b54ef44817caabe9fa02903f0718d2e019fe602a2ca988091b23615494c33404

Sharing

Copy URL Twitter E-mail

General

Target

b54ef44817caabe9fa02903f0718d2e019fe602a2ca988091b23615494c33404
Size

546KB
MD5

5188b848497e0da7af6c838cd8a09dea
SHA1

164873c19e7630bfab247c0dc4181a3849fbce2d
SHA256

b54ef44817caabe9fa02903f0718d2e019fe602a2ca988091b23615494c33404
SHA512

3695d35dfacf2738728f32a0b57219ab2198f06839bf30c4cb80ddc0f143169a295fb2c672cc5e8238096133267de395620b11ea11083a2b3c7f8a87ac587883
SSDEEP

6144:W4G4EF7k/JADURGUnY/98HmtDhx3eeVtNoScec7oqIGizQKYXzZ+DlRymAOEL0+8:GoJBGUnY/6HkeeVtCTec7oqI7aIymeC/

Score

1^/10

Malware Config

Signatures

Files

b54ef44817caabe9fa02903f0718d2e019fe602a2ca988091b23615494c33404
.dll regsvr32 windows:6 windows x86 arch:x86

b1c07531613e9e6c64b4b0bd38fc742f

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

05/01/2022, 09:58

Not After

06/01/2024, 09:58

Subject

SERIALNUMBER=911101026662879416,CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,STREET=朝阳区酒仙桥路6号院2号楼1至19层104号内8层801,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074245494a494e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

af:6b:22:f3:0c:b9:83:ca:a7:b4:2f:c9:2b:37:74:87:30:ac:a7:2b:8e:01:37:a8:a3:41:3f:c9:15:df:dc:60
Signer

Actual PE Digest

af:6b:22:f3:0c:b9:83:ca:a7:b4:2f:c9:2b:37:74:87:30:ac:a7:2b:8e:01:37:a8:a3:41:3f:c9:15:df:dc:60

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\775163\out\Release\PdfPreview.pdb

Imports

gdiplus

GdipDeletePen
GdipDrawLine
GdipDrawImageRectRect
GdipDeleteFont
GdipGetImageGraphicsContext
GdipSetTextRenderingHint
GdipGetGenericFontFamilySansSerif
GdipGetLogFontW
GdipCreateFont
GdipCreateFontFamilyFromName
GdipGetFontHeight
GdipSetStringFormatFlags
GdipDrawImageI
GdipDeleteStringFormat
GdipDeleteRegion
GdipGetClip
GdipDrawString
GdipCreateBitmapFromGdiDib
GdipCreatePen1
GdipGetDC
GdipReleaseDC
GdipGetRegionHRgn
GdipCreateStringFormat
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromScan0
GdipSetCompositingQuality
GdipCloneImage
GdipBitmapUnlockBits
GdipGetPropertyItem
GdipDisposeImageAttributes
GdipDisposeImage
GdipGetImageHorizontalResolution
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipGetImagePixelFormat
GdipCloneBitmapAreaI
GdipSetPageUnit
GdipCreateImageAttributes
GdipCreateRegion
GdipBitmapSetResolution
GdipImageSelectActiveFrame
GdipBitmapLockBits
GdipSetImageAttributesWrapMode
GdipImageGetFrameCount
GdipDrawImageRectRectI
GdipGetPropertyItemSize
GdipDeleteFontFamily
GdipGetImageHeight
GdipGetFamily
GdipTransformMatrixPoints
GdipDeleteBrush
GdipAlloc
GdipCreateMatrix
GdipSetWorldTransform
GdipCreateSolidFill
GdipInvertMatrix
GdipCreateHBITMAPFromBitmap
GdipFree
GdipTranslateMatrix
GdipCreateFromHDC
GdipCloneBrush
GdipFillRectangleI
GdipDeleteMatrix
GdipGetImageWidth
GdipDeleteGraphics
GdipSetPropertyItem
GdipSetStringFormatMeasurableCharacterRanges
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipGetStringFormatFlags
GdipImageRotateFlip
GdipRotateMatrix
GdipScaleMatrix
GdipCreateBitmapFromStream
GdipGetRegionBounds
GdipMeasureCharacterRanges
GdipGetFamilyName

shlwapi

PathIsRelativeW
SHSetValueW
SHDeleteKeyW
SHDeleteValueW
ord219

kernel32

SetStdHandle
GetConsoleOutputCP
ReadConsoleW
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
VirtualQuery
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
GetACP
DebugBreak
IsDebuggerPresent
EnterCriticalSection
FindFirstFileExW
InitializeCriticalSection
DeleteCriticalSection
ReadFile
SetFilePointer
CloseHandle
CreateFileMappingW
QueryPerformanceFrequency
QueryPerformanceCounter
MultiByteToWideChar
GetCurrentThreadId
WaitForSingleObject
GetLastError
CreateThread
RtlUnwind
InterlockedFlushSList
RaiseException
InitializeSListHead
GetStartupInfoW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateSemaphoreW
ResetEvent
SetEvent
GetProcessAffinityMask
ReleaseSemaphore
GetConsoleMode
MoveFileW
FlushFileBuffers
GetFileType
SetEndOfFile
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
HeapSize
WriteConsoleW
DecodePointer
VirtualProtect
LeaveCriticalSection
GetSystemInfo
CreateHardLinkW
RemoveDirectoryW
DeviceIoControl
SetThreadExecutionState
CreateEventW
TlsFree
SetThreadPriority
Sleep
SetLastError
GetCurrentDirectoryW
FoldStringW
GetSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
IsDBCSLeadByte
GetCPInfo
CompareStringW
AreFileApisANSI
LoadLibraryW
GetSystemDirectoryW
FindClose
FindNextFileW
FindFirstFileW
FileTimeToDosDateTime
FileTimeToLocalFileTime
HeapDestroy
WideCharToMultiByte
GetLocaleInfoW
OutputDebugStringA
CreateDirectoryW
GetFileSizeEx
GetLongPathNameW
WriteFile
GetShortPathNameW
SetFileTime
GetModuleFileNameW
CreateFileW
GetFileAttributesW
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
CopyFileW
GetFileTime
LocalFileTimeToFileTime
GetCurrentProcess
GetStdHandle
GetVersionExW
GetProcAddress
LocalFree
GetCurrentProcessId
GetModuleHandleW
FreeLibrary
GetSystemTimeAsFileTime
FormatMessageA
LoadLibraryExA
SetNamedPipeHandleState
HeapCreate
HeapFree
HeapReAlloc
HeapAlloc

user32

PostMessageW
GetFocus
DestroyWindow
SetWindowPos
FillRect
CreateWindowExW
SetScrollInfo
RegisterClassExW
GetScrollPos
ShowWindow
SetFocus
LoadCursorW
SetWindowLongW
UpdateWindow
InvalidateRect
BeginPaint
EndPaint
GetDC
ReleaseDC
GetWindowLongW
DefWindowProcW
GetScrollInfo
CharToOemBuffW
CharUpperW
CharLowerW
OemToCharBuffA
CharToOemA
OemToCharA
GetClientRect

gdi32

GetStockObject
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
SetGraphicsMode
StretchBlt
GetDeviceCaps
GetObjectW
SetStretchBltMode
SetWorldTransform
GetTextExtentPoint32W
SetTextColor
SelectClipRgn
SetBkColor
ExtTextOutW
CreateFontIndirectW
GetDIBits
SelectObject
CreateCompatibleDC
DeleteDC
DeleteObject
CreateDIBSection

ole32

CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
CoUninitialize
CoInitialize
CoSetProxyBlanket

wininet

InternetGetLastResponseInfoA

advapi32

SetFileSecurityW
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CheckTokenMembership

oleaut32

SysAllocString
VariantClear
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 433KB - Virtual size: 433KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1c07531613e9e6c64b4b0bd38fc742f

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0bCertificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

af:6b:22:f3:0c:b9:83:ca:a7:b4:2f:c9:2b:37:74:87:30:ac:a7:2b:8e:01:37:a8:a3:41:3f:c9:15:df:dc:60Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

shlwapi

kernel32

user32

gdi32

ole32

wininet

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 433KB - Virtual size: 433KB

.rdata Size: 77KB - Virtual size: 77KB

.data Size: 5KB - Virtual size: 29KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 15KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0b
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

af:6b:22:f3:0c:b9:83:ca:a7:b4:2f:c9:2b:37:74:87:30:ac:a7:2b:8e:01:37:a8:a3:41:3f:c9:15:df:dc:60
Signer

.text
Size: 433KB - Virtual size: 433KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 5KB - Virtual size: 29KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 15KB