44ae671b4da7c5bd5725ac4000e055ac95fe23f2153e27a2e22c96d556d82dce

Sharing

Copy URL

Twitter E-mail

General

Target

44ae671b4da7c5bd5725ac4000e055ac95fe23f2153e27a2e22c96d556d82dce
Size

1.1MB
MD5

ff244e2260f3743f2f4b747b9c73972b
SHA1

8153955b6ab614d368df59b809f38cd2031747e3
SHA256

44ae671b4da7c5bd5725ac4000e055ac95fe23f2153e27a2e22c96d556d82dce
SHA512

2832fd6b5637f49ea562e20ca0bd56f92845961e3ab888c3223a88cb54289ebe618695ec7778f79ace24c13454ffe94686c6682eecb98d113ba3413e7df954e9
SSDEEP

12288:UrRn2m0Tf/QWx9Z2RuoadcvD4+1BRz88iS9l9t101FzERqa4NlDe8yGPg8IpWQPM:QRg12lFvf1BRz88LRz4XXy2QPs

Score

1^/10

Malware Config

Signatures

Files

44ae671b4da7c5bd5725ac4000e055ac95fe23f2153e27a2e22c96d556d82dce
.exe windows:5 windows x86 arch:x86

b822d5c1adf98aa91828317c443fe868

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:16:16:75:19:b2:4b:5b:24:10:b9:01:6d:5e:07:82
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

30/05/2022, 00:00

Not After

30/05/2023, 23:59

Subject

SERIALNUMBER=91450500MAA7H9NJ04,CN=Guangxi Yunao Network Technology Co.\, Ltd.,O=Guangxi Yunao Network Technology Co.\, Ltd.,L=Beihai,ST=Guangxi,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#131642656968616920496e647573747269616c205061726b,1.3.6.1.4.1.311.60.2.1.2=#13074775616e677869,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ed:b2:15:d2:a9:74:9d:f1:79:bb:e4:23:a0:f5:09:c0:e3:58:ee:88:ec:d7:ef:e6:63:30:e5:23:8c:ca:c5:6a
Signer

Actual PE Digest

ed:b2:15:d2:a9:74:9d:f1:79:bb:e4:23:a0:f5:09:c0:e3:58:ee:88:ec:d7:ef:e6:63:30:e5:23:8c:ca:c5:6a

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\work\MAS_Debug\Temp\Link\InstallLead\Release\InstallLead.pdb

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
FreeResource
GetFileAttributesW
FindClose
FindNextFileW
SizeofResource
GetProcessHeap
HeapAlloc
SetEvent
HeapFree
GetSystemTimeAsFileTime
FormatMessageW
GetVersionExW
OutputDebugStringW
GetModuleFileNameW
QueryPerformanceCounter
GetFileSize
QueryPerformanceFrequency
Sleep
CreateFileW
SetEndOfFile
SetFilePointer
LeaveCriticalSection
lstrcpynW
WriteFile
lstrlenW
EnterCriticalSection
ReadFile
DeleteFileW
CreateDirectoryW
FreeLibrary
GetModuleHandleW
GetCurrentProcessId
DeleteCriticalSection
GetProcAddress
DecodePointer
LoadLibraryW
RaiseException
CloseHandle
Process32FirstW
Process32NextW
GetLastError
CreateToolhelp32Snapshot
GetEnvironmentVariableW
InitializeCriticalSectionAndSpinCount
WriteConsoleW
OutputDebugStringA
GetCurrentProcess
HeapSize
HeapReAlloc
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
GetStartupInfoW
GetCurrentThreadId
InitializeSListHead
GetStringTypeW
SetLastError
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
EncodePointer
LCMapStringW
GetLocaleInfoW
GetCPInfo
GetCurrentDirectoryW
GlobalUnlock
GlobalLock
ExitProcess
GetACP
LocalFileTimeToFileTime
SetFileTime
SystemTimeToFileTime
LocalFree
MulDiv
GlobalAlloc
GetLocalTime
lstrcmpiW
lstrcpyW
RtlUnwind
LoadLibraryExW
GetModuleHandleExW
GetStdHandle
GetFileType
IsValidLocale
GetUserDefaultLCID

user32

SendMessageW
CreateWindowExW
IsWindow
DestroyWindow
IsWindowVisible
IsIconic
IsZoomed
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetCursorPos
ScreenToClient
MapWindowPoints
GetSysColor
IntersectRect
UnionRect
OffsetRect
IsRectEmpty
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
LoadImageW
MonitorFromWindow
GetMonitorInfoW
SetWindowRgn
SetCursor
InflateRect
LoadCursorW
DefWindowProcW
PostQuitMessage
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
ShowWindow
EnableWindow
SetPropW
GetPropW
UpdateWindow
UpdateLayeredWindow
MoveWindow
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
IsWindowEnabled
EqualRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
SetForegroundWindow
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
DispatchMessageW
TranslateMessage
GetMessageW
MessageBoxW
SetWindowPos
GetWindowRect
ReleaseDC
GetDC
wsprintfW
PostMessageW

gdi32

PtInRegion
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
GetObjectA
CreateRectRgn
TextOutW
GdiFlush
CreateRoundRectRgn
SetWindowOrgEx
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
CreatePen
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleBitmap
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
GetObjectW
DeleteObject
CreatePatternBrush
GetTextExtentPointA
GetBitmapBits
SetBitmapBits
MoveToEx

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegFlushKey
RegSetValueExW

shell32

DragQueryFileW
SHGetFolderPathW
ShellExecuteExW

ole32

CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
DoDragDrop
OleLockRunning
CoCreateInstance

winhttp

WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpQueryAuthSchemes
WinHttpWriteData
WinHttpSendRequest
WinHttpSetCredentials
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpAddRequestHeaders

shlwapi

StrCmpIW
wnsprintfW
PathRemoveFileSpecW
PathIsDirectoryW
PathStripPathW

urlmon

URLDownloadToFileW

ws2_32

gethostname
WSAStartup
gethostbyname

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

gdiplus

GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDrawImageRectI
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipAddPathLine
ord1
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

Sections

.text
Size: 640KB - Virtual size: 639KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b822d5c1adf98aa91828317c443fe868

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:16:16:75:19:b2:4b:5b:24:10:b9:01:6d:5e:07:82Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

ed:b2:15:d2:a9:74:9d:f1:79:bb:e4:23:a0:f5:09:c0:e3:58:ee:88:ec:d7:ef:e6:63:30:e5:23:8c:ca:c5:6aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

winhttp

shlwapi

urlmon

ws2_32

oleaut32

comctl32

gdiplus

imm32

Sections

.text Size: 640KB - Virtual size: 639KB

.rdata Size: 162KB - Virtual size: 161KB

.data Size: 9KB - Virtual size: 15KB

.rsrc Size: 207KB - Virtual size: 206KB

.reloc Size: 97KB - Virtual size: 97KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:16:16:75:19:b2:4b:5b:24:10:b9:01:6d:5e:07:82
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

ed:b2:15:d2:a9:74:9d:f1:79:bb:e4:23:a0:f5:09:c0:e3:58:ee:88:ec:d7:ef:e6:63:30:e5:23:8c:ca:c5:6a
Signer

.text
Size: 640KB - Virtual size: 639KB

.rdata
Size: 162KB - Virtual size: 161KB

.data
Size: 9KB - Virtual size: 15KB

.rsrc
Size: 207KB - Virtual size: 206KB

.reloc
Size: 97KB - Virtual size: 97KB