efad7bbcc8ba602d71d3c5ef68d7bcaa7c090dbfff70d3dc64e88131129ccb0aN

Sharing

Copy URL

Twitter E-mail

General

Target

efad7bbcc8ba602d71d3c5ef68d7bcaa7c090dbfff70d3dc64e88131129ccb0aN
Size

3.3MB
MD5

088d7c739e2729e94cda31141de18dd0
SHA1

57b422fb79d059b1ab6470f5e0834b9cef9d866d
SHA256

efad7bbcc8ba602d71d3c5ef68d7bcaa7c090dbfff70d3dc64e88131129ccb0a
SHA512

050dcade901a9c63551b2255a93f47fd8498821fb292bcdc2ded3f8df04a32764bbd6ea02f40e4549624a4f4d25c97be866da294904e088f240e63e220973c75
SSDEEP

49152:oLqZ1Hof2s58TB9zh/4AbY04pQXnNfHHEHGVV9Oa8td8aQdUKzgvMRnU:oOZ1FTBph/4AbXNOxrQdueU

Score

1^/10

Malware Config

Signatures

Files

efad7bbcc8ba602d71d3c5ef68d7bcaa7c090dbfff70d3dc64e88131129ccb0aN
.exe windows:6 windows x86 arch:x86

716b8ab02aae20d5f0aa0e7b737beda2

Code Sign

69:da:2e:df:d9:96:ea:95:73:c0:33:37:ef:1b:bc:1b
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

21-08-2024 14:12

Not After

21-08-2025 12:23

Subject

SERIALNUMBER=2300149170,CN=KHAI SON JOINT STOCK COMPANY,O=KHAI SON JOINT STOCK COMPANY,L=Thuan Thanh Township,ST=Bắc Ninh,C=VN,1.3.6.1.4.1.311.60.2.1.3=#1302564e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26-03-2019 17:44

Not After

22-03-2034 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07-11-2023 17:13

Not After

09-12-2034 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:be:ea:e9:da:56:43:1c:e3:a5:ca:e9:24:04:31:73:42:99:4c:88:e0:c7:28:53:76:32:77:f8:bc:0c:a7:0f
Signer

Actual PE Digest

79:be:ea:e9:da:56:43:1c:e3:a5:ca:e9:24:04:31:73:42:99:4c:88:e0:c7:28:53:76:32:77:f8:bc:0c:a7:0f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\bamboo\home\xml-data\build-dir\CODRU-BA-SOURCES\bin\Win32\Release\ProductAgentUI.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CryptBinaryToStringW
CryptUnprotectData
CryptStringToBinaryW

kernel32

FindResourceExW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ReleaseMutex
ReleaseSemaphore
WaitForSingleObjectEx
FormatMessageW
GetCurrentThreadId
GetModuleFileNameA
DebugBreak
IsDebuggerPresent
OutputDebugStringW
SetLastError
WaitForSingleObject
OpenSemaphoreW
GetCurrentProcessId
CreateMutexExW
CreateSemaphoreExW
IsWow64Process
CreateProcessW
GetStdHandle
ReadFile
MultiByteToWideChar
CreateFileW
GetSystemDirectoryW
SetEnvironmentVariableW
CreateThread
VerSetConditionMask
VerifyVersionInfoW
SetCurrentDirectoryW
GetTickCount64
GetTempPathW
GetFileAttributesW
OutputDebugStringA
GetEnvironmentVariableW
OpenProcess
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GlobalMemoryStatusEx
GetSystemWindowsDirectoryW
GetDiskFreeSpaceExW
LocalAlloc
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
QueryDosDeviceW
GetLongPathNameW
VirtualQuery
VirtualFree
VirtualProtect
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
OpenEventW
LockResource
WriteConsoleW
K32GetMappedFileNameW
FileTimeToSystemTime
SetSearchPathMode
LoadLibraryA
LoadLibraryExA
GetWindowsDirectoryW
GetLocalTime
GetCurrentThread
GetProcessTimes
WriteFile
SetFilePointer
GetFileSizeEx
LocalFree
ExpandEnvironmentStringsW
InitializeSListHead
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
InitializeCriticalSectionAndSpinCount
GetLocaleInfoEx
GetCPInfo
CompareStringEx
GetSystemTimeAsFileTime
LCMapStringEx
EncodePointer
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
LoadResource
FindResourceW
ExitProcess
GetCurrentProcess
WideCharToMultiByte
GetModuleHandleExW
Sleep
DecodePointer
InitializeCriticalSectionEx
RaiseException
DeleteCriticalSection
CreateMutexW
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
CloseThreadpoolWork
GetModuleHandleW
GetModuleFileNameW
GetTimeFormatW
CloseHandle
LoadLibraryExW
GetLastError
FormatMessageA
FreeLibrary
GetProcAddress
LoadLibraryW
GetCommandLineW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
QueryPerformanceFrequency
QueryPerformanceCounter
SizeofResource
MapViewOfFile
SuspendThread
GetFileInformationByHandleEx
UnmapViewOfFile
SetEvent
DeviceIoControl
AreFileApisANSI
SetFilePointerEx
SetFileInformationByHandle
SetFileAttributesW
SetEndOfFile
GetFinalPathNameByHandleW
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
InitOnceBeginInitialize
InitOnceComplete
GetNativeSystemInfo
GetExitCodeThread
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateEventW
DeleteFileW
WaitForMultipleObjects
SetStdHandle
GetFileType
GetDateFormatW
ResumeThread
AcquireSRWLockExclusive
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ReleaseSRWLockExclusive
InitializeSRWLock
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW

user32

SetWindowPos
GetSystemMetrics
RegisterWindowMessageW
GetWindowThreadProcessId
GetMessageW
GetDC
GetPropW
SetActiveWindow
EnumChildWindows
GetShellWindow
RegisterClassExW
GetActiveWindow
OpenClipboard
DispatchMessageW
IsDialogMessageW
DefDlgProcW
CloseClipboard
EmptyClipboard
TranslateMessage
SetParent
SetClipboardData
SetWindowLongW
GetDesktopWindow
CreateDialogIndirectParamW
ReleaseDC
EnableWindow
GetKeyState
CreateWindowExW
DestroyWindow
BringWindowToTop
ChangeWindowMessageFilterEx
SendMessageW
FindWindowW
GetClientRect
IsWindow
KillTimer
SetTimer
MoveWindow
SystemParametersInfoW
ExitWindowsEx
SetClassLongW
LoadIconW
SetWindowTextW
MonitorFromPoint
GetMonitorInfoW
MonitorFromRect
GetWindowRect
GetCursorPos
GetAncestor
GetWindowLongW
OffsetRect
CopyRect
SetForegroundWindow
ShowWindow
IsIconic
PostMessageW
AllowSetForegroundWindow
BroadcastSystemMessageW

gdi32

GetDeviceCaps

advapi32

RegSetValueExW
GetFileSecurityW
GetSecurityDescriptorDacl
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
GetAclInformation
LookupAccountSidW
GetNamedSecurityInfoW
CryptHashData
CryptGetHashParam
CryptCreateHash
CryptDestroyHash
CryptAcquireContextW
CryptReleaseContext
RegCreateKeyExW
IsWellKnownSid
ConvertSidToStringSidW
GetTokenInformation
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
RegQueryValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegGetValueW
RegCloseKey
RegOpenKeyExW
GetAce

shell32

SHGetKnownFolderPath
ShellExecuteW
CommandLineToArgvW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoTaskMemAlloc
OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
VariantCopy
VariantChangeType

shlwapi

SHGetValueW
PathAppendW
PathRemoveFileSpecW
PathIsRelativeW

dwmapi

DwmIsCompositionEnabled

winmm

timeGetTime

wintrust

CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
WinVerifyTrust

winhttp

WinHttpCrackUrl

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 495KB - Virtual size: 494KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

$w4dJCb
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

716b8ab02aae20d5f0aa0e7b737beda2

Code Sign

69:da:2e:df:d9:96:ea:95:73:c0:33:37:ef:1b:bc:1bCertificate

Extended Key Usages

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

79:be:ea:e9:da:56:43:1c:e3:a5:ca:e9:24:04:31:73:42:99:4c:88:e0:c7:28:53:76:32:77:f8:bc:0c:a7:0fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

dwmapi

winmm

wintrust

winhttp

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 237KB - Virtual size: 237KB

.data Size: 40KB - Virtual size: 48KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 495KB - Virtual size: 494KB

.reloc Size: 60KB - Virtual size: 59KB

$w4dJCb Size: 1.4MB - Virtual size: 1.4MB

69:da:2e:df:d9:96:ea:95:73:c0:33:37:ef:1b:bc:1b
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

79:be:ea:e9:da:56:43:1c:e3:a5:ca:e9:24:04:31:73:42:99:4c:88:e0:c7:28:53:76:32:77:f8:bc:0c:a7:0f
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 237KB - Virtual size: 237KB

.data
Size: 40KB - Virtual size: 48KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 495KB - Virtual size: 494KB

.reloc
Size: 60KB - Virtual size: 59KB

$w4dJCb
Size: 1.4MB - Virtual size: 1.4MB