7a2a33d544a3f1d91ce2fe7c6b7437a639c8fea39610c2abb822cbcdc929d394

Sharing

Copy URL

Twitter E-mail

General

Target

7a2a33d544a3f1d91ce2fe7c6b7437a639c8fea39610c2abb822cbcdc929d394
Size

860KB
MD5

48d04fc6d7dbca3fbd06c29f88018b8f
SHA1

4b9dd49d1bcafc24327e5d555938bcf0f9821e00
SHA256

7a2a33d544a3f1d91ce2fe7c6b7437a639c8fea39610c2abb822cbcdc929d394
SHA512

cb0055a61ed0570838a7c176e2f5c946b18e8576707d5e1ada8d06d9e04e3ff42a9e53d801e031d7b3d2de89a48806b613fa2add33ef80ee1a1550e6d1ed378f
SSDEEP

12288:VSaJUk0nNGLWXiEW8+C7OwcP2dqefLbYgVeQdOZXdpfhMpO77JSUO4t9OXW37Gul:VonsvVQ7wP2kUbtVnY3YyVviWLGuUY

Score

1^/10

Malware Config

Signatures

Files

7a2a33d544a3f1d91ce2fe7c6b7437a639c8fea39610c2abb822cbcdc929d394
.zip

Password: infected
Program Files (x86)/WanNengInput/WnPYSkinPreview.dll
.dll windows:6 windows x86 arch:x86

68b5a3a27f189ef4649f4c363d990478

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04-03-2014 00:00

Not After

03-03-2024 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

28:cf:d4:65:57:b4:0e:ab:2f:60:ef:b3:7f:0e:6f:cb
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17-01-2020 00:00

Not After

16-01-2023 23:59

Subject

SERIALNUMBER=913100006317722856,CN=Shanghai Oriental Webcasting Co. Ltd.,OU=技术管理中心,O=Shanghai Oriental Webcasting Co. Ltd.,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:cb:8a:8d:98:c6:7c:e0:a0:d5:cf:ab:17:9d:28:11:e9:ee:a2:3e:02:ab:a5:1a:e6:11:57:4a:ba:cd:1f:17
Signer

Actual PE Digest

67:cb:8a:8d:98:c6:7c:e0:a0:d5:cf:ab:17:9d:28:11:e9:ee:a2:3e:02:ab:a5:1a:e6:11:57:4a:ba:cd:1f:17

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LCMapStringW
GetLocalTime
lstrcpyW
AreFileApisANSI
RaiseException
DecodePointer
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapReAlloc
HeapSize
WriteFile
TerminateProcess
GetPrivateProfileStringA
CreateFileA
SetFilePointerEx
SetEndOfFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
DeleteFileA
TerminateThread
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
OutputDebugStringW
FindResourceExW
OpenFileMappingW
FormatMessageA
LoadLibraryA
GetTempPathA
GetFileAttributesA
UnlockFile
LockFileEx
LockFile
SetFilePointer
InterlockedIncrement
GetFileAttributesW
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FlushFileBuffers
GetCurrentDirectoryW
WriteConsoleW
FindFirstFileW
TlsSetValue
GetACP
EnumSystemLocalesW
Sleep
IsValidLocale
GetModuleFileNameA
PeekNamedPipe
GetDriveTypeW
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetFileType
GetFullPathNameA
GetFullPathNameW
GetModuleHandleExW
RtlUnwind
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualProtect
VirtualFree
VirtualAlloc
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
ExitProcess
GetStdHandle
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsAlloc
CreateEventW
SetLastError
EncodePointer
TryEnterCriticalSection
TlsGetValue
FindResourceW
LoadResource
LockResource
SizeofResource
GetUserDefaultLCID
MulDiv
MoveFileExW
DeleteFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTickCount
LocalAlloc
RemoveDirectoryW
lstrcmpiW
GlobalUnlock
GlobalLock
SetFileAttributesW
GetCurrentThreadId
ReadFile
GetFileSize
CreateFileW
LocalFree
FindClose
GetTimeZoneInformation
FindNextFileW
GlobalFree
GlobalAlloc
GetCurrentProcess
GetLastError
FreeLibrary
CreateProcessW
GetVersionExW
GetWindowsDirectoryW
GetTempPathW
WideCharToMultiByte
MultiByteToWideChar
OpenProcess
CreateThread
GetPrivateProfileIntW
WritePrivateProfileStringW
LoadLibraryW
CloseHandle
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
CreateDirectoryW
QueryPerformanceCounter
GetModuleFileNameW
GetPrivateProfileStringW
QueryPerformanceFrequency
HeapFree
GetModuleHandleW
GetProcAddress
GetProcessHeap
HeapAlloc
SetStdHandle
GetSystemTime

user32

GetClassNameW
GetWindowRect
GetDesktopWindow
GetSystemMetrics
PostMessageW
keybd_event
FindWindowExW
CharLowerW
GetFocus
FindWindowW
IsWindow
IsWindowVisible
GetWindowLongW
SetWindowLongW
SetRect
MonitorFromPoint
GetDC
ReleaseDC
GetMonitorInfoW
EnumDisplayMonitors
SystemParametersInfoW
PtInRect
ClientToScreen
WindowFromPoint
KillTimer
DefWindowProcW
CreateWindowExW
DestroyWindow
SetTimer
SendMessageW
GetKeyState
SendMessageTimeoutW
ShowWindow
InvalidateRect
SetCursor
LoadCursorW
OffsetRect
ReleaseCapture
MoveWindow
SetCapture
BeginPaint
EndPaint
ScreenToClient
FillRect
GetClientRect
GetCursorPos
CreateMenu
CreatePopupMenu
DeleteMenu
DestroyMenu
SetMenuInfo
GetMenuInfo
EnableMenuItem
SetRectEmpty
InsertMenuW
GetWindowThreadProcessId
GetParent
SetWindowPos
UnionRect
RegisterClassExW
GetCapture
DrawTextW
CharNextW
CallWindowProcW
CallNextHookEx
RemovePropW
SetPropW
GetPropW
SetClassLongW
GetClassLongW
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowDC
UpdateLayeredWindow
TrackPopupMenu
RemoveMenu
ModifyMenuW

gdi32

GetTextExtentPointW
SetTextColor
ExcludeClipRect
GetTextExtentPoint32W
CreateFontW
CreateSolidBrush
SetBkMode
EnumFontsW
CreateICW
TextOutW
DeleteDC
CreateCompatibleBitmap
DeleteObject
BitBlt
SelectObject
CreateCompatibleDC
CreateDIBSection
ExtTextOutW
SetBkColor
GetDeviceCaps
CreatePen
MoveToEx
LineTo
GetPixel
GetStockObject
CreateBitmap
GetObjectW
GetDIBits
CreateDCW

advapi32

GetAclInformation
ImpersonateLoggedOnUser
RevertToSelf
LookupAccountSidW
GetTokenInformation
RegCreateKeyExW
DuplicateTokenEx
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
AddAccessAllowedAce
AddAce
EqualSid
GetAce
InitializeAcl
GetLengthSid
GetSecurityDescriptorDacl
LookupAccountNameW
InitializeSecurityDescriptor

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
SHAppBarMessage
ShellExecuteW

ole32

CreateStreamOnHGlobal

gdiplus

GdipCloneFont
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipGetDC
GdipFillRectangleI
GdipReleaseDC
GdipGetGenericFontFamilySansSerif
GdipGetImageRawFormat
GdipCreateBitmapFromStream
GdipCloneImage
GdipDisposeImage
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipDrawLine
GdipSetPenDashStyle
GdipDrawLineI
GdipDrawString
GdipFillPath
GdipDrawPath
GdipDeletePen
GdipCreatePen1
GdipSetImageAttributesColorKeys
GdipAddPathLineI
GdipAddPathArcI
GdipCreateFont
GdipCreateFontFamilyFromName
GdipDeleteFont
GdipSetImageAttributesColorMatrix
GdipCreateImageAttributes
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateSolidFill
GdipCloneBrush
GdipAlloc
GdipDeleteBrush
GdipDisposeImageAttributes
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDeletePrivateFontCollection
GdipPrivateAddFontFile
GdipFree
GdipNewPrivateFontCollection
GdipNewInstalledFontCollection
GdipGetFontCollectionFamilyCount
GdipMeasureString
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipGetFontSize
GdipGetFamily
GdipDeleteFontFamily
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeletePath
GdipCreatePath
GdiplusStartup
GdipDrawImageRectRectI

psapi

GetModuleFileNameExW

shlwapi

PathFileExistsA
PathFileExistsW

cabinet

ord21
ord23
ord20
ord22

Exports

Exports

?GetPreviewWndUtils@@YAPAVCLibPreviewWndUtils@@XZ
?GetPreviskinSkinName@@YAPB_WXZ
?GetResUtils@@YAPAVCLibResUtils@@XZ
?InitInitTempByShare@@YAX_N@Z
?LibExitInstance@@YAXXZ
?LibInitInstance@@YAXXZ
?Lib_GetTempParameterValue@@YAPB_WH@Z
?Lib_SetTempParameterValue@@YAXHH@Z
?Lib_SetTempParameterValue@@YAXHPB_W@Z
?PreviewCabSkin@@YAXPB_W@Z
?PreviewIsConfigSearchCand@@YA_NXZ
?PreviewResSkin@@YAXPB_W0@Z
?SetContextComposeOption@@YAXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ProgramData/McAfee/QuarMeta/738cc98c-9387-44ce-aacc-0feb0e706c39
.xml

Sharing

General

Malware Config

Signatures

Files

Password: infected

68b5a3a27f189ef4649f4c363d990478

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

28:cf:d4:65:57:b4:0e:ab:2f:60:ef:b3:7f:0e:6f:cbCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

67:cb:8a:8d:98:c6:7c:e0:a0:d5:cf:ab:17:9d:28:11:e9:ee:a2:3e:02:ab:a5:1a:e6:11:57:4a:ba:cd:1f:17Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

gdiplus

psapi

shlwapi

cabinet

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 274KB - Virtual size: 273KB

.data Size: 43KB - Virtual size: 76KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 40KB - Virtual size: 40KB

.reloc Size: 56KB - Virtual size: 55KB

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

28:cf:d4:65:57:b4:0e:ab:2f:60:ef:b3:7f:0e:6f:cb
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

67:cb:8a:8d:98:c6:7c:e0:a0:d5:cf:ab:17:9d:28:11:e9:ee:a2:3e:02:ab:a5:1a:e6:11:57:4a:ba:cd:1f:17
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 274KB - Virtual size: 273KB

.data
Size: 43KB - Virtual size: 76KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 56KB - Virtual size: 55KB