afddddc55031d8a6a6ce1454a29c12e9ebc5d761c23d688e585bde09bc6691da

Sharing

Copy URL

Twitter E-mail

General

Target

afddddc55031d8a6a6ce1454a29c12e9ebc5d761c23d688e585bde09bc6691da
Size

8.1MB
MD5

3b72abfc4d86c25cf836f7a099125d6b
SHA1

a96bb7ccff5ed1c4e1d3122296ba02513bcda271
SHA256

afddddc55031d8a6a6ce1454a29c12e9ebc5d761c23d688e585bde09bc6691da
SHA512

7b0bc3c2b12152cda2f17258be13d6a106cc573bc4075604815a3054970f44edea443e2152ceae4ac868a2715307a683ea4b7d423ed9de764ecee8150dda377f
SSDEEP

196608:IOBqNXPh6PQJCGOW255EncW5aIsEi2Z2Qb9CxkgtFeCqXB1CePepQb:jBkPrIGOW3Gz2d9ZcevXz1Pfb

Score

1^/10

Malware Config

Signatures

Files

afddddc55031d8a6a6ce1454a29c12e9ebc5d761c23d688e585bde09bc6691da
.exe windows:5 windows x86 arch:x86

c4c4a1d53dbfca6b6f66f3a7626b8783

Code Sign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09-06-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:c4:e7:29:42:d4:53:f8:65:85:73:ce:fc:26:55:cd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26-10-2021 00:00

Not After

09-12-2022 23:59

Subject

CN=天津迅读科技有限公司,O=天津迅读科技有限公司,ST=天津市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

28:09:d7:95:80:4e:2a:e6:5f:75:13:29:28:0e:58:dc:7d:08:4a:e8:ca:66:fb:ac:6e:1a:2c:fc:4b:ef:c7:5f
Signer

Actual PE Digest

28:09:d7:95:80:4e:2a:e6:5f:75:13:29:28:0e:58:dc:7d:08:4a:e8:ca:66:fb:ac:6e:1a:2c:fc:4b:ef:c7:5f

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\project\rel\PDFConverter.pdb

Imports

kernel32

CreateEventW
SetEvent
lstrcmpW
GetNativeSystemInfo
CreateThread
HeapDestroy
MulDiv
GlobalUnlock
CreateFileMappingW
FormatMessageA
GetSystemTimeAsFileTime
VerifyVersionInfoW
GetModuleHandleW
CreateProcessW
GetCurrentProcessId
VerSetConditionMask
LocalFree
GlobalLock
GetWindowsDirectoryW
GetCurrentDirectoryW
FindResourceW
LoadResource
GlobalAlloc
LockResource
OpenProcess
GetVersionExW
GetCurrentThreadId
GetStdHandle
GetCurrentProcess
SizeofResource
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
lstrcmpiW
GlobalFree
lstrlenW
LoadLibraryA
FreeLibrary
MoveFileW
GetLocalTime
SystemTimeToFileTime
GetSystemTime
SetFileAttributesW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetStartupInfoW
CreatePipe
GetFileSize
GetTempPathA
GetExitCodeProcess
GetTickCount
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
WideCharToMultiByte
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetACP
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
SetFilePointerEx
GetModuleHandleExW
ExitThread
FindFirstFileExW
RtlUnwind
WaitForSingleObject
MoveFileExW
GetPrivateProfileStringW
HeapSize
TerminateProcess
ExitProcess
InterlockedIncrement
InterlockedDecrement
SetLastError
RaiseException
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
Sleep
CopyFileW
FindResourceExW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
UnregisterWaitEx
QueryDepthSList
CreateMutexW
GetFileTime
GetDriveTypeW
GetTempFileNameW
DeleteFileW
GetFileAttributesExW
GetLastError
CreateFileW
GetTempPathW
GetModuleFileNameW
GetPrivateProfileIntW
WriteFile
GetFullPathNameW
InterlockedFlushSList
ReleaseSemaphore
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
UnhandledExceptionFilter
LCMapStringW
CompareStringW
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStringTypeW
TryEnterCriticalSection
GetCurrentThread
WaitForSingleObjectEx
DuplicateHandle
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
InterlockedCompareExchange
lstrcpynW
FormatMessageW
FlushConsoleInputBuffer
GlobalMemoryStatus
QueryPerformanceCounter
GetModuleHandleA
ExpandEnvironmentStringsA
PeekNamedPipe
GetFileType
SleepEx
SetErrorMode
GetFileAttributesExA
InitializeCriticalSection
MapViewOfFile
UnmapViewOfFile
DeviceIoControl
VirtualProtect
IsBadReadPtr
SetUnhandledExceptionFilter
lstrcmpA
WritePrivateProfileStringW
ReadFile
WaitForMultipleObjects
SetEndOfFile
GetQueuedCompletionStatus
InterlockedExchange
CreateIoCompletionPort
TerminateThread
GetExitCodeThread
PostQueuedCompletionStatus
ResetEvent
GetVersion
GetComputerNameW
GetSystemInfo
SetThreadLocale
GetThreadLocale
lstrlenA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFilePointer
DecodePointer
GetLocaleInfoW
LoadLibraryExW
CreateDirectoryW
OutputDebugStringW
CloseHandle
MultiByteToWideChar

user32

GetIconInfo
IsRectEmpty
SetWindowRgn
FillRect
IntersectRect
GetDoubleClickTime
EqualRect
SetRectEmpty
UpdateLayeredWindow
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
wsprintfW
RegisterClipboardFormatW
GetWindowThreadProcessId
DrawIconEx
GetDlgItem
DefWindowProcW
CallWindowProcW
KillTimer
PostMessageW
UnregisterClassW
GetParent
SystemParametersInfoW
GetActiveWindow
IsWindow
MapWindowPoints
GetWindow
RegisterClassExW
GetClassInfoExW
CreateWindowExW
FindWindowW
SendMessageTimeoutW
IsWindowVisible
SetFocus
LoadIconW
EnableWindow
GetWindowLongW
UpdateWindow
GetClassNameW
EnumWindows
DrawTextW
IsClipboardFormatAvailable
GetClientRect
SetWindowLongW
SetCursor
LoadCursorW
BringWindowToTop
MoveWindow
GetForegroundWindow
AttachThreadInput
TrackMouseEvent
SetTimer
CharNextW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
PtInRect
CopyRect
FindWindowExW
BeginPaint
EndPaint
SetCapture
ReleaseCapture
GetWindowTextW
PostQuitMessage
IsZoomed
OffsetRect
SetLayeredWindowAttributes
SetWindowTextW
GetWindowTextLengthW
ClientToScreen
GetMonitorInfoW
GetFocus
MonitorFromPoint
GetCaretBlinkTime
CreateCaret
SetCaretPos
GetSysColor
SetForegroundWindow
ShowWindow
InvalidateRect
IsIconic
GetDC
ReleaseDC
GetSystemMetrics
SendMessageW
ScreenToClient
SetActiveWindow
MonitorFromWindow
MonitorFromRect
SetWindowPos
DestroyWindow
GetWindowRect
GetCursorPos

gdi32

GetObjectW
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
SetBkMode
CreateFontIndirectW
GetDIBits
GetDeviceCaps
DeleteObject
CreateSolidBrush
CreateRoundRectRgn
GetBitmapBits
SetBitmapBits
SetPixel
SetStretchBltMode
StretchBlt
CombineRgn
CreateRectRgn
SetTextColor
SetBkColor
GetStockObject
CreatePen
Rectangle
ExtSelectClipRgn
CreateRectRgnIndirect
SaveDC
RestoreDC
GetTextColor
GetCurrentObject
SetTextCharacterExtra
GetViewportOrgEx

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegisterEventSourceA
DeregisterEventSource
RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
RegEnumKeyW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
FreeSid
ReportEventA
AllocateAndInitializeSid
CheckTokenMembership

shell32

ShellExecuteA
DragAcceptFiles
DragFinish
DragQueryFileW
ord165
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHFileOperationW
SHCreateDirectoryExW
ShellExecuteExW
SHGetDesktopFolder
ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CreateStreamOnHGlobal
ReleaseStgMedium
StgCreateDocfile
RevokeDragDrop
CoLockObjectExternal
CLSIDFromProgID
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleInitialize
RegisterDragDrop
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize

oleaut32

VariantClear
SysAllocStringLen
VarDateFromStr
SysAllocStringByteLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString
VariantInit
SysAllocString
SysStringByteLen
VarBstrCmp

shlwapi

PathIsDirectoryW
PathSearchAndQualifyW
PathFindExtensionW
PathCombineW
PathRemoveExtensionW
PathRemoveFileSpecW
PathRemoveExtensionA
PathIsRootW
PathFileExistsW
PathFindFileNameW
StrCmpIW
PathAddBackslashW
StrStrIW
PathAppendW
PathFindFileNameA
SHGetValueW

comctl32

ord17

msimg32

AlphaBlend

gdiplus

GdiplusStartup
GdipCreateBitmapFromFile
GdipCreateBitmapFromHBITMAP
GdipDrawImageRectI
GdipGetImageEncoders
GdipCloneBrush
GdipCreateSolidFill
GdipCreateFromHDC
GdipDrawString
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDeleteBrush
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipCreateBitmapFromStream
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdipGetImagePixelFormat
GdipGetImageHorizontalResolution
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapSetResolution
GdipFree
GdipCloneBitmapAreaI
GdipDisposeImage
GdipAlloc
GdipBitmapUnlockBits
GdipCloneImage
GdipSaveImageToFile
GdipDeleteGraphics
GdipGetImageEncodersSize
GdipGetImageGraphicsContext
GdipSetPropertyItem

wininet

InternetConnectW
InternetSetOptionW
HttpSendRequestW
InternetCloseHandle
InternetOpenW
InternetCrackUrlW
HttpQueryInfoW
HttpOpenRequestW
InternetReadFile

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

netapi32

Netbios

ws2_32

WSACleanup
WSAStartup
WSAGetLastError
freeaddrinfo
accept
listen
WSASetLastError
recv
send
bind
closesocket
__WSAFDIsSet
connect
getpeername
getsockname
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
recvfrom
getsockopt
getservbyname
gethostbyname
htonl
shutdown
gethostname
ioctlsocket
sendto
select

wldap32

ord145
ord14
ord216
ord208
ord41
ord118
ord26
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301
ord46

psapi

GetModuleFileNameExW

iphlpapi

GetAdaptersInfo
GetIpAddrTable

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

riched20

ord4

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data:
Size: 733KB - Virtual size: 733KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 337KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 203KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c4c4a1d53dbfca6b6f66f3a7626b8783

Code Sign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

09:c4:e7:29:42:d4:53:f8:65:85:73:ce:fc:26:55:cdCertificate

Extended Key Usages

Key Usages

28:09:d7:95:80:4e:2a:e6:5f:75:13:29:28:0e:58:dc:7d:08:4a:e8:ca:66:fb:ac:6e:1a:2c:fc:4b:ef:c7:5fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

wininet

crypt32

netapi32

ws2_32

wldap32

psapi

iphlpapi

version

riched20

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.data: Size: 733KB - Virtual size: 733KB

.rdata Size: 2.7MB - Virtual size: 2.7MB

.data Size: 337KB - Virtual size: 476KB

.gfids Size: 4KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 47KB - Virtual size: 46KB

.reloc Size: 203KB - Virtual size: 272KB

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

09:c4:e7:29:42:d4:53:f8:65:85:73:ce:fc:26:55:cd
Certificate

28:09:d7:95:80:4e:2a:e6:5f:75:13:29:28:0e:58:dc:7d:08:4a:e8:ca:66:fb:ac:6e:1a:2c:fc:4b:ef:c7:5f
Signer

.text
Size: 4.1MB - Virtual size: 4.1MB

.data:
Size: 733KB - Virtual size: 733KB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 337KB - Virtual size: 476KB

.gfids
Size: 4KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 47KB - Virtual size: 46KB

.reloc
Size: 203KB - Virtual size: 272KB