96bf73a044966b4cf47b63e5f787da4cea01d1bda671e755fb8566978eb379cb

Sharing

Copy URL

Twitter E-mail

General

Target

96bf73a044966b4cf47b63e5f787da4cea01d1bda671e755fb8566978eb379cb
Size

15.8MB
MD5

b1e7e1c985f3c04dc4b839e218407acf
SHA1

f93ea7bc9cf055e3882153a4081f0dcf1d671db7
SHA256

96bf73a044966b4cf47b63e5f787da4cea01d1bda671e755fb8566978eb379cb
SHA512

b6fe806e2a2e54d67ca955f4a6b02bcacd97fa7e0da01fac1f4289b87dc78177417b79c1f3e8bc7b7c1791d931f8ed4ee8c273fd700631a3752b5749f5c8326b
SSDEEP

393216:h1YPFbd0ouMU0b1wT9PrQZDzHRXHq7pR7DB/Idj+3ssEFBCXeHm/flwnC7LaYzNy:wuMULT9PrQZDzHNHq7pR7DB/Idj+3ssd

Score

1^/10

Malware Config

Signatures

Files

96bf73a044966b4cf47b63e5f787da4cea01d1bda671e755fb8566978eb379cb
.exe windows:5 windows x86 arch:x86

ca8e3b92aeb4c1484e43576f5a257a50

Code Sign

23:47:ed:a5:a0:2a:3f:41:2b:40:cd:b1:92:b8:6e:bc
Certificate

Issuer

CN=thawte SHA256 Code Signing CA - G2,O=thawte\, Inc.,C=US

Not Before

19-10-2020 00:00

Not After

18-01-2024 23:59

Subject

CN=X-Legend Entertainment CO.\, LTD.,OU=MIS,O=X-Legend Entertainment CO.\, LTD.,L=Xinyi District,ST=Taipei City,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:f3:cc:63:cf:04:30:4d:47:c3:b5:87:04:9f:a8:07
Certificate

Issuer

CN=thawte Primary Root CA - G3,OU=Certification Services Division+OU=(c) 2008 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

22-07-2014 00:00

Not After

21-07-2024 23:59

Subject

CN=thawte SHA256 Code Signing CA - G2,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:f7:86:9a:ee:04:1d:c8:ef:17:f7:28:65:2a:86:57:4a:47:a8:b2
Signer

Actual PE Digest

25:f7:86:9a:ee:04:1d:c8:ef:17:f7:28:65:2a:86:57:4a:47:a8:b2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Project11_TW\11pplay\Client.pdb

Imports

kernel32

GetTimeZoneInformation
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
FlushFileBuffers
WideCharToMultiByte
GetCurrentThread
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetStdHandle
ExitProcess
GetFullPathNameA
GetDriveTypeA
GetStartupInfoA
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
SetEnvironmentVariableA
Module32FirstW
CreateToolhelp32Snapshot
OpenProcess
Process32Next
Process32First
LockResource
LoadResource
FindResourceW
ReleaseMutex
CreateMutexA
OpenMutexA
IsDBCSLeadByteEx
GetModuleFileNameW
GlobalMemoryStatusEx
FreeUserPhysicalPages
AllocateUserPhysicalPages
GetLocalTime
WriteProcessMemory
VirtualProtect
LocalFree
LocalAlloc
CreateFileW
lstrcmpiA
FileTimeToSystemTime
FileTimeToLocalFileTime
MoveFileA
GetCommandLineA
DeleteFileA
RaiseException
IsDebuggerPresent
CompareStringW
CompareStringA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InterlockedExchangeAdd
GetDateFormatA
GetTempPathA
DeviceIoControl
HeapSize
GetPrivateProfileStringA
WritePrivateProfileStringA
FindFirstFileW
FindNextFileW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GetThreadContext
ReadProcessMemory
GetEnvironmentVariableA
SetProcessWorkingSetSize
CreateEventA
SetEvent
SetFileAttributesA
SetFileTime
SystemTimeToFileTime
GetSystemDirectoryA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
IsBadReadPtr
GetExitCodeThread
TerminateThread
TerminateProcess
RtlUnwind
SetCurrentDirectoryA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateDirectoryA
GetFileSize
ReadFile
SetFilePointer
VerifyVersionInfoA
LoadLibraryA
GetProcAddress
QueryPerformanceFrequency
QueryPerformanceCounter
SetThreadAffinityMask
CreateThread
GetCurrentProcess
GetProcessAffinityMask
ResumeThread
SuspendThread
SetThreadPriority
GetFileAttributesA
GetModuleHandleA
GetModuleFileNameA
OutputDebugStringA
FreeLibrary
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetProcessHeaps
HeapLock
HeapWalk
HeapUnlock
FindFirstFileA
FindNextFileA
FindClose
SwitchToThread
InterlockedCompareExchange
InterlockedExchange
Sleep
WriteFile
CreateFileA
SetEndOfFile
TlsFree
GetTickCount
VirtualQuery
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
CloseHandle
FormatMessageA
GetSystemInfo
TlsAlloc
GetLastError
SetLastError
VirtualFree
VirtualAlloc
GetCurrentDirectoryA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapCreate
HeapDestroy
GetEnvironmentStringsW
RemoveDirectoryA
LoadLibraryW
GlobalMemoryStatus
GlobalFree
TlsGetValue
TlsSetValue
GetCurrentThreadId
FreeEnvironmentStringsW

user32

GetUserObjectInformationW
GetProcessWindowStation
GetParent
SetTimer
GetClientRect
SendDlgItemMessageA
CreateDialogParamA
EndDialog
GetActiveWindow
SystemParametersInfoA
ChangeDisplaySettingsA
EnumDisplaySettingsA
PeekMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
LoadIconA
LoadCursorA
RegisterClassW
CreateWindowExW
SetClassLongW
ShowWindow
SetFocus
DestroyWindow
UnregisterClassW
PostMessageA
FindWindowA
KillTimer
UpdateWindow
GetSystemMetrics
SendMessageA
GetAsyncKeyState
SetForegroundWindow
MessageBoxExA
MessageBoxExW
GetWindowTextA
MapVirtualKeyA
CloseClipboard
SetClipboardData
OpenClipboard
GetClipboardData
MessageBoxW
GetKeyboardLayout
DefWindowProcA
CreateWindowExA
RegisterClassExA
GetFocus
SetWindowLongA
GetWindowLongA
ScreenToClient
SetCursorPos
MoveWindow
AdjustWindowRectEx
GetWindowLongW
SetWindowLongW
GetCursorPos
GetWindowRect
SetCapture
DefWindowProcW
PostQuitMessage
ReleaseCapture
SetWindowPos
PostMessageW
GetWindowThreadProcessId
GetDesktopWindow
MessageBoxA
GetDC
ReleaseDC
CreateIconIndirect
DestroyCursor
SetCursor
FindWindowW

gdi32

CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteDC
SetStretchBltMode
CreateCompatibleBitmap
GdiAlphaBlend
DeleteObject
GetStockObject
CreateBitmap
BitBlt
StretchBlt
SetDIBits

alaudio

alGetSourcef
alSourcef
alSourcei
alDeleteBuffers
alIsSource
alSourcePause
alSourceStop
alDeleteSources
alDeleteAuxiliaryEffectSlots
alcDestroyContext
alcCloseDevice
alcOpenDevice
alcCreateContext
alcMakeContextCurrent
alcGetError
alcIsExtensionPresent
alcGetString
alDistanceModel
alGenEffects
alGetEnumValue
alEffecti
alEffectf
alEffectfv
alGetString
alIsEffect
alDeleteEffects
alGetError
alSourceRewind
ord202
ord205
ord200
ord204
ord201
ord203
ord600
ord603
ord601
ord602
ord604
ord137
ord142
ord136
ord135
alGetSourcei
alAuxiliaryEffectSlotf
alAuxiliaryEffectSloti
alGenAuxiliaryEffectSlots
alSource3i
alGetSource3f
alSourcefv
ord138
alGenSources
alBufferData
alGenBuffers
alSource3f
alSourcePlay
alGetListenerfv
ord151
ord150
ord152
ord143
ord148
ord147
ord146
ord145
ord144
ord153
alListenerfv
alListener3f
alGetListener3f
ord141
ord140
ord139
alcGetIntegerv

winmm

waveOutReset
waveOutClose
waveOutUnprepareHeader
waveOutWrite
waveOutPrepareHeader
waveOutOpen
timeEndPeriod
timeBeginPeriod
timeGetDevCaps
timeGetTime

psapi

GetProcessMemoryInfo

comctl32

ord17

shell32

SHFileOperationA
ShellExecuteA

ole32

CoUninitialize
OleUninitialize
OleInitialize
CoInitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx

oleaut32

SysAllocString
SysFreeString
SysStringLen

imm32

ImmGetContext
ImmReleaseContext
ImmSetOpenStatus
ImmAssociateContext
ImmIsIME
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmGetCompositionStringW

version

GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeW
VerQueryValueW

iphlpapi

GetAdaptersInfo

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegCloseKey
GetSecurityInfo
GetUserNameA
SetEntriesInAclA
SetSecurityInfo
StartServiceA
CreateServiceA
OpenServiceA
OpenSCManagerA
DeleteService

ws2_32

WSAStartup
inet_addr
gethostbyname
setsockopt
closesocket
htons
WSACleanup
WSAAsyncSelect
WSASend
WSARecv
WSAGetLastError
shutdown
WSAConnect
WSASocketA
inet_ntoa

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 14.0MB - Virtual size: 14.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 182KB - Virtual size: 33.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca8e3b92aeb4c1484e43576f5a257a50

Code Sign

23:47:ed:a5:a0:2a:3f:41:2b:40:cd:b1:92:b8:6e:bcCertificate

Extended Key Usages

Key Usages

0b:f3:cc:63:cf:04:30:4d:47:c3:b5:87:04:9f:a8:07Certificate

Extended Key Usages

Key Usages

25:f7:86:9a:ee:04:1d:c8:ef:17:f7:28:65:2a:86:57:4a:47:a8:b2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

alaudio

winmm

psapi

comctl32

shell32

ole32

oleaut32

imm32

version

iphlpapi

comdlg32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 14.0MB - Virtual size: 14.0MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 182KB - Virtual size: 33.2MB

.tls Size: 512B - Virtual size: 41B

.rsrc Size: 157KB - Virtual size: 156KB

23:47:ed:a5:a0:2a:3f:41:2b:40:cd:b1:92:b8:6e:bc
Certificate

0b:f3:cc:63:cf:04:30:4d:47:c3:b5:87:04:9f:a8:07
Certificate

25:f7:86:9a:ee:04:1d:c8:ef:17:f7:28:65:2a:86:57:4a:47:a8:b2
Signer

.text
Size: 14.0MB - Virtual size: 14.0MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 182KB - Virtual size: 33.2MB

.tls
Size: 512B - Virtual size: 41B

.rsrc
Size: 157KB - Virtual size: 156KB