bd402ec9d00ba438944551b562fe526a60bbdf4e4780af8dff8031414e13f366

Sharing

Copy URL Twitter E-mail

General

Target

bd402ec9d00ba438944551b562fe526a60bbdf4e4780af8dff8031414e13f366
Size

1.2MB
MD5

c98c16d70cf405994d4b94caebc5dbbf
SHA1

a09753b97417fc5894c7a70af9f8931c89e9a969
SHA256

bd402ec9d00ba438944551b562fe526a60bbdf4e4780af8dff8031414e13f366
SHA512

448baaccb89efd05a6ba1ca26416f2a52940347813baed0c6ff25aff1e7008fb4d9ce2174b5984dd5518d88bebaad53d836aabbd2f4e63090c90427f75c98164
SSDEEP

24576:YgE9kOs1E4YYpi77HzQmFHR7KtpXDDu5z:Yj9C6UwTdF9KtpXg

Score

1^/10

Malware Config

Signatures

Files

bd402ec9d00ba438944551b562fe526a60bbdf4e4780af8dff8031414e13f366
.exe windows:5 windows x86 arch:x86

b5c5f82a275e852e48de208b43b8babb

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

28:cf:d4:65:57:b4:0e:ab:2f:60:ef:b3:7f:0e:6f:cb
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17/01/2020, 00:00

Not After

16/01/2023, 23:59

Subject

SERIALNUMBER=913100006317722856,CN=Shanghai Oriental Webcasting Co. Ltd.,OU=技术管理中心,O=Shanghai Oriental Webcasting Co. Ltd.,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:36:bf:24:63:4e:7a:c1:27:ca:a6:d0:ba:08:6c:2e:42:a6:90:d0:cb:c9:b4:b3:25:d5:16:cc:ca:86:2d:34
Signer

Actual PE Digest

c5:36:bf:24:63:4e:7a:c1:27:ca:a6:d0:ba:08:6c:2e:42:a6:90:d0:cb:c9:b4:b3:25:d5:16:cc:ca:86:2d:34

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MulDiv
LoadLibraryW
CreateEventW
Sleep
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetFullPathNameW
FreeLibraryAndExitThread
SetThreadExecutionState
ExitThread
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
ExpandEnvironmentStringsW
PeekNamedPipe
WaitForMultipleObjects
GetSystemDirectoryA
SleepEx
LoadLibraryA
GetNativeSystemInfo
SetLastError
GetProcessHeap
GetLocalTime
GetPrivateProfileIntW
GetTempPathW
CopyFileW
HeapFree
HeapAlloc
GetProcAddress
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
GetCurrentThreadId
CreateThread
RaiseException
ResetEvent
WaitForSingleObjectEx
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedIncrement
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetVersionExW
GetTickCount
GetLongPathNameW
GetExitCodeProcess
OpenProcess
GetModuleFileNameW
GetCurrentDirectoryW
GetACP
MultiByteToWideChar
FreeResource
LockResource
LoadResource
SizeofResource
GetFileSize
FindResourceW
ExitProcess
InterlockedCompareExchange
InterlockedDecrement
GlobalLock
GlobalUnlock
GetFileType
SetFilePointer
SetFileTime
DuplicateHandle
SystemTimeToFileTime
DosDateTimeToFileTime
CreateDirectoryW
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
LocalAlloc
LocalFree
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FindClose
lstrcpyW
FindFirstFileW
FindNextFileW
DecodePointer
HeapReAlloc
HeapSize
GetSystemDirectoryW
GetVolumeInformationW
GetSystemInfo
FormatMessageW
FileTimeToSystemTime
SetErrorMode
GetCommandLineW
DeviceIoControl
OutputDebugStringA
SetPriorityClass
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
GetStdHandle
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
OutputDebugStringW
SetStdHandle
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
GetTimeZoneInformation
FlushFileBuffers
WriteConsoleW
SetEndOfFile
OpenFileMappingW
CreateFileMappingW
CreateMutexW
UnmapViewOfFile
MapViewOfFile
WaitForSingleObject
ReleaseMutex
GlobalFree
GlobalAlloc
CreateFileW
CloseHandle
ReadFile
WriteFile
IsProcessorFeaturePresent
GetLastError

user32

SetPropW
GetPropW
LoadCursorW
MonitorFromWindow
SetCursor
InflateRect
CharNextW
IntersectRect
CharPrevW
DrawTextW
FillRect
SetRect
IsIconic
SetWindowRgn
GetWindowRgn
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
CreateCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
GetSysColor
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MoveWindow
InvalidateRgn
LoadStringW
FindWindowW
GetClassInfoExW
GetUpdateRect
EndPaint
BeginPaint
ReleaseCapture
SetCapture
GetKeyState
GetFocus
SetFocus
IsZoomed
UpdateLayeredWindow
DestroyWindow
IsWindow
CreateWindowExW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
MonitorFromPoint
RegisterClassExW
RegisterClassW
EnableWindow
CallWindowProcW
DefWindowProcW
wsprintfW
GetWindow
CreateAcceleratorTableW
IsWindowVisible
IsRectEmpty
UnionRect
MapWindowPoints
GetParent
GetCursorPos
MessageBoxW
ShowWindow
PostQuitMessage
PostMessageW
RegisterWindowMessageW
KillTimer
SetTimer
EnumDisplayMonitors
OffsetRect
GetDesktopWindow
SetWindowLongW
GetWindowLongW
ShowCursor
GetSystemMetrics
SetWindowPos
PtInRect
GetWindowRect
ReleaseDC
GetDC
GetMonitorInfoW
ScreenToClient
GetClientRect
SystemParametersInfoW
InvalidateRect

gdi32

ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
MoveToEx
SelectClipRgn
LineTo
PtInRegion
GetObjectA
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetTextExtentPoint32W
CreateRectRgn
GetClipBox
GetCharABCWidthsW
CreateFontIndirectW
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
SetWindowOrgEx
GetObjectW
CreateDIBSection
GetTextMetricsW
SaveDC
RestoreDC
Rectangle
GetStockObject
CreatePen
TextOutW
GetDeviceCaps

ole32

CoUninitialize
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
RevokeDragDrop
RegisterDragDrop
CoCreateInstance
CoInitialize

gdiplus

GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawArcI
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipSetTextRenderingHint
GdipCreateLineBrushI
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetStringFormatTrimming
GdipCloneBrush
GdipDrawImageRect
GdipGraphicsClear
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawImageRectRect
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromFile
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetCompositingQuality
GdipSetCompositingMode
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipAddPathArcI
GdipAddPathLineI
GdipDeletePath
GdipCreatePath
GdipDrawImageRectI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipDeleteFont
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteBrush

shlwapi

ord219
PathFileExistsW

comctl32

_TrackMouseEvent
ord17

advapi32

DuplicateTokenEx
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RevertToSelf
ImpersonateLoggedOnUser
RegEnumKeyW
RegOpenKeyW
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

iphlpapi

GetAdaptersInfo

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

ws2_32

WSASetLastError
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
htonl
bind
socket
closesocket
WSAGetLastError
send
recv
WSACleanup
WSAStartup
inet_addr
inet_ntoa
gethostbyaddr
gethostbyname
getservbyport
getservbyname
__WSAFDIsSet
select
sendto
recvfrom
accept
listen
ioctlsocket
gethostname
connect

Sections

.text
Size: 735KB - Virtual size: 735KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5c5f82a275e852e48de208b43b8babb

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

28:cf:d4:65:57:b4:0e:ab:2f:60:ef:b3:7f:0e:6f:cbCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

c5:36:bf:24:63:4e:7a:c1:27:ca:a6:d0:ba:08:6c:2e:42:a6:90:d0:cb:c9:b4:b3:25:d5:16:cc:ca:86:2d:34Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ole32

gdiplus

shlwapi

comctl32

advapi32

shell32

oleaut32

iphlpapi

imm32

ws2_32

Sections

.text Size: 735KB - Virtual size: 735KB

.rdata Size: 174KB - Virtual size: 173KB

.data Size: 9KB - Virtual size: 18KB

.gfids Size: 512B - Virtual size: 428B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 312KB - Virtual size: 312KB

.reloc Size: 40KB - Virtual size: 39KB

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

28:cf:d4:65:57:b4:0e:ab:2f:60:ef:b3:7f:0e:6f:cb
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

c5:36:bf:24:63:4e:7a:c1:27:ca:a6:d0:ba:08:6c:2e:42:a6:90:d0:cb:c9:b4:b3:25:d5:16:cc:ca:86:2d:34
Signer

.text
Size: 735KB - Virtual size: 735KB

.rdata
Size: 174KB - Virtual size: 173KB

.data
Size: 9KB - Virtual size: 18KB

.gfids
Size: 512B - Virtual size: 428B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 312KB - Virtual size: 312KB

.reloc
Size: 40KB - Virtual size: 39KB