332727068a291c548c459d5ea4a3c79b16a0a0ad134cbcb0b4e971736f80e94d

Sharing

Copy URL Twitter E-mail

General

Target

332727068a291c548c459d5ea4a3c79b16a0a0ad134cbcb0b4e971736f80e94d
Size

2.3MB
MD5

1a0813f5af4f11b0ca4f70b3ff4c95db
SHA1

4d16d9b1463ba6ec7472352b99204d7cca9d8ef3
SHA256

332727068a291c548c459d5ea4a3c79b16a0a0ad134cbcb0b4e971736f80e94d
SHA512

3f70cdd5b0488c478d93c8c68df2472ce49e9a912df3c1716fe4074c54c86002fe760661374d0c9ee58b1ec62937c7397e176fd06c42ec6227c155b994188c32
SSDEEP

49152:XuSZiKcCXuZFDQRZdYC8yblFM2UVHQL4fsgHIrnVmRB3S:5iKveZGk9POLkHlR

Score

1^/10

Malware Config

Signatures

Files

332727068a291c548c459d5ea4a3c79b16a0a0ad134cbcb0b4e971736f80e94d
.exe windows:5 windows x86 arch:x86

5494a02bc06545989bf737d604388715

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/03/2016, 00:00

Not After

16/03/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:69:10:70:7e:ca:0e:06:6a:ca:95:e7
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Not Before

03/06/2020, 07:32

Not After

05/07/2022, 02:42

Subject

CN=He Fei Yun Biao Xin Xi Ke Ji You Xian Gong Si,O=He Fei Yun Biao Xin Xi Ke Ji You Xian Gong Si,L=Hefei,ST=Anhui,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:ae:84:57:77:23:67:12:e2:a5:b4:d9
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

10/06/2020, 08:26

Not After

11/06/2022, 08:26

Subject

SERIALNUMBER=91340111MA2N4FCY9X,CN=Hefei Yunbiao Information Technology Co.\, Ltd.,O=Hefei Yunbiao Information Technology Co.\, Ltd.,L=Hefei,ST=Anhui,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13054845464549,1.3.6.1.4.1.311.60.2.1.2=#1305414e485549,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:95:1e:ef:2b:80:18:a3:b9:33:e0:d4:28:3f:e3:57:dd:38:bc:41:4c:78:a6:ed:ee:0d:23:de:78:e1:da:65
Signer

Actual PE Digest

5f:95:1e:ef:2b:80:18:a3:b9:33:e0:d4:28:3f:e3:57:dd:38:bc:41:4c:78:a6:ed:ee:0d:23:de:78:e1:da:65

Digest Algorithm

sha256

PE Digest Matches

false

38:57:a9:f1:43:df:dd:be:cb:47:28:a3:02:29:a8:f3:a1:5c:12:84
Signer

Actual PE Digest

38:57:a9:f1:43:df:dd:be:cb:47:28:a3:02:29:a8:f3:a1:5c:12:84

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Worker\SYTech\edge\build\Win32\Release\AppPrinter.pdb

Imports

kernel32

LoadLibraryExA
GetSystemDirectoryW
SetFilePointer
GetStdHandle
FreeLibrary
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
EnterCriticalSection
GetFullPathNameW
InterlockedCompareExchange
GetDiskFreeSpaceW
LockFile
LeaveCriticalSection
InitializeCriticalSection
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetCurrentThreadId
GetVersionExW
UnmapViewOfFile
HeapValidate
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
LoadLibraryA
WaitForSingleObjectEx
GetVersionExA
GetSystemInfo
HeapCompact
UnlockFile
CreateFileMappingA
LockFileEx
GetCurrentProcessId
GetSystemTimeAsFileTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
FlushFileBuffers
GetModuleHandleA
GetVersion
GetFileType
GlobalMemoryStatus
FlushConsoleInputBuffer
SleepEx
QueryPerformanceFrequency
PeekNamedPipe
GetEnvironmentVariableA
VerSetConditionMask
VerifyVersionInfoW
LoadLibraryExW
InterlockedPushEntrySList
RtlUnwind
GetLocaleInfoW
CreateMutexW
CompareStringW
TlsFree
TlsSetValue
lstrlenA
GetFileAttributesA
GetTickCount
Sleep
CopyFileW
GetTempPathW
lstrcmpiA
MoveFileExW
FindClose
FindNextFileW
CreateThread
SetEvent
CreateFileA
CreateEventW
WaitForSingleObject
WaitForMultipleObjects
DeviceIoControl
GetFileSize
VirtualFree
ReadFile
GetSystemTime
WideCharToMultiByte
SystemTimeToFileTime
GetLocalTime
FileTimeToLocalFileTime
SetUnhandledExceptionFilter
CloseHandle
Process32FirstW
DeleteFileW
GetCurrentThread
FileTimeToSystemTime
Process32NextW
MultiByteToWideChar
CreateToolhelp32Snapshot
SetFileAttributesW
OpenProcess
DeleteFileA
GetFileAttributesW
CreateFileW
LocalAlloc
GetModuleFileNameW
VirtualAlloc
WriteFile
lstrlenW
SetLastError
OutputDebugStringA
GetComputerNameW
GetSystemDirectoryA
GetVolumeInformationA
FindFirstFileW
DeleteCriticalSection
HeapDestroy
DecodePointer
RaiseException
TlsGetValue
TlsAlloc
SwitchToThread
GetCPInfo
EncodePointer
GetStringTypeW
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
ResetEvent
VirtualProtect
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
ExitProcess
GetModuleHandleExW
ExitThread
FreeLibraryAndExitThread
SetConsoleCtrlHandler
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
GetProcessHeap
LocalFree
ReadConsoleInputA
SetConsoleMode
GetDriveTypeW
GetModuleFileNameA
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
SetStdHandle
WriteConsoleW
GetCurrentDirectoryW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
LoadLibraryW
IsDebuggerPresent
GetProcAddress
HeapAlloc
GetCurrentProcess
HeapFree
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SystemTimeToTzSpecificLocalTime

user32

CallWindowProcW
PostQuitMessage
KillTimer
SetWindowLongW
DispatchMessageW
TranslateMessage
SendMessageW
PostMessageW
wsprintfW
wsprintfA
IsCharAlphaNumericW
IsWindow
RegisterClassExW
GetClassInfoExW
GetMessageW
DefWindowProcW
SetTimer
ShowWindow
CreateWindowExW
PeekMessageW
FindWindowW
DestroyWindow
GetUserObjectInformationW
MessageBoxA
GetProcessWindowStation

gdi32

GetStockObject

advapi32

CryptReleaseContext
GetTokenInformation
RegQueryValueExW
ConvertSidToStringSidW
RegOpenKeyExW
OpenProcessToken
RegCloseKey
LookupAccountNameW
GetSidIdentifierAuthority
SetSecurityDescriptorGroup
OpenThreadToken
AddAccessAllowedAce
GetUserNameW
CryptImportKey
CryptGetHashParam
CryptAcquireContextW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
ImpersonateLoggedOnUser
CryptDestroyKey
CryptAcquireContextA
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
SetSecurityDescriptorDacl
RevertToSelf
AccessCheck
SetSecurityDescriptorOwner
RegQueryValueExA
GetSidSubAuthorityCount
AllocateAndInitializeSid
GetSidSubAuthority
ImpersonateSelf
IsValidSid
IsValidSecurityDescriptor
FreeSid
InitializeSecurityDescriptor
RegOpenKeyExA
InitializeAcl
GetLengthSid

shell32

SHGetSpecialFolderPathW

ole32

CoInitializeEx
CoUninitialize

shlwapi

PathFileExistsW
SHGetValueA
PathAppendW
PathRemoveFileSpecW
StrCmpNIW
PathFileExistsA
SHGetValueW
StrChrA
PathRemoveBackslashW
StrCmpIW

secur32

GetUserNameExW

version

VerQueryValueA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

Netbios

ws2_32

WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSACloseEvent
send
WSAGetLastError
recv
bind
connect
getpeername
closesocket
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
__WSAFDIsSet
select
accept
htonl
listen
getaddrinfo
freeaddrinfo
recvfrom
gethostname
ioctlsocket
sendto

iphlpapi

GetAdaptersInfo

imm32

ImmDisableIME

wldap32

ord145
ord219
ord46
ord14
ord208
ord41
ord117
ord26
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301
ord216

Exports

Exports

OPENSSL_Applink
_AlphaBlend@44
_GradientFill@24

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 355KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5494a02bc06545989bf737d604388715

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51Certificate

Extended Key Usages

Key Usages

64:69:10:70:7e:ca:0e:06:6a:ca:95:e7Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

4b:ae:84:57:77:23:67:12:e2:a5:b4:d9Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

5f:95:1e:ef:2b:80:18:a3:b9:33:e0:d4:28:3f:e3:57:dd:38:bc:41:4c:78:a6:ed:ee:0d:23:de:78:e1:da:65Signer

38:57:a9:f1:43:df:dd:be:cb:47:28:a3:02:29:a8:f3:a1:5c:12:84Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

secur32

version

netapi32

ws2_32

iphlpapi

imm32

wldap32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 355KB - Virtual size: 355KB

.data Size: 19KB - Virtual size: 39KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 136KB - Virtual size: 136KB

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

64:69:10:70:7e:ca:0e:06:6a:ca:95:e7
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

4b:ae:84:57:77:23:67:12:e2:a5:b4:d9
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

5f:95:1e:ef:2b:80:18:a3:b9:33:e0:d4:28:3f:e3:57:dd:38:bc:41:4c:78:a6:ed:ee:0d:23:de:78:e1:da:65
Signer

38:57:a9:f1:43:df:dd:be:cb:47:28:a3:02:29:a8:f3:a1:5c:12:84
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 355KB - Virtual size: 355KB

.data
Size: 19KB - Virtual size: 39KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 136KB - Virtual size: 136KB