c5484e0a4531daaf765ee534a8441cd0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

c5484e0a4531daaf765ee534a8441cd0N.exe
Size

1.4MB
MD5

c5484e0a4531daaf765ee534a8441cd0
SHA1

3a2b869e550399e4ec0d40b84ad4af781123dbb9
SHA256

25d9f0734f63f584fe4330089103825a5faff97315fa71f20beafa80f5941c2f
SHA512

459660712efd296ebde86abe1ae588842c289af9e27c6c0f596ba16cec041c0dd2341a1e20b12cf118895816fdb08899d653c2ed4d8ca417b3ebacd2d1908781
SSDEEP

24576:6/YizH8Ro155NYte9Xtr+t/zgdGqTk4Aez2lhKDj0XbMqYbJNJdu:EYiAA5Nd9X1+9gka22DjqtYbJNJdu

Score

1^/10

Malware Config

Signatures

Files

c5484e0a4531daaf765ee534a8441cd0N.exe
.dll windows:5 windows x64 arch:x64

7e6eaba8e4a244fe0520c037ad631c22

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:1c:b9:ae:fa:dd:da:f7:85:7b:64:8c:c1:54:95:e8
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

11/12/2023, 00:00

Not After

30/12/2024, 23:59

Subject

SERIALNUMBER=9111000070003202XF,CN=Feitian Technologies Co.\, Ltd.,O=Feitian Technologies Co.\, Ltd.,ST=Beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13104861696469616e204469737472696374,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:6f:10:c4:33:a2:99:25:c3:22:2d:cd:4b:7b:55:14:1a:8c:cf:80:b4:a4:a7:09:e8:ac:48:4e:a0:e6:79:f2
Signer

Actual PE Digest

75:6f:10:c4:33:a2:99:25:c3:22:2d:cd:4b:7b:55:14:1a:8c:cf:80:b4:a4:a7:09:e8:ac:48:4e:a0:e6:79:f2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\SVN_DIR\svn\es\shuttle\oem_branches\InterPass3000_YXYC_VS2008_Bug126148\source\output\x64\ReleaseStatic\i3000\InterPass3000_CSP11.pdb

Imports

crypt32

CertGetIntendedKeyUsage
CertNameToStrA
CertCreateCertificateContext
CertGetEnhancedKeyUsage
CryptDecodeObject
CertFindExtension
CryptVerifyCertificateSignature
CertGetNameStringW
CertFreeCertificateContext

kernel32

IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
RtlPcToFileHeader
RtlUnwindEx
ExitThread
FlsSetValue
GetCommandLineA
HeapReAlloc
ExitProcess
HeapSize
HeapQueryInformation
EncodePointer
DecodePointer
SetUnhandledExceptionFilter
FlsFree
FlsAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
HeapSetInformation
HeapCreate
HeapDestroy
GetModuleFileNameA
LCMapStringA
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
UnhandledExceptionFilter
TerminateProcess
FlushFileBuffers
SetFilePointer
WriteFile
WritePrivateProfileStringW
GlobalFlags
SetErrorMode
LocalReAlloc
GlobalHandle
GlobalReAlloc
lstrlenA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetVersionExA
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
CreateThread
QueryPerformanceCounter
GetSystemTimeAsFileTime
DeviceIoControl
TlsGetValue
GlobalAlloc
GlobalFree
IsBadReadPtr
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
TerminateThread
WideCharToMultiByte
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenMutexW
CreateMutexW
ReleaseMutex
OpenEventW
CreateEventW
WaitForSingleObject
SetEvent
GetSystemInfo
lstrcmpiW
SetLastError
GetStdHandle
GetCurrentThreadId
HeapAlloc
HeapFree
OutputDebugStringA
GetCurrentProcessId
OpenProcess
CheckRemoteDebuggerPresent
GetVersionExW
CompareFileTime
OutputDebugStringW
lstrlenW
GetSystemDirectoryW
GetShortPathNameW
VirtualQuery
lstrcmpW
MultiByteToWideChar
WaitForMultipleObjects
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetLastError
LocalAlloc
LocalFree
GetUserDefaultUILanguage
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateFileW
GetFileSize
ReadFile
TlsFree
TlsAlloc
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentProcess
CloseHandle
GetTickCount
Sleep
TlsSetValue
FlsGetValue

user32

GetSysColorBrush
DestroyMenu
EndPaint
BeginPaint
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetCursorPos
ValidateRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
CheckMenuItem
CreateDialogIndirectParamW
GetNextDlgTabItem
MoveWindow
IsDialogMessageW
SetDlgItemInt
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
GetCapture
GetClassLongPtrW
RemovePropW
GetLastActivePopup
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
GetClassInfoExW
GetClassInfoW
CopyRect
GetMenu
SetWindowLongW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMenuState
GetMenuItemID
GetSubMenu
SetCursor
IsDlgButtonChecked
CheckDlgButton
LoadCursorW
GetWindowRect
MessageBoxW
GetClientRect
GetDlgItem
IsWindowEnabled
EndDialog
UpdateWindow
GetDesktopWindow
GetDC
ReleaseDC
GetActiveWindow
wsprintfW
GetMenuItemCount
GetWindow
GetDlgCtrlID
GetClassNameW
SetActiveWindow
GetWindowThreadProcessId
SetWindowPos
GetWindowTextW
GetSysColor
IsWindowVisible
InflateRect
PtInRect
BroadcastSystemMessageW
SetPropW
GetPropW
CallWindowProcW
AdjustWindowRectEx
RegisterClassW
GetWindowLongW
GetAsyncKeyState
GetKeyboardState
ToAscii
SetWindowTextW
GetWindowLongPtrW
GetParent
SetFocus
GetWindowTextLengthW
RegisterClassExW
UnregisterClassW
CreateWindowExW
ShowWindow
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
SetWindowLongPtrW
IsWindow
PostMessageW
MessageBeep
DestroyIcon
GetSystemMetrics
GetIconInfo
MapDialogRect
GetFocus
GetSystemMenu
EnableMenuItem
FindWindowW
GetForegroundWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
RegisterWindowMessageW
EnableWindow
LoadIconW
SendMessageW
SetForegroundWindow
KillTimer
SetTimer

gdi32

ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetObjectW
CreateDCW
SelectClipRgn
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
DeleteObject
DeleteDC
GetStockObject
SelectObject
CreateRectRgnIndirect
GetTextExtentPoint32W

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
SetNamedSecurityInfoW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegOpenKeyW
OpenSCManagerW
CreateServiceW
OpenServiceW
DeleteService
StartServiceW
CloseServiceHandle
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation

shell32

ShellExecuteExW

shlwapi

PathFindFileNameW
PathFindExtensionW

ole32

CoCreateGuid

oleaut32

VariantClear
VariantChangeType
VariantInit

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

Exports

Exports

CPAcquireContext
CPCreateHash
CPDecrypt
CPDeriveKey
CPDestroyHash
CPDestroyKey
CPEncrypt
CPExportKey
CPGenKey
CPGenRandom
CPGetHashParam
CPGetKeyParam
CPGetProvParam
CPGetUserKey
CPHashData
CPHashSessionKey
CPImportKey
CPReleaseContext
CPSetHashParam
CPSetKeyParam
CPSetProvParam
CPSignHash
CPVerifySignature
C_CancelFunction
C_CloseAllSessions
C_CloseSession
C_CopyObject
C_CreateObject
C_Decrypt
C_DecryptDigestUpdate
C_DecryptFinal
C_DecryptInit
C_DecryptUpdate
C_DecryptVerifyUpdate
C_DeriveKey
C_DestroyObject
C_Digest
C_DigestEncryptUpdate
C_DigestFinal
C_DigestInit
C_DigestKey
C_DigestUpdate
C_Encrypt
C_EncryptFinal
C_EncryptInit
C_EncryptUpdate
C_Finalize
C_FindObjects
C_FindObjectsFinal
C_FindObjectsInit
C_GenerateKey
C_GenerateKeyPair
C_GenerateRandom
C_GetAttributeValue
C_GetFunctionList
C_GetFunctionStatus
C_GetInfo
C_GetMechanismInfo
C_GetMechanismList
C_GetObjectSize
C_GetOperationState
C_GetSessionInfo
C_GetSlotInfo
C_GetSlotList
C_GetTokenInfo
C_InitPIN
C_InitToken
C_Initialize
C_Login
C_Logout
C_OpenSession
C_SeedRandom
C_SetAttributeValue
C_SetOperationState
C_SetPIN
C_Sign
C_SignEncryptUpdate
C_SignFinal
C_SignInit
C_SignRecover
C_SignRecoverInit
C_SignUpdate
C_UnwrapKey
C_Verify
C_VerifyFinal
C_VerifyInit
C_VerifyRecover
C_VerifyRecoverInit
C_VerifyUpdate
C_WaitForSlotEvent
C_WrapKey
E_GetAuxFunctionList
GetKeyStorageInterface
SKF_ChangePIN
SKF_ClearSecureState
SKF_CloseApplication
SKF_CloseContainer
SKF_CloseHandle
SKF_ConnectDev
SKF_CreateApplication
SKF_CreateContainer
SKF_CreateFile
SKF_Decrypt
SKF_DecryptFinal
SKF_DecryptInit
SKF_DecryptUpdate
SKF_DeleteContainer
SKF_DeleteFile
SKF_Digest
SKF_DigestFinal
SKF_DigestInit
SKF_DigestUpdate
SKF_DisConnectDev
SKF_ECCExportSessionKey
SKF_ECCSignData
SKF_ECCVerify
SKF_Encrypt
SKF_EncryptFinal
SKF_EncryptInit
SKF_EncryptUpdate
SKF_EnumApplication
SKF_EnumContainer
SKF_EnumDev
SKF_EnumFiles
SKF_ExportCertificate
SKF_ExportPublicKey
SKF_ExtECCDecrypt
SKF_ExtECCEncrypt
SKF_ExtECCSign
SKF_ExtECCVerify
SKF_GenECCKeyPair
SKF_GenRandom
SKF_GetContainerType
SKF_GetDevInfo
SKF_GetDevState
SKF_GetFileInfo
SKF_GetPINInfo
SKF_ImportCertificate
SKF_ImportECCKeyPair
SKF_ImportSessionKey
SKF_LockDev
SKF_Mac
SKF_MacFinal
SKF_MacInit
SKF_MacUpdate
SKF_OpenApplication
SKF_OpenContainer
SKF_ReadFile
SKF_SetLabel
SKF_SetSymmKey
SKF_UnblockPIN
SKF_UnlockDev
SKF_VerifyPIN
SKF_WriteFile
eb_RegKspProvider
eb_RunNoElevated
eb_UnRegKspProvider
eb_service

Sections

.text
Size: 913KB - Virtual size: 912KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ve_share
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e6eaba8e4a244fe0520c037ad631c22

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:1c:b9:ae:fa:dd:da:f7:85:7b:64:8c:c1:54:95:e8Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

75:6f:10:c4:33:a2:99:25:c3:22:2d:cd:4b:7b:55:14:1a:8c:cf:80:b4:a4:a7:09:e8:ac:48:4e:a0:e6:79:f2Signer

Headers

File Characteristics

PDB Paths

Imports

crypt32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

setupapi

Exports

Exports

Sections

.text Size: 913KB - Virtual size: 912KB

.rdata Size: 295KB - Virtual size: 295KB

.data Size: 43KB - Virtual size: 80KB

.pdata Size: 55KB - Virtual size: 55KB

ve_share Size: 2KB - Virtual size: 1KB

.rsrc Size: 119KB - Virtual size: 119KB

.reloc Size: 16KB - Virtual size: 16KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:1c:b9:ae:fa:dd:da:f7:85:7b:64:8c:c1:54:95:e8
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

75:6f:10:c4:33:a2:99:25:c3:22:2d:cd:4b:7b:55:14:1a:8c:cf:80:b4:a4:a7:09:e8:ac:48:4e:a0:e6:79:f2
Signer

.text
Size: 913KB - Virtual size: 912KB

.rdata
Size: 295KB - Virtual size: 295KB

.data
Size: 43KB - Virtual size: 80KB

.pdata
Size: 55KB - Virtual size: 55KB

ve_share
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 119KB - Virtual size: 119KB

.reloc
Size: 16KB - Virtual size: 16KB