e09445fc60bf5acbec6c374287cc143adf5ce1cf4df1e531bf9a8a20e44f5a67

Sharing

Copy URL

Twitter E-mail

General

Target

e09445fc60bf5acbec6c374287cc143adf5ce1cf4df1e531bf9a8a20e44f5a67
Size

273KB
MD5

cc4f1177fb41b4b2f72708b13c38b1c8
SHA1

0defcaa2810004a850954b5eef92e4ad2324b0a5
SHA256

e09445fc60bf5acbec6c374287cc143adf5ce1cf4df1e531bf9a8a20e44f5a67
SHA512

f46f8216c7b7bc132781477bbdd1c255b2ee465dc8f5bef4811ca4a1c8957a61b4dc1caed0110ec62f3a1a6a834f744daf3adcd4adb283790151560ed579152c
SSDEEP

3072:Qh1y3gtpCP+1Mi+QjXeqB72JbgBzzfNEUUoSC0GdXtGdXrOhEPgDaZJzb:utS+1Mi7HaJEBvNMC0GdXtGdXrOhEP7

Score

1^/10

Malware Config

Signatures

Files

e09445fc60bf5acbec6c374287cc143adf5ce1cf4df1e531bf9a8a20e44f5a67
.exe windows:5 windows x86 arch:x86

f9c3e15a52ccf3e98b9083a336efb809

Code Sign

2b:aa:f9:77:f6:f4:0d:a6:4a:cf:1d:da:51:85:c7:a4
Certificate

Issuer

CN=SHENZHEN SAEJONG IND CO. LTD,O=SaejongAutomation,1.2.840.113549.1.9.1=#0c13696e666f407361656a6f6e672e636f6d2e636e

Not Before

15-12-2023 08:24

Not After

31-12-2039 23:59

Subject

CN=SHENZHEN SAEJONG IND CO. LTD,O=SaejongAutomation,1.2.840.113549.1.9.1=#0c13696e666f407361656a6f6e672e636f6d2e636e

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

36:69:14:44:7e:32:f1:d9:c4:c2:4b:ff:3e:97:02:69:df:30:26:33
Signer

Actual PE Digest

36:69:14:44:7e:32:f1:d9:c4:c2:4b:ff:3e:97:02:69:df:30:26:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\_Temp\Libs\DataCheckTool_v1.0.0.2\Debug\DataCheckTool.pdb

Imports

mfc90ud

ord1133
ord8084
ord8530
ord1561
ord5539
ord286
ord3462
ord292
ord3848
ord961
ord302
ord963
ord6093
ord8111
ord9237
ord5948
ord6270
ord6271
ord3378
ord4008
ord4426
ord915
ord1213
ord7820
ord7456
ord673
ord1140
ord4013
ord4005
ord6531
ord3891
ord1186
ord2174
ord9152
ord291
ord4477
ord2166
ord935
ord8595
ord952
ord2849
ord2565
ord7569
ord6407
ord7029
ord7203
ord2411
ord2410
ord2251
ord2250
ord4659
ord8780
ord2339
ord2336
ord5987
ord2032
ord6446
ord7538
ord2701
ord7420
ord9365
ord6377
ord7593
ord3245
ord1900
ord5197
ord7015
ord6487
ord2307
ord8868
ord7644
ord7642
ord1218
ord1223
ord1227
ord1225
ord1229
ord3551
ord3571
ord3555
ord3561
ord3559
ord3557
ord3574
ord3569
ord5863
ord3576
ord3564
ord3546
ord3548
ord3566
ord3256
ord3243
ord2209
ord9367
ord5739
ord9369
ord5071
ord7299
ord8730
ord4493
ord1968
ord7562
ord2782
ord2385
ord2384
ord2306
ord7590
ord4348
ord6712
ord6466
ord3033
ord1769
ord5990
ord598
ord5062
ord4899
ord406
ord8266
ord3761
ord2942
ord354
ord486
ord396
ord1476
ord6142
ord5487
ord701
ord747
ord811
ord723
ord753
ord5779
ord1453
ord8902
ord2863
ord930
ord950
ord6164
ord6121
ord9366
ord5738
ord9368
ord6537
ord2906
ord2861
ord8169
ord5747
ord1389
ord7462
ord9297
ord7868
ord5781
ord2716
ord4474
ord7626
ord7628
ord3337
ord5991
ord6804
ord7638
ord7603
ord8152
ord3804
ord4122
ord4320
ord6518
ord4097
ord4323
ord3807
ord3996
ord3796
ord5598
ord5599
ord5589
ord3994
ord5994
ord6707
ord872
ord7044
ord6816
ord8633
ord9073
ord2493
ord8615
ord942
ord446
ord3553
ord2390
ord6465
ord3140
ord1857
ord8287
ord5054
ord690
ord6772
ord5530
ord8145
ord943
ord1663
ord1408
ord1503

msvcr90d

_CrtDbgReportW
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
__CxxFrameHandler3
_time64
_gmtime64_s
_localtime64_s
memset
ceil
floor
_snprintf_s
_errno
_CrtDbgReport
strcpy
wcscpy
_vsnprintf_s
_vsnwprintf_s
_snwprintf_s
wcscpy_s
wcsncpy_s
strcpy_s
calloc
_recalloc
memcmp
_wcsicmp
memmove_s
wcslen
_invalid_parameter
_CxxThrowException
setlocale
_wtof
_mktime64
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_CRT_RTC_INITW
_initterm_e
_initterm
_CrtSetCheckCount
_wcmdln
exit
_cexit
_XcptFilter
_exit
__wgetmainargs
_amsg_exit
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
??_V@YAXPAX@Z
free
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ

kernel32

CopyFileW
GetTickCount
Sleep
InterlockedDecrement
InterlockedIncrement
OpenFileMappingA
GetCurrentThread
CreateFileMappingA
MapViewOfFile
GetSystemInfo
UnmapViewOfFile
VirtualAlloc
GetLastError
OutputDebugStringW
OutputDebugStringA
OpenEventA
SetEvent
CloseHandle
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
MulDiv
GetPrivateProfileStringW
DeleteFileW
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
IsDebuggerPresent
RaiseException
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapFree
GetModuleFileNameW
HeapAlloc
VirtualQuery
FreeLibrary
CreateDirectoryW
GetProcessHeap

user32

InflateRect
EqualRect
SetRectEmpty
OffsetRect
PtInRect
IsRectEmpty
CopyRect
IntersectRect
SetRect
SubtractRect
PeekMessageW
GetSystemMetrics
UnionRect

comctl32

InitCommonControlsEx

shlwapi

PathIsDirectoryW
PathFileExistsW

oleaut32

SysFreeString
DosDateTimeToVariantTime
VariantTimeToSystemTime
VarUdateFromDate
VariantChangeType
SystemTimeToVariantTime
VarDateFromStr
VarDateFromUdate

msvcp90d

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Debug_message@std@@YAXPB_W0I@Z
??1_Container_base_secure@std@@QAE@XZ
?_Orphan_all@_Container_base_secure@std@@QBEXXZ
??0_Container_base_secure@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

advapi32

OpenThreadToken
SetThreadToken
RevertToSelf

Sections

.textbss
Size: - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9c3e15a52ccf3e98b9083a336efb809

Code Sign

2b:aa:f9:77:f6:f4:0d:a6:4a:cf:1d:da:51:85:c7:a4Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

36:69:14:44:7e:32:f1:d9:c4:c2:4b:ff:3e:97:02:69:df:30:26:33Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc90ud

msvcr90d

kernel32

user32

comctl32

shlwapi

oleaut32

msvcp90d

advapi32

Sections

.textbss Size: - Virtual size: 79KB

.text Size: 185KB - Virtual size: 185KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 31KB - Virtual size: 30KB

.reloc Size: 8KB - Virtual size: 8KB

2b:aa:f9:77:f6:f4:0d:a6:4a:cf:1d:da:51:85:c7:a4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

36:69:14:44:7e:32:f1:d9:c4:c2:4b:ff:3e:97:02:69:df:30:26:33
Signer

.textbss
Size: - Virtual size: 79KB

.text
Size: 185KB - Virtual size: 185KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 31KB - Virtual size: 30KB

.reloc
Size: 8KB - Virtual size: 8KB