514465e23be0dcb116a3495128b83cc95cb0ff0eb5e9bfd23bd7963ca6919346

Sharing

Copy URL

Twitter E-mail

General

Target

514465e23be0dcb116a3495128b83cc95cb0ff0eb5e9bfd23bd7963ca6919346
Size

384KB
MD5

7079e02cd3b08aebb52e821103a8fcc5
SHA1

a043a794363e1e5d19dcefcfa1db14bfe9e768e5
SHA256

514465e23be0dcb116a3495128b83cc95cb0ff0eb5e9bfd23bd7963ca6919346
SHA512

1fe08ed98617c74ccb6d3bf5328db5394d18cbe6a36a95a71108ccfcd8c6527c8762c2b55144b0e158b2c783b403f4bc4755f90b6648598aea7111e0b20ff747
SSDEEP

6144:aj0fYJ83TcIe9dIOeyCcutrgtRDzKUEiFAKtDYFXABV+UdvrEFp7hKl:ajsY6oX9dIO6cErmKUZSliBjvrEH7i

Score

1^/10

Malware Config

Signatures

Files

514465e23be0dcb116a3495128b83cc95cb0ff0eb5e9bfd23bd7963ca6919346
.dll windows:6 windows x86 arch:x86

9e62b788f7abdaea6c378df676c65fa9

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:87:19:1b:5d:eb:87:d6:f9:08:c0:af
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

27/11/2023, 08:40

Not After

27/11/2024, 08:40

Subject

SERIALNUMBER=23829868,CN=CyberLink Corp.,OU=IT,O=CyberLink Corp.,STREET=15F.\, No. 100\, Minquan Rd.\, Xindian Dist.,L=New Taipei City,ST=New Taipei City,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cb:33:aa:a0:d8:6d:f3:38:93:ab:85:1e:cf:7a:9d:48:9d:f3:d2:25:e6:fb:44:c0:56:00:ee:5d:be:e2:e7:88
Signer

Actual PE Digest

cb:33:aa:a0:d8:6d:f3:38:93:ab:85:1e:cf:7a:9d:48:9d:f3:d2:25:e6:fb:44:c0:56:00:ee:5d:be:e2:e7:88

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Data\Projects\SetupKit\Utility\SKUtil\Release\SKUtil.pdb

Imports

shlwapi

StrTrimA
PathIsDirectoryA
PathFileExistsW
PathFileExistsA
StrCmpIW
PathRemoveBackslashA

advapi32

OpenProcessToken
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegEnumKeyA
RegDeleteValueA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCreateKeyExA

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo

wininet

InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetSetOptionA
InternetSetOptionW
InternetGetLastResponseInfoW
InternetOpenW

kernel32

HeapReAlloc
InterlockedExchange
FatalAppExitA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
OutputDebugStringA
OutputDebugStringW
CreateFileA
DeleteFileW
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
GetFileAttributesA
GetFileAttributesW
GetFileSize
LockFile
ReadFile
RemoveDirectoryW
SetFileAttributesA
SetFilePointer
UnlockFile
WriteFile
CloseHandle
GetLastError
InitializeCriticalSectionEx
WaitForSingleObject
Sleep
InterlockedDecrement
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
GetStringTypeW
CreateProcessW
OpenProcess
GetLocalTime
GetVersionExA
GetVersionExW
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryExW
LocalAlloc
LocalFree
lstrcmpA
lstrcpyA
lstrlenA
lstrlenW
LoadLibraryA
LoadLibraryW
GetPrivateProfileStringW
GetPrivateProfileSectionW
QueryDosDeviceA
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32First
Process32Next
K32GetModuleFileNameExA
CreateFileW
GetSystemTime
VirtualAlloc
VirtualFree
_llseek
IsBadReadPtr
IsBadWritePtr
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LeaveCriticalSection
EnterCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
GetDriveTypeW
GetProcessHeap
GetCurrentThread
GetCPInfo
HeapFree
SetCurrentDirectoryW
GetCurrentDirectoryW
SetStdHandle
WriteConsoleW
FlushFileBuffers
HeapAlloc
GetFullPathNameA
HeapSize
CreateProcessA
GetOEMCP
GetACP
IsValidCodePage
InterlockedIncrement
CreateSemaphoreW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
SetFileAttributesW
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
GetCommandLineA
UnhandledExceptionFilter
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetCurrentThreadId
GetFileAttributesExW

user32

SetForegroundWindow
IsIconic
ShowWindow
wsprintfA
LoadStringW
PostMessageA
GetDC
GetWindow
GetWindowThreadProcessId
GetTopWindow
GetClassNameW
GetClassNameA
FindWindowExW
FindWindowW
EnumChildWindows
ReleaseDC

gdi32

GetDIBits
SelectObject
StretchDIBits
SetStretchBltMode
GetObjectA
CreateCompatibleBitmap
DeleteObject
DeleteDC
CreateCompatibleDC

shell32

SHFileOperationW
SHGetFolderPathA
ShellExecuteExA
ShellExecuteExW
ord526
SHGetFolderPathW
SHChangeNotify

ole32

CoInitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoUninitialize

oleaut32

OleLoadPicturePath
VariantClear
VariantInit
SafeArrayPutElement
SafeArrayCreate
SysFreeString
SysAllocStringLen
SysAllocString
CreateErrorInfo
GetErrorInfo
VariantChangeType
SetErrorInfo

msi

ord112

gdiplus

GdipDisposeImage
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateHBITMAPFromBitmap
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipAlloc
GdipFree

Exports

Exports

AddMpPreference
IsEnableCFA
RemoveMpPreference
SK_CallURL
SK_CheckUpgradeRule
SK_CheckVGAVenderAndDeviceID
SK_CheckVcRuntime
SK_CreateLink
SK_CreateLinkEx
SK_CreateLinkExW
SK_DeleteFolderW
SK_DeleteFolderW2
SK_DeletePatchRedundantRegKey
SK_DetectRunProgramW
SK_DumpFile
SK_DumpMsg
SK_EnableWow64FsRedirection
SK_FileEncode
SK_FileEncodeEx
SK_FileEncodeW
SK_FindProcess
SK_FindProcessByID
SK_FindProcessEx
SK_Get64KeyValue
SK_GetAbsPath
SK_GetFileCount
SK_GetHWNDByID
SK_GetIniKeyCount2W
SK_GetIniKeyCountW
SK_GetIniKeyValue2W
SK_GetIniKeyValueW
SK_GetMUIData
SK_GetModulePath
SK_GetModulePathByID
SK_GetOSVerNo
SK_GetOSVerNo_BuildNo
SK_GetOSVersion
SK_GetProcessID
SK_GetProcessIDList
SK_GetProcessReturnValue
SK_GetReverseID
SK_GetServicePackMajorNumber
SK_GetShellFolderPathA
SK_GetShellFolderPathW
SK_GetUserDefaultUILanguage
SK_GetUserInfo
SK_GetXMLChildNodeCount
SK_GetXMLChildNodeValue
SK_GetXMLChildNodeValueEx
SK_GetXMLNodeCount
SK_GetXMLNodeValue
SK_IsEmbedded
SK_IsPyPathSafe
SK_IsPyPathSafeW
SK_IsWow64
SK_KillProcess
SK_KillProcessByID
SK_KillProcessEx
SK_LaunchAppAndWait
SK_LaunchAppAndWait2
SK_LaunchAppAndWait2W
SK_LoadImageFile
SK_LoadImageFileEx
SK_LoadImageToHandle
SK_LoadXMLFile
SK_MergeSimFile
SK_ParseBuildNumber
SK_ParseCopyFolderPath
SK_ParseExePath
SK_PathIsDirectory
SK_RefreshAddRemoveProgram
SK_RefreshDesktop
SK_RegDBDelKey_64
SK_RegDBSetKeyValue_64
SK_RegDeleteValue_64
SK_SetDefaultAutoPlayer
SK_SetFileAttribute
SK_ShellExecute
SK_StringReverse
SK_UnLoadXMLFile
SK_UnloadImageFile
SendUNOLog

Sections

.text
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e62b788f7abdaea6c378df676c65fa9

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

0b:87:19:1b:5d:eb:87:d6:f9:08:c0:afCertificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

cb:33:aa:a0:d8:6d:f3:38:93:ab:85:1e:cf:7a:9d:48:9d:f3:d2:25:e6:fb:44:c0:56:00:ee:5d:be:e2:e7:88Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

advapi32

setupapi

wininet

kernel32

user32

gdi32

shell32

ole32

oleaut32

msi

gdiplus

Exports

Exports

Sections

.text Size: 209KB - Virtual size: 208KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 5KB - Virtual size: 18KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 11KB - Virtual size: 10KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

0b:87:19:1b:5d:eb:87:d6:f9:08:c0:af
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

cb:33:aa:a0:d8:6d:f3:38:93:ab:85:1e:cf:7a:9d:48:9d:f3:d2:25:e6:fb:44:c0:56:00:ee:5d:be:e2:e7:88
Signer

.text
Size: 209KB - Virtual size: 208KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 5KB - Virtual size: 18KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 11KB - Virtual size: 10KB