b95750ca7f8dfd7bd3f92d581cfc47b0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

b95750ca7f8dfd7bd3f92d581cfc47b0N.exe
Size

688KB
MD5

b95750ca7f8dfd7bd3f92d581cfc47b0
SHA1

7c02c5f24f9aae2b62d71dd8f67bc364ab9cd470
SHA256

37edc49966ece25bbd26b26a70f64b6b4310d18c426598fd95d28524efdd68b9
SHA512

ff2536c8622f40e7d727ad457e3d30c923a8fb3ef252b8611bd1a31cdd6c9a9bf845d7ae2e15368e36cf292b7aea0e9ccbf2efd0d501eb9f201f293ae0419ef2
SSDEEP

1536:MsVnrrl6yP33z4H7VvJiOslG4yHNaKuyjveQ34YXYD2BPt7BP/BP299P2VOjCs3/:MOJbn8xJiOs/+JnjveoLsE55+wq7

Score

1^/10

Malware Config

Signatures

Files

b95750ca7f8dfd7bd3f92d581cfc47b0N.exe
.exe windows:4 windows x86 arch:x86

b9fdf29f3e016a605df8dc1cd66a69f6

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:aa:67:bc:83:74:93:bc:e6:12:ad:3a:83:a2:34:07
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

04/06/2024, 00:00

Not After

04/06/2025, 23:59

Subject

CN=INCA Internet Co.\,Ltd.,O=INCA Internet Co.\,Ltd.,L=Gangseo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c3:7f:10:c0:43:5a:28:0d:96:38:a7:a1:46:bc:e8:e6:de:9c:29:ab:97:54:33:a1:d2:c1:92:8e:fd:ce:12:82
Signer

Actual PE Digest

c3:7f:10:c0:43:5a:28:0d:96:38:a7:a1:46:bc:e8:e6:de:9c:29:ab:97:54:33:a1:d2:c1:92:8e:fd:ce:12:82

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA

htcomm

ServerSend
ServerConnect
ServerDisConnect
GetLocalIPAddress

htbar

?SetButtonRotateStop@CHtToolBar2@@QAEXXZ
?SetButtonRotatePause@CHtToolBar2@@QAEXH@Z
?SetButtonRotatePlay@CHtToolBar2@@QAEXXZ
?ScreenChange@CHtTrListBar@@QAEXH@Z
?DeleteTrList@CHtTrListBar@@QAEHPAUHWND__@@@Z
?ModifyTrList@CHtTrListBar@@QAEHVCString@@PAUHWND__@@@Z
?AddTrList@CHtTrListBar@@QAEHVCString@@PAUHWND__@@@Z
?Create@CInitDialogBar@@QAEHPAVCWnd@@III@Z
??0CHtToolBar2@@QAE@XZ
??0CHtTrListBar@@QAE@XZ
??0CMarketInfoBar@@QAE@XZ
??1CHtToolBar2@@UAE@XZ
??1CHtTrListBar@@UAE@XZ
??1CMarketInfoBar@@UAE@XZ
?GetTrHwnd@CHtTrListBar@@QAEPAUHWND__@@VCString@@@Z
?ResetTicker@CMarketInfoBar@@QAEXXZ
?ChangeToolButton@CHtToolBar2@@QAEXVCString@@@Z

htdlg

ScreenLockDlg
TimeOutDlg
TermInfoDlg
RotatePlayerDlg
RotateSetupDlg
AttentionDlg
YakgwanDlg
SetupEnvDlg
InjusticeDlg
InvestInfoBPMsgDlg
InvestInfoDlg
InvestInfoConfirmDlg
AddCodeFileHashList
GetAllCodeFileList
AddCodeFileList
CodeFileHashVerifyCheck
UserMemoryDestroy
PricePopupDlg
StockMemorySetting
RemoveAllEnableTrCode
AddEnableTrCode
GetStockFromFull
UnSoundOrd1
UnSoundOrd2
MessageBoxDlg
CertYakgwanDlg
IsChiledMaximize
DialogCDDEDD
DialogCDD
DialogEDD1
DialogEDD2
UserInfoDlg
UserDefaultInfoDlg
NoticeDlg
JujuEmailDlg
YakgwanDlg4
YakgwanDlg2
CertPasswdDlg
PasswdSetupDlg
ImsiPassChangeDlg
SetStockPriceSave
SetStockLastPrice
ScreenReadDlg
ScreenSaveDlg
SetStockQtySave
SetStockLastQty
SetStockOrgNoSave
SetStockLastOrgNo
SetFuturePriceSave
SetFutureLastPrice
SetFutureQtySave
SetFutureLastQty
SetFutureOrgNoSave
SetFutureLastOrgNo
GetUserAllAccnt
TickerSetupDlg
KwanUploadProgress
UserInfoModDlg
SetUserInfo
SetNewUserInfo
SetCertUserPasswd
SEED_JuminEncrypt
SHA256_PasswdEncode2
SEED_JuminDecrypt
GetUserInfo
GetNewUserInfo
IsEnableTrCode
YakgwanDlg5
SetChiledMaximize
DuplicationDlg
AddUserAccnt

htcert

GetCertData
CertRenewal
CertOptin
NewCertRegister
AnotherCertRegister
AddCertPcRegCancel
CloudCertIssue
CloudCertnew
CloudCertChangepin
CloudCertDeletecert
CloudCertUpload
CloudCertDownload
CloudCertConnectedconfirm
ClearCertMem
SaveEncodeTrCode
SaveEncodeSvrData
GetEncodeEnvelopData
IsCertPasswdCheck
CloudCertCheckpin
CheckDnFromCloud
CheckDnFromClient
CertIssueDlg
SetCertCheck
SetCertPasswdCheck
GetPcInfo

htotp

OtpConfirmDlg

yhsseedencrypt

_JuminEncrypt@12
_JuminDecrypt@12

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

psapi

GetModuleFileNameExA
EnumProcessModules
GetModuleBaseNameA

mfc42

ord2614
ord617
ord6283
ord6876
ord5214
ord296
ord1200
ord6215
ord2864
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord2725
ord986
ord2863
ord5289
ord1175
ord4698
ord5651
ord3127
ord3616
ord6663
ord5465
ord798
ord5194
ord350
ord533
ord6282
ord2107
ord5450
ord5440
ord6383
ord6394
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord4614
ord4613
ord1841
ord4241
ord4589
ord4533
ord5076
ord4340
ord4347
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4963
ord4960
ord4108
ord6054
ord1776
ord5240
ord5281
ord3748
ord1725
ord1146
ord4432
ord364
ord784
ord5260
ord5677
ord4720
ord2535
ord4524
ord1858
ord4245
ord5101
ord2101
ord2723
ord2390
ord3059
ord5100
ord5104
ord4467
ord4303
ord3351
ord5012
ord976
ord5472
ord3403
ord2879
ord2878
ord4152
ord6055
ord4077
ord5237
ord2382
ord5283
ord2649
ord1665
ord4436
ord2445
ord4427
ord401
ord674
ord5254
ord4458
ord2688
ord6453
ord6197
ord5290
ord3402
ord567
ord2135
ord818
ord1949
ord3528
ord6094
ord4034
ord3619
ord3610
ord2575
ord4396
ord3574
ord656
ord609
ord3626
ord2414
ord2302
ord6199
ord3092
ord1641
ord4129
ord922
ord926
ord2379
ord4476
ord6379
ord3874
ord4299
ord1859
ord4246
ord801
ord6883
ord6143
ord541
ord4224
ord4284
ord1576
ord4287
ord2086
ord939
ord4278
ord3337
ord3811
ord859
ord536
ord6569
ord6877
ord3869
ord2127
ord2391
ord5102
ord5105
ord4468
ord3350
ord2880
ord4153
ord2383
ord4437
ord802
ord807
ord796
ord542
ord554
ord529
ord402
ord765
ord5601
ord1997
ord6928
ord5710
ord6242
ord6209
ord2494
ord2627
ord2626
ord1247
ord4457
ord4501
ord5255
ord2765
ord2777
ord4428
ord975
ord4413
ord6402
ord3870
ord5032
ord2425
ord5284
ord2884
ord3495
ord4123
ord5622
ord4204
ord4076
ord2800
ord4591
ord755
ord470
ord5861
ord4595
ord3571
ord3573
ord3742
ord6403
ord3522
ord4275
ord640
ord2421
ord2405
ord5785
ord1640
ord323
ord1821
ord4611
ord4609
ord4485
ord2539
ord3471
ord2002
ord5729
ord5196
ord5502
ord3446
ord3195
ord985
ord334
ord648
ord3698
ord3089
ord2152
ord1233
ord2243
ord2380
ord5875
ord5789
ord6172
ord559
ord812
ord551
ord6778
ord2763
ord1979
ord5442
ord5773
ord3318
ord665
ord5186
ord354
ord923
ord6779
ord6648
ord5448
ord5778
ord6392
ord5862
ord6144
ord6407
ord3227
ord3408
ord3758
ord3810
ord773
ord501
ord4327
ord1083
ord5607
ord2762
ord2393
ord6153
ord1772
ord3790
ord6930
ord2781
ord6385
ord353
ord819
ord5863
ord568
ord5645
ord5583
ord3701
ord500
ord772
ord5572
ord2915
ord5860
ord6142
ord5606
ord1832
ord3126
ord349
ord550
ord1833
ord2917
ord2803
ord958
ord6312
ord4177
ord6010
ord2601
ord3180
ord3183
ord3176
ord3507
ord6264
ord1232
ord1134
ord2621
ord6117
ord4159
ord823
ord3521
ord6195
ord1768
ord356
ord1168
ord858
ord2770
ord924
ord535
ord668
ord2764
ord537
ord2818
ord860
ord941
ord2841
ord825
ord561
ord540
ord815
ord800
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5307
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord3663
ord4274
ord4610
ord4612
ord4615
ord2091
ord6380

msvcrt

_controlfp
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
_iob
vfprintf
_open
_errno
strerror
vprintf
exit
vsprintf
_vsnprintf
realloc
__mb_cur_max
_isctype
_pctype
_strnicmp
strchr
malloc
sscanf
free
calloc
memmove
_CxxThrowException
qsort
_getcwd
_mbscoll
_access
_getpid
_strdup
_read
_close
_write
_setmbcp
_mbsicoll
_CIpow
floor
strncmp
__CxxFrameHandler
__p___argc
sprintf
_mbscmp
atoi
_ftol
atof
strstr
strncpy
_splitpath
modf
atol
memchr
_chdir

kernel32

GetModuleHandleA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetModuleFileNameA
GetSystemTime
SetLastError
SetSystemTime
lstrlenA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileSectionNamesA
GlobalFree
GlobalReAlloc
GlobalAlloc
GetFileAttributesA
CreateDirectoryA
GetDriveTypeA
SetVolumeLabelA
GetCurrentProcess
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetFilePointer
GetStartupInfoA
CloseHandle
WinExec
CopyFileA
CreateProcessA
FormatMessageA
LocalAlloc
LocalFree
DeleteFileA
MoveFileA
GetLastError
GetProcAddress
LoadLibraryA
GetVersionExA
FreeLibrary
SetErrorMode
GetDiskFreeSpaceA
OpenProcess
LoadLibraryExA
SetFileAttributesA
Sleep

user32

DeleteMenu
SetMenu
CreateMenu
GetSubMenu
InsertMenuA
GetMenuItemID
GetMenuItemCount
InvalidateRect
GetSysColor
OffsetRect
GetKeyState
IsChild
CheckMenuItem
GetMenuState
PostMessageA
WinHelpA
SetFocus
IsWindowVisible
LoadImageA
LoadBitmapA
FillRect
DrawStateA
MessageBeep
GetSysColorBrush
CopyRect
SetWindowRgn
ReleaseDC
GetWindowDC
DrawTextA
SetCursor
GetDC
DrawMenuBar
IsWindow
GetFocus
SetParent
EnableMenuItem
ShowWindow
KillTimer
EnumWindows
GetWindowTextA
GetWindow
RemoveMenu
wsprintfA
RedrawWindow
GetWindowRect
SetRect
GetClientRect
SendMessageA
EnableWindow
SetTimer
GetMenu
UnregisterClassA
FindWindowA
GetLastActivePopup
IsIconic
SetForegroundWindow
DefWindowProcA
LoadIconA
LoadCursorA
GetSystemMetrics
UpdateWindow
MessageBoxA
GetParent

gdi32

StartPage
StartDocA
GetDeviceCaps
StretchDIBits
SetStretchBltMode
GetStockObject
SelectPalette
RealizePalette
SelectObject
CreateFontA
CreateSolidBrush
DeleteObject
GetObjectA
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
EndPage
EndDoc
GetDIBits
CreateRectRgn
CombineRgn
CreateFontIndirectA

comdlg32

GetFileTitleA
PrintDlgA

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteA

comctl32

ord8
_TrackMouseEvent

ole32

OleInitialize
OleUninitialize

wsock32

WSACleanup
WSAStartup
ntohl
htonl
socket
gethostbyname
ioctlsocket
htons
connect
send
recv
closesocket
select

Sections

.text
Size: 288KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9fdf29f3e016a605df8dc1cd66a69f6

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

04:aa:67:bc:83:74:93:bc:e6:12:ad:3a:83:a2:34:07Certificate

Extended Key Usages

Key Usages

c3:7f:10:c0:43:5a:28:0d:96:38:a7:a1:46:bc:e8:e6:de:9c:29:ab:97:54:33:a1:d2:c1:92:8e:fd:ce:12:82Signer

Headers

File Characteristics

Imports

winmm

htcomm

htbar

htdlg

htcert

htotp

yhsseedencrypt

version

psapi

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

wsock32

Sections

.text Size: 288KB - Virtual size: 285KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 24KB - Virtual size: 23KB

.rsrc Size: 308KB - Virtual size: 307KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

04:aa:67:bc:83:74:93:bc:e6:12:ad:3a:83:a2:34:07
Certificate

c3:7f:10:c0:43:5a:28:0d:96:38:a7:a1:46:bc:e8:e6:de:9c:29:ab:97:54:33:a1:d2:c1:92:8e:fd:ce:12:82
Signer

.text
Size: 288KB - Virtual size: 285KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 308KB - Virtual size: 307KB