24a15f2728ea9f188a088dd1290af1663a5a87577e1cbd2e7f710e88f2f08215

Sharing

Copy URL Twitter E-mail

General

Target

24a15f2728ea9f188a088dd1290af1663a5a87577e1cbd2e7f710e88f2f08215
Size

830KB
MD5

9197441f4d9054412db9f544c8590e71
SHA1

babfd590c12f5a3efbdd71714ada356812ebcb8b
SHA256

24a15f2728ea9f188a088dd1290af1663a5a87577e1cbd2e7f710e88f2f08215
SHA512

3b132af9e4c48a059647295d3ab26fd13294484a7bc059c094b8b15fe93d8582f46b3261583b6d0e9102d65906c4b62e3cc831556a0d7c8751cc0e39f6706571
SSDEEP

24576:lTVd2wG4ipOnShbSkk5S8CHw16pBUcugdMeT1W:swG9pMSz9pBUF4T1W

Score

1^/10

Malware Config

Signatures

Files

24a15f2728ea9f188a088dd1290af1663a5a87577e1cbd2e7f710e88f2f08215
.dll windows:4 windows x86 arch:x86

c12f0706b09bd58f2bf487401cea8bb5

Code Sign

40:60:80:81:90:c7:c8:87:13:28:bc:48:53:fb:71:35
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

20/09/2019, 00:00

Not After

19/10/2022, 23:59

Subject

CN=Feitian Technologies Co.\, Ltd.,O=Feitian Technologies Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f5:46:27:72:7d:25:a2:83:81:e2:f5:ac:fb:bc:cb:84:85:47:64:cb:fd:df:93:73:d5:9d:e5:96:c4:62:ef:d9
Signer

Actual PE Digest

f5:46:27:72:7d:25:a2:83:81:e2:f5:ac:fb:bc:cb:84:85:47:64:cb:fd:df:93:73:d5:9d:e5:96:c4:62:ef:d9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CertFindExtension
CertFreeCertificateContext
CryptDecodeObject
CertCreateCertificateContext
CertGetEnhancedKeyUsage
CertGetNameStringA

mfc42

ord860
ord641
ord2514
ord1175
ord6467
ord3619
ord2575
ord4396
ord3574
ord609
ord3626
ord3663
ord2414
ord5875
ord2860
ord2567
ord1641
ord2859
ord6778
ord2864
ord6648
ord6453
ord2379
ord3693
ord4133
ord4297
ord4284
ord3702
ord5265
ord4376
ord4853
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord501
ord324
ord773
ord4234
ord1083
ord4710
ord536
ord2818
ord2754
ord3706
ord613
ord5781
ord289
ord755
ord470
ord5981
ord2582
ord4402
ord3370
ord3640
ord693
ord2289
ord2370
ord2302
ord6334
ord6905
ord6007
ord6907
ord3286
ord2642
ord3092
ord2301
ord6880
ord4299
ord6605
ord6215
ord2086
ord6197
ord3089
ord6379
ord825
ord823
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3830
ord3831
ord3825
ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3874
ord2915
ord5572
ord4129
ord922
ord2614
ord940
ord3081
ord6199
ord4278
ord4275
ord567
ord540
ord4627
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord3402
ord537
ord5683
ord5710
ord858
ord800
ord941
ord939
ord2725
ord3953
ord815
ord3147
ord3259
ord4465
ord3136
ord2976
ord3262
ord2985

msvcrt

_onexit
__dllonexit
??1type_info@@UAE@XZ
_EH_prolog
printf
_ftol
srand
rand
strchr
_endthreadex
sprintf
__CxxFrameHandler
wcslen
memmove
??0exception@@QAE@ABV0@@Z
_CxxThrowException
strncpy
_beginthreadex
atol
fwrite
_initterm
_adjust_fdiv
??0exception@@QAE@XZ
??1exception@@UAE@XZ
free
_fileno
_stricmp
getenv
sscanf
strncmp
fgets
fseek
ftell
_setmode
fflush
_errno
fprintf
memchr
_iob
vfprintf
abort
strerror
tolower
realloc
__mb_cur_max
_isctype
_pctype
strcmp
qsort
bsearch
malloc
strstr
atoi
fclose
fread
fopen
wcscpy
_mbscmp
_strlwr
time
wcscmp
_wcsupr
mbstowcs
difftime
_purecall
_vsnprintf

kernel32

GlobalMemoryStatus
QueryPerformanceCounter
GetSystemInfo
GetFileType
LocalAlloc
lstrlenA
IsBadReadPtr
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
TerminateThread
UnmapViewOfFile
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
InterlockedIncrement
ReleaseMutex
OpenMutexA
CreateMutexA
WaitForSingleObject
SetEvent
OpenEventA
CreateEventA
GetVersionExA
GetModuleHandleA
CreateFileA
lstrcmpiA
GetUserDefaultLangID
GetTickCount
GetStdHandle
OutputDebugStringA
GetCurrentThreadId
GetCurrentProcessId
CompareFileTime
GetModuleFileNameA
WaitForMultipleObjects
Sleep
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
LocalFree

user32

EnableWindow
wsprintfA
GetClassNameA
GetWindow
SetWindowTextA
GetWindowTextA
GetSystemMetrics
MessageBoxA
FillRect
InflateRect
CopyRect
GetParent
InvalidateRect
GetDC
GetClientRect
GetSysColor
SendMessageA
PtInRect
SetActiveWindow
SetWindowPos
AttachThreadInput
GetWindowThreadProcessId
CreateWindowExA
GetForegroundWindow
SetTimer
UpdateWindow
SetForegroundWindow
KillTimer
GetFocus
ShowWindow
GetMessageA
DispatchMessageA
PostMessageA
IsWindow
RegisterWindowMessageA
MessageBoxIndirectA
SetWindowLongA
DefWindowProcA
RegisterClassExA
GetKeyState
UnregisterClassA
GetDlgCtrlID
TranslateMessage

gdi32

CreateRectRgnIndirect
GetTextExtentPoint32A
CreatePen
CreateFontA
GetStockObject
Ellipse
SelectObject

advapi32

RegCloseKey
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryInfoKeyA
SetSecurityDescriptorDacl

ole32

CoCreateGuid

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA

hid

HidD_SetFeature
HidD_GetAttributes
HidD_GetFeature
HidD_FlushQueue
HidD_GetHidGuid

msvcp60

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?clear@ios_base@std@@QAEXH_N@Z
?opfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE_NXZ
?uncaught_exception@std@@YA_NXZ
?osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
?ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Exports

Exports

CPAcquireContext
CPCreateHash
CPDecrypt
CPDeriveKey
CPDestroyHash
CPDestroyKey
CPEncrypt
CPExportKey
CPGenKey
CPGenRandom
CPGetHashParam
CPGetKeyParam
CPGetProvParam
CPGetUserKey
CPHashData
CPHashSessionKey
CPImportKey
CPReleaseContext
CPSetHashParam
CPSetKeyParam
CPSetProvParam
CPSignHash
CPVerifySignature
C_CancelFunction
C_CloseAllSessions
C_CloseSession
C_CopyObject
C_CreateObject
C_Decrypt
C_DecryptDigestUpdate
C_DecryptFinal
C_DecryptInit
C_DecryptUpdate
C_DecryptVerifyUpdate
C_DeriveKey
C_DestroyObject
C_Digest
C_DigestEncryptUpdate
C_DigestFinal
C_DigestInit
C_DigestKey
C_DigestUpdate
C_Encrypt
C_EncryptFinal
C_EncryptInit
C_EncryptUpdate
C_Finalize
C_FindObjects
C_FindObjectsFinal
C_FindObjectsInit
C_GenerateKey
C_GenerateKeyPair
C_GenerateRandom
C_GetAttributeValue
C_GetFunctionList
C_GetFunctionStatus
C_GetInfo
C_GetMechanismInfo
C_GetMechanismList
C_GetObjectSize
C_GetOperationState
C_GetSessionInfo
C_GetSlotInfo
C_GetSlotList
C_GetTokenInfo
C_InitPIN
C_InitToken
C_Initialize
C_Login
C_Logout
C_OpenSession
C_SeedRandom
C_SetAttributeValue
C_SetOperationState
C_SetPIN
C_Sign
C_SignEncryptUpdate
C_SignFinal
C_SignInit
C_SignRecover
C_SignRecoverInit
C_SignUpdate
C_UnwrapKey
C_Verify
C_VerifyFinal
C_VerifyInit
C_VerifyRecover
C_VerifyRecoverInit
C_VerifyUpdate
C_WaitForSlotEvent
C_WrapKey
E_GetAuxFunctionList
E_SetTokenLabel

Sections

.text
Size: 564KB - Virtual size: 560KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c12f0706b09bd58f2bf487401cea8bb5

Code Sign

40:60:80:81:90:c7:c8:87:13:28:bc:48:53:fb:71:35Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

f5:46:27:72:7d:25:a2:83:81:e2:f5:ac:fb:bc:cb:84:85:47:64:cb:fd:df:93:73:d5:9d:e5:96:c4:62:ef:d9Signer

Headers

File Characteristics

Imports

crypt32

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

ole32

setupapi

hid

msvcp60

Exports

Exports

Sections

.text Size: 564KB - Virtual size: 560KB

.rdata Size: 132KB - Virtual size: 128KB

.data Size: 52KB - Virtual size: 65KB

.rsrc Size: 24KB - Virtual size: 20KB

.reloc Size: 48KB - Virtual size: 44KB

40:60:80:81:90:c7:c8:87:13:28:bc:48:53:fb:71:35
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

f5:46:27:72:7d:25:a2:83:81:e2:f5:ac:fb:bc:cb:84:85:47:64:cb:fd:df:93:73:d5:9d:e5:96:c4:62:ef:d9
Signer

.text
Size: 564KB - Virtual size: 560KB

.rdata
Size: 132KB - Virtual size: 128KB

.data
Size: 52KB - Virtual size: 65KB

.rsrc
Size: 24KB - Virtual size: 20KB

.reloc
Size: 48KB - Virtual size: 44KB