e1c7aed2eb8a3d19383c4ff22d57c030N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

e1c7aed2eb8a3d19383c4ff22d57c030N.exe
Size

1.6MB
MD5

e1c7aed2eb8a3d19383c4ff22d57c030
SHA1

bb1b4fae4cc00323e7986ab56999938857047158
SHA256

31564c3d3fc8a4a53ba65bcc25a0267becf89fb0dc9ce5f43ea466fc481b040c
SHA512

76870529797c3aa5fb6f05d8b6d42779388a271b5f0d5b1c35907bb39a8283eb2f8d2f442f16953095a64f705476d2c4ae52652fc5f7daae40349c3d2060de4c
SSDEEP

49152:xMo87Jv/Cy/oty5CPkTZGDogjWP/t+zWaj:moqJvd/oty5CHlj

Score

1^/10

Malware Config

Signatures

Files

e1c7aed2eb8a3d19383c4ff22d57c030N.exe
.exe windows:5 windows x86 arch:x86

c888b811cb247c3f388defbf7d725e9a

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/04/2023, 00:00

Not After

07/07/2026, 23:59

Subject

SERIALNUMBER=913101150729060470,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=上海市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c0ce6b5a6e4b89ce696b0e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e4b88ae6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/04/2023, 00:00

Not After

07/07/2026, 23:59

Subject

SERIALNUMBER=913101150729060470,CN=Shanghai 2345 Mobile Technology Co.\, Ltd.,O=Shanghai 2345 Mobile Technology Co.\, Ltd.,ST=上海市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c0ce6b5a6e4b89ce696b0e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e4b88ae6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:d6:71:f1:9b:4c:a2:4b:83:ea:d3:36:3c:44:98:f6:04:97:0c:07:7b:4f:26:83:02:4d:4f:da:22:40:0a:49
Signer

Actual PE Digest

10:d6:71:f1:9b:4c:a2:4b:83:ea:d3:36:3c:44:98:f6:04:97:0c:07:7b:4f:26:83:02:4d:4f:da:22:40:0a:49

Digest Algorithm

sha256

PE Digest Matches

true

3c:0a:e4:6a:c0:95:8e:68:c6:fc:b5:14:63:4d:a8:d4:ec:95:88:54
Signer

Actual PE Digest

3c:0a:e4:6a:c0:95:8e:68:c6:fc:b5:14:63:4d:a8:d4:ec:95:88:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\zhanlue\rcimage\bin\Win32\Release\pdb\2345PicUpdate.pdb

Imports

kernel32

LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LocalFree
WaitForSingleObject
CloseHandle
CopyFileW
OpenProcess
GlobalMemoryStatusEx
GetCurrentProcessId
CreateFileW
GetTickCount
SwitchToThread
DeviceIoControl
FileTimeToSystemTime
GetTimeZoneInformation
FreeLibraryAndExitThread
ExitThread
Sleep
MultiByteToWideChar
WritePrivateProfileStringW
GetPrivateProfileStringW
GetComputerNameW
InterlockedExchange
GetFileSizeEx
lstrcpyW
lstrcatW
FormatMessageW
MoveFileW
GetTempFileNameW
MoveFileExW
FindResourceW
GetWindowsDirectoryW
GetCurrentDirectoryW
DeleteFileW
SetFileAttributesW
GetTempPathW
RemoveDirectoryW
lstrlenW
GetFullPathNameW
CreateDirectoryW
InterlockedExchangeAdd
ResetEvent
SetEvent
CreateEventW
LoadLibraryA
GetComputerNameExW
GetEnvironmentVariableW
GetFileTime
GetFileSize
SetEndOfFile
SetFilePointer
SetFileTime
ReadFile
GetLogicalDriveStringsW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
SizeofResource
LoadResource
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
SetErrorMode
InitializeCriticalSectionAndSpinCount
MulDiv
InitializeCriticalSection
GetSystemInfo
QueryDosDeviceW
WaitForMultipleObjects
GetFileAttributesExW
GetLongPathNameW
FindFirstFileW
ReleaseMutex
CreateMutexW
ResumeThread
WriteConsoleW
FreeLibrary
GetProcAddress
LoadLibraryW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetStringTypeW
SetStdHandle
CreateThread
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapReAlloc
HeapSize
GetFileType
GetACP
WriteFile
GetCurrentProcess
GetVersionExW
GetFileAttributesW
GetExitCodeProcess
CreateProcessW
ExpandEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
EncodePointer
HeapAlloc
HeapFree
GetProcessHeap
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
GetStdHandle

user32

SetForegroundWindow
GetForegroundWindow
IsIconic
IsWindowVisible
DestroyWindow
GetLastActivePopup
GetWindow
DefWindowProcW
GetWindowLongW
UnregisterClassW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
GetClassInfoExW
GetWindowRect
SetWindowPos
CreateWindowExW
RegisterClassExW
SetWindowLongW
LoadCursorW
IsRectEmpty
IsWindowEnabled
CopyRect
IsWindow
GetDC
GetParent
ReleaseDC
AttachThreadInput
EndDialog
DialogBoxParamW
GetWindowThreadProcessId
GetClassNameW
SystemParametersInfoW
PtInRect
OffsetRect
SetTimer
GetDlgItem
CharNextW
GetMonitorInfoW
MonitorFromWindow
FillRect
MapWindowPoints
GetClientRect
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
CallWindowProcW
PostQuitMessage
PostMessageW
SendMessageW
MessageBoxW
GetActiveWindow
ShowWindow

gdi32

SetViewportOrgEx
CreateSolidBrush
CreateCompatibleBitmap
BitBlt
SelectObject
CreateCompatibleDC
DeleteDC
DeleteObject

advapi32

GetUserNameW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
SystemFunction036
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW

shell32

ShellExecuteExW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHFileOperationW
ShellExecuteW

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

imm32

ImmDisableIME

gdiplus

GdipDrawImageRectRectI
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipSetCompositingMode
GdipDeleteGraphics
GdipFillRectangleI
GdipGetImageGraphicsContext
GdipCloneBrush
GdipFree
GdipCreateHBITMAPFromBitmap
GdipCreateSolidFill
GdipDisposeImage
GdipAlloc
GdipDeleteBrush
GdipCloneImage
GdipGetImageHeight
GdipCreateFromHDC
GdipDrawImageRectI
GdipSetTextRenderingHint
GdipCreateFontFromLogfontW
GdipDeleteFont
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream
GdipSetStringFormatFlags
GdipSetStringFormatTrimming

imagehlp

ImageRemoveCertificate
ImageEnumerateCertificates

Exports

Exports

CheckSigner

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c888b811cb247c3f388defbf7d725e9a

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7aCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7aCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

10:d6:71:f1:9b:4c:a2:4b:83:ea:d3:36:3c:44:98:f6:04:97:0c:07:7b:4f:26:83:02:4d:4f:da:22:40:0a:49Signer

3c:0a:e4:6a:c0:95:8e:68:c6:fc:b5:14:63:4d:a8:d4:ec:95:88:54Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

imm32

gdiplus

imagehlp

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 242KB - Virtual size: 242KB

.data Size: 10KB - Virtual size: 15KB

.rsrc Size: 39KB - Virtual size: 38KB

.reloc Size: 56KB - Virtual size: 55KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:7e:f8:80:11:79:bf:12:a7:46:6f:7d:a5:b3:27:7a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

10:d6:71:f1:9b:4c:a2:4b:83:ea:d3:36:3c:44:98:f6:04:97:0c:07:7b:4f:26:83:02:4d:4f:da:22:40:0a:49
Signer

3c:0a:e4:6a:c0:95:8e:68:c6:fc:b5:14:63:4d:a8:d4:ec:95:88:54
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 242KB - Virtual size: 242KB

.data
Size: 10KB - Virtual size: 15KB

.rsrc
Size: 39KB - Virtual size: 38KB

.reloc
Size: 56KB - Virtual size: 55KB