e074afdd8885729dda8e984ad314ff33a102ae0b67339d1eae6d96027fa84f16

Sharing

Copy URL Twitter E-mail

General

Target

e074afdd8885729dda8e984ad314ff33a102ae0b67339d1eae6d96027fa84f16
Size

651KB
MD5

2814bea160e095e64286e27d59af9f5f
SHA1

2c726bdd4f933e933d5c2212c5b58a7910aa36c3
SHA256

e074afdd8885729dda8e984ad314ff33a102ae0b67339d1eae6d96027fa84f16
SHA512

a2ed88ce0c15366b2c030affdecfa8d34f45f6a3cf6451955a4d4a83a9cd1d4152d44a63d48fd6671b65d7968de2c64dccdb3a3bd4544a470c844c559464d3cd
SSDEEP

12288:E4tZiDgofEeKSmaCeXDdazi01LAlzVJM2pwlCSXRnHb76A1hygYg6Ghd:lyDXzIaZUj12JM2+TgVzKd

Score

1^/10

Malware Config

Signatures

Files

e074afdd8885729dda8e984ad314ff33a102ae0b67339d1eae6d96027fa84f16
.zip
MsXML/RegXML.bat
MsXML/msxml4.dll
.dll regsvr32 windows:5 windows x86 arch:x86

c15ed04b7f96417436d03d1ab8b9e327

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:27:8e:85:ea:fe:62:9a:f2:92:1d:a2:68:f7:21:56
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/03/2022, 00:00

Not After

27/02/2025, 23:59

Subject

CN=恒生电子股份有限公司,O=恒生电子股份有限公司,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:92:a7:05:2f:79:e5:ca:95:45:ae:d0:dd:01:05:d2:b0:21:0a:34
Signer

Actual PE Digest

22:92:a7:05:2f:79:e5:ca:95:45:ae:d0:dd:01:05:d2:b0:21:0a:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CLSIDFromProgID
CreateStreamOnHGlobal
CoTaskMemFree
CreateBindCtx
CoCreateFreeThreadedMarshaler
StringFromCLSID
CoTaskMemAlloc
CoCreateInstance

shlwapi

ord44
ord45
ord28
ord311
ord310
StrCpyW
StrCatW
ord158
ord156
PathIsURLW
PathSearchAndQualifyW
UrlCreateFromPathW
UrlUnescapeW
PathCreateFromUrlW
PathIsRelativeW
UrlGetLocationW
UrlCanonicalizeW
ord52
UrlIsW
ord66
ord29
ord38
StrToIntW
StrCmpNIW
StrCmpNW
StrCmpW
ord15
ord115

kernel32

LeaveCriticalSection
LocalAlloc
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
RtlUnwind
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetStdHandle
SetHandleCount
ExitProcess
VirtualProtect
GetCommandLineA
GetCPInfo
GetModuleHandleW
GetDateFormatW
GetTimeFormatW
GetThreadLocale
DebugBreak
GetProcAddress
LoadLibraryA
FreeLibrary
lstrcmpA
MultiByteToWideChar
ExpandEnvironmentStringsA
TlsGetValue
lstrcpyA
GetModuleFileNameA
OutputDebugStringA
InterlockedDecrement
InterlockedIncrement
HeapFree
HeapSize
HeapAlloc
HeapReAlloc
VirtualFree
VirtualAlloc
GetProcessHeap
TlsSetValue
CloseHandle
GetCurrentThreadId
DuplicateHandle
GetCurrentThread
GetCurrentProcess
GetModuleHandleA
GetVersionExA
TlsAlloc
TlsFree
InitializeCriticalSection
WaitForSingleObject
GetTickCount
ReleaseSemaphore
InterlockedExchange
DeleteCriticalSection
EnterCriticalSection
CreateSemaphoreA
CreateEventA
Sleep
GetExitCodeThread
VirtualQuery
GetThreadContext
ResumeThread
SuspendThread
SetEvent
ResetEvent
HeapDestroy
GetLastError
HeapCreate
GetSystemInfo
SetLastError
RaiseException
WideCharToMultiByte
LoadResource
FormatMessageA
FormatMessageW
LoadLibraryExA
FileTimeToSystemTime
SystemTimeToFileTime
WriteFile
SetFilePointer
GetFileType
FlushFileBuffers
ReadFile
SetEndOfFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 970KB - Virtual size: 969KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MsXML/msxml4a.dll
.dll windows:5 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:27:8e:85:ea:fe:62:9a:f2:92:1d:a2:68:f7:21:56
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/03/2022, 00:00

Not After

27/02/2025, 23:59

Subject

CN=恒生电子股份有限公司,O=恒生电子股份有限公司,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:40:4f:4b:10:80:01:43:12:72:92:16:03:cb:83:ed:7d:71:fa:31
Signer

Actual PE Digest

43:40:4f:4b:10:80:01:43:12:72:92:16:03:cb:83:ed:7d:71:fa:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MsXML/msxml4r.dll
.dll windows:5 windows x86 arch:x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:27:8e:85:ea:fe:62:9a:f2:92:1d:a2:68:f7:21:56
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/03/2022, 00:00

Not After

27/02/2025, 23:59

Subject

CN=恒生电子股份有限公司,O=恒生电子股份有限公司,L=杭州市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d3:02:d5:96:a5:89:e5:f9:d5:e4:46:f3:ba:25:bd:c6:7c:3e:6c:a6
Signer

Actual PE Digest

d3:02:d5:96:a5:89:e5:f9:d5:e4:46:f3:ba:25:bd:c6:7c:3e:6c:a6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c15ed04b7f96417436d03d1ab8b9e327

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:27:8e:85:ea:fe:62:9a:f2:92:1d:a2:68:f7:21:56Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

22:92:a7:05:2f:79:e5:ca:95:45:ae:d0:dd:01:05:d2:b0:21:0a:34Signer

Headers

File Characteristics

Imports

ole32

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 970KB - Virtual size: 969KB

.data Size: 66KB - Virtual size: 67KB

.rsrc Size: 108KB - Virtual size: 107KB

.reloc Size: 59KB - Virtual size: 59KB

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:27:8e:85:ea:fe:62:9a:f2:92:1d:a2:68:f7:21:56Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

43:40:4f:4b:10:80:01:43:12:72:92:16:03:cb:83:ed:7d:71:fa:31Signer

Headers

File Characteristics

Sections

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 512B - Virtual size: 8B

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:27:8e:85:ea:fe:62:9a:f2:92:1d:a2:68:f7:21:56Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

d3:02:d5:96:a5:89:e5:f9:d5:e4:46:f3:ba:25:bd:c6:7c:3e:6c:a6Signer

Headers

File Characteristics

Sections

.rsrc Size: 79KB - Virtual size: 79KB

.reloc Size: 512B - Virtual size: 8B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:27:8e:85:ea:fe:62:9a:f2:92:1d:a2:68:f7:21:56
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

22:92:a7:05:2f:79:e5:ca:95:45:ae:d0:dd:01:05:d2:b0:21:0a:34
Signer

.text
Size: 970KB - Virtual size: 969KB

.data
Size: 66KB - Virtual size: 67KB

.rsrc
Size: 108KB - Virtual size: 107KB

.reloc
Size: 59KB - Virtual size: 59KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:27:8e:85:ea:fe:62:9a:f2:92:1d:a2:68:f7:21:56
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

43:40:4f:4b:10:80:01:43:12:72:92:16:03:cb:83:ed:7d:71:fa:31
Signer

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 512B - Virtual size: 8B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:27:8e:85:ea:fe:62:9a:f2:92:1d:a2:68:f7:21:56
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

d3:02:d5:96:a5:89:e5:f9:d5:e4:46:f3:ba:25:bd:c6:7c:3e:6c:a6
Signer

.rsrc
Size: 79KB - Virtual size: 79KB

.reloc
Size: 512B - Virtual size: 8B