13c7405c663c3647969a3c1142f6f2b0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

13c7405c663c3647969a3c1142f6f2b0N.exe
Size

4.2MB
MD5

13c7405c663c3647969a3c1142f6f2b0
SHA1

e798ed7a22529fe0b68b3144b57f6a56c1b759d9
SHA256

6c070839be4d277f44d18d19c12293c788c3081532cfa3b931d2e49dc571282b
SHA512

c380aaa9c6470572c06d193e8a2d884673ec6f750d12a2c148f2e5fe38927cc9343a4c4b6cb897636380e96349d05a88347c6c964f26612171e12b3d4627b657
SSDEEP

49152:kicPskA9W8aikr4Gy0yrY0F0eZMyB418tBe6RJws/iUkuMGj2FnQoYFLLJTduRJ9:ZcPBcUi64GclB4yRrj2FnQ3SzA29

Score

1^/10

Malware Config

Signatures

Files

13c7405c663c3647969a3c1142f6f2b0N.exe
.dll regsvr32 windows:5 windows x86 arch:x86

fe249bcfd4674678de2f7e4ebbb0685b

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:ea:0d:de:d5:5e:c1:e1:a2:9f:c5:fb:5d:ab:4f:b2
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19-05-2020 00:00

Not After

18-05-2023 12:00

Subject

SERIALNUMBER=91310115591679552Q,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:aa:43:30:0d:17:67:ac:12:49:43:54:21:65:bb:9e
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19-05-2020 00:00

Not After

18-05-2023 12:00

Subject

SERIALNUMBER=91310115591679552Q,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:5b:30:bc:f4:7d:1a:53:69:ed:5f:e9:0f:0a:a8:ce:b3:27:a0:7a:65:98:7e:b4:6f:dc:42:fb:a9:7a:6e:95
Signer

Actual PE Digest

7e:5b:30:bc:f4:7d:1a:53:69:ed:5f:e9:0f:0a:a8:ce:b3:27:a0:7a:65:98:7e:b4:6f:dc:42:fb:a9:7a:6e:95

Digest Algorithm

sha256

PE Digest Matches

true

9e:cf:5f:02:d7:a2:4e:ec:dd:c5:6e:3d:58:fb:83:81:14:83:67:8f
Signer

Actual PE Digest

9e:cf:5f:02:d7:a2:4e:ec:dd:c5:6e:3d:58:fb:83:81:14:83:67:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\Work\2345Soft\2345input\bin\Win32\Release\pdb\2345Pinyin.pdb

Imports

msimg32

AlphaBlend

imm32

ImmUnlockIMCC
ImmSetConversionStatus
ImmLockIMC
ImmCreateIMCC
ImmDisableIME
ImmLockIMCC
ImmGetConversionStatus
ImmGenerateMessage
ImmReSizeIMCC
ImmGetIMCCSize
ImmUnlockIMC

oleacc

AccessibleObjectFromEvent
AccessibleObjectFromWindow

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

dbghelp

MiniDumpWriteDump

kernel32

MoveFileExW
CopyFileW
MultiByteToWideChar
GetLocalTime
LCMapStringW
GetStartupInfoW
ResetEvent
GlobalMemoryStatusEx
OpenFileMappingW
OpenMutexW
VirtualQuery
GetCurrentProcess
GetModuleHandleW
GetSystemInfo
SetFilePointer
SetEndOfFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemDirectoryW
LocalFree
ExpandEnvironmentStringsW
DeviceIoControl
RemoveDirectoryW
SetLastError
InterlockedExchange
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
CancelIo
WriteFile
CreateNamedPipeW
ConnectNamedPipe
FindNextFileW
UnmapViewOfFile
DuplicateHandle
GetFileInformationByHandle
SystemTimeToFileTime
GetFileType
GetSystemTime
CreateFileMappingW
MapViewOfFile
FileTimeToDosDateTime
CreateDirectoryW
SetFileTime
GetCurrentDirectoryW
DosDateTimeToFileTime
ExitProcess
ResumeThread
InitializeCriticalSection
CreateMutexW
ReleaseMutex
LoadLibraryExW
GetACP
GetVersionExW
lstrcmpiW
QueryDosDeviceW
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
GlobalUnlock
GetFileAttributesExW
GetEnvironmentVariableW
GetVolumeInformationW
GetDiskFreeSpaceW
GetLogicalDriveStringsW
GetFullPathNameW
GetTempPathW
GetWindowsDirectoryW
MoveFileW
GetFileSizeEx
SetFileAttributesW
IsBadWritePtr
IsBadReadPtr
IsBadStringPtrW
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalLock
GlobalFree
GlobalAlloc
Sleep
FreeLibrary
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FlushFileBuffers
GetConsoleCP
SetFilePointerEx
HeapSize
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetStdHandle
GetTimeZoneInformation
GetModuleFileNameA
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
HeapReAlloc
OutputDebugStringW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
GetFileAttributesW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
CompareStringW
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
GetStringTypeW
DeleteFileW
FormatMessageW
WideCharToMultiByte
FindClose
lstrlenW
FindFirstFileW
GetPrivateProfileStringW
WritePrivateProfileStringW
OpenEventW
SetEvent
CreateEventW
WaitForSingleObject
InterlockedExchangeAdd
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
GetCurrentProcessId
CloseHandle
OpenProcess
MulDiv
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
WaitForMultipleObjects
GetTickCount
GetLastError
GetCurrentThreadId
CreateProcessW
GetProcAddress
lstrcpyW
GetFileSize
DecodePointer
RaiseException
CreateFileW
ReadFile
FindResourceW
LoadResource
LockResource
LoadLibraryW
SizeofResource
GetLongPathNameW

user32

EqualRect
WaitMessage
GetCapture
DispatchMessageW
PeekMessageW
TranslateMessage
MonitorFromRect
MapVirtualKeyExW
GetKeyboardLayout
GetKeyNameTextW
InflateRect
DeleteMenu
RemovePropW
CreatePopupMenu
IsMenu
SetMenuItemInfoW
IsWindowEnabled
DestroyMenu
IntersectRect
SetFocus
GetUpdateRect
InsertMenuW
SetRectEmpty
AppendMenuW
UpdateWindow
FillRect
IsRectEmpty
GetWindowTextLengthW
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
CopyRect
LoadKeyboardLayoutW
ActivateKeyboardLayout
LoadStringW
GetKeyboardLayoutList
WindowFromPoint
GetParent
SetWinEventHook
GetClassInfoExW
RegisterClassExW
UnregisterClassW
PostMessageW
GetKeyState
DefWindowProcW
IsIconic
GetActiveWindow
DrawIconEx
DrawTextW
RegisterClipboardFormatW
keybd_event
OpenClipboard
CloseClipboard
FindWindowExW
GetWindowThreadProcessId
GetWindowLongW
EmptyClipboard
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
GetDesktopWindow
GetKeyboardState
GetFocus
NotifyWinEvent
GetClassNameW
UnhookWindowsHookEx
UnhookWinEvent
GetAncestor
GetWindowTextW
CallNextHookEx
SetWindowsHookExW
LoadImageW
UnregisterHotKey
RegisterHotKey
GetAsyncKeyState
MoveWindow
KillTimer
SetCursorPos
ReleaseDC
GetDC
GetMenuItemInfoW
ModifyMenuW
LoadMenuW
GetMenuItemID
MessageBoxW
GetMenuItemCount
GetSubMenu
GetForegroundWindow
GetMenuStringW
CheckMenuItem
EnableMenuItem
ClientToScreen
ToUnicodeEx
SystemParametersInfoW
GetGUIThreadInfo
SendInput
GetSystemMetrics
TrackMouseEvent
FindWindowW
SetCapture
ReleaseCapture
DestroyWindow
CreateWindowExW
ScreenToClient
SetTimer
WindowFromDC
SetWindowLongW
GetClientRect
SetRect
InvalidateRect
SendMessageW
GetWindowRect
IsWindowVisible
SetWindowPos
ShowWindow
LoadCursorW
SetCursor
UpdateLayeredWindow
PtInRect
GetCursorPos
BeginPaint
EndPaint
IsWindow

gdi32

CreateCompatibleDC
SelectObject
CreateFontIndirectW
GetTextExtentPointW
CreatePen
CreateRectRgn
LineTo
ExtCreatePen
DeleteObject
MoveToEx
CreateDIBitmap
CreateCompatibleBitmap
CreateSolidBrush
EnumFontFamiliesW
GetStockObject
BitBlt
CreateDIBSection
GetBitmapBits
SetTextColor
SetBkMode
GetObjectW
GetTextMetricsW
GetDeviceCaps
DeleteDC
SetBkColor
SelectClipRgn

advapi32

RegQueryValueExW
GetFileSecurityW
LookupAccountNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
GetSecurityDescriptorDacl
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
GetAclInformation
GetAce
EqualSid
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW

shell32

ShellExecuteExW
SHGetFolderPathW
ShellExecuteW

ole32

RevokeDragDrop
CoUninitialize
RegisterDragDrop
CoCreateInstance
CoInitialize

oleaut32

SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString

iphlpapi

GetAdaptersAddresses

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME
UIWindowProcedure

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 770KB - Virtual size: 769KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 371KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe249bcfd4674678de2f7e4ebbb0685b

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

06:ea:0d:de:d5:5e:c1:e1:a2:9f:c5:fb:5d:ab:4f:b2Certificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

05:aa:43:30:0d:17:67:ac:12:49:43:54:21:65:bb:9eCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

7e:5b:30:bc:f4:7d:1a:53:69:ed:5f:e9:0f:0a:a8:ce:b3:27:a0:7a:65:98:7e:b4:6f:dc:42:fb:a9:7a:6e:95Signer

9e:cf:5f:02:d7:a2:4e:ec:dd:c5:6e:3d:58:fb:83:81:14:83:67:8fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msimg32

imm32

oleacc

version

dbghelp

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iphlpapi

Exports

Exports

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 770KB - Virtual size: 769KB

.data Size: 108KB - Virtual size: 114KB

.rsrc Size: 371KB - Virtual size: 370KB

.reloc Size: 177KB - Virtual size: 177KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

06:ea:0d:de:d5:5e:c1:e1:a2:9f:c5:fb:5d:ab:4f:b2
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

05:aa:43:30:0d:17:67:ac:12:49:43:54:21:65:bb:9e
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

7e:5b:30:bc:f4:7d:1a:53:69:ed:5f:e9:0f:0a:a8:ce:b3:27:a0:7a:65:98:7e:b4:6f:dc:42:fb:a9:7a:6e:95
Signer

9e:cf:5f:02:d7:a2:4e:ec:dd:c5:6e:3d:58:fb:83:81:14:83:67:8f
Signer

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 770KB - Virtual size: 769KB

.data
Size: 108KB - Virtual size: 114KB

.rsrc
Size: 371KB - Virtual size: 370KB

.reloc
Size: 177KB - Virtual size: 177KB