4045b5292918abd2bd4f9a29c906c27305d82dbbeaeb29ec68e5b643208a5b4f

Sharing

Copy URL Twitter E-mail

General

Target

4045b5292918abd2bd4f9a29c906c27305d82dbbeaeb29ec68e5b643208a5b4f
Size

134KB
MD5

6e5a3102d5db2d3e91ac77341510037c
SHA1

ab1629b2eba2c7235bd0d28e1e73db04bde60095
SHA256

4045b5292918abd2bd4f9a29c906c27305d82dbbeaeb29ec68e5b643208a5b4f
SHA512

6a37383ff922159db25af981b11f2dc8bc83204b23046df9c3242ab1bbdddbb16517bc2da3aefdc628d2b2c6f1787d0fd250a8ce3ae992e61146068bdf081ac4
SSDEEP

3072:WvrPrbxkOB6/cVcvQvDayScEo37hVQBTRbOs6U:Wvr2OM/icYvmL5SyBtIU

Score

1^/10

Malware Config

Signatures

Files

4045b5292918abd2bd4f9a29c906c27305d82dbbeaeb29ec68e5b643208a5b4f
.zip
软件包安装程序.exe
.exe windows:4 windows x64 arch:x64

b536328468155ed7054fedfa9dd0407d

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:76:0a:78:9d:22:63:38:cd:ce:4b:32:d8:51:a3:0b
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

19/01/2017, 00:00

Not After

19/01/2019, 23:59

Subject

SERIALNUMBER=RA - 168116,CN=PRINK S.R.L.,O=PRINK S.R.L.,L=Castel Bolognese,ST=RAVENNA,C=IT,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#131043617374656c20426f6c6f676e657365,1.3.6.1.4.1.311.60.2.1.2=#1307526176656e6e61,1.3.6.1.4.1.311.60.2.1.3=#13024954

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:4c:30:9b:18:1c:4f:42:70:bf:6a:fe:ca:34:8b:51:c3:48:ac:0a
Signer

Actual PE Digest

59:4c:30:9b:18:1c:4f:42:70:bf:6a:fe:ca:34:8b:51:c3:48:ac:0a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

gdiplus

GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdiplusStartup
GdipDeleteStringFormat
GdipAlloc
GdipCreateStringFormat
GdipDrawString
GdipDeleteBrush
GdipMeasureString
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFileICM
GdipDeleteFont
GdipCreateBitmapFromFile
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipCreateSolidFill
GdipCloneImage
GdipFree
GdipDeleteGraphics
GdipDisposeImage
GdipCreateFromHDC
GdipSetStringFormatAlign

kernel32

GetLocaleInfoA
EnterCriticalSection
HeapAlloc
MultiByteToWideChar
GetProcessHeap
GetLastError
CreateThread
WaitForSingleObject
Sleep
GetComputerNameA
GetSystemWow64DirectoryA
lstrcpyA
lstrcatA
GetCommandLineW
LoadLibraryA
GetProcAddress
CloseHandle
LeaveCriticalSection
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
HeapReAlloc
GetTickCount
QueryPerformanceCounter
HeapCreate
HeapSetInformation
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
WriteFile
RtlVirtualUnwind
ExitProcess
HeapSize
FlsAlloc
GetCurrentThreadId
SetLastError
FlsFree
TlsFree
FlsSetValue
FlsGetValue
GetModuleHandleA
IsValidCodePage
InitializeCriticalSection
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
GetCurrentProcessId
GetOEMCP
GetACP
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
WideCharToMultiByte
GetCommandLineA
HeapFree
GetVersionExA
GetStartupInfoA
RaiseException
RtlPcToFileHeader
VirtualAlloc
RtlUnwindEx
GetCPInfo

user32

GetClientRect
SendDlgItemMessageA
LoadStringA
DestroyWindow
GetSystemMenu
FlashWindowEx
EnableMenuItem
PtInRect
GetCursorPos
CreateDialogParamA
GetDlgItem
ShowWindow
GetWindowRect
SendMessageA
KillTimer
SetTimer
InvalidateRect
DialogBoxParamA
MessageBoxA
CreateWindowExA
EndDialog
RegisterClassExA
PostQuitMessage
TrackMouseEvent
LoadCursorA
EndPaint
LoadIconA
BeginPaint
SetDlgItemTextA
DefWindowProcA
SetWindowTextA

gdi32

DeleteDC
BitBlt
CreateCompatibleDC
SelectObject
CreateDIBSection
GetObjectA
DeleteObject
GetStockObject
SetBkColor
SetTextColor
CreateFontA
SetBkMode

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

shell32

CommandLineToArgvW

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b536328468155ed7054fedfa9dd0407d

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

76:76:0a:78:9d:22:63:38:cd:ce:4b:32:d8:51:a3:0bCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

59:4c:30:9b:18:1c:4f:42:70:bf:6a:fe:ca:34:8b:51:c3:48:ac:0aSigner

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 134KB - Virtual size: 134KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 69KB - Virtual size: 86KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 30KB - Virtual size: 30KB

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

76:76:0a:78:9d:22:63:38:cd:ce:4b:32:d8:51:a3:0b
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

59:4c:30:9b:18:1c:4f:42:70:bf:6a:fe:ca:34:8b:51:c3:48:ac:0a
Signer

.text
Size: 134KB - Virtual size: 134KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 69KB - Virtual size: 86KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 30KB - Virtual size: 30KB