ba2c2017db0418a6756579d8065bb9e4d119f195cea48f1be4262b83f6e3e92e

Sharing

Copy URL Twitter E-mail

General

Target

ba2c2017db0418a6756579d8065bb9e4d119f195cea48f1be4262b83f6e3e92e
Size

7.2MB
MD5

058db3d8d9d599c6b53f8b2f2984be3c
SHA1

72a5e7587b2bf0f94ff76e2e761fe79dab692723
SHA256

ba2c2017db0418a6756579d8065bb9e4d119f195cea48f1be4262b83f6e3e92e
SHA512

44d1ec8003552abe0900df0085815b6fb464e03092ff7779fffe6a150ba4a3c951d0cf20e5e4217dfb2708d8c798f4c8eb1eeb49e459756cdc44a2f2aa494f34
SSDEEP

98304:dpLpjlcrg7mIKBWtH3sHOXWI1ESWb0nuUtLhW9ofgKEhpyCMfVxae0sB7VhL2vuT:vNUnG1jWboNxfDyCVhLF/

Score

1^/10

Malware Config

Signatures

Files

ba2c2017db0418a6756579d8065bb9e4d119f195cea48f1be4262b83f6e3e92e
.exe windows:5 windows x86 arch:x86

9cdfa864ff0a4aadb5f09de5938ac58e

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:a5:fe:9b:e5:03:ef:31:40:c7:84:b4:73:c1:23:99
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

04/11/2021, 00:00

Not After

04/11/2022, 23:59

Subject

CN=Aliket (BeiJing) Software Co.\, Ltd.,O=Aliket (BeiJing) Software Co.\, Ltd.,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d2:fb:33:c4:75:56:6f:00:a6:87:30:f4:07:15:45:ff:11:29:03:a7:46:34:9f:94:4a:d3:de:47:d7:ca:c7:5a
Signer

Actual PE Digest

d2:fb:33:c4:75:56:6f:00:a6:87:30:f4:07:15:45:ff:11:29:03:a7:46:34:9f:94:4a:d3:de:47:d7:ca:c7:5a

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\Piano Main\Piano\BIN\EveryonePiano.pdb

Imports

dsound

ord1
ord3

kernel32

GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
GetDriveTypeA
SetEnvironmentVariableA
GetStringTypeW
GetStringTypeA
LCMapStringA
LeaveCriticalSection
EnterCriticalSection
CreateFileA
GetConsoleMode
SizeofResource
LockResource
LoadResource
FindResourceW
DeleteFileW
InterlockedExchange
GetSystemTime
Sleep
CreateThread
lstrcmpiW
CreateDirectoryW
CreateFileW
GetFileSize
ReadFile
CloseHandle
WriteFile
MulDiv
GetTickCount
LoadLibraryW
GetProcAddress
FreeLibrary
SetEndOfFile
GetFileSizeEx
CopyFileW
WaitForSingleObject
WideCharToMultiByte
lstrlenW
GetVersionExW
MoveFileExW
SetFilePointer
CreateMutexW
GetLastError
CreateProcessW
GetCommandLineW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
FindFirstFileW
FindNextFileW
FindClose
SetThreadPriority
GetFileTime
FileTimeToSystemTime
GetPrivateProfileStringW
HeapAlloc
GetProcessHeap
HeapFree
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
WritePrivateProfileStringW
GetPrivateProfileIntW
GetSystemDefaultLangID
GetLocaleInfoW
lstrlenA
GetSystemInfo
GetCurrentProcess
IsBadCodePtr
lstrcpyW
DuplicateHandle
GetFileType
SystemTimeToFileTime
GetCurrentDirectoryW
DosDateTimeToFileTime
SetFileTime
GetSystemDirectoryW
LocalFree
FormatMessageW
GlobalSize
SetLastError
GetModuleHandleA
GetCurrentProcessId
GetVersionExA
lstrcmpW
LoadLibraryA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetCurrentThreadId
InterlockedDecrement
FileTimeToLocalFileTime
LocalAlloc
GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
GetVolumeInformationW
GetFullPathNameW
ResumeThread
SetEvent
SuspendThread
CreateEventW
lstrcmpA
CompareStringA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GlobalGetAtomNameW
InterlockedIncrement
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetFileAttributesW
SetErrorMode
GetTempFileNameW
GetTempPathW
SearchPathW
GetProfileIntW
VirtualProtect
FindResourceExW
GetStartupInfoW
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualAlloc
VirtualQuery
ExitProcess
HeapSize
HeapReAlloc
RtlUnwind
RaiseException
ExitThread
SetStdHandle
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetConsoleCP

user32

CharUpperW
DestroyMenu
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
CallWindowProcW
GetMenu
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
EndPaint
BeginPaint
GetMenuState
GetMenuStringW
InsertMenuW
RemoveMenu
EnumChildWindows
LoadImageW
LoadMenuW
LoadBitmapW
UpdateWindow
GetWindowDC
SetWindowRgn
GetSubMenu
DrawIconEx
DrawEdge
IsCharLowerW
GetKeyboardLayout
MapVirtualKeyExW
GetKeyNameTextW
MapVirtualKeyW
CharLowerBuffW
AdjustWindowRect
SetWindowLongA
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetWindowRgn
MoveWindow
DestroyWindow
SetWindowPos
ShowWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
FindWindowW
GetFocus
MessageBoxW
PeekMessageW
GrayStringW
DrawTextExW
TabbedTextOutW
DrawStateW
GetIconInfo
IsWindow
DrawFrameControl
InflateRect
OffsetRect
DrawTextW
ChildWindowFromPointEx
IsWindowEnabled
WindowFromPoint
GetCursorPos
GetSysColor
ReleaseCapture
SetCapture
ReleaseDC
ValidateRect
TranslateMessage
GetMessageW
IsWindowVisible
GetDC
DestroyIcon
SetRect
EnableWindow
InvalidateRect
GetWindowRect
ClientToScreen
GetCapture
ScreenToClient
PostMessageW
GetParent
SetCursor
PostQuitMessage
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
LoadCursorW
CopyRect
GetWindowInfo
AppendMenuW
CreatePopupMenu
SetForegroundWindow
IsZoomed
RedrawWindow
MessageBeep
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
GetSysColorBrush
UnregisterClassW
GetAsyncKeyState
SwapMouseButton
DrawIcon
GetSystemMetrics
IsIconic
SetWindowLongW
GetWindowLongW
LoadIconW
SystemParametersInfoW
KillTimer
SendMessageW
GetClientRect
DestroyCursor
CreateMenu
GetDoubleClickTime
SubtractRect
CopyIcon
CharUpperBuffW
GetUpdateRect
FrameRect
TranslateMDISysAccel
DrawMenuBar
PtInRect
FillRect
SetTimer
WaitMessage
DeleteMenu
PostThreadMessageW
CopyAcceleratorTableW
ToUnicodeEx
GetKeyboardState
DestroyAcceleratorTable
LoadAcceleratorsW
CreateAcceleratorTableW
NotifyWinEvent
SetParent
SetClassLongW
GetSystemMenu
IsMenu
IsRectEmpty
BringWindowToTop
LockWindowUpdate
RegisterClipboardFormatW
OpenClipboard
CopyImage
SetClipboardData
CloseClipboard
SetRectEmpty
EmptyClipboard
CharNextW
InvalidateRgn
GetNextDlgGroupItem
TranslateAcceleratorW
InsertMenuItemW
ReuseDDElParam
UnpackDDElParam
DrawFocusRect
SetCursorPos
UnionRect
EnableScrollBar
UpdateLayeredWindow
SetMenuDefaultItem
GetMenuDefaultItem
IsClipboardFormatAvailable
DefFrameProcW
DefMDIChildProcW

gdi32

SetPixelV
GetTextFaceW
EnumFontFamiliesExW
GetSystemPaletteEntries
GetNearestPaletteIndex
SetPaletteEntries
ExtFloodFill
LPtoDP
GetViewportOrgEx
GetBoundsRect
FrameRgn
FillRgn
GetWindowOrgEx
GetPaletteEntries
CreatePalette
RoundRect
Polygon
Ellipse
CreatePolygonRgn
CreateEllipticRgn
GetBkColor
RealizePalette
CreateRoundRectRgn
GetTextCharsetInfo
EnumFontFamiliesW
GetRgnBox
OffsetRgn
DPtoLP
GetMapMode
SetRectRgn
CreateRectRgnIndirect
GetDCOrgEx
CreateHatchBrush
GetObjectType
SelectPalette
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CopyMetaFileW
CreateDCW
CombineRgn
SetTextColor
SetBkColor
CreateDIBitmap
PatBlt
GetTextColor
Rectangle
PtInRegion
CreateRectRgn
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
Polyline
GetTextMetricsW
GetPixel
CreateFontW
GetTextExtentPoint32W
StretchDIBits
GetDIBits
CreateBitmap
SetDIBColorTable
SetPixel
GetDeviceCaps
AddFontMemResourceEx
CreatePen
GetStockObject
CreateDIBSection
GetDIBColorTable
StretchBlt
DeleteDC
CreateFontIndirectW
GetObjectW
CreateSolidBrush
DeleteObject
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegOpenKeyW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegEnumKeyW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryValueW
RegEnumKeyExW
RegDeleteKeyW

shell32

ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
DragAcceptFiles
DragQueryFileW
DragFinish
SHGetFileInfoW
SHAppBarMessage

comctl32

InitCommonControlsEx
ImageList_GetIconSize
_TrackMouseEvent

shlwapi

PathFileExistsW
PathFindFileNameW
PathFindExtensionW
PathRemoveExtensionW
PathIsFileSpecW
StrToIntW
UrlUnescapeW
PathStripToRootW
PathRemoveFileSpecW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
PropVariantClear
CLSIDFromString
CreateStreamOnHGlobal
CoCreateGuid
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoInitializeEx
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleLockRunning
CoTaskMemFree
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
OleGetClipboard
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CoRegisterMessageFilter
CoRevokeClassObject
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
IsAccelerator
OleTranslateAccelerator

oleaut32

SafeArrayDestroy
VariantCopy
VariantInit
SysAllocString
VariantClear
SysAllocStringLen
SysStringLen
SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
VariantChangeType

gdiplus

GdipMeasureString
GdipSetStringFormatLineAlign
GdiplusShutdown
GdipFree
GdipDeletePrivateFontCollection
GdipAlloc
GdipNewPrivateFontCollection
GdipPrivateAddMemoryFont
GdipGetFontCollectionFamilyCount
GdipCloneFontFamily
GdipGetFontCollectionFamilyList
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipSetStringFormatAlign
GdiplusStartup
GdipCreateFromHDC
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipCreateBitmapFromStream
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCreateBitmapFromFile

winmm

midiOutClose
midiOutOpen
midiOutGetDevCapsW
midiInGetNumDevs
midiOutGetNumDevs
midiInGetDevCapsW
midiInOpen
PlaySoundW
mixerSetControlDetails
mixerGetControlDetailsW
mixerGetLineControlsW
mixerGetLineInfoW
mixerClose
mixerOpen
timeEndPeriod
timeBeginPeriod
timeGetTime
midiOutShortMsg
midiInClose
midiInStart

d3d9

Direct3DCreate9

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryDataAvailable
InternetGetConnectedState
InternetQueryOptionW
InternetCrackUrlW
InternetReadFile
InternetOpenUrlW
InternetCanonicalizeUrlW
InternetCloseHandle
InternetOpenW

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

Exports

Exports

createOveStreamLoader

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 309KB - Virtual size: 80.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 437KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cdfa864ff0a4aadb5f09de5938ac58e

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

93:a5:fe:9b:e5:03:ef:31:40:c7:84:b4:73:c1:23:99Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

d2:fb:33:c4:75:56:6f:00:a6:87:30:f4:07:15:45:ff:11:29:03:a7:46:34:9f:94:4a:d3:de:47:d7:ca:c7:5aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dsound

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

winmm

d3d9

version

wininet

imm32

Exports

Exports

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 502KB - Virtual size: 501KB

.data Size: 309KB - Virtual size: 80.5MB

.rsrc Size: 3.6MB - Virtual size: 3.6MB

.reloc Size: 437KB - Virtual size: 437KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

93:a5:fe:9b:e5:03:ef:31:40:c7:84:b4:73:c1:23:99
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

d2:fb:33:c4:75:56:6f:00:a6:87:30:f4:07:15:45:ff:11:29:03:a7:46:34:9f:94:4a:d3:de:47:d7:ca:c7:5a
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 502KB - Virtual size: 501KB

.data
Size: 309KB - Virtual size: 80.5MB

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

.reloc
Size: 437KB - Virtual size: 437KB