7z_02-c3f47e[.]exe[.]v

Sharing

Copy URL Twitter E-mail

General

Target

7z_02-c3f47e.exe.v
Size

3.9MB
MD5

7cb33c65458840d00597ad9333314c48
SHA1

9995dd57ceebdbf213c7dbf361848356b76d96ce
SHA256

99d4a44c9c51579d8f879f3309a6ae9f2e9c6341b2501a81acc774baeac29813
SHA512

22f83b71aaabbfc86cbdb516020379ff71a789b370eb882261c170d213dd67345f4cbe377f658d196eb3ab0d96496f515c6d2d41c73a03fd8204283b25c2bfd1
SSDEEP

49152:9thEdpXv+0/hpJ5btSZaivglRrzVXgKPyISURDu6TzjLkUSHyEpTWxKfCdAMRUJ+:9thl05btIQrhwhIDJjLd2yEpfCdAy

Score

1^/10

Malware Config

Signatures

Files

7z_02-c3f47e.exe.v
.exe windows:5 windows x86 arch:x86

9fd0f6f10f44e598d81aee55b7843ceb

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:12:1f:d7:e4:94:ec:67:b0:4e:3d:8b:02:3b:8d:b3
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

22/04/2024, 00:00

Not After

22/04/2026, 23:59

Subject

CN=Jinan Youqun Network Co.\, Ltd,O=Jinan Youqun Network Co.\, Ltd,ST=Shandong Sheng,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\March\branches\stable6.0\Output\Release\March.pdb

Imports

shlwapi

PathAddBackslashW
PathFileExistsW
PathIsRelativeW
PathStripPathW
PathRemoveExtensionW
PathIsDirectoryW
PathRemoveFileSpecW
PathAppendW

comctl32

ord17
_TrackMouseEvent

gdiplus

GdipDeletePath
GdipDrawLineI
GdipDrawBezierI
GdipDrawRectangleI
GdipDrawPath
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipFillRectangle
GdipDeleteStringFormat
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdiplusStartup
GdipSetStringFormatLineAlign
GdipTransformPath
GdipIsOutlineVisiblePathPointI
GdipDrawString
GdipDrawEllipseI
GdipIsVisiblePathPointI
GdipGetPathWorldBoundsI
GdipAddPathPolygonI
GdipAddPathPieI
GdipAddPathArcI
GdipAddPathEllipseI
GdipAddPathRectangleI
GdipFillEllipseI
GdipAddPathBezierI
GdipAddPathLine2I
GdipAddPathLineI
GdipClosePathFigure
GdipStartPathFigure
GdipGetPathFillMode
GdipSetPathFillMode
GdipResetPath
GdipClonePath
GdipCreatePath
GdipCreateTexture
GdipCreateBitmapFromHBITMAP
GdipCreateSolidFill
GdipGetPenDashStyle
GdipSetPenDashStyle
GdipGetPenLineJoin
GdipSetPenLineJoin
GdipGetPenDashCap197819
GdipGetPenEndCap
GdipGetPenStartCap
GdipSetPenDashCap197819
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenColor
GdipGetPenWidth
GdipSetPenWidth
GdipClonePen
GdipLoadImageFromFile
GdipImageRotateFlip
GdipDrawImageRect
GdipSetWorldTransform
GdipRotateMatrix
GdipTranslateMatrix
GdipCreatePen2
GdipSetLineBlend
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushFromRect
GdipDrawArc
GdipDeletePen
GdipCreatePen1
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdipFillPath
GdipDeleteMatrix
GdipCreateMatrix
GdipMeasureString
GdipScaleMatrix
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromFile
GdipAddPathCurveI

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

winmm

timeSetEvent
timeGetTime
timeKillEvent

msimg32

AlphaBlend

crypt32

CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCreateCertificateChainEngine
CertCloseStore
CryptQueryObject
CertFreeCertificateContext
CertGetNameStringA
CertFreeCertificateChainEngine
CertGetCertificateContextProperty
CertFreeCertificateChain
CertDuplicateCertificateContext
CertGetCertificateChain
CertOpenStore

wldap32

ord32
ord27
ord26
ord22
ord41
ord35
ord45
ord60
ord211
ord46
ord217
ord143
ord33
ord79
ord30
ord50
ord200
ord301

ws2_32

WSAStartup
WSACleanup
WSAGetLastError
setsockopt
ioctlsocket
freeaddrinfo
htons
htonl
getsockopt
WSAAddressToStringW
connect
ntohs
getsockname
getpeername
getaddrinfo
WSASetLastError
listen
shutdown
ntohl
select
WSAWaitForMultipleEvents
WSAResetEvent
socket
WSAEventSelect
recv
recvfrom
sendto
gethostname
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
__WSAFDIsSet
accept
bind
WSAIoctl
closesocket
WSASend

msi

ord88

kernel32

GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
CreateTimerQueueTimer
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetExitCodeThread
GetCurrentThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
FreeLibraryAndExitThread
LoadLibraryExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
SetConsoleCtrlHandler
ExitThread
InitializeSListHead
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
ExitProcess
GetACP
GetConsoleCP
HeapFree
HeapAlloc
CreateTimerQueue
SignalObjectAndWait
CreateThread
GetThreadPriority
GetThreadTimes
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
FlushFileBuffers
GetFileAttributesExW
SetStdHandle
GetLogicalProcessorInformation
SetEndOfFile
GetFullPathNameW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
HeapSize
SetUnhandledExceptionFilter
PeekNamedPipe
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
GlobalMemoryStatus
ConvertFiberToThread
DeleteFiber
GetModuleHandleExW
FindClose
GetSystemTimeAsFileTime
FileTimeToSystemTime
VirtualQuery
GetVersionExW
TryEnterCriticalSection
GetCurrentThreadId
SetThreadPriority
ResetEvent
GetEnvironmentVariableW
SystemTimeToFileTime
LoadLibraryW
GetFileAttributesW
MulDiv
GlobalSize
SizeofResource
LoadResource
FindResourceW
GetCurrentDirectoryW
GlobalFree
GetFileSizeEx
DeleteFileW
GetTickCount
WriteFile
CreateFileW
MultiByteToWideChar
CloseHandle
WideCharToMultiByte
InterlockedExchange
EnterCriticalSection
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CreateMutexW
PostQueuedCompletionStatus
GetLastError
TlsAlloc
InterlockedExchangeAdd
RaiseException
DecodePointer
LocalFree
DeleteCriticalSection
InterlockedIncrement
TlsFree
FormatMessageA
CreateDirectoryW
ReadFile
SetFilePointer
GetFileSize
GetModuleFileNameW
WaitForSingleObject
CreateEventW
SetEvent
GetDiskFreeSpaceExW
GlobalAlloc
GlobalLock
CreateProcessW
GetModuleHandleW
GlobalUnlock
SetFileTime
LocalFileTimeToFileTime
CreateFileA
DosDateTimeToFileTime
GetFileTime
GetCurrentProcess
ExpandEnvironmentStringsW
GetTempPathW
GetWindowsDirectoryW
GetProcAddress
GetDriveTypeW
SetWaitableTimer
TlsSetValue
SetLastError
CreateWaitableTimerW
InterlockedCompareExchange
WaitForMultipleObjects
GetQueuedCompletionStatus
GetModuleHandleA
Sleep
TerminateThread
QueueUserAPC
SleepEx
TlsGetValue
CreateIoCompletionPort
QueryPerformanceCounter
InitializeCriticalSection
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
FormatMessageW
MoveFileExA
GetEnvironmentVariableA
GetCurrentProcessId
GetStdHandle
GetFileType
VerSetConditionMask
VerifyVersionInfoW

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
CallMsgFilterW
GetQueueStatus
TranslateMessage
GetDesktopWindow
FindWindowW
GetParent
MapWindowPoints
GetClipboardData
IsClipboardFormatAvailable
GetAsyncKeyState
GetSysColor
ClientToScreen
SetForegroundWindow
WaitMessage
PostMessageW
UnregisterClassW
EnableWindow
KillTimer
SetTimer
PostQuitMessage
SetClipboardData
BringWindowToTop
EmptyClipboard
CloseClipboard
OpenClipboard
SetWindowTextW
GetCursorPos
PtInRect
GetClientRect
ScreenToClient
DefWindowProcW
DestroyWindow
ReleaseDC
LoadCursorW
RegisterClassW
GetClassInfoExW
RegisterClassExW
SetWindowLongW
IsWindow
CreateWindowExW
GetWindowLongW
GetWindow
SetFocus
ShowWindow
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
IsIconic
SetWindowPos
LoadImageW
GetSystemMetrics
SendMessageW
CallWindowProcW
SetPropW
GetPropW
GetDC
InvalidateRect
GetKeyState
GetFocus
SetCapture
ReleaseCapture
BeginPaint
EndPaint
MoveWindow
GetUpdateRect
IsRectEmpty
IntersectRect
UpdateLayeredWindow
OffsetRect
UnionRect
SetCursor
CharNextW
IsZoomed
MonitorFromPoint
SetWindowRgn
IsWindowVisible

gdi32

ExtSelectClipRgn
CreateRectRgnIndirect
GetObjectA
SetStretchBltMode
SetWindowOrgEx
GetWindowOrgEx
RestoreDC
SaveDC
DeleteDC
CreateCompatibleDC
StretchBlt
CreateDIBSection
GetDeviceCaps
CreateRoundRectRgn
BitBlt
SelectObject
DeleteObject
CreateFontIndirectW
GetObjectW
GetStockObject

advapi32

CryptHashData
CryptGetHashParam
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptReleaseContext
CryptGetUserKey
CryptAcquireContextA
CryptGetProvParam
CryptSetHashParam
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptCreateHash

shell32

ShellExecuteExW
SHCreateDirectoryExW
ShellExecuteA
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 511KB - Virtual size: 510KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9fd0f6f10f44e598d81aee55b7843ceb

Code Sign

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

5e:12:1f:d7:e4:94:ec:67:b0:4e:3d:8b:02:3b:8d:b3Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

comctl32

gdiplus

imm32

winmm

msimg32

crypt32

wldap32

ws2_32

msi

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 511KB - Virtual size: 510KB

.data Size: 50KB - Virtual size: 65KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 100KB - Virtual size: 100KB

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

5e:12:1f:d7:e4:94:ec:67:b0:4e:3d:8b:02:3b:8d:b3
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 511KB - Virtual size: 510KB

.data
Size: 50KB - Virtual size: 65KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 100KB - Virtual size: 100KB