ac03119a69689a4f000b38ae954520439bf30cc36faa542ae00649f20e62c620

Sharing

Copy URL Twitter E-mail

General

Target

ac03119a69689a4f000b38ae954520439bf30cc36faa542ae00649f20e62c620
Size

1.5MB
MD5

33e49f5ef87964f58768070988cbc53f
SHA1

51584151d025197cbf57d903843e65812c16fa23
SHA256

ac03119a69689a4f000b38ae954520439bf30cc36faa542ae00649f20e62c620
SHA512

8c60a4d732e575b55790709fd25a031956cad2e7d3ec711aaf34f64142c0741cf235453e5790103d6efe70f93abbccf904e7bb18927262e9b7b249f43f97a6e7
SSDEEP

49152:dvcCtcOYXekJEyUK+I626FGwbthWof9VbGC04br:NOOYXe9yUKERv

Score

1^/10

Malware Config

Signatures

Files

ac03119a69689a4f000b38ae954520439bf30cc36faa542ae00649f20e62c620
.dll regsvr32 windows:5 windows x64 arch:x64

78bd99d3c8b1d7ace06181deb2a409c2

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:87:19:1b:5d:eb:87:d6:f9:08:c0:af
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

27/11/2023, 08:40

Not After

27/11/2024, 08:40

Subject

SERIALNUMBER=23829868,CN=CyberLink Corp.,OU=IT,O=CyberLink Corp.,STREET=15F.\, No. 100\, Minquan Rd.\, Xindian Dist.,L=New Taipei City,ST=New Taipei City,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:2f:88:da:8f:67:f0:54:28:6e:91:ef:7a:08:f2:f1:d4:07:f7:13:3e:63:ea:b7:1e:89:28:fc:9a:b9:23:55
Signer

Actual PE Digest

0f:2f:88:da:8f:67:f0:54:28:6e:91:ef:7a:08:f2:f1:d4:07:f7:13:3e:63:ea:b7:1e:89:28:fc:9a:b9:23:55

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\RDBuildPool\20240308-08239\build_vs2012\x64\Formal\claud.pdb

Imports

dsound

ord11

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiClassGuidsFromNameA

winmm

timeSetEvent
timeGetTime
waveOutGetNumDevs
waveOutOpen
waveOutClose
waveOutGetDevCapsA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
VirtualFree
SetThreadAffinityMask
InitializeCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
MulDiv
GetModuleFileNameA
Sleep
CreateEventA
LockResource
FreeLibrary
GetProcAddress
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
LoadResource
GetLocalTime
GetSystemInfo
SystemTimeToFileTime
LoadLibraryA
LoadLibraryW
IsDebuggerPresent
GetModuleHandleA
FindResourceA
CreateFileA
GetFileAttributesA
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
CreateThread
IsDBCSLeadByte
GetLocaleInfoA
GetLastError
FormatMessageA
lstrlenA
GetExitCodeThread
ReleaseSemaphore
OutputDebugStringA
OutputDebugStringW
GetSystemTime
GetModuleHandleW
GetCurrentProcess
GetProcessAffinityMask
SetProcessAffinityMask
WriteFile
ReadFile
CreateProcessA
ConnectNamedPipe
CreateNamedPipeA
DisableThreadLibraryCalls
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
GetTickCount
CreateSemaphoreA
DuplicateHandle
lstrcmpW
lstrlenW
GetACP
SetErrorMode
lstrcmpiA
CreateFileW
_llseek
IsProcessorFeaturePresent
QueryPerformanceCounter
GetModuleFileNameW
GetSystemTimeAsFileTime

user32

SendMessageA
ShowWindow
SetWindowPos
GetDlgItem
InvalidateRect
MsgWaitForMultipleObjects
GetQueueStatus
PostThreadMessageA
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
LoadCursorW
GetSystemMetrics
CreateWindowExW
RegisterClassW
DefWindowProcW
LoadCursorA
RegisterClassExA
GetClassInfoA
UnregisterClassA
PostQuitMessage
MessageBoxA
LoadStringW
SetParent
GetDesktopWindow
CreateDialogParamA
DestroyWindow
DefWindowProcA
SendDlgItemMessageA
SetDlgItemTextA
LoadBitmapA
ScreenToClient
GetClientRect
MoveWindow
IsWindow
CreateWindowExA
LoadStringA
GetWindowLongPtrA
SetWindowLongA
GetWindowLongA
GetWindowRect
GetWindowTextA
SetWindowTextA
GetDC
IsWindowEnabled
EnableWindow
KillTimer
SetTimer
GetKeyState
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
SetWindowLongPtrA

gdi32

GetStockObject
GetTextExtentPoint32A

advapi32

RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyA
RegSetValueA
RegCloseKey
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegNotifyChangeKeyValue
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegSetValueW

shell32

ShellExecuteExA

ole32

StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CreateItemMoniker
GetRunningObjectTable
CoInitialize
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CLSIDFromString

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString

msvcp110

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ

msvcr110

log10f
sinf
cosf
cos
pow
log
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBV01@@Z
??0exception@std@@QEAA@AEBQEBD@Z
sqrtf
sqrt
sin
exp
ceil
strcpy_s
_wfopen
_vswprintf
fgetws
wcstoul
wcstol
srand
rand
_wcsicmp
wcsstr
_time64
mbstowcs_s
wcscat_s
strcat_s
vswprintf_s
vfprintf
fputs
fputc
fprintf
fopen_s
_strnicmp
wcstombs
mbstowcs
atanf
strrchr
_beginthread
fgets
strtok_s
strstr
_strlwr
strchr
swprintf_s
memcmp
_wsplitpath_s
_wmakepath_s
malloc
free
_stricmp
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtCapturePreviousContext
__crtCaptureCurrentContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
_CxxThrowException
memset
_splitpath_s
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__C_specific_handler
?terminate@@YAXXZ
wcscpy_s
_vsnwprintf_s
_vsnprintf_s
memmove_s
memmove
vsprintf_s
calloc
sprintf_s
_swab
ldexp
strtol
??0exception@std@@QEAA@XZ
_errno
_strupr
memcpy_s
_purecall
??3@YAXPEAX@Z
??_V@YAXPEAX@Z
??2@YAPEAX_K@Z
fwrite
__CxxFrameHandler3
fclose
fopen

shlwapi

PathRemoveFileSpecW

Exports

Exports

??0CDTSintA@@QEAA@AEBV0@@Z
??0CDTSintA@@QEAA@HH@Z
??0CPL2XAPI@@QEAA@AEBV0@@Z
??0CPL2XAPI@@QEAA@XZ
??1CDTSintA@@QEAA@XZ
??1CPL2XAPI@@UEAA@XZ
??4CDTSintA@@QEAAAEAV0@AEBV0@@Z
??4CPL2XAPI@@QEAAAEAV0@AEBV0@@Z
??8CDTSintA@@QEBA_NAEBV0@@Z
??ACDTSintA@@QEAAAEAIH@Z
??ACDTSintA@@QEBAAEBIH@Z
??HCDTSintA@@QEAA?AV0@AEBI@Z
??HCDTSintA@@QEAA?AV0@AEBV0@@Z
??YCDTSintA@@QEAAAEAV0@AEBI@Z
??YCDTSintA@@QEAAAEAV0@AEBV0@@Z
??_7CPL2XAPI@@6B@
??_FCDTSintA@@QEAAXXZ
?GetAt@CDTSintA@@QEBAPEAIH@Z
?GetSize@CDTSintA@@QEBAHXZ
?RemoveAll@CDTSintA@@QEAAXXZ
?SetSize@CDTSintA@@QEAA_NH@Z
?clear@CDTSintA@@QEAAXXZ
?compare@CDTSintA@@QEBA_NAEBV1@@Z
?index@CDTSintA@@QEBAHAEBIH@Z
?length@CDTSintA@@QEBAHXZ
?prepend@CDTSintA@@QEAAAEAV1@AEBI@Z
?prepend@CDTSintA@@QEAAAEAV1@AEBV1@@Z
?realloc@CDTSintA@@QEAA_NH@Z
?remove@CDTSintA@@QEAAXXZ
?remove@CDTSintA@@QEAA_NHH@Z
?setGrowBySize@CDTSintA@@QEAAXH@Z
?size@CDTSintA@@QEBAHXZ
?swap@CDTSintA@@QEAA_NHH@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 971KB - Virtual size: 970KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 272KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78bd99d3c8b1d7ace06181deb2a409c2

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

0b:87:19:1b:5d:eb:87:d6:f9:08:c0:afCertificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

0f:2f:88:da:8f:67:f0:54:28:6e:91:ef:7a:08:f2:f1:d4:07:f7:13:3e:63:ea:b7:1e:89:28:fc:9a:b9:23:55Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dsound

setupapi

winmm

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp110

msvcr110

shlwapi

Exports

Exports

Sections

.text Size: 971KB - Virtual size: 970KB

.rdata Size: 215KB - Virtual size: 214KB

.data Size: 272KB - Virtual size: 282KB

.pdata Size: 39KB - Virtual size: 38KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 10KB - Virtual size: 9KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

0b:87:19:1b:5d:eb:87:d6:f9:08:c0:af
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

0f:2f:88:da:8f:67:f0:54:28:6e:91:ef:7a:08:f2:f1:d4:07:f7:13:3e:63:ea:b7:1e:89:28:fc:9a:b9:23:55
Signer

.text
Size: 971KB - Virtual size: 970KB

.rdata
Size: 215KB - Virtual size: 214KB

.data
Size: 272KB - Virtual size: 282KB

.pdata
Size: 39KB - Virtual size: 38KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 10KB - Virtual size: 9KB