General

Malware Config

Signatures

Files

• E036A20D879B669BF96F17A6F17F4C4D.exe

  .exe windows:5 windows x86 arch:x86

  8599d435af1a37e9992ede2904ac6908

  
  

  Code Sign

  01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  19-09-2018 00:00

  Not After

  28-01-2028 12:00

  Subject

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  28-07-2020 00:00

  Not After

  18-03-2029 00:00

  Subject

  CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27

  Certificate

  Issuer

  CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Not Before

  31-05-2021 06:43

  Not After

  17-09-2029 06:43

  Subject

  CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30

  Certificate

  Issuer

  CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

  Not Before

  28-07-2022 08:56

  Not After

  27-07-2033 08:56

  Subject

  CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87

  Certificate

  Issuer

  CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

  Not Before

  19-05-2021 05:32

  Not After

  18-05-2036 05:32

  Subject

  CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed

  Certificate

  Issuer

  CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

  Not Before

  28-07-2020 00:00

  Not After

  28-07-2030 00:00

  Subject

  CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  29:c8:cb:43:1d:57:65:77:57:fb:47:fc

  Certificate

  Issuer

  CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

  Not Before

  20-12-2022 08:57

  Not After

  18-03-2025 08:54

  Subject

  SERIALNUMBER=0104-01-157146,CN=FLEXTECH INC.,O=FLEXTECH INC.,STREET=Roppongi 6-10-1,L=Minato-ku,ST=Tokyo,C=JP,1.3.6.1.4.1.311.60.2.1.3=#13024a50,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  19-09-2018 00:00

  Not After

  28-01-2028 12:00

  Subject

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  28-07-2020 00:00

  Not After

  18-03-2029 00:00

  Subject

  CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed

  Certificate

  Issuer

  CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

  Not Before

  28-07-2020 00:00

  Not After

  28-07-2030 00:00

  Subject

  CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  29:c8:cb:43:1d:57:65:77:57:fb:47:fc

  Certificate

  Issuer

  CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

  Not Before

  20-12-2022 08:57

  Not After

  18-03-2025 08:54

  Subject

  SERIALNUMBER=0104-01-157146,CN=FLEXTECH INC.,O=FLEXTECH INC.,STREET=Roppongi 6-10-1,L=Minato-ku,ST=Tokyo,C=JP,1.3.6.1.4.1.311.60.2.1.3=#13024a50,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4

  Certificate

  Issuer

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  03-05-2023 00:00

  Not After

  02-08-2034 23:59

  Subject

  CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-05-2019 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  46:27:e0:60:cd:e3:fd:f0:90:45:1c:a6:6b:91:9b:e4:f7:e2:81:8c:d0:2f:9e:2f:98:40:70:4d:96:85:a2:d0

  Signer

  Actual PE Digest

  46:27:e0:60:cd:e3:fd:f0:90:45:1c:a6:6b:91:9b:e4:f7:e2:81:8c:d0:2f:9e:2f:98:40:70:4d:96:85:a2:d0

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  56:b6:4d:68:32:13:aa:0b:41:37:7b:ab:9e:79:11:47:87:9f:c3:44

  Signer

  Actual PE Digest

  56:b6:4d:68:32:13:aa:0b:41:37:7b:ab:9e:79:11:47:87:9f:c3:44

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  H:\baidu\netdisk\pc-international\output\AutoUpdate\output\pdb\Autoupdate.pdb

  Imports

  crypt32

  CertGetCertificateContextProperty

  CertFreeCertificateContext

  CertDuplicateCertificateContext

  CertFindCertificateInStore

  CertEnumCertificatesInStore

  CertCloseStore

  CertOpenStore

  ws2_32

  WSAGetLastError

  WSACleanup

  WSASetLastError

  send

  recv

  closesocket

  kernel32

  CreateToolhelp32Snapshot

  Process32FirstW

  Process32NextW

  WaitForMultipleObjects

  TerminateThread

  SetThreadPriority

  GetTempPathW

  VerifyVersionInfoW

  VerSetConditionMask

  ReleaseMutex

  CreateMutexW

  GetCurrentProcessId

  GetPrivateProfileIntW

  InitializeCriticalSection

  WriteConsoleW

  SetConsoleTextAttribute

  FreeConsole

  GetConsoleScreenBufferInfo

  GetStdHandle

  AllocConsole

  OutputDebugStringW

  EncodePointer

  SetEndOfFile

  SetFilePointer

  WriteFile

  SetConsoleCtrlHandler

  ReadDirectoryChangesW

  Module32FirstW

  Module32NextW

  LoadLibraryA

  FileTimeToSystemTime

  FlushFileBuffers

  GetFileInformationByHandle

  GetLogicalDrives

  GetVolumeInformationW

  DuplicateHandle

  GetExitCodeThread

  CreateFileMappingW

  MapViewOfFile

  UnmapViewOfFile

  RemoveDirectoryW

  GetTempFileNameW

  ReadFile

  SetFilePointerEx

  SetFileTime

  GetModuleHandleExW

  GetFileType

  DeleteFiber

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  ConvertFiberToThread

  GetEnvironmentVariableW

  GetConsoleMode

  SetConsoleMode

  ReadConsoleA

  ReadConsoleW

  GetCurrentProcess

  FindClose

  FindNextFileW

  FindFirstFileW

  GetFileSize

  CreateFileW

  CreateDirectoryW

  OpenEventW

  ResetEvent

  ExitProcess

  GetCommandLineW

  OpenProcess

  DecodePointer

  GetCurrentThreadId

  LoadLibraryExW

  RaiseException

  lstrcmpiW

  GetPrivateProfileSectionW

  GetSystemTime

  SystemTimeToFileTime

  WritePrivateProfileStringW

  MoveFileW

  WaitForSingleObject

  CloseHandle

  SetEvent

  CreateEventW

  DeleteFileW

  GetVersionExW

  CopyFileW

  SetEnvironmentVariableA

  FreeEnvironmentStringsW

  MoveFileExW

  InitializeCriticalSectionAndSpinCount

  FormatMessageW

  LocalFree

  DeleteCriticalSection

  GetModuleFileNameW

  LeaveCriticalSection

  EnterCriticalSection

  Sleep

  TlsAlloc

  TlsFree

  TlsSetValue

  TlsGetValue

  GetPrivateProfileStringW

  GetModuleHandleW

  MultiByteToWideChar

  GetLastError

  WideCharToMultiByte

  GetTickCount

  FreeLibrary

  GetProcAddress

  LoadLibraryW

  GetProcessHeap

  HeapAlloc

  HeapFree

  HeapReAlloc

  HeapSize

  HeapDestroy

  FindResourceExW

  FindResourceW

  LoadResource

  LockResource

  SizeofResource

  VirtualAlloc

  IsProcessorFeaturePresent

  FlushInstructionCache

  InterlockedPushEntrySList

  GetEnvironmentStringsW

  GetCommandLineA

  FindNextFileA

  FindFirstFileExA

  GetOEMCP

  IsValidCodePage

  GetTimeZoneInformation

  SetStdHandle

  GetFullPathNameW

  GetCurrentDirectoryW

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetTimeFormatW

  GetDateFormatW

  GetConsoleCP

  GetModuleFileNameA

  InterlockedPopEntrySList

  InitializeSListHead

  SetLastError

  VirtualFree

  LoadLibraryExA

  CompareStringW

  LCMapStringW

  GetLocaleInfoW

  GetStringTypeW

  GetCPInfo

  WaitForSingleObjectEx

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TerminateProcess

  GetStartupInfoW

  HeapCreate

  FreeResource

  lstrlenW

  MulDiv

  GetACP

  SystemTimeToTzSpecificLocalTime

  PeekNamedPipe

  GetDriveTypeW

  FreeLibraryAndExitThread

  ExitThread

  CreateThread

  GetFileAttributesExW

  RtlUnwind

  GetModuleHandleA

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  IsDebuggerPresent

  user32

  SetTimer

  MessageBoxW

  KillTimer

  PostThreadMessageW

  UnregisterClassW

  DefWindowProcW

  RegisterClassExW

  CreateWindowExW

  CallWindowProcW

  GetClassInfoExW

  GetWindowLongW

  SetWindowLongW

  LoadCursorW

  MoveWindow

  GetMenuItemInfoW

  TrackPopupMenu

  AppendMenuW

  CharNextW

  CreatePopupMenu

  MessageBeep

  EmptyClipboard

  GetClipboardData

  SetClipboardData

  PostMessageW

  OpenClipboard

  DispatchMessageW

  TranslateMessage

  PeekMessageW

  SetForegroundWindow

  SetRectEmpty

  UnionRect

  ShowWindow

  SetWindowPos

  PostQuitMessage

  DestroyWindow

  GetSysColor

  EnableMenuItem

  MapVirtualKeyA

  GetSystemMetrics

  SetRect

  FillRect

  DrawIconEx

  DestroyIcon

  OffsetRect

  DrawTextW

  LoadImageW

  LoadBitmapW

  EqualRect

  PtInRect

  IsWindow

  SendMessageW

  LoadIconW

  SetWindowTextW

  CloseClipboard

  GetMessageW

  DestroyMenu

  GetUserObjectInformationW

  GetProcessWindowStation

  CharLowerBuffW

  GetDlgItem

  GetParent

  TrackMouseEvent

  AnimateWindow

  UpdateLayeredWindow

  PrintWindow

  SetLayeredWindowAttributes

  IsWindowVisible

  IsIconic

  IsZoomed

  SetFocus

  GetActiveWindow

  SetCapture

  ReleaseCapture

  EnableWindow

  IsWindowEnabled

  EndMenu

  UpdateWindow

  SetActiveWindow

  GetDC

  ReleaseDC

  BeginPaint

  EndPaint

  InvalidateRect

  GetClientRect

  GetWindowRect

  GetCursorPos

  CreateCaret

  GetCaretBlinkTime

  SetCaretPos

  ClientToScreen

  ScreenToClient

  MapWindowPoints

  CopyRect

  InflateRect

  IntersectRect

  IsRectEmpty

  GetDesktopWindow

  EnumChildWindows

  GetWindow

  MonitorFromWindow

  GetMonitorInfoW

  GetKeyState

  SetCursor

  gdi32

  GetDeviceCaps

  CreateFontIndirectW

  GetObjectA

  CreateSolidBrush

  GetViewportOrgEx

  LineTo

  RoundRect

  CreateDIBSection

  ExtCreatePen

  MoveToEx

  TextOutW

  GetClipBox

  GetTextColor

  GetTextMetricsW

  CreateBitmap

  CreateDIBitmap

  GetTextExtentPointW

  OffsetViewportOrgEx

  GetStockObject

  DeleteObject

  DeleteDC

  BitBlt

  CombineRgn

  CreateCompatibleBitmap

  CreateCompatibleDC

  CreateRectRgnIndirect

  GetCurrentObject

  GetRgnBox

  SelectClipRgn

  SelectObject

  SetBkColor

  SetBkMode

  StretchBlt

  SetTextColor

  GetObjectW

  ExtTextOutW

  SetViewportOrgEx

  CreatePen

  CreateRectRgn

  ExcludeClipRect

  GetClipRgn

  GetObjectType

  RectInRegion

  Rectangle

  RestoreDC

  SaveDC

  ExtSelectClipRgn

  GetTextExtentPoint32W

  advapi32

  CheckTokenMembership

  ReportEventW

  CryptAcquireContextW

  CryptReleaseContext

  CryptDestroyKey

  CryptSetHashParam

  CryptGetProvParam

  CryptGetUserKey

  RegDeleteKeyW

  RegCloseKey

  CryptEnumProvidersW

  CryptSignHashW

  CryptDestroyHash

  RegQueryInfoKeyW

  RegEnumKeyExW

  RegOpenKeyExW

  RegSetValueExW

  RegCreateKeyExW

  RegDeleteValueW

  OpenProcessToken

  DuplicateTokenEx

  GetTokenInformation

  CreateWellKnownSid

  CryptExportKey

  RegQueryValueExW

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  CreateProcessAsUserW

  DeregisterEventSource

  CryptCreateHash

  CryptDecrypt

  RegisterEventSourceW

  shell32

  ord680

  SHGetFolderPathW

  SHGetSpecialFolderPathW

  CommandLineToArgvW

  ShellExecuteExW

  ShellExecuteW

  ole32

  StgOpenStorageEx

  StgCreateStorageEx

  StringFromGUID2

  CoLoadLibrary

  CLSIDFromProgID

  OleLockRunning

  CreateStreamOnHGlobal

  CreateBindCtx

  CLSIDFromString

  StringFromCLSID

  CoInitializeEx

  CoUninitialize

  CoTaskMemAlloc

  CoTaskMemRealloc

  CoTaskMemFree

  CoCreateInstance

  oleaut32

  SafeArrayGetLBound

  SafeArrayGetUBound

  SafeArrayCreate

  VariantCopy

  VarBstrCmp

  VarUI4FromStr

  SysStringByteLen

  SafeArrayLock

  VariantInit

  VariantClear

  SysAllocStringLen

  LoadTypeLi

  LoadRegTypeLi

  SysStringLen

  SysFreeString

  SysAllocString

  SafeArrayUnlock

  VarCmp

  SysAllocStringByteLen

  GetErrorInfo

  shlwapi

  StrToIntExA

  StrToIntW

  setupapi

  SetupIterateCabinetW

  wininet

  HttpQueryInfoA

  HttpEndRequestW

  HttpSendRequestW

  HttpAddRequestHeadersW

  HttpOpenRequestW

  InternetSetStatusCallbackW

  InternetSetOptionW

  InternetQueryOptionA

  InternetReadFileExA

  InternetConnectW

  InternetCloseHandle

  InternetWriteFile

  HttpSendRequestExA

  InternetOpenA

  InternetSetOptionA

  HttpQueryInfoW

  bcrypt

  BCryptGenRandom

  imm32

  ImmReleaseContext

  ImmGetContext

  gdiplus

  GdipDrawImageRectRectI

  GdipFillRectangleI

  GdipSetCompositingMode

  GdipDeleteGraphics

  GdipCreateFromHDC

  GdipSetImageAttributesWrapMode

  GdipSetImageAttributesColorMatrix

  GdipDisposeImageAttributes

  GdipGetImageHeight

  GdipGetImageWidth

  GdipDisposeImage

  GdipCloneImage

  GdiplusShutdown

  GdiplusStartup

  GdipFree

  GdipAlloc

  GdipLoadImageFromStream

  GdipDeleteBrush

  GdipCreateImageAttributes

  GdipCloneBrush

  GdipLoadImageFromFileICM

  GdipLoadImageFromStreamICM

  GdipLoadImageFromFile

  GdipCreateTexture2I

  msimg32

  GradientFill

  AlphaBlend

  Sections

  .text

  Size: 1.7MB - Virtual size: 1.7MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 751KB - Virtual size: 751KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 46KB - Virtual size: 127KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 1024B - Virtual size: 560B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 872KB - Virtual size: 872KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 112KB - Virtual size: 111KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ