7f857908d3bc9b1eda5e9773a5441fbcbac2da065a3338e0fc6f18760536436a

Sharing

Copy URL Twitter E-mail

General

Target

7f857908d3bc9b1eda5e9773a5441fbcbac2da065a3338e0fc6f18760536436a
Size

1.6MB
MD5

d134204b0b1084a247bab802af1cf365
SHA1

fdbfae86749051df5020b7a08f82b97363289a20
SHA256

7f857908d3bc9b1eda5e9773a5441fbcbac2da065a3338e0fc6f18760536436a
SHA512

e8c714e129fad33016bd2d6bbe6cc262627cb429464ac603365561631e8b1e150a24d5d85245a359f36bf07134a4704375cdde858c2e702dc7a7584effa37af8
SSDEEP

24576:L2X4FFPt1mHlf28rqwDqcunF0MHLGJoCqj8Da+wUvKJg02xwbxoGLXi39LvKJg0u:HFFPt1C928rq4QFbHLGJoCqjsa+sDu

Score

1^/10

Malware Config

Signatures

Files

7f857908d3bc9b1eda5e9773a5441fbcbac2da065a3338e0fc6f18760536436a
.dll regsvr32 windows:6 windows x64 arch:x64

eb7857f233db0bb52be9b852d853d21a

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:87:19:1b:5d:eb:87:d6:f9:08:c0:af
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

27/11/2023, 08:40

Not After

27/11/2024, 08:40

Subject

SERIALNUMBER=23829868,CN=CyberLink Corp.,OU=IT,O=CyberLink Corp.,STREET=15F.\, No. 100\, Minquan Rd.\, Xindian Dist.,L=New Taipei City,ST=New Taipei City,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:fc:97:c4:46:83:09:10:88:c9:84:8e:4e:fa:a0:bd:f4:48:08:90:bd:ff:7d:8e:3a:de:a8:bd:0c:4d:34:27
Signer

Actual PE Digest

3e:fc:97:c4:46:83:09:10:88:c9:84:8e:4e:fa:a0:bd:f4:48:08:90:bd:ff:7d:8e:3a:de:a8:bd:0c:4d:34:27

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\RDBuildPool\20240517-09453\Aurora\x64\Unicode_Release\AuroraU.pdb

Imports

winmm

mmioClose
mmioDescend
timeGetTime
mmioOpenW
timeSetEvent

shlwapi

PathAppendW
PathFileExistsW
PathRemoveBackslashW
PathFindExtensionW
PathRemoveFileSpecW
PathIsDirectoryW
PathCombineW
PathRenameExtensionW
PathAddBackslashW
PathGetCharTypeW
PathIsRelativeW
PathStripToRootW
PathCanonicalizeW

gdiplus

GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipSaveImageToStream
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageHorizontalResolution
GdipGetImageVerticalResolution
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipBitmapSetResolution
GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectI
GdipFree

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

mfc110u

ord969
ord2099
ord1419
ord12753
ord13418
ord956
ord1494
ord1492
ord1027
ord280
ord296
ord4122
ord2296
ord2290
ord2292
ord266
ord265
ord1480
ord8011
ord7245
ord1441
ord7928
ord11767
ord9969
ord12438
ord12376
ord4384
ord7868
ord5059
ord2385
ord12056
ord12055
ord14030
ord7498
ord14036
ord8939
ord3952
ord3890
ord12457
ord7516
ord1962
ord11503
ord319
ord13909
ord12045
ord7566
ord14108
ord5991
ord14110
ord5993
ord12754
ord5992
ord977
ord6477
ord3673
ord5577
ord11759
ord7765
ord11771
ord11739
ord4959
ord5239
ord5427
ord8891
ord5215
ord5430
ord4962
ord5105
ord4943
ord7310
ord7311
ord7301
ord5103
ord7767
ord9786
ord8750
ord1032
ord322
ord487
ord11482
ord2747
ord1113
ord344
ord1040
ord2741
ord11941
ord4411
ord4614
ord910
ord13417
ord12751
ord7608
ord12155
ord1381
ord7610
ord12157
ord1482
ord1820
ord4660
ord4437
ord298
ord7612
ord1434
ord2286
ord6371
ord286
ord2854
ord12395
ord12432
ord11864
ord14045
ord11921
ord14098
ord3088
ord4635
ord4595
ord4836
ord12073
ord290
ord1658
ord1661
ord1493
ord4828
ord957
ord12126
ord1420
ord1939
ord3670
ord4450
ord14109
ord1028
ord1502
ord2866
ord285
ord5580
ord3668
ord473
ord2306
ord2214
ord2111
ord2282
ord2182
ord2303
ord7592
ord12100
ord6569
ord13431
ord12752
ord7902
ord2848
ord1659
ord4517
ord4500
ord2748
ord7733
ord5261
ord1115
ord11502
ord1483
ord323
ord1033
ord2273
ord2160
ord2315
ord2318
ord2284
ord2317
ord472
ord490

msvcr110

wcscat_s
wcsncpy_s
swprintf_s
_wsplitpath_s
calloc
free
_recalloc
_CxxThrowException
__CxxFrameHandler3
strncpy_s
memmove
memcpy_s
_wmkdir
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
__crtCapturePreviousContext
__crtCaptureCurrentContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
_onexit
__C_specific_handler
__dllonexit
_calloc_crt
_unlock
_lock
memmove_s
_vsnwprintf_s
ceil
wcscpy_s
fprintf_s
__iob_func
_wtoi64
_wtof
wcstoul
wcsncmp
memchr
isalnum
sprintf_s
floorf
malloc
_wtoi
fclose
_wfopen
fputws
floor
_endthreadex
_beginthreadex
_wrmdir
_wtol
_mbscmp
_time64
_localtime64_s
wcsftime
_itow_s
vswprintf_s
memcpy
memcmp
_wcsicmp
memset
_purecall

kernel32

GetTempFileNameW
CreateDirectoryW
VirtualAlloc
MulDiv
CreateThread
CloseHandle
SetFileAttributesW
Sleep
GetModuleFileNameW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetTempPathW
RemoveDirectoryW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetCurrentProcessId
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
LocalFree
LocalAlloc
GetTickCount
GetThreadPriority
SetThreadPriority
GetCurrentThread
CreateSemaphoreW
CreateEventW
lstrcmpW
GetSystemInfo
DuplicateHandle
WaitForMultipleObjects
ReleaseSemaphore
ResetEvent
SetEvent
GetCurrentThreadId
GetCurrentProcess
GetModuleFileNameA
lstrlenW
lstrlenA
GetVersionExW
DisableThreadLibraryCalls
GlobalSize
VirtualFree
CopyFileW
GetModuleHandleW
GetVolumeInformationW
GetFullPathNameW
GetDiskFreeSpaceW
GetCurrentDirectoryW
GlobalFree
GlobalUnlock
GlobalLock
GlobalReAlloc
GlobalAlloc
GetSystemTime
GetLastError
QueryPerformanceCounter
WriteFile
SetFilePointer
CreateFileW
MultiByteToWideChar
OutputDebugStringW
LoadLibraryW
LoadLibraryA
GetProcAddress
FreeLibrary
WideCharToMultiByte
GetExitCodeThread
WaitForSingleObject
InitializeCriticalSectionAndSpinCount

user32

LoadImageW
TranslateMessage
DispatchMessageW
GetWindowRect
PeekMessageW
ReleaseDC
SetRectEmpty
IsRectEmpty
OffsetRect
MsgWaitForMultipleObjects
GetQueueStatus
PostThreadMessageW
RegisterWindowMessageW
GetClientRect
IntersectRect
FillRect
GetDC

gdi32

SelectObject
SetBkColor
StretchBlt
SetStretchBltMode
GetStockObject
CreateSolidBrush
SelectPalette
StretchDIBits
GetObjectType
SetBrushOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
BitBlt
GetDIBits
DeleteDC
DeleteObject
CreateDCW
CreateDIBSection
GetObjectW
RealizePalette
SetDIBits

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegCreateKeyW
RegEnumKeyExW
RegSetValueW
RegCloseKey

shell32

SHGetSpecialFolderPathW
ord165

ole32

StringFromGUID2
CoFreeUnusedLibraries
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen
VariantInit
VariantClear
SysStringLen
SysStringByteLen
SysAllocStringByteLen
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

msvcp110

??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 907KB - Virtual size: 906KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 395KB - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb7857f233db0bb52be9b852d853d21a

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

0b:87:19:1b:5d:eb:87:d6:f9:08:c0:afCertificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

3e:fc:97:c4:46:83:09:10:88:c9:84:8e:4e:fa:a0:bd:f4:48:08:90:bd:ff:7d:8e:3a:de:a8:bd:0c:4d:34:27Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

shlwapi

gdiplus

version

mfc110u

msvcr110

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp110

Exports

Exports

Sections

.text Size: 907KB - Virtual size: 906KB

.rdata Size: 239KB - Virtual size: 239KB

.data Size: 12KB - Virtual size: 18KB

.pdata Size: 45KB - Virtual size: 45KB

.idata Size: 16KB - Virtual size: 16KB

.rsrc Size: 395KB - Virtual size: 395KB

.reloc Size: 7KB - Virtual size: 7KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

0b:87:19:1b:5d:eb:87:d6:f9:08:c0:af
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

3e:fc:97:c4:46:83:09:10:88:c9:84:8e:4e:fa:a0:bd:f4:48:08:90:bd:ff:7d:8e:3a:de:a8:bd:0c:4d:34:27
Signer

.text
Size: 907KB - Virtual size: 906KB

.rdata
Size: 239KB - Virtual size: 239KB

.data
Size: 12KB - Virtual size: 18KB

.pdata
Size: 45KB - Virtual size: 45KB

.idata
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 395KB - Virtual size: 395KB

.reloc
Size: 7KB - Virtual size: 7KB