4fc645dabd7e466c42b78ff12c57fd4cfcdb37e05e8284ac0d03247b50544970

Sharing

Copy URL Twitter E-mail

General

Target

4fc645dabd7e466c42b78ff12c57fd4cfcdb37e05e8284ac0d03247b50544970
Size

1.5MB
MD5

e8275d7b33f480d8741f1e061975dcec
SHA1

3ae0b3ebc4bbf2fff5669849cd6f2e8b7a92bfae
SHA256

4fc645dabd7e466c42b78ff12c57fd4cfcdb37e05e8284ac0d03247b50544970
SHA512

07b684e9902f8195619098a0577635f323a7738fe3ab6907aeefa386f29c443c86ebfc5464d42a5da922ee478a1a3ad8dd857e4207f9f7564e497f61f558549a
SSDEEP

24576:pW99wF4yuuX0NPGX6F+6evGQPITgwZFqlrA/eHAiYD:pW9TJY0+jvoTNZFqlkmHAiY

Score

1^/10

Malware Config

Signatures

Files

4fc645dabd7e466c42b78ff12c57fd4cfcdb37e05e8284ac0d03247b50544970
.exe windows:5 windows x86 arch:x86

19f0eb6b67f6f4fa7f294eb377ea2048

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:ff:90:1e:ad:ca:ed:ce:57:5f:0b:10:7f:7d:f6:99
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/09/2020, 00:00

Not After

08/12/2021, 12:00

Subject

CN=天津迅读科技有限公司,O=天津迅读科技有限公司,ST=天津市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:6a:53:45:5c:c7:00:12:fa:23:ce:7a:80:f8:5e:47
Certificate

Issuer

CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/07/2013, 12:00

Not After

22/10/2023, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c4:e7:29:42:d4:53:f8:65:85:73:ce:fc:26:55:cd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26/10/2021, 00:00

Not After

09/12/2022, 23:59

Subject

CN=天津迅读科技有限公司,O=天津迅读科技有限公司,ST=天津市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:6f:e7:15:25:c3:d8:22:9a:78:5c:81:d5:41:0e:93:a2:84:ac:19:4f:03:f6:f5:8a:3f:38:2f:58:cb:ce:4d
Signer

Actual PE Digest

33:6f:e7:15:25:c3:d8:22:9a:78:5c:81:d5:41:0e:93:a2:84:ac:19:4f:03:f6:f5:8a:3f:38:2f:58:cb:ce:4d

Digest Algorithm

sha256

PE Digest Matches

false

42:30:50:ed:c2:8d:68:ed:61:3a:77:73:b1:b1:39:82:3f:eb:7f:ef
Signer

Actual PE Digest

42:30:50:ed:c2:8d:68:ed:61:3a:77:73:b1:b1:39:82:3f:eb:7f:ef

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\data_recovery\Output\Bin\Release\convHelper.pdb

Imports

kernel32

Process32FirstW
Process32NextW
SetUnhandledExceptionFilter
GetLocalTime
IsBadReadPtr
VirtualProtect
ExitProcess
LocalFree
UnmapViewOfFile
SetEndOfFile
CreateFileMappingW
MapViewOfFile
RemoveDirectoryW
GetLongPathNameW
DeviceIoControl
lstrcmpA
OpenEventW
OpenFileMappingW
GetThreadLocale
SetThreadLocale
SetErrorMode
ReadFile
GetFileSize
WideCharToMultiByte
LoadLibraryW
GetExitCodeProcess
CreateProcessW
CreateDirectoryW
WriteConsoleW
FlushFileBuffers
DeleteFileW
SetEnvironmentVariableA
FreeEnvironmentStringsW
CreateToolhelp32Snapshot
GetCommandLineA
GetOEMCP
IsValidCodePage
SetFileAttributesW
GetTimeZoneInformation
GetConsoleCP
SetStdHandle
ReadConsoleW
GetConsoleMode
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetACP
GetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
QueryPerformanceCounter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetStartupInfoW
CreatePipe
GetEnvironmentStringsW
MoveFileExW
CreateMutexW
GetQueuedCompletionStatus
InterlockedExchange
CreateIoCompletionPort
CreateEventW
GetExitCodeThread
GetSystemInfo
PostQueuedCompletionStatus
Sleep
WaitForSingleObject
SetProcessShutdownParameters
WriteFile
OutputDebugStringW
CloseHandle
SetFilePointer
CreateFileW
TerminateProcess
DecodePointer
GetCommandLineW
SetEvent
ResetEvent
GetNativeSystemInfo
lstrlenA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindClose
FindNextFileW
FindFirstFileW
GetFileAttributesExW
lstrlenW
CreateThread
TerminateThread
InitializeCriticalSection
GetVersionExW
GetTempPathW
MulDiv
GetCurrentProcessId
OpenProcess
GetVersion
GlobalFree
FindFirstFileExW
GlobalAlloc
LoadLibraryExW
MultiByteToWideChar
lstrcmpiW
FreeLibrary
GetCurrentProcess
GetProcAddress
GetModuleHandleW
SetLastError
RaiseException
GetCurrentThreadId
GetPrivateProfileStringW
GetLastError
GetTickCount
WritePrivateProfileStringW
GetPrivateProfileIntW
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetModuleFileNameW

user32

IsClipboardFormatAvailable
RegisterClipboardFormatW
GetSysColor
GetCursorPos
PtInRect
GetClassInfoExW
RegisterClassExW
UnregisterClassW
wsprintfW
MessageBoxW
SetCaretPos
CreateCaret
LoadCursorW
CreateWindowExW
SetWindowLongW
GetWindowLongW
CallWindowProcW
CharNextW
ShowWindow
PostMessageW
SendMessageW
SetRectEmpty
SystemParametersInfoW
MoveWindow
GetDlgItem
KillTimer
SetTimer
FindWindowW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
EqualRect
SetCursor
ClientToScreen
ScreenToClient
GetDoubleClickTime
GetParent
CopyRect
IntersectRect
IsRectEmpty
GetIconInfo
DrawTextW
BeginPaint
EndPaint
IsIconic
GetClientRect
InvalidateRect
TrackMouseEvent
SetFocus
SetCapture
ReleaseCapture
GetWindowRect
SetWindowRgn
SetWindowPos
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindow
EnableWindow
GetForegroundWindow
GetWindowTextW
SetForegroundWindow
DestroyWindow
IsWindow
GetCaretBlinkTime
UpdateWindow
FillRect
GetFocus
GetWindowTextLengthW
SetWindowTextW
IsZoomed
MonitorFromRect
OffsetRect
SetLayeredWindowAttributes
GetDC
ReleaseDC
GetWindowThreadProcessId
AttachThreadInput
DefWindowProcW
IsWindowVisible
PostQuitMessage
BringWindowToTop
SetActiveWindow
UpdateLayeredWindow

gdi32

CreateFontIndirectW
RestoreDC
ExtSelectClipRgn
CreateRectRgnIndirect
SaveDC
GetDeviceCaps
CreateRectRgn
CombineRgn
CreateRoundRectRgn
SetTextColor
SetBkMode
GetBitmapBits
GetTextColor
SetStretchBltMode
DeleteDC
BitBlt
SetPixel
CreateCompatibleDC
GetObjectW
CreateDIBSection
Rectangle
SelectObject
CreatePen
DeleteObject
GetStockObject
GetCurrentObject
SetTextCharacterExtra
SetBitmapBits
SetBkColor
CreateSolidBrush
GetViewportOrgEx
StretchBlt

advapi32

RegQueryValueExW
GetUserNameW
RegEnumKeyW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

shell32

ord165
SHChangeNotify
ShellExecuteW
ShellExecuteExW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFolderPathW
SHGetMalloc

ole32

CoInitializeSecurity
RegisterDragDrop
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
OleRun
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

LoadRegTypeLi
SysFreeString
LoadTypeLi
VariantClear
VariantInit
VarBstrCmp
GetErrorInfo
VariantCopy
SysAllocString
VarUI4FromStr
SysStringLen

shlwapi

SHGetValueW
SHDeleteValueW
PathRemoveExtensionW
PathCanonicalizeW
PathRemoveBackslashW
PathFileExistsW
PathFindExtensionW
PathAppendW
PathRemoveFileSpecW
PathFindFileNameW
PathCombineW
PathIsDirectoryW
StrStrIW
PathSearchAndQualifyW
PathIsPrefixW

comctl32

ord17

msimg32

AlphaBlend

wininet

InternetCrackUrlW
InternetConnectW
InternetOpenW
InternetSetOptionW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
InternetCloseHandle
InternetReadFile

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipBitmapLockBits
GdipCloneBrush
GdipCreateSolidFill
GdipSetTextRenderingHint
GdipDrawString
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdiplusStartup
GdipDeleteBrush

riched20

ord4

crypt32

CertGetNameStringW
CryptBinaryToStringW
CryptStringToBinaryW

netapi32

Netbios

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

iphlpapi

GetAdaptersInfo
GetIpAddrTable

psapi

EnumProcessModules

secur32

GetUserNameExW

Sections

.text
Size: 797KB - Virtual size: 797KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 19KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 430KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

19f0eb6b67f6f4fa7f294eb377ea2048

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

04:ff:90:1e:ad:ca:ed:ce:57:5f:0b:10:7f:7d:f6:99Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

02:6a:53:45:5c:c7:00:12:fa:23:ce:7a:80:f8:5e:47Certificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:c4:e7:29:42:d4:53:f8:65:85:73:ce:fc:26:55:cdCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

33:6f:e7:15:25:c3:d8:22:9a:78:5c:81:d5:41:0e:93:a2:84:ac:19:4f:03:f6:f5:8a:3f:38:2f:58:cb:ce:4dSigner

42:30:50:ed:c2:8d:68:ed:61:3a:77:73:b1:b1:39:82:3f:eb:7f:efSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

wininet

gdiplus

riched20

crypt32

netapi32

version

wintrust

iphlpapi

psapi

secur32

Sections

.text Size: 797KB - Virtual size: 797KB

.rdata Size: 185KB - Virtual size: 185KB

.data Size: 19KB - Virtual size: 100KB

.gfids Size: 1024B - Virtual size: 600B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 430KB - Virtual size: 429KB

.reloc Size: 45KB - Virtual size: 112KB

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

04:ff:90:1e:ad:ca:ed:ce:57:5f:0b:10:7f:7d:f6:99
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

02:6a:53:45:5c:c7:00:12:fa:23:ce:7a:80:f8:5e:47
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:c4:e7:29:42:d4:53:f8:65:85:73:ce:fc:26:55:cd
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

33:6f:e7:15:25:c3:d8:22:9a:78:5c:81:d5:41:0e:93:a2:84:ac:19:4f:03:f6:f5:8a:3f:38:2f:58:cb:ce:4d
Signer

42:30:50:ed:c2:8d:68:ed:61:3a:77:73:b1:b1:39:82:3f:eb:7f:ef
Signer

.text
Size: 797KB - Virtual size: 797KB

.rdata
Size: 185KB - Virtual size: 185KB

.data
Size: 19KB - Virtual size: 100KB

.gfids
Size: 1024B - Virtual size: 600B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 430KB - Virtual size: 429KB

.reloc
Size: 45KB - Virtual size: 112KB