46e73b107105973ff446db7826e2edbc6f36a12609f31f70a50e3001cf60ced7

Sharing

Copy URL Twitter E-mail

General

Target

46e73b107105973ff446db7826e2edbc6f36a12609f31f70a50e3001cf60ced7
Size

456KB
MD5

deef52c7874f7099f04ed768177ad339
SHA1

132ffc8d10b5e8c3a637c54c4c3d066ff0760cb9
SHA256

46e73b107105973ff446db7826e2edbc6f36a12609f31f70a50e3001cf60ced7
SHA512

1bc6ac7bb6d510d69eb37fb4dfc55c9af3593ea540c05f09444b45dddc9ee6c859866c8f181a8e481ad0638dc4c8bfee50d42fadc5969e150894d214a01c5d7d
SSDEEP

6144:yFD9Tj6MoGKP0GJ+iCnHpGXqIs/cJojGi35AOS6ItdIa5f2o7/s:w9Tj6MzKP0r5IjHi35EtdIaf/s

Score

1^/10

Malware Config

Signatures

Files

46e73b107105973ff446db7826e2edbc6f36a12609f31f70a50e3001cf60ced7
.dll regsvr32 windows:5 windows x86 arch:x86

207a1ae03022ef0c0445434e37a382f1

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:26:2c:99:1c:e8:12:8e:f2:d1:28:c2:93:d2:c6:0e
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

11/01/2022, 00:00

Not After

08/02/2025, 23:59

Subject

CN=Beijing Venustech Cybervision Co.\, Ltd.,O=Beijing Venustech Cybervision Co.\, Ltd.,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

15:90:80:f4:3b:d3:1f:59:bb:61:3f:38:cb:a9:94:ac:4e:13:96:ea
Signer

Actual PE Digest

15:90:80:f4:3b:d3:1f:59:bb:61:3f:38:cb:a9:94:ac:4e:13:96:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mpr

WNetGetConnectionW
WNetCancelConnection2W
WNetUseConnectionW

winmm

timeGetTime

comctl32

ord17

userenv

LoadUserProfileW
CreateEnvironmentBlock
UnloadUserProfile
DestroyEnvironmentBlock

kernel32

CreatePipe
CreateFileW
FreeLibrary
GetProcAddress
GetModuleHandleW
lstrcmpiW
RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
DecodePointer
GetThreadLocale
SetThreadLocale
EncodePointer
Sleep
GetCurrentThreadId
GetVersionExW
IsWow64Process
GetSystemInfo
LoadLibraryA
GlobalLock
GlobalUnlock
GlobalAlloc
OpenProcess
TerminateProcess
GetSystemDirectoryW
GetCurrentDirectoryW
CreateProcessW
GetExitCodeProcess
SetPriorityClass
QueryPerformanceCounter
VirtualFreeEx
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateToolhelp32Snapshot
Process32FirstW
GetStdHandle
SetSystemPowerState
QueryPerformanceFrequency
OutputDebugStringW
WideCharToMultiByte
SetStdHandle
RtlUnwind
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapReAlloc
HeapSize
GetModuleHandleExW
ExitProcess
SetLastError
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetCommandLineA
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
WriteFile
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
HeapFree
GetProcessHeap
HeapAlloc
WaitForSingleObject
CreateThread
DuplicateHandle
GetCurrentProcess
GetCurrentThread
CloseHandle
GetLastError
CompareStringW
GetFileType
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetModuleFileNameA
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetFilePointerEx
Process32NextW
WriteConsoleW

user32

OpenClipboard
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsClipboardFormatAvailable
IsWindowEnabled
IsWindowVisible
ShowWindow
EmptyClipboard
MoveWindow
InvalidateRect
GetClipboardData
CloseClipboard
GetForegroundWindow
CountClipboardFormats
GetUserObjectSecurity
OpenWindowStationW
GetProcessWindowStation
SetProcessWindowStation
OpenDesktopW
CloseWindowStation
SetClipboardData
GetDC
ReleaseDC
GetCursorPos
mouse_event
LoadCursorW
WindowFromPoint
GetCursor
ClientToScreen
SetWindowPos
VkKeyScanW
GetMenu
GetMenuItemCount
GetMenuStringW
GetMenuItemID
GetSubMenu
GetClientRect
IsIconic
IsZoomed
CreateWindowExW
MonitorFromPoint
GetMonitorInfoW
CopyRect
FindWindowW
SetWindowLongW
SetLayeredWindowAttributes
ExitWindowsEx
SetForegroundWindow
SystemParametersInfoW
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
EnableWindow
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
RegisterWindowMessageW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetFocus
CharNextW
CharUpperBuffW
SetUserObjectSecurity
CloseDesktop
GetCaretPos

gdi32

GetDIBits
GetPixel
DeleteDC
StretchBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject

advapi32

CopySid
InitiateSystemShutdownExW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
GetAce
AddAce
SetSecurityDescriptorDacl

shell32

DragQueryFileW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoTaskMemFree

oleaut32

SafeArrayDestroyDescriptor
VariantClear
VariantCopy
SysAllocString
SafeArrayAllocDescriptorEx
SafeArrayAllocData
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroyData
VarUI4FromStr
RegisterTypeLi
SysStringLen
SysFreeString
BSTR_UserFree
VARIANT_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserSize
BSTR_UserSize
VARIANT_UserMarshal
LoadRegTypeLi
UnRegisterTypeLi
LoadTypeLi
VariantInit

rpcrt4

NdrOleFree
NdrStubForwardingFunction
NdrOleAllocate
NdrDllRegisterProxy
NdrDllCanUnloadNow
NdrStubCall2
IUnknown_Release_Proxy
NdrCStdStubBuffer2_Release
IUnknown_AddRef_Proxy
NdrDllGetClassObject
NdrDllUnregisterProxy
IUnknown_QueryInterface_Proxy

Exports

Exports

AU3_AutoItSetOption
AU3_ClipGet
AU3_ClipPut
AU3_ControlClick
AU3_ControlClickByHandle
AU3_ControlCommand
AU3_ControlCommandByHandle
AU3_ControlDisable
AU3_ControlDisableByHandle
AU3_ControlEnable
AU3_ControlEnableByHandle
AU3_ControlFocus
AU3_ControlFocusByHandle
AU3_ControlGetFocus
AU3_ControlGetFocusByHandle
AU3_ControlGetHandle
AU3_ControlGetHandleAsText
AU3_ControlGetPos
AU3_ControlGetPosByHandle
AU3_ControlGetText
AU3_ControlGetTextByHandle
AU3_ControlHide
AU3_ControlHideByHandle
AU3_ControlListView
AU3_ControlListViewByHandle
AU3_ControlMove
AU3_ControlMoveByHandle
AU3_ControlSend
AU3_ControlSendByHandle
AU3_ControlSetText
AU3_ControlSetTextByHandle
AU3_ControlShow
AU3_ControlShowByHandle
AU3_ControlTreeView
AU3_ControlTreeViewByHandle
AU3_DriveMapAdd
AU3_DriveMapDel
AU3_DriveMapGet
AU3_Init
AU3_IsAdmin
AU3_MouseClick
AU3_MouseClickDrag
AU3_MouseDown
AU3_MouseGetCursor
AU3_MouseGetPos
AU3_MouseMove
AU3_MouseUp
AU3_MouseWheel
AU3_Opt
AU3_PixelChecksum
AU3_PixelGetColor
AU3_PixelSearch
AU3_ProcessClose
AU3_ProcessExists
AU3_ProcessSetPriority
AU3_ProcessWait
AU3_ProcessWaitClose
AU3_Run
AU3_RunAs
AU3_RunAsWait
AU3_RunWait
AU3_Send
AU3_Shutdown
AU3_Sleep
AU3_StatusbarGetText
AU3_StatusbarGetTextByHandle
AU3_ToolTip
AU3_WinActivate
AU3_WinActivateByHandle
AU3_WinActive
AU3_WinActiveByHandle
AU3_WinClose
AU3_WinCloseByHandle
AU3_WinExists
AU3_WinExistsByHandle
AU3_WinGetCaretPos
AU3_WinGetClassList
AU3_WinGetClassListByHandle
AU3_WinGetClientSize
AU3_WinGetClientSizeByHandle
AU3_WinGetHandle
AU3_WinGetHandleAsText
AU3_WinGetPos
AU3_WinGetPosByHandle
AU3_WinGetProcess
AU3_WinGetProcessByHandle
AU3_WinGetState
AU3_WinGetStateByHandle
AU3_WinGetText
AU3_WinGetTextByHandle
AU3_WinGetTitle
AU3_WinGetTitleByHandle
AU3_WinKill
AU3_WinKillByHandle
AU3_WinMenuSelectItem
AU3_WinMenuSelectItemByHandle
AU3_WinMinimizeAll
AU3_WinMinimizeAllUndo
AU3_WinMove
AU3_WinMoveByHandle
AU3_WinSetOnTop
AU3_WinSetOnTopByHandle
AU3_WinSetState
AU3_WinSetStateByHandle
AU3_WinSetTitle
AU3_WinSetTitleByHandle
AU3_WinSetTrans
AU3_WinSetTransByHandle
AU3_WinWait
AU3_WinWaitActive
AU3_WinWaitActiveByHandle
AU3_WinWaitByHandle
AU3_WinWaitClose
AU3_WinWaitCloseByHandle
AU3_WinWaitNotActive
AU3_WinWaitNotActiveByHandle
AU3_error
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

207a1ae03022ef0c0445434e37a382f1

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

0d:26:2c:99:1c:e8:12:8e:f2:d1:28:c2:93:d2:c6:0eCertificate

Extended Key Usages

Key Usages

15:90:80:f4:3b:d3:1f:59:bb:61:3f:38:cb:a9:94:ac:4e:13:96:eaSigner

Headers

File Characteristics

Imports

mpr

winmm

comctl32

userenv

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

rpcrt4

Exports

Exports

Sections

.text Size: 264KB - Virtual size: 264KB

.orpc Size: 512B - Virtual size: 52B

.rdata Size: 142KB - Virtual size: 141KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 12KB - Virtual size: 11KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

0d:26:2c:99:1c:e8:12:8e:f2:d1:28:c2:93:d2:c6:0e
Certificate

15:90:80:f4:3b:d3:1f:59:bb:61:3f:38:cb:a9:94:ac:4e:13:96:ea
Signer

.text
Size: 264KB - Virtual size: 264KB

.orpc
Size: 512B - Virtual size: 52B

.rdata
Size: 142KB - Virtual size: 141KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 12KB - Virtual size: 11KB