bf5688ee99dddb60696aadfefcf210e0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

bf5688ee99dddb60696aadfefcf210e0N.exe
Size

139KB
MD5

bf5688ee99dddb60696aadfefcf210e0
SHA1

e852ad12dcfc067caa38e633f11615420ffcca92
SHA256

5315015919d67524f832b9f7bf4eeea6c6e23bfe3f1bfbb8a4f072ad2190d681
SHA512

8e9df2f8c22768a51e23eb5fa3123d17a49f59fa3540b6c754bbca54dbbd8f7a6cd3abc12f8386d3df1484abda5aad3b92723777194763d0ad407f26c535a652
SSDEEP

3072:VBdtYbToTMVvvWYzeZVK9WZQJg8qDHDFYBRJ41FK+I:HdtKToTfYmg9WZmFm2341I+

Score

1^/10

Malware Config

Signatures

Files

bf5688ee99dddb60696aadfefcf210e0N.exe
.exe windows:5 windows x64 arch:x64

fa004774b5133962ce7e3243aa868f3c

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:7d:fd:f7:3a:14:55:de:51:43:a2:70:79:9e:6b:7b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/02/2013, 00:00

Not After

04/02/2014, 23:59

Subject

CN=Zhuhai liancheng Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai liancheng Technology Co.\, Ltd.,L=zhuhai,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:d0:47:2f:36:6d:40:9b:42:08:54:4a:24:f4:bc:86:17:27:63:82
Signer

Actual PE Digest

2a:d0:47:2f:36:6d:40:9b:42:08:54:4a:24:f4:bc:86:17:27:63:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateToolhelp32Snapshot
Process32FirstW
lstrcmpiW
OpenProcess
SetLastError
TerminateProcess
Process32NextW
CreateFileW
WriteFile
WideCharToMultiByte
MultiByteToWideChar
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
RemoveDirectoryW
HeapSize
GetStringTypeW
Sleep
HeapReAlloc
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
GetStdHandle
RtlUnwindEx
GetStartupInfoW
FindClose
FindNextFileW
FindFirstFileExW
CloseHandle
GetPrivateProfileStringW
LCMapStringW
GetPrivateProfileIntW
GetCurrentProcess
GetModuleHandleW
GetProcAddress
WaitForSingleObject
MoveFileExW
GetModuleFileNameW
DeleteFileW
lstrcmpW
lstrcpyW
lstrlenW
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
lstrcatW
OutputDebugStringW
GetModuleHandleExW
RaiseException
RtlPcToFileHeader
GetProcessHeap
IsProcessorFeaturePresent
IsDebuggerPresent
GetCommandLineW
HeapAlloc
LoadLibraryExW
GetLastError
HeapFree
EncodePointer
DecodePointer
CreateThread
GetCurrentThreadId
ExitThread
WriteConsoleW

user32

FillRect
SetWindowTextW
ShowWindow
UpdateWindow
LoadCursorW
RegisterClassExW
GetWindowLongPtrW
SendMessageW
CreateWindowExW
GetClientRect
LoadBitmapW
GetSysColorBrush
SetTimer
KillTimer
wsprintfW
GetDesktopWindow
DispatchMessageW
TranslateMessage
PostMessageW
GetMessageW
GetFocus
GetParent
GetClassNameW
EnableWindow
MessageBoxW
GetWindowRect
GetSystemMetrics
LoadIconW
SetFocus
SetWindowPos
LoadStringW
SetWindowLongPtrW
FindWindowExW
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcW

gdi32

GetStockObject
GetObjectW
DeleteDC
StretchBlt
SelectObject
CreateCompatibleDC
CreateFontIndirectW

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW

shell32

ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
StringFromCLSID

comctl32

InitCommonControlsEx

shlwapi

StrStrIW
SHDeleteKeyW

wininet

InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetOpenW

hkbui

DllInstall

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa004774b5133962ce7e3243aa868f3c

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

62:7d:fd:f7:3a:14:55:de:51:43:a2:70:79:9e:6b:7bCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

2a:d0:47:2f:36:6d:40:9b:42:08:54:4a:24:f4:bc:86:17:27:63:82Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

shlwapi

wininet

hkbui

Sections

.text Size: 71KB - Virtual size: 70KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 2KB - Virtual size: 1KB

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

62:7d:fd:f7:3a:14:55:de:51:43:a2:70:79:9e:6b:7b
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

2a:d0:47:2f:36:6d:40:9b:42:08:54:4a:24:f4:bc:86:17:27:63:82
Signer

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 2KB - Virtual size: 1KB