d5:36:f0:69:2b:bd
Signer

.text
Size: 588KB - Virtual size: 586KB

.rdata
Size: 140KB - Virtual size: 136KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 2.7MB - Virtual size: 2.7MB