General

Malware Config

Signatures

Files

• dsgter_v9.0.1.exe

  .exe windows x86

  8f81038fc096bebd09bcaf0e096cfe80

  
  

  Code Sign

  06:c6:6d:55:2e:82:5c:1b:0d:70:55:de:d2:f2:48:61

  Certificate

  Issuer

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  18-12-2020 00:00

  Not After

  22-12-2021 23:59

  Subject

  SERIALNUMBER=91320102MA222WXX03,CN=南京大数智图网络科技有限公司,O=南京大数智图网络科技有限公司,L=南京市,ST=江苏省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e78e84e6ada6e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b19fe88b8fe79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c

  Certificate

  Issuer

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  18-04-2012 12:00

  Not After

  18-04-2027 12:00

  Subject

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-01-2021 00:00

  Not After

  06-01-2031 00:00

  Subject

  CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  07-01-2016 12:00

  Not After

  07-01-2031 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  2d:2c:22:da:15:72:11:70:b3:b3:6f:e3:b8:0f:3f:34:29:00:e0:7a:a4:c4:eb:53:b8:17:71:10:82:6b:63:9c

  Signer

  Actual PE Digest

  2d:2c:22:da:15:72:11:70:b3:b3:6f:e3:b8:0f:3f:34:29:00:e0:7a:a4:c4:eb:53:b8:17:71:10:82:6b:63:9c

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  SERIALNUMBER=91320102MA222WXX03,CN=南京大数智图网络科技有限公司,O=南京大数智图网络科技有限公司,L=南京市,ST=江苏省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e78e84e6ada6e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b19fe88b8fe79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

  09-10-2021 04:59

  Valid: true

  Chain 1

  SERIALNUMBER=91320102MA222WXX03,CN=南京大数智图网络科技有限公司,O=南京大数智图网络科技有限公司,L=南京市,ST=江苏省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e78e84e6ada6e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b19fe88b8fe79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

  CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

  CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  advapi32

  OpenProcessToken

  AdjustTokenPrivileges

  DuplicateTokenEx

  ImpersonateLoggedOnUser

  RevertToSelf

  SetTokenInformation

  LookupPrivilegeValueW

  GetUserNameW

  RegCloseKey

  RegCreateKeyW

  RegDeleteKeyW

  RegDeleteValueW

  RegOpenKeyExW

  RegQueryValueExW

  RegRestoreKeyW

  RegSaveKeyW

  RegSetValueExW

  RegCreateKeyExW

  CloseServiceHandle

  ControlService

  DeleteService

  OpenSCManagerW

  OpenServiceW

  QueryServiceStatus

  CryptEncrypt

  CryptImportKey

  CryptDestroyKey

  CryptAcquireContextA

  CryptReleaseContext

  CryptGenRandom

  CryptGetHashParam

  RegOpenKeyExA

  RegQueryValueExA

  CryptDestroyHash

  CryptHashData

  CryptCreateHash

  ws2_32

  getaddrinfo

  freeaddrinfo

  accept

  listen

  recvfrom

  WSAIoctl

  setsockopt

  WSAGetLastError

  ntohs

  htons

  getsockopt

  getsockname

  getpeername

  connect

  closesocket

  bind

  send

  recv

  WSASetLastError

  select

  __WSAFDIsSet

  socket

  ioctlsocket

  gethostname

  htonl

  ntohl

  WSAStartup

  WSACleanup

  sendto

  crypt32

  CertFreeCertificateContext

  wldap32

  ord301

  ord200

  ord30

  ord79

  ord35

  ord33

  ord32

  ord27

  ord26

  ord22

  ord41

  ord50

  ord60

  ord211

  ord143

  ord46

  normaliz

  IdnToAscii

  IdnToUnicode

  shlwapi

  wvnsprintfW

  PathAppendW

  wtsapi32

  WTSQueryUserToken

  userenv

  CreateEnvironmentBlock

  LoadUserProfileW

  kernel32

  IsDebuggerPresent

  CreateEventW

  ResetEvent

  SetEvent

  IsProcessorFeaturePresent

  GetCurrentProcess

  GetSystemInfo

  GetLocalTime

  GetNativeSystemInfo

  IsWow64Process

  GetModuleHandleW

  GetProcAddress

  OutputDebugStringW

  DecodePointer

  CloseHandle

  RaiseException

  GetLastError

  SetLastError

  HeapDestroy

  HeapAlloc

  HeapReAlloc

  HeapFree

  HeapSize

  GetProcessHeap

  InitializeCriticalSectionEx

  DeleteCriticalSection

  LoadLibraryW

  WTSGetActiveConsoleSessionId

  MultiByteToWideChar

  WideCharToMultiByte

  GetDiskFreeSpaceExW

  GetDriveTypeW

  GetFileSize

  GetTempPathW

  WaitForSingleObject

  Sleep

  TerminateProcess

  ResumeThread

  CreateProcessW

  OpenProcess

  FreeLibrary

  LoadLibraryA

  CreateToolhelp32Snapshot

  Process32FirstW

  Process32NextW

  CreateDirectoryA

  CreateDirectoryW

  CreateFileW

  GetShortPathNameW

  WriteFile

  LoadResource

  SizeofResource

  FindResourceW

  lstrlenW

  GetModuleFileNameW

  GetCommandLineW

  FindClose

  FindFirstFileW

  FindNextFileW

  GetFileSizeEx

  IsBadStringPtrA

  IsBadStringPtrW

  InterlockedFlushSList

  SetCurrentDirectoryW

  GetCurrentDirectoryW

  GetTickCount

  ExitProcess

  FreeResource

  LockResource

  ReadFile

  MulDiv

  GetFileType

  SetFilePointer

  SetFileTime

  DuplicateHandle

  DosDateTimeToFileTime

  SystemTimeToFileTime

  GetCurrentProcessId

  GlobalAlloc

  GlobalUnlock

  GlobalLock

  FormatMessageA

  GetTickCount64

  EnterCriticalSection

  LeaveCriticalSection

  SleepEx

  VerSetConditionMask

  GetSystemDirectoryA

  GetModuleHandleA

  VerifyVersionInfoA

  WaitForSingleObjectEx

  GetStdHandle

  PeekNamedPipe

  WaitForMultipleObjects

  ExpandEnvironmentStringsA

  SetEndOfFile

  CreateFileA

  DeleteFileW

  SwitchToThread

  CopyFileW

  GetPrivateProfileIntA

  GetPrivateProfileStringA

  DeviceIoControl

  GetVersionExW

  GetSystemDirectoryW

  FreeEnvironmentStringsW

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  GetCPInfo

  CompareStringEx

  GetStringTypeW

  GetLocaleInfoEx

  LCMapStringEx

  EncodePointer

  LocalFree

  CreateSymbolicLinkW

  GetFileInformationByHandleEx

  CloseThreadpoolWait

  SetThreadpoolWait

  CreateThreadpoolWait

  CloseThreadpoolTimer

  WaitForThreadpoolTimerCallbacks

  SetThreadpoolTimer

  CreateThreadpoolTimer

  CloseThreadpoolWork

  SubmitThreadpoolWork

  CreateThreadpoolWork

  FreeLibraryWhenCallbackReturns

  GetSystemTimeAsFileTime

  GetCurrentProcessorNumber

  FlushProcessWriteBuffers

  CreateSemaphoreExW

  CreateEventExW

  SleepConditionVariableSRW

  SleepConditionVariableCS

  WakeAllConditionVariable

  WakeConditionVariable

  InitializeConditionVariable

  InitOnceExecuteOnce

  FlsFree

  FlsSetValue

  FlsGetValue

  FlsAlloc

  SetFileInformationByHandle

  GetExitCodeThread

  GetCurrentThreadId

  TryEnterCriticalSection

  AcquireSRWLockExclusive

  ReleaseSRWLockExclusive

  InitializeSRWLock

  QueryPerformanceFrequency

  QueryPerformanceCounter

  GetEnvironmentStringsW

  GetCommandLineA

  GetOEMCP

  IsValidCodePage

  GetStartupInfoW

  InitializeSListHead

  SetEnvironmentVariableW

  RtlUnwind

  InitializeCriticalSectionAndSpinCount

  TlsAlloc

  TlsGetValue

  FindFirstFileExW

  GetTimeZoneInformation

  GetFullPathNameW

  GetFileAttributesExW

  SetStdHandle

  FlushFileBuffers

  EnumSystemLocalesW

  TlsSetValue

  TlsFree

  InterlockedPushEntrySList

  LoadLibraryExW

  GetModuleHandleExW

  HeapValidate

  CreateThread

  ExitThread

  FreeLibraryAndExitThread

  SetFilePointerEx

  GetFileInformationByHandle

  SystemTimeToTzSpecificLocalTime

  FileTimeToSystemTime

  GetConsoleMode

  ReadConsoleW

  GetConsoleOutputCP

  GetCurrentThread

  WriteConsoleW

  SetConsoleCtrlHandler

  HeapQueryInformation

  GetDateFormatW

  GetTimeFormatW

  CompareStringW

  LCMapStringW

  GetLocaleInfoW

  IsValidLocale

  GetUserDefaultLCID

  GetACP

  user32

  GetCaretBlinkTime

  CreateCaret

  SetRect

  FillRect

  DrawTextW

  CharPrevW

  SetWindowRgn

  GetMonitorInfoW

  HideCaret

  ClientToScreen

  GetSysColor

  SetWindowTextW

  GetWindowTextW

  GetWindowTextLengthW

  CreateAcceleratorTableW

  InvalidateRgn

  GetGUIThreadInfo

  ShowCaret

  SetCaretPos

  MonitorFromWindow

  GetCaretPos

  GetSystemMetrics

  UnregisterClassW

  PostQuitMessage

  ShowWindow

  MoveWindow

  SetWindowPos

  IsZoomed

  GetWindowRect

  LoadImageW

  AdjustWindowRectEx

  GetPropW

  SetPropW

  IntersectRect

  MessageBoxW

  SendMessageW

  LoadIconW

  wvsprintfW

  SetCursor

  InflateRect

  UnionRect

  OffsetRect

  LoadCursorW

  GetMessageW

  TranslateMessage

  DispatchMessageW

  PostMessageW

  CreateWindowExW

  IsWindow

  DestroyWindow

  IsWindowVisible

  IsIconic

  CharNextW

  SetFocus

  GetActiveWindow

  GetFocus

  GetKeyState

  SetCapture

  ReleaseCapture

  SetTimer

  KillTimer

  GetDC

  ReleaseDC

  BeginPaint

  EndPaint

  GetUpdateRect

  InvalidateRect

  GetClientRect

  GetCursorPos

  ScreenToClient

  MapWindowPoints

  EnableWindow

  IsRectEmpty

  PtInRect

  GetWindowLongW

  SetWindowLongW

  GetMenu

  GetClassInfoExW

  RegisterClassExW

  RegisterClassW

  CallWindowProcW

  DefWindowProcW

  wsprintfW

  GetWindow

  GetParent

  gdi32

  CreateCompatibleDC

  CreateCompatibleBitmap

  BitBlt

  GetObjectType

  CreatePen

  DeleteDC

  DeleteObject

  GetStockObject

  Rectangle

  RestoreDC

  SaveDC

  SelectObject

  GetTextExtentPoint32W

  LineTo

  RoundRect

  SelectClipRgn

  ExtSelectClipRgn

  SetBkColor

  SetBkMode

  StretchBlt

  SetStretchBltMode

  SetTextColor

  CreateDIBSection

  MoveToEx

  TextOutW

  ExtTextOutW

  GdiFlush

  GetDeviceCaps

  GetObjectA

  CreatePatternBrush

  GetTextMetricsW

  GetObjectW

  SetWindowOrgEx

  CreateRoundRectRgn

  CombineRgn

  CreatePenIndirect

  CreateRectRgnIndirect

  CreateSolidBrush

  GetCharABCWidthsW

  CreateFontIndirectW

  GetClipBox

  shell32

  SHGetFolderPathA

  CommandLineToArgvW

  SHBrowseForFolderW

  ShellExecuteW

  ShellExecuteA

  SHGetSpecialFolderLocation

  SHGetPathFromIDListW

  SHGetSpecialFolderPathW

  ole32

  CLSIDFromProgID

  CoCreateGuid

  CreateStreamOnHGlobal

  OleLockRunning

  CoInitialize

  CoCreateInstance

  CoUninitialize

  CoInitializeEx

  CoInitializeSecurity

  CLSIDFromString

  oleaut32

  VariantInit

  SysFreeString

  VariantClear

  CreateErrorInfo

  GetErrorInfo

  VariantChangeType

  SetErrorInfo

  SysAllocString

  gdiplus

  GdipSetPixelOffsetMode

  GdipGetPropertyItem

  GdipGetPropertyItemSize

  GdipImageSelectActiveFrame

  GdipImageGetFrameCount

  GdipImageGetFrameDimensionsList

  GdipImageGetFrameDimensionsCount

  GdipGetImageHeight

  GdipGetImageWidth

  GdipLoadImageFromStreamICM

  GdipLoadImageFromStream

  GdipAlloc

  GdipFree

  GdiplusStartup

  GdiplusShutdown

  GdipCloneBrush

  GdipDeleteBrush

  GdipCreateLineBrushI

  GdipCloneImage

  GdipDisposeImage

  GdipGetImageGraphicsContext

  GdipCreateBitmapFromScan0

  GdipCreateFromHDC

  GdipDeleteGraphics

  GdipSetCompositingQuality

  GdipSetSmoothingMode

  GdipSetStringFormatAlign

  GdipSetTextRenderingHint

  GdipSetInterpolationMode

  GdipGraphicsClear

  GdipDrawImage

  GdipDrawImageRectI

  GdipDeleteFontFamily

  GdipCreateFontFromDC

  GdipCreateFontFromLogfontA

  GdipDeleteFont

  GdipGetFamily

  GdipDrawString

  GdipCreateStringFormat

  GdipDeleteStringFormat

  GdipSetStringFormatLineAlign

  comctl32

  ord17

  _TrackMouseEvent

  InitCommonControlsEx

  imm32

  ImmReleaseContext

  ImmSetCompositionFontW

  ImmSetCompositionWindow

  ImmGetContext

  netapi32

  NetWkstaTransportEnum

  NetApiBufferFree

  Netbios

  Sections

  .text

  Size: 1.6MB - Virtual size: 1.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 416KB - Virtual size: 415KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 13KB - Virtual size: 31KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Shared

  Size: 512B - Virtual size: 4B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4.7MB - Virtual size: 4.7MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 73KB - Virtual size: 73KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ