fc0d22bf56052fa7f28f7c5bad1bb3a0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

fc0d22bf56052fa7f28f7c5bad1bb3a0N.exe
Size

6.2MB
MD5

fc0d22bf56052fa7f28f7c5bad1bb3a0
SHA1

b679822e9b1c5e5d3191a900ef7271833c13288c
SHA256

d98f680f2f95edf323d788e26d624ece34eb7adb331b0c3e8aa2e3589dff3426
SHA512

ab77f9233cc7798bc449af6400b17f2478b4d08b6a891dd130dedf8fff05f16c3fc4315ffb4d4c57a62d7b58f6ff5909e15ea5209ad1adeffca5888e2af88cd1
SSDEEP

196608:yyb8gzSPpQW/vK6ga78qm8F7gaGeWHhJ9ke:zAph/vK68qm85vGeWD

Score

1^/10

Malware Config

Signatures

Files

fc0d22bf56052fa7f28f7c5bad1bb3a0N.exe
.exe windows:5 windows x86 arch:x86

982bc38f546eca38fc7ce599360cec5e

Code Sign

06:08:c1:13:99:c9:14:11:bb:d1:13:e7:32:65:41:44
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/05/2020, 00:00

Not After

26/05/2021, 12:00

Subject

SERIALNUMBER=91361026MA38NPRJ0X,CN=Fuzhou Zhongyi culture media Co.\, Ltd,O=Fuzhou Zhongyi culture media Co.\, Ltd,L=Fuzhou,ST=Jiangxi,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130646757a686f75,1.3.6.1.4.1.311.60.2.1.2=#13074a69616e677869,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:05:74:7d:91:58:a3:8e:fa:a6:54:8b:ca:9e:d1:4a
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

20/05/2020, 00:00

Not After

26/05/2021, 12:00

Subject

SERIALNUMBER=91361026MA38NPRJ0X,CN=Fuzhou Zhongyi culture media Co.\, Ltd,OU=IT,O=Fuzhou Zhongyi culture media Co.\, Ltd,L=Fuzhou,ST=Jiangxi,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130646757a686f75,1.3.6.1.4.1.311.60.2.1.2=#13074a69616e677869,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:de:0d:95:d0:94:35:d1:d4:bf:a6:91:42:17:8d:59:3e:b1:5b:7b:e8:5a:f1:38:64:b3:4f:b8:92:56:20:04
Signer

Actual PE Digest

8f:de:0d:95:d0:94:35:d1:d4:bf:a6:91:42:17:8d:59:3e:b1:5b:7b:e8:5a:f1:38:64:b3:4f:b8:92:56:20:04

Digest Algorithm

sha256

PE Digest Matches

true

1c:d1:c9:fb:77:29:7a:50:a5:fb:e9:a9:16:d7:f7:56:7b:9a:34:af
Signer

Actual PE Digest

1c:d1:c9:fb:77:29:7a:50:a5:fb:e9:a9:16:d7:f7:56:7b:9a:34:af

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
LocalAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileW
WritePrivateProfileStringW
GetModuleFileNameW
VirtualAlloc
GetFileSize
VirtualFree
GetModuleHandleW
Sleep
GetCurrentProcess
GlobalFree
GlobalAlloc
QueryDosDeviceW
GetWindowsDirectoryW
GetCurrentProcessId
CreateThread
SleepEx
LoadLibraryA
GetSystemDirectoryA
WaitForMultipleObjects
PeekNamedPipe
ExpandEnvironmentStringsW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
SetThreadPriority
ReleaseSemaphore
CreateEventA
CreateSemaphoreA
GetDiskFreeSpaceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
WinExec
DeleteFileW
GetTempPathW
WriteFile
LockResource
MultiByteToWideChar
FindResourceW
LoadLibraryExW
SizeofResource
LoadResource
InitializeCriticalSectionAndSpinCount
RaiseException
InterlockedDecrement
InterlockedIncrement
DecodePointer
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
ReadFile
GetLastError
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
ReadConsoleW
LoadLibraryW
GetLogicalDriveStringsW
lstrlenW
lstrcmpiW
CloseHandle
OpenProcess
GetProcAddress
FreeLibrary
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetACP
WideCharToMultiByte
GetTickCount
GetCurrentDirectoryW
FreeResource
ExitProcess
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
MulDiv
GetFileType
SetFilePointer
SetFileTime
DuplicateHandle
SystemTimeToFileTime
DosDateTimeToFileTime
CreateDirectoryW
GetLocalTime
WaitForSingleObject
CreateProcessW
MoveFileExW
GetSystemInfo
FormatMessageW
GetVersionExW
GetPrivateProfileIntW
GetPrivateProfileStringW
FindClose
RemoveDirectoryW
FindFirstFileW
FindNextFileW
ReleaseMutex
CreateMutexW
AreFileApisANSI
SetErrorMode
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExW
IsValidCodePage
GetOEMCP

user32

GetForegroundWindow
SetPropW
GetPropW
GetClientRect
GetWindowRect
GetParent
GetWindow
LoadImageW
MonitorFromWindow
GetMonitorInfoW
GetMessageW
UpdateLayeredWindow
IsWindowVisible
GetFocus
GetKeyState
SetCapture
ReleaseCapture
GetDC
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
CreateCaret
GetCaretBlinkTime
SetCaretPos
ScreenToClient
MapWindowPoints
PtInRect
IsZoomed
SetWindowRgn
MessageBoxW
MoveWindow
GetWindowRgn
CharPrevW
DrawTextW
GetSysColorBrush
SetRect
HideCaret
ShowCaret
GetCaretPos
ClientToScreen
GetSysColor
EnableWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
CreateAcceleratorTableW
InvalidateRgn
SendMessageW
IsWindow
GetSystemMetrics
GetCursorPos
OffsetRect
GetWindowLongW
IntersectRect
PostQuitMessage
ShowWindow
DispatchMessageW
PeekMessageW
PostMessageW
MsgWaitForMultipleObjects
FillRect
SetFocus
IsIconic
GetClassInfoExW
RegisterClassW
DefWindowProcW
RegisterClassExW
CreateWindowExW
DestroyWindow
SetTimer
KillTimer
CallWindowProcW
TranslateMessage
LoadIconW
LoadCursorW
UnionRect
InflateRect
SetCursor
wvsprintfW
SetWindowPos
IsRectEmpty
SetRectEmpty
FindWindowW
SetForegroundWindow
SetWindowLongW
InvalidateRect
CharNextW

advapi32

OpenProcessToken
DuplicateTokenEx
LookupAccountSidW
ImpersonateLoggedOnUser
RevertToSelf
RegOpenKeyW
RegEnumKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
GetTokenInformation
InitializeSecurityDescriptor

shell32

Shell_NotifyIconW
ShellExecuteW
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal

oleaut32

VariantClear
VariantInit
SysAllocString
VarUI4FromStr
SysFreeString

shlwapi

PathFileExistsW

gdiplus

GdipLoadImageFromStream
GdipImageGetFrameDimensionsCount
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipTranslateTextureTransform
GdipCreateTexture
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipDrawPath
GdipDrawRectangleI
GdipDrawLineI
GdipSetPenDashStyle
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipAddPathArcI
GdipAddPathLineI
GdipDeletePath
GdipCreatePath
GdipSetSmoothingMode
GdipFillEllipseI
GdiplusStartup
GdiplusShutdown
GdipImageGetFrameDimensionsList
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipDeleteBrush

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
EnumProcessModules

crypt32

CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CryptMsgClose

d3d9

Direct3DCreate9

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod
timeGetDevCaps
timeKillEvent
timeSetEvent

gdi32

BitBlt
CreateCompatibleDC
CreateFontIndirectW
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
GetStockObject
RestoreDC
SaveDC
SelectObject
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
CreateRectRgn
PtInRegion
CreateDIBSection
GetPixel
SetPixel
CombineRgn
CreateRectRgnIndirect
GetCharABCWidthsW
GetClipBox
GetDIBits
GetTextColor
GetTextExtentPoint32W
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
SetDIBits
StretchBlt
SetStretchBltMode
SetTextColor
TextOutW
ExtTextOutW
SetViewportOrgEx
GetDeviceCaps
SetGraphicsMode
GetCurrentObject
GetViewportOrgEx
CreateCompatibleBitmap

comctl32

ord17
_TrackMouseEvent

imm32

ImmReleaseContext
ImmGetContext
ImmAssociateContext
ImmSetCompositionWindow

msimg32

AlphaBlend

ws2_32

listen
accept
sendto
recvfrom
select
__WSAFDIsSet
getservbyname
getservbyport
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
ioctlsocket
WSASetLastError
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
send
recv
WSAGetLastError
socket
closesocket
WSACleanup
WSAStartup
gethostname
htonl

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

982bc38f546eca38fc7ce599360cec5e

Code Sign

06:08:c1:13:99:c9:14:11:bb:d1:13:e7:32:65:41:44Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

08:05:74:7d:91:58:a3:8e:fa:a6:54:8b:ca:9e:d1:4aCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

8f:de:0d:95:d0:94:35:d1:d4:bf:a6:91:42:17:8d:59:3e:b1:5b:7b:e8:5a:f1:38:64:b3:4f:b8:92:56:20:04Signer

1c:d1:c9:fb:77:29:7a:50:a5:fb:e9:a9:16:d7:f7:56:7b:9a:34:afSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

psapi

crypt32

d3d9

winmm

gdi32

comctl32

imm32

msimg32

ws2_32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 230KB - Virtual size: 229KB

.data Size: 10KB - Virtual size: 106KB

.gfids Size: 512B - Virtual size: 464B

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 512B - Virtual size: 32B

.rsrc Size: 4.9MB - Virtual size: 4.9MB

.reloc Size: 54KB - Virtual size: 53KB

06:08:c1:13:99:c9:14:11:bb:d1:13:e7:32:65:41:44
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

08:05:74:7d:91:58:a3:8e:fa:a6:54:8b:ca:9e:d1:4a
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

8f:de:0d:95:d0:94:35:d1:d4:bf:a6:91:42:17:8d:59:3e:b1:5b:7b:e8:5a:f1:38:64:b3:4f:b8:92:56:20:04
Signer

1c:d1:c9:fb:77:29:7a:50:a5:fb:e9:a9:16:d7:f7:56:7b:9a:34:af
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 230KB - Virtual size: 229KB

.data
Size: 10KB - Virtual size: 106KB

.gfids
Size: 512B - Virtual size: 464B

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 4.9MB - Virtual size: 4.9MB

.reloc
Size: 54KB - Virtual size: 53KB