d8935fabea4e5527f1911fa85ffe099a40efdc343c783e6a09497de92cc4b121

Sharing

Copy URL

Twitter E-mail

General

Target

d8935fabea4e5527f1911fa85ffe099a40efdc343c783e6a09497de92cc4b121
Size

3.2MB
MD5

24f0b6c08fca79dedcd322c9280fc7bd
SHA1

c185eaf26f05929f4238a3bbd70d7d7498f1d51d
SHA256

d8935fabea4e5527f1911fa85ffe099a40efdc343c783e6a09497de92cc4b121
SHA512

6733c00c9d0ff75bd2369294c2d0aa9809b1586657396438108e4d28011af250c7b55de0ffb288101f1798299b2d2daabdadd196660555f3cb9cc11f8fd3e68e
SSDEEP

49152:2KT5razB15YsBNMqxs9j7GvQDf536Ubmezbj2PSWMNXoLnbtvNPBtpCW1zMO:2KMHXADyPSWMNXoPPBtMW2O

Score

1^/10

Malware Config

Signatures

Files

d8935fabea4e5527f1911fa85ffe099a40efdc343c783e6a09497de92cc4b121
.exe windows:5 windows x86 arch:x86

5e63cb76b9118002c068ba1e4d092898

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:eb:98:08:f9:4a:36:6f:2c:44:5d:4a:d6:62:85:1b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

24-06-2024 00:00

Not After

22-06-2025 23:59

Subject

SERIALNUMBER=110111-1138985,CN=AhnLab\, Inc.,O=AhnLab\, Inc.,L=Seongnam-si,ST=Gyeonggi-do,C=KR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130b53656f6e676e616d2d7369,1.3.6.1.4.1.311.60.2.1.2=#130b4779656f6e6767692d646f,1.3.6.1.4.1.311.60.2.1.3=#13024b52

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26-09-2024 00:00

Not After

25-11-2035 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:4a:8e:f3:4b:0d:b4:f7:da:72:82:9b:ce:ea:f1:7f:db:28:43:20:65:99:c6:a0:f2:a6:f2:ef:43:6a:28:0d
Signer

Actual PE Digest

04:4a:8e:f3:4b:0d:b4:f7:da:72:82:9b:ce:ea:f1:7f:db:28:43:20:65:99:c6:a0:f2:a6:f2:ef:43:6a:28:0d

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

u:\AhnLab\Common\AhnRestore\Trunk\Src\V3Restore\Release\V3Restore.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

getservbyname
htons
inet_addr
WSAGetLastError
htonl
gethostbyaddr
getservbyport
getsockopt
WSAStartup
WSACleanup
ioctlsocket
getsockname
WSASetLastError
ntohs
inet_ntoa
gethostbyname
shutdown
send
recv
accept
closesocket
listen
bind
setsockopt
connect
socket
select

kernel32

MulDiv
FormatMessageW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
CopyFileW
GlobalFree
InterlockedExchange
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GlobalDeleteAtom
InterlockedDecrement
SetThreadPriority
ResumeThread
SetEvent
SuspendThread
CreateEventW
GlobalAddAtomW
GetFileAttributesExW
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesW
GetFileAttributesW
GetFileSizeEx
GetFileTime
InterlockedIncrement
CompareStringW
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
LocalReAlloc
GlobalGetAtomNameW
GetAtomNameW
GetThreadLocale
GetPrivateProfileIntW
WritePrivateProfileStringW
SetConsoleMode
GlobalFlags
GetVersionExA
GlobalFindAtomW
FreeResource
MoveFileW
DeleteFileW
GetStringTypeExW
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetCurrentProcess
GetVolumeInformationW
GetFullPathNameW
GetShortPathNameW
SetErrorMode
GetStartupInfoW
RtlUnwind
HeapFree
HeapAlloc
GetDriveTypeW
GetLocalTime
HeapReAlloc
GetFileInformationByHandle
PeekNamedPipe
ExitProcess
SetConsoleCtrlHandler
GetDriveTypeA
FindFirstFileA
RaiseException
ExitThread
CreateThread
HeapSize
SetUnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
HeapDestroy
GetTickCount
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
FatalAppExitA
GetConsoleCP
GetCurrentDirectoryA
SetCurrentDirectoryA
SetStdHandle
LCMapStringA
LCMapStringW
GetFullPathNameA
CreateFileA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
GetConsoleMode
ReadConsoleW
ReadConsoleA
FindClose
FindFirstFileW
FindNextFileW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentVariableW
GetACP
GetStdHandle
GetFileType
GetSystemDirectoryA
LoadLibraryA
FormatMessageA
InterlockedExchangeAdd
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
VirtualFree
VirtualAlloc
VirtualProtect
VirtualLock
Sleep
InterlockedCompareExchange
SetLastError
GetCurrentDirectoryW
CreateProcessW
WaitForSingleObject
OutputDebugStringA
GetCurrentProcessId
SetCurrentDirectoryW
GetModuleFileNameW
GetTempPathW
SetFilePointer
WriteFile
SetEndOfFile
WideCharToMultiByte
GetFileSize
ReadFile
MultiByteToWideChar
CreateFileW
LoadLibraryW
GetWindowsDirectoryW
GetSystemDirectoryW
LoadLibraryExW
GetUserDefaultLangID
FileTimeToLocalFileTime
FileTimeToSystemTime
FindResourceW
LoadResource
LockResource
SizeofResource
lstrcpyW
lstrcatW
CreateMutexW
lstrcmpA
CloseHandle
lstrlenA
lstrcpynW
GetVersion
GetModuleHandleA
FreeLibrary
LocalAlloc
lstrcmpW
lstrlenW
LocalFree
GetSystemInfo
lstrcmpiW
GetVersionExW
GetLastError
GetModuleHandleW
GetProcAddress
GetPrivateProfileStringW

user32

GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
IsDialogMessageW
MoveWindow
ShowWindow
ScrollWindowEx
DestroyIcon
CharUpperW
InflateRect
GetMenuItemInfoW
DestroyMenu
SystemParametersInfoW
TranslateAcceleratorW
BringWindowToTop
SetRectEmpty
CreatePopupMenu
InsertMenuItemW
InvalidateRect
LoadAcceleratorsW
GetMenuBarInfo
LoadMenuW
ReuseDDElParam
UnpackDDElParam
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetKeyNameTextW
MapVirtualKeyW
IsRectEmpty
GetSystemMenu
SetParent
UnionRect
GetDialogBaseUnits
SetRect
SetTimer
KillTimer
GetDCEx
LockWindowUpdate
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
DefWindowProcW
CallWindowProcW
CheckRadioButton
GetMenu
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
UnregisterClassW
WaitMessage
ReleaseCapture
GetCapture
WindowFromPoint
SetCapture
GetDesktopWindow
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
DeleteMenu
GetWindowTextLengthW
GetWindowTextW
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
EnableWindow
ShowOwnedPopups
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
SendMessageW
ModifyMenuW
EnableMenuItem
CheckMenuItem
UnhookWindowsHookEx
PostMessageW
PostQuitMessage
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
MessageBoxW
GetProcessWindowStation
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetClassLongW
SetPropW
GetPropW
CopyRect
RemovePropW
GetUserObjectInformationW
wsprintfW
CharNextA
CharPrevA
IsWindowEnabled

gdi32

SetTextJustification
SetTextCharacterExtra
SetMapperFlags
SetArcDirection
SetColorAdjustment
DeleteObject
SelectClipRgn
GetClipRgn
CreateRectRgn
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
SetTextAlign
CreateCompatibleDC
LineTo
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
GetDCOrgEx
CreateFontIndirectW
GetTextExtentPoint32W
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
RectVisible
PatBlt
DPtoLP
CreateCompatibleBitmap
GetCharWidthW
CreateFontW
StretchDIBits
GetTextMetricsW
GetBkColor
CreatePatternBrush
MoveToEx
PtVisible
StartDocW
GetPixel
BitBlt
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
CreateDCW
CopyMetaFileW
GetStockObject
GetDeviceCaps
GetWindowExtEx
GetViewportExtEx
GetObjectW
SelectClipPath
TextOutW

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegSetValueW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW

shell32

ExtractIconW
DragFinish
DragQueryFileW
SHGetFileInfoW

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveExtensionW
PathRemoveFileSpecW

ole32

CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
CoInitializeEx
CoUninitialize
CLSIDFromString
CoCreateInstance
StringFromGUID2
CoDisconnectObject
OleDuplicateData
CoTreatAsClass
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg

oleaut32

SysStringLen
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantClear
SafeArrayRedim
VariantChangeType
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
VariantInit

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e63cb76b9118002c068ba1e4d092898

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:eb:98:08:f9:4a:36:6f:2c:44:5d:4a:d6:62:85:1bCertificate

Extended Key Usages

Key Usages

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

04:4a:8e:f3:4b:0d:b4:f7:da:72:82:9b:ce:ea:f1:7f:db:28:43:20:65:99:c6:a0:f2:a6:f2:ef:43:6a:28:0dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 600KB - Virtual size: 600KB

.data Size: 19KB - Virtual size: 40KB

.rsrc Size: 15KB - Virtual size: 14KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:eb:98:08:f9:4a:36:6f:2c:44:5d:4a:d6:62:85:1b
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

04:4a:8e:f3:4b:0d:b4:f7:da:72:82:9b:ce:ea:f1:7f:db:28:43:20:65:99:c6:a0:f2:a6:f2:ef:43:6a:28:0d
Signer

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 600KB - Virtual size: 600KB

.data
Size: 19KB - Virtual size: 40KB

.rsrc
Size: 15KB - Virtual size: 14KB