316399dcfc9b35494cf36e2aa770bc00N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

316399dcfc9b35494cf36e2aa770bc00N.exe
Size

2.6MB
MD5

316399dcfc9b35494cf36e2aa770bc00
SHA1

7029112b996d38fbdd11d7cd5fd1f8c67152e781
SHA256

5afa6f9ae4ed5dbc3762e739b3812d4e3580b1c8c15a91c4dc96c01bd0fa29ea
SHA512

0ae1fd25e1d625ffbc709027259bfbce253579f3310e8cdf6c9dec57100a33ff28b5e823513bd7247a776183cb8929dc214e9ccbcdb8311e45f170be5c7370eb
SSDEEP

49152:zH/kbCqfRAGWNmhWBcxS3xjlo4/tMrnWonlaUfy7tNlfn9/Ay/BTEoXzbY:zH/CXAGWNmhWaxQZo4/tMjW3UA/lfn9O

Score

1^/10

Malware Config

Signatures

Files

316399dcfc9b35494cf36e2aa770bc00N.exe
.dll windows:6 windows x86 arch:x86

5e3a9ed9036199a5d322ab26477f60f0

Code Sign

10:f1:b1:ee:2d:25:66:9d:c0:b5:5f:d3:31:6f:d8:11:e3:61:38:08
Certificate

Issuer

O=ZSHIELD INC,L=Beijing,ST=Beijing,C=CN

Not Before

11/10/2023, 11:35

Not After

10/07/2033, 11:35

Subject

O=ZSHIELD INC,L=Beijing,ST=Beijing,C=CN

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ad:f8:1e:28:c8:8d:8e:6e:14:2e:95:c0:f7:12:e1:ca:03:b5:ce:31
Signer

Actual PE Digest

ad:f8:1e:28:c8:8d:8e:6e:14:2e:95:c0:f7:12:e1:ca:03:b5:ce:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\MyCode\win_agent_tool\win_urd\urd\URD\URDTest\Release\URDHelp.pdb

Imports

kernel32

SetCurrentDirectoryW
SetEnvironmentVariableA
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
SetEnvironmentVariableW
SetVolumeLabelW
GetDriveTypeW
WriteConsoleW
FreeEnvironmentStringsW
ReadConsoleW
GetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetTimeZoneInformation
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
VirtualAlloc
HeapQueryInformation
GetFileType
SetStdHandle
RtlUnwind
GetCommandLineA
ExitThread
AreFileApisANSI
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
MoveFileExW
FindResourceExW
GetUserDefaultLCID
GetDiskFreeSpaceW
VirtualProtect
SearchPathW
GetProfileIntW
GetTempPathW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
lstrcpyW
GetCurrentDirectoryW
GlobalFlags
GetUserDefaultUILanguage
GetLocaleInfoW
CompareStringW
ResumeThread
SetThreadPriority
MoveFileW
lstrcmpiW
DuplicateHandle
UnlockFile
SetFilePointer
LockFile
GetVolumeInformationW
GetFullPathNameW
SetFileTime
LocalFileTimeToFileTime
GetFileTime
SystemTimeToFileTime
GlobalGetAtomNameW
lstrcmpA
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetVersionExW
FindNextFileW
FindFirstFileW
FindClose
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
GetModuleHandleA
FreeResource
GetSystemDirectoryW
EncodePointer
LoadLibraryExW
SetLastError
CopyFileW
MulDiv
GlobalUnlock
GlobalLock
GlobalSize
DecodePointer
HeapSize
RaiseException
InitializeCriticalSectionEx
HeapReAlloc
VirtualQueryEx
LoadLibraryA
OpenThread
WinExec
GetSystemInfo
GetPrivateProfileStringW
CreateDirectoryW
GetFileAttributesW
VirtualQuery
LocalAlloc
UnmapViewOfFile
OpenFileMappingW
MapViewOfFile
CreateFileMappingW
GetTickCount64
WaitForMultipleObjects
OpenEventW
GetCurrentThreadId
GetCurrentProcess
CreateProcessW
CreateSemaphoreW
GetStartupInfoW
TerminateProcess
QueryFullProcessImageNameW
OpenProcess
HeapFree
GetProcessHeap
HeapAlloc
CreateThread
GetModuleFileNameW
LocalFree
FormatMessageW
GlobalFree
GlobalAlloc
GetWindowsDirectoryW
SetEvent
OutputDebugStringA
CreateEventW
GetCurrentProcessId
GetExitCodeProcess
WaitForSingleObject
GetProcessId
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileSize
FlushFileBuffers
SetFileAttributesW
GetFileAttributesExW
FreeLibrary
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
GetProcAddress
GetLastError
LoadLibraryW
GetModuleHandleW
SetDllDirectoryW
ReadFile
FindResourceW
LoadResource
LockResource
SizeofResource
WritePrivateProfileStringW
Sleep
WriteFile
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
CreateFileW
DeleteFileW
CloseHandle
GetFileInformationByHandle

user32

DrawIconEx
LoadImageW
IsRectEmpty
OffsetRect
SetRectEmpty
DrawFocusRect
ReleaseCapture
SetCapture
GetNextDlgGroupItem
IsIconic
InvalidateRect
KillTimer
SetTimer
DeleteMenu
SetCursor
ShowOwnedPopups
DestroyIcon
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IntersectRect
RealChildWindowFromPoint
GetActiveWindow
SendDlgItemMessageA
CopyImage
InflateRect
GetMenuItemInfoW
DestroyMenu
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
CharUpperW
LoadCursorW
GetSysColorBrush
WindowFromPoint
GetCursorPos
FillRect
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassLongW
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
GetIconInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
LoadAcceleratorsW
SetActiveWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
TranslateAcceleratorW
InsertMenuItemW
CharToOemBuffA
SendMessageW
GetWindowThreadProcessId
GetParent
GetWindow
SetWindowPlacement
GetWindowPlacement
IsChild
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
PostMessageW
GetMessageTime
GetMessagePos
PeekMessageW
RegisterWindowMessageW
IsDialogMessageW
SetWindowLongW
GetWindowLongW
GetWindowTextLengthW
SetWindowTextW
IsWindowEnabled
EnableWindow
GetFocus
SetFocus
GetDlgCtrlID
CheckDlgButton
GetDlgItem
MoveWindow
ShowWindow
IsWindow
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
DispatchMessageW
TranslateMessage
MessageBeep
GetAsyncKeyState
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
MapVirtualKeyW
LoadMenuW
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
SetWindowRgn
UnionRect
IsMenu
UpdateLayeredWindow
MonitorFromPoint
ShowScrollBar
BringWindowToTop
SystemParametersInfoW
GetWindowRect
GetClientRect
GetDesktopWindow
GetClassNameW
GetWindowTextW
OemToCharBuffA
UnpackDDElParam
ReuseDDElParam
GetKeyNameTextW
TrackMouseEvent
GetComboBoxInfo
IsZoomed
GetSystemMenu
SetWindowPos
MessageBoxW
GetForegroundWindow
GetSystemMetrics
DestroyWindow
PostQuitMessage
DefWindowProcW
RegisterClassExW
CreateWindowExW
RegisterDeviceNotificationW
GetMessageW
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
DrawIcon
GetWindowRgn
DestroyCursor
MapDialogRect
CreateMenu
SubtractRect
GetUpdateRect
IsClipboardFormatAvailable
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
FrameRect
CharUpperBuffW
RegisterClipboardFormatW
ModifyMenuW
SetMenuDefaultItem
CopyIcon
GetDoubleClickTime
SetClassLongW
LockWindowUpdate
SetParent
SetRect
SetForegroundWindow
SetCursorPos

gdi32

MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextExtentPoint32W
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextMetricsW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
Rectangle
EnumFontFamiliesExW
GetRgnBox
OffsetRgn
CreateRoundRectRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
GetTextFaceW
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
ExcludeClipRect
Escape
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreateHatchBrush
CreateBitmap
BitBlt
SetTextColor
SetBkColor
GetDeviceCaps
CreateDCW
CopyMetaFileW
CreatePen
CreateCompatibleDC
GetObjectW
SetDIBColorTable
GetClipBox
CreateFontIndirectW

msimg32

AlphaBlend
TransparentBlt

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

CreateProcessAsUserW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupAccountSidW
CheckTokenMembership
CreateWellKnownSid
SetTokenInformation
GetTokenInformation
DuplicateTokenEx
OpenProcessToken
RegOpenKeyExW
StartServiceW
RegDeleteValueW
SetServiceStatus
QueryServiceStatus
OpenServiceW
CloseServiceHandle
OpenSCManagerW
RegEnumKeyExW

shell32

DragFinish
SHGetFolderPathW
ord680
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHAppBarMessage
ShellExecuteExW
DragQueryFileW
SHGetDesktopFolder
SHGetSpecialFolderLocation

shlwapi

UrlUnescapeW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW

uxtheme

DrawThemeParentBackground
DrawThemeText
GetThemePartSize
GetCurrentThemeName
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetWindowTheme

ole32

OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
DoDragDrop
IsAccelerator
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
OleTranslateAccelerator

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopy
VarBstrFromDate
LoadTypeLi
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysStringLen
SysAllocString
SysFreeString

iphlpapi

GetExtendedTcpTable
SetPerTcpConnectionEStats

crypt32

CryptStringToBinaryA

ws2_32

ntohs
WSAStartup
gethostbyname
inet_ntoa

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wininet

InternetCanonicalizeUrlW
InternetCrackUrlW
InternetCloseHandle
InternetSetOptionW
InternetQueryOptionW
InternetReadFile
InternetQueryDataAvailable
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetGetLastResponseInfoA
InternetOpenA

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipBitmapLockBits
GdipDrawImageRectI
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipCreateBitmapFromScan0
GdipSetInterpolationMode
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Exports

Exports

??0CURDHelp@@QAE@XZ
??4CURDHelp@@QAEAAV0@ABV0@@Z
?fnURDHelp@@YAHXZ
?nURDHelp@@3HA
ConnectUSB
DisconnectUSB
EnumCurrentRdpHandle
GetAllUsbList
GetAutoConnectList
GetAvailableUsbList
GetConnectState
GetCurrentConnectUser
GetLastConnectError
GetManualConnAndDisconnDeque
GetOEMSrvStatus
GetZonePolicy
GroupIsOnline
GroupJoin
GroupQuit
GroupQuitAll
GroupSelect
InitConnectUSBList
InitRdpEnum
ReloadUsbList
SetAutoUsbConnect
SetAvailableUsbActiveCallbackFun
SetConnectUSBDesktop
SetConnectUSBParam
SetCurrentConnectUser
SetGroupChangeMsg
SetLocalUseUSB
SetLogStorageParam
SetManualConnAndDisconnDequeNotifyCBFun
SetURDServerStartupParam
SetWorkParam
SetZSServerMagCmd
SetZonePolicy
SetZonePolicyCBFun
SetZonePolicyName
StartZSServerMag
UserLogin
UserLogout
WebAccess
ZonePolicyLogFlag

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 535KB - Virtual size: 535KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e3a9ed9036199a5d322ab26477f60f0

Code Sign

10:f1:b1:ee:2d:25:66:9d:c0:b5:5f:d3:31:6f:d8:11:e3:61:38:08Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

ad:f8:1e:28:c8:8d:8e:6e:14:2e:95:c0:f7:12:e1:ca:03:b5:ce:31Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

iphlpapi

crypt32

ws2_32

wtsapi32

userenv

wininet

oleacc

gdiplus

imm32

winmm

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 535KB - Virtual size: 535KB

.data Size: 27KB - Virtual size: 163KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 137KB - Virtual size: 137KB

10:f1:b1:ee:2d:25:66:9d:c0:b5:5f:d3:31:6f:d8:11:e3:61:38:08
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

ad:f8:1e:28:c8:8d:8e:6e:14:2e:95:c0:f7:12:e1:ca:03:b5:ce:31
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 535KB - Virtual size: 535KB

.data
Size: 27KB - Virtual size: 163KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 137KB - Virtual size: 137KB