e3e02e5f4e103f5e0d7d65a71b583a1501e7f25b50f42a56dbd9511d6c4e7728

Sharing

Copy URL

Twitter E-mail

General

Target

e3e02e5f4e103f5e0d7d65a71b583a1501e7f25b50f42a56dbd9511d6c4e7728
Size

2.1MB
MD5

7d4d4dd3885b491ec931081b50fa237c
SHA1

3a0041a0242f0368989b1ec42777173d3712cfc5
SHA256

e3e02e5f4e103f5e0d7d65a71b583a1501e7f25b50f42a56dbd9511d6c4e7728
SHA512

5d8e3f63c11d2e065ac3f9edae53cb2dbd36259e3c5cc0d0caa7f158e90741e9747142585e83985bd49960950f22026cf5fb38003aeb0ab593818a8edaf9c627
SSDEEP

49152:rqVheN1cZ4WbWWqCtiKZI86CPYV09Nhuy/cj6Kf9qLE:euN1cZrCWqoiKZITCPYVS3uy/cj6O

Score

1^/10

Malware Config

Signatures

Files

e3e02e5f4e103f5e0d7d65a71b583a1501e7f25b50f42a56dbd9511d6c4e7728
.exe windows:6 windows x86 arch:x86

bed4f9a1fc75c478fecee651663686ef

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:bd:22:19:37:f2:d7:96:fa:70:29:54:7b:19:03:01
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

02/12/2024, 23:59

Subject

SERIALNUMBER=91510107765360104N,CN=CHENGDU YIWO Tech Development Co.\, Ltd.,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=成都市,ST=四川省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e6ada6e4beafe58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e59b9be5b79de79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1c:5e:6e:34:cc:0a:78:65:75:e1:3b:38:ab:ae:7c:b6:a2:35:19:76:9b:96:a8:e4:5f:7c:99:a6:2c:ef:8f:b4
Signer

Actual PE Digest

1c:5e:6e:34:cc:0a:78:65:75:e1:3b:38:ab:ae:7c:b6:a2:35:19:76:9b:96:a8:e4:5f:7c:99:a6:2c:ef:8f:b4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\FileRepair\DRWIntelligentScan\bin\Release\Win32\EUOfficeViewer.pdb

Imports

kernel32

FindNextFileW
FindFirstFileExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
CompareStringW
CreateFileW
GetEnvironmentStringsW
GetFileType
SetStdHandle
QueryPerformanceFrequency
HeapQueryInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
VirtualQuery
VirtualAlloc
GetSystemInfo
RtlUnwind
OutputDebugStringW
IsValidCodePage
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStdHandle
WriteConsoleW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WideCharToMultiByte
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
GetTempFileNameA
SearchPathA
GetProfileIntA
GetTempPathA
VerifyVersionInfoA
VerSetConditionMask
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
FindResourceExW
GetWindowsDirectoryA
GetVolumeInformationA
lstrcmpiA
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
CreateFileA
GetCurrentDirectoryA
GetCPInfo
GetOEMCP
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GlobalFlags
GetACP
InitializeCriticalSectionAndSpinCount
GetTickCount
ResumeThread
SetThreadPriority
SetEvent
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpA
GetVersionExA
GetCurrentThread
GetThreadLocale
FileTimeToSystemTime
GetModuleFileNameA
GetCurrentProcessId
CopyFileA
FormatMessageA
GlobalSize
GlobalAlloc
CompareStringA
MultiByteToWideChar
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryA
LoadLibraryExW
FreeLibrary
GetSystemDirectoryW
EncodePointer
MulDiv
FindResourceA
GlobalFree
GlobalUnlock
GlobalLock
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
FreeResource
SetLastError
OutputDebugStringA
Sleep
DeleteCriticalSection
DecodePointer
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
CreateThread
WaitForSingleObject
ExitProcess
GetCurrentThreadId
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
TerminateProcess
GetFileAttributesA
CloseHandle
SetErrorMode
LocalFree
GetCommandLineW
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcpyA
HeapFree
GetProcessHeap
HeapAlloc
GetLastError
FindResourceW
LoadResource
LockResource
SizeofResource

user32

CreateAcceleratorTableA
LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
GetComboBoxInfo
MonitorFromPoint
UpdateLayeredWindow
UnionRect
FrameRect
CopyIcon
SetCursorPos
GetSystemMenu
LoadMenuW
IsZoomed
DrawFrameControl
DrawEdge
DrawStateA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetWindowRgn
SetClassLongA
EnumDisplayMonitors
SetLayeredWindowAttributes
GetKeyNameTextA
MapVirtualKeyA
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetIconInfo
DrawIconEx
DrawFocusRect
ReuseDDElParam
UnpackDDElParam
LoadImageA
InsertMenuItemA
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
LoadImageW
TrackMouseEvent
GetMenuDefaultItem
CreatePopupMenu
PostThreadMessageA
CharUpperA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
DeleteMenu
LoadCursorW
WindowFromPoint
ReleaseCapture
SetCapture
WaitMessage
DestroyIcon
GetAsyncKeyState
LoadCursorA
GetSysColorBrush
CopyImage
SystemParametersInfoA
GetMenuItemInfoA
DestroyMenu
RealChildWindowFromPoint
DestroyAcceleratorTable
OffsetRect
SetRectEmpty
IntersectRect
InflateRect
RegisterClipboardFormatA
SetCursor
ShowOwnedPopups
GetCursorPos
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
RemoveMenu
AppendMenuA
InsertMenuA
GetMenuState
GetMenuStringA
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageA
SendDlgItemMessageA
CheckDlgButton
MoveWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongA
PtInRect
EqualRect
GetWindowLongA
SetWindowLongA
IsIconic
SendMessageA
GetSystemMetrics
CopyRect
MapWindowPoints
MessageBoxA
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
GetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
GetForegroundWindow
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuA
CharUpperBuffA
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
SubtractRect
TrackPopupMenu
GetMenuItemCount
CreateMenu
GetWindowRgn
DestroyCursor
GetClientRect
InvalidateRect
EnableWindow
LoadBitmapW
SetWindowPos
PostMessageA
ShowWindow
GetClassInfoA
FindWindowA
SetActiveWindow
GetSubMenu
SetForegroundWindow
FindWindowExA
IsWindow
LoadIconW
SetParent
IsWindowVisible
GetWindowRect
SetRect
GetWindowThreadProcessId
AttachThreadInput
BringWindowToTop
SwitchToThisWindow
SetScrollRange
SetScrollPos
SetWindowTextA
DrawIcon
SetTimer
ReleaseDC
GetWindowDC
IsRectEmpty
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
GetWindow
UnregisterClassA
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
GetDesktopWindow
GetParent
DrawTextA
DrawTextExA
GrayStringA
TabbedTextOutA
GetDC
BeginPaint
EndPaint
ClientToScreen
ScreenToClient
GetSysColor
FillRect
RegisterWindowMessageA
PeekMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
CallWindowProcA
RegisterClassA
GetClassInfoExA
CreateWindowExA
IsMenu
IsChild
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgCtrlID
SetFocus
GetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
GetMenuItemID

gdi32

SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CopyMetaFileA
CreateDCA
CombineRgn
CreateFontIndirectA
CreateRectRgnIndirect
PatBlt
SetRectRgn
GetTextExtentPoint32A
GetTextMetricsA
GetBkColor
GetRgnBox
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
SetViewportExtEx
CreateRoundRectRgn
LPtoDP
Rectangle
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceA
SetROP2
SetPolyFillMode
ExtTextOutA
TextOutA
MoveToEx
Polyline
GetTextColor
GetLayout
SetLayout
SetMapMode
SetBkColor
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetDeviceCaps
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateBitmap
GetMapMode
DPtoLP
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SetStretchBltMode
DeleteDC
DeleteObject
SetTextColor
SetBkMode
GetObjectA
SelectObject
SetTextAlign

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyA
RegQueryValueExA
RegCloseKey
RegEnumValueA
RegOpenKeyExW
RegEnumKeyExA
RegQueryValueA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueA

shell32

ExtractIconA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileA
DragFinish
SHAppBarMessage
SHBrowseForFolderA
ShellExecuteA
CommandLineToArgvW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathStripToRootA
StrFormatKBSizeA
PathRemoveFileSpecW
PathIsUNCA
PathFindFileNameA

uxtheme

GetThemeSysColor
GetWindowTheme
IsAppThemed
GetThemePartSize
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor

ole32

CreateILockBytesOnHGlobal
OleIsCurrentClipboard
CoRegisterMessageFilter
CoInitializeEx
CreateStreamOnHGlobal
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleFlushClipboard
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoCreateGuid
OleRun
CLSIDFromProgID
CLSIDFromString
CoRevokeClassObject
CoRegisterClassObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysAllocStringByteLen
SysAllocStringLen
SysAllocString
VariantCopy
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysStringByteLen
VariantInit
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
VariantChangeType
SysFreeString
VariantClear

oledlg

ord8

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bed4f9a1fc75c478fecee651663686ef

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:bd:22:19:37:f2:d7:96:fa:70:29:54:7b:19:03:01Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

1c:5e:6e:34:cc:0a:78:65:75:e1:3b:38:ab:ae:7c:b6:a2:35:19:76:9b:96:a8:e4:5f:7c:99:a6:2c:ef:8f:b4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 320KB - Virtual size: 320KB

.data Size: 23KB - Virtual size: 40KB

.rsrc Size: 99KB - Virtual size: 98KB

.reloc Size: 139KB - Virtual size: 138KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:bd:22:19:37:f2:d7:96:fa:70:29:54:7b:19:03:01
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1c:5e:6e:34:cc:0a:78:65:75:e1:3b:38:ab:ae:7c:b6:a2:35:19:76:9b:96:a8:e4:5f:7c:99:a6:2c:ef:8f:b4
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 320KB - Virtual size: 320KB

.data
Size: 23KB - Virtual size: 40KB

.rsrc
Size: 99KB - Virtual size: 98KB

.reloc
Size: 139KB - Virtual size: 138KB