f77a2644103661575650ea77fc227c4177d3a1b5b810279f1b26c2a3acfd5745

Sharing

Copy URL

Twitter E-mail

General

Target

f77a2644103661575650ea77fc227c4177d3a1b5b810279f1b26c2a3acfd5745
Size

384KB
MD5

3db4d087f97db83e39ed7af0674e0ab1
SHA1

3324ac97052b5ffb39c4f202156d89337aead986
SHA256

f77a2644103661575650ea77fc227c4177d3a1b5b810279f1b26c2a3acfd5745
SHA512

1897270d7d0e5a73ce305cc0c3e180b7ff10235e9b9fe5c654c6b5a7349290c61ba0d2150dd6547a6d9b6ef87ce71cfde701d7694064a873fa9a13677acad33a
SSDEEP

6144:oj0fYJ83Tc+idIOeyCcufgtRDzKUEiFAKtDYFlBV+UdvrEFp7hK38:ojsY6o+idIO6ccmKUZSlLBjvrEH7e8

Score

1^/10

Malware Config

Signatures

Files

f77a2644103661575650ea77fc227c4177d3a1b5b810279f1b26c2a3acfd5745
.dll windows:6 windows x86 arch:x86

9e62b788f7abdaea6c378df676c65fa9

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19-09-2018 00:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:4d:d3:64:11:70:e6:c2:8f:d6:04:e3
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

27-11-2023 08:43

Not After

27-11-2024 08:43

Subject

SERIALNUMBER=23829868,CN=CyberLink Corp.,OU=IT,O=CyberLink Corp.,STREET=15F.\, No. 100\, Minquan Rd.\, Xindian Dist.,L=New Taipei City,ST=New Taipei City,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07-11-2023 17:13

Not After

09-12-2034 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:8c:03:79:23:61:29:4a:c5:6c:6c:f2:ff:21:9b:4d:69:51:f5:fa:af:4e:c9:2f:b1:45:d6:72:c8:4b:cd:d3
Signer

Actual PE Digest

1c:8c:03:79:23:61:29:4a:c5:6c:6c:f2:ff:21:9b:4d:69:51:f5:fa:af:4e:c9:2f:b1:45:d6:72:c8:4b:cd:d3

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Data\Projects\SetupKit\Utility\SKUtil\Release\SKUtil.pdb

Imports

shlwapi

StrTrimA
PathIsDirectoryA
PathFileExistsW
PathFileExistsA
StrCmpIW
PathRemoveBackslashA

advapi32

OpenProcessToken
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegEnumKeyA
RegDeleteValueA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCreateKeyExA

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo

wininet

InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetSetOptionA
InternetSetOptionW
InternetGetLastResponseInfoW
InternetOpenW

kernel32

HeapReAlloc
InterlockedExchange
FatalAppExitA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
OutputDebugStringA
OutputDebugStringW
CreateFileA
DeleteFileW
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
GetFileAttributesA
GetFileAttributesW
GetFileSize
LockFile
ReadFile
RemoveDirectoryW
SetFileAttributesA
SetFilePointer
UnlockFile
WriteFile
CloseHandle
GetLastError
InitializeCriticalSectionEx
WaitForSingleObject
Sleep
InterlockedDecrement
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
GetStringTypeW
CreateProcessW
OpenProcess
GetLocalTime
GetVersionExA
GetVersionExW
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryExW
LocalAlloc
LocalFree
lstrcmpA
lstrcpyA
lstrlenA
lstrlenW
LoadLibraryA
LoadLibraryW
GetPrivateProfileStringW
GetPrivateProfileSectionW
QueryDosDeviceA
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32First
Process32Next
K32GetModuleFileNameExA
CreateFileW
GetSystemTime
VirtualAlloc
VirtualFree
_llseek
IsBadReadPtr
IsBadWritePtr
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LeaveCriticalSection
EnterCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
GetDriveTypeW
GetProcessHeap
GetCurrentThread
GetCPInfo
HeapFree
SetCurrentDirectoryW
GetCurrentDirectoryW
SetStdHandle
WriteConsoleW
FlushFileBuffers
HeapAlloc
GetFullPathNameA
HeapSize
CreateProcessA
GetOEMCP
GetACP
IsValidCodePage
InterlockedIncrement
CreateSemaphoreW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
SetFileAttributesW
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
GetCommandLineA
UnhandledExceptionFilter
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetCurrentThreadId
GetFileAttributesExW

user32

SetForegroundWindow
IsIconic
ShowWindow
wsprintfA
LoadStringW
PostMessageA
GetDC
GetWindow
GetWindowThreadProcessId
GetTopWindow
GetClassNameW
GetClassNameA
FindWindowExW
FindWindowW
EnumChildWindows
ReleaseDC

gdi32

GetDIBits
SelectObject
StretchDIBits
SetStretchBltMode
GetObjectA
CreateCompatibleBitmap
DeleteObject
DeleteDC
CreateCompatibleDC

shell32

SHFileOperationW
SHGetFolderPathA
ShellExecuteExA
ShellExecuteExW
ord526
SHGetFolderPathW
SHChangeNotify

ole32

CoInitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoUninitialize

oleaut32

OleLoadPicturePath
VariantClear
VariantInit
SafeArrayPutElement
SafeArrayCreate
SysFreeString
SysAllocStringLen
SysAllocString
CreateErrorInfo
GetErrorInfo
VariantChangeType
SetErrorInfo

msi

ord112

gdiplus

GdipDisposeImage
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateHBITMAPFromBitmap
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipAlloc
GdipFree

Exports

Exports

AddMpPreference
IsEnableCFA
RemoveMpPreference
SK_CallURL
SK_CheckUpgradeRule
SK_CheckVGAVenderAndDeviceID
SK_CheckVcRuntime
SK_CreateLink
SK_CreateLinkEx
SK_CreateLinkExW
SK_DeleteFolderW
SK_DeleteFolderW2
SK_DeletePatchRedundantRegKey
SK_DetectRunProgramW
SK_DumpFile
SK_DumpMsg
SK_EnableWow64FsRedirection
SK_FileEncode
SK_FileEncodeEx
SK_FileEncodeW
SK_FindProcess
SK_FindProcessByID
SK_FindProcessEx
SK_Get64KeyValue
SK_GetAbsPath
SK_GetFileCount
SK_GetHWNDByID
SK_GetIniKeyCount2W
SK_GetIniKeyCountW
SK_GetIniKeyValue2W
SK_GetIniKeyValueW
SK_GetMUIData
SK_GetModulePath
SK_GetModulePathByID
SK_GetOSVerNo
SK_GetOSVerNo_BuildNo
SK_GetOSVersion
SK_GetProcessID
SK_GetProcessIDList
SK_GetProcessReturnValue
SK_GetReverseID
SK_GetServicePackMajorNumber
SK_GetShellFolderPathA
SK_GetShellFolderPathW
SK_GetUserDefaultUILanguage
SK_GetUserInfo
SK_GetXMLChildNodeCount
SK_GetXMLChildNodeValue
SK_GetXMLChildNodeValueEx
SK_GetXMLNodeCount
SK_GetXMLNodeValue
SK_IsEmbedded
SK_IsPyPathSafe
SK_IsPyPathSafeW
SK_IsWow64
SK_KillProcess
SK_KillProcessByID
SK_KillProcessEx
SK_LaunchAppAndWait
SK_LaunchAppAndWait2
SK_LaunchAppAndWait2W
SK_LoadImageFile
SK_LoadImageFileEx
SK_LoadImageToHandle
SK_LoadXMLFile
SK_MergeSimFile
SK_ParseBuildNumber
SK_ParseCopyFolderPath
SK_ParseExePath
SK_PathIsDirectory
SK_RefreshAddRemoveProgram
SK_RefreshDesktop
SK_RegDBDelKey_64
SK_RegDBSetKeyValue_64
SK_RegDeleteValue_64
SK_SetDefaultAutoPlayer
SK_SetFileAttribute
SK_ShellExecute
SK_StringReverse
SK_UnLoadXMLFile
SK_UnloadImageFile
SendUNOLog

Sections

.text
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e62b788f7abdaea6c378df676c65fa9

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

11:4d:d3:64:11:70:e6:c2:8f:d6:04:e3Certificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

1c:8c:03:79:23:61:29:4a:c5:6c:6c:f2:ff:21:9b:4d:69:51:f5:fa:af:4e:c9:2f:b1:45:d6:72:c8:4b:cd:d3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

advapi32

setupapi

wininet

kernel32

user32

gdi32

shell32

ole32

oleaut32

msi

gdiplus

Exports

Exports

Sections

.text Size: 209KB - Virtual size: 208KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 5KB - Virtual size: 18KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 11KB - Virtual size: 10KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

11:4d:d3:64:11:70:e6:c2:8f:d6:04:e3
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

1c:8c:03:79:23:61:29:4a:c5:6c:6c:f2:ff:21:9b:4d:69:51:f5:fa:af:4e:c9:2f:b1:45:d6:72:c8:4b:cd:d3
Signer

.text
Size: 209KB - Virtual size: 208KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 5KB - Virtual size: 18KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 11KB - Virtual size: 10KB