b8e1be8a453d1687e36cafc4f523c604783eb68a4a9d04e58f1fe4204eb77cfbN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

b8e1be8a453d1687e36cafc4f523c604783eb68a4a9d04e58f1fe4204eb77cfbN.exe
Size

654KB
MD5

fdf6f889a2b46518925df31371d8a1b0
SHA1

1e70ceee45f109b04328f0a8aac42bc67e35b394
SHA256

b8e1be8a453d1687e36cafc4f523c604783eb68a4a9d04e58f1fe4204eb77cfb
SHA512

bcb8720603222c7c99c0b5ffa24b8dfa76f30590e69736c64e3460daaede3776b4f94fbf8ab3bbb1a3feb4727862f8f11666186f22383e17055808472659e2f4
SSDEEP

12288:HInxVTEmz2Wha8ia+7XzXqe0GAHW8MYxmc2mf8iJPsBjvrEH7i:on8m1ia+7Xz7HqW8MYxmc2K8ikrEH7i

Score

1^/10

Malware Config

Signatures

Files

b8e1be8a453d1687e36cafc4f523c604783eb68a4a9d04e58f1fe4204eb77cfbN.exe
.exe windows:5 windows x86 arch:x86

6754d41c49dfe0654832ffeed6dd5bb2

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:41

Not After

15-04-2021 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:b0:b5:66:8e:ab:83:1e:5e:c3:12:72:89:ec:ae:46
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-09-2019 00:00

Not After

14-09-2022 12:00

Subject

CN=北京思普瑞特科技发展有限公司,OU=行政部,O=北京思普瑞特科技发展有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:41

Not After

15-04-2021 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:b0:b5:66:8e:ab:83:1e:5e:c3:12:72:89:ec:ae:46
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-09-2019 00:00

Not After

14-09-2022 12:00

Subject

CN=北京思普瑞特科技发展有限公司,OU=行政部,O=北京思普瑞特科技发展有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:c2:f5:4f:91:89:4d:cd:7f:af:09:1b:7b:a7:64:17:15:e9:e2:80:f7:e4:64:fa:df:d2:64:d4:b8:ca:c6:df
Signer

Actual PE Digest

26:c2:f5:4f:91:89:4d:cd:7f:af:09:1b:7b:a7:64:17:15:e9:e2:80:f7:e4:64:fa:df:d2:64:d4:b8:ca:c6:df

Digest Algorithm

sha256

PE Digest Matches

false

79:82:17:5e:6d:4b:d7:ce:16:f7:8e:32:4a:83:47:8d:f7:d1:5c:49
Signer

Actual PE Digest

79:82:17:5e:6d:4b:d7:ce:16:f7:8e:32:4a:83:47:8d:f7:d1:5c:49

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\code\打印机驱动程序\通用驱动\branch\SP-DRV2147Win_For_YiLang\InstallProj\Release\InstallProj.pdb

Imports

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW

kernel32

lstrlenA
SetErrorMode
GetFileAttributesW
GetFileSizeEx
GetFileTime
GetTickCount
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetFileAttributesA
RtlUnwind
RaiseException
HeapReAlloc
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GlobalFlags
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
InterlockedDecrement
CloseHandle
GetModuleHandleA
GetCurrentProcessId
WritePrivateProfileStringW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GlobalAlloc
MulDiv
lstrlenW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryW
CompareStringW
LoadLibraryA
SetLastError
FreeLibrary
lstrcmpW
GetModuleHandleW
GetProcAddress
GetVersionExA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GetModuleFileNameW
LocalAlloc
LocalFree
FormatMessageW
GetLastError
WideCharToMultiByte
GetUserDefaultLangID
Sleep
GetVersionExW
SetEvent
TerminateThread
ResetEvent
GetExitCodeThread
WaitForSingleObject
CreateThread
CreateEventW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetCommandLineW

user32

RegisterClipboardFormatW
PostThreadMessageW
IsRectEmpty
CharNextW
ReleaseCapture
SetCapture
LoadCursorW
GetSysColorBrush
DestroyMenu
CharUpperW
SetCursor
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowThreadProcessId
ReleaseDC
GetDC
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
EnableWindow
SendMessageW
PeekMessageW
LoadIconW
IsIconic
GetSystemMetrics
CheckMenuItem
GetClientRect
DrawIcon
GetSystemMenu
EnableMenuItem
SetWindowPos
MessageBoxW
SetTimer
KillTimer
SetForegroundWindow
IsWindowVisible
UpdateWindow
PostMessageW
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
CopyAcceleratorTableW
SetRect
GetDlgItem
wsprintfW
EndDialog
GetNextDlgTabItem
GetParent
IsWindowEnabled
GetWindowLongW
IsWindow
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
GetActiveWindow
GetDesktopWindow
GetWindow
GetWindowRect
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowLongW
GetMenu
PtInRect
CopyRect
CallWindowProcW
DefWindowProcW
GetDlgCtrlID

gdi32

GetStockObject
GetBkColor
GetTextColor
GetRgnBox
GetMapMode
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateFontW
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
CreateRectRgnIndirect
GetDeviceCaps
SetViewportOrgEx

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
EnumPortsW
EnumPortsA
EnumPrintersW
ord204
DeletePrinter
DeletePrinterDriverExW
DocumentPropertiesW
GetPrinterW
OpenPrinterW
SetPrinterW

advapi32

RegQueryValueExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegCreateKeyExW
RegDeleteKeyW
OpenSCManagerW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
QueryServiceStatus
StartServiceW
CloseServiceHandle
ControlService
OpenServiceW

shell32

ShellExecuteExW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CreateILockBytesOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject

oleaut32

SysAllocStringLen
SysAllocString
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysFreeString
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect

Sections

.text
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6754d41c49dfe0654832ffeed6dd5bb2

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

04:b0:b5:66:8e:ab:83:1e:5e:c3:12:72:89:ec:ae:46Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

04:b0:b5:66:8e:ab:83:1e:5e:c3:12:72:89:ec:ae:46Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

26:c2:f5:4f:91:89:4d:cd:7f:af:09:1b:7b:a7:64:17:15:e9:e2:80:f7:e4:64:fa:df:d2:64:d4:b8:ca:c6:dfSigner

79:82:17:5e:6d:4b:d7:ce:16:f7:8e:32:4a:83:47:8d:f7:d1:5c:49Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 259KB - Virtual size: 259KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 11KB - Virtual size: 29KB

.rsrc Size: 213KB - Virtual size: 213KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

04:b0:b5:66:8e:ab:83:1e:5e:c3:12:72:89:ec:ae:46
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

04:b0:b5:66:8e:ab:83:1e:5e:c3:12:72:89:ec:ae:46
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

26:c2:f5:4f:91:89:4d:cd:7f:af:09:1b:7b:a7:64:17:15:e9:e2:80:f7:e4:64:fa:df:d2:64:d4:b8:ca:c6:df
Signer

79:82:17:5e:6d:4b:d7:ce:16:f7:8e:32:4a:83:47:8d:f7:d1:5c:49
Signer

.text
Size: 259KB - Virtual size: 259KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 11KB - Virtual size: 29KB

.rsrc
Size: 213KB - Virtual size: 213KB