040b095e18e138023ce13d494974d462448cef810d546795bf99dba906a4828b

Sharing

Copy URL

Twitter E-mail

General

Target

040b095e18e138023ce13d494974d462448cef810d546795bf99dba906a4828b
Size

1.6MB
MD5

0d54af59333bf00772438717207cf8e7
SHA1

37231c1e27ed127c078ee468a17b5a273e155461
SHA256

040b095e18e138023ce13d494974d462448cef810d546795bf99dba906a4828b
SHA512

4fe306b3246fff59f5320669ee6a4c356742943f14086c98574ddfde2a64cb81b36b649290fa74ea88191dc56ed0620797710a3380e9f288a3a542c6107092e1
SSDEEP

49152:GpjR8r8r8GJUakG2QPUD2LIXEy6khz9yiUMBR:cF8r8rrJUakG/PUSMEOhz9yiUMBR

Score

N/A

Malware Config

Signatures

Files

040b095e18e138023ce13d494974d462448cef810d546795bf99dba906a4828b
.exe windows x86

83cfcd8439a1cb185c23ac380f5bba41

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:07:a9:cf:a6:a7:15:67:67:f0:5e:17:b7:51:c5:c5
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-02-2020 00:00

Not After

20-03-2023 12:00

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:07:a9:cf:a6:a7:15:67:67:f0:5e:17:b7:51:c5:c5
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-02-2020 00:00

Not After

20-03-2023 12:00

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3e:87:ae:60:03:00:e1:35:63:9c:08:84:c1:38:ee:7e:83:13:6e:46:34:57:17:8c:fe:5b:a0:16:aa:19:b0:24
Signer

Actual PE Digest

3e:87:ae:60:03:00:e1:35:63:9c:08:84:c1:38:ee:7e:83:13:6e:46:34:57:17:8c:fe:5b:a0:16:aa:19:b0:24

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

07-07-2020 10:33
Valid: true

Chain 1

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

ad:59:05:55:a1:d4:a4:43:f8:9a:f2:6c:e2:b4:0e:53:91:e9:1a:2f
Signer

Actual PE Digest

ad:59:05:55:a1:d4:a4:43:f8:9a:f2:6c:e2:b4:0e:53:91:e9:1a:2f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

07-07-2020 10:33
Valid: true

Chain 1

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ProcessIdToSessionId
GetSystemInfo
InterlockedCompareExchange
MoveFileW
GetLogicalDriveStringsW
QueryDosDeviceW
GetTempPathW
CopyFileW
GetTempFileNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
FlushFileBuffers
FileTimeToSystemTime
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
FileTimeToLocalFileTime
GetUserDefaultLangID
GetComputerNameA
GetStdHandle
WaitForMultipleObjects
VirtualFree
VirtualAlloc
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
CreateEventW
SetEvent
lstrcpyW
lstrcatW
SetFileAttributesW
DeviceIoControl
CreateFileA
LoadLibraryA
OpenMutexW
OpenEventW
OpenSemaphoreW
GetCurrentProcessId
ExpandEnvironmentStringsW
CreateProcessW
GetSystemTime
SetUnhandledExceptionFilter
FormatMessageA
ExpandEnvironmentStringsA
LocalFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetFullPathNameA
GetDriveTypeA
GetCurrentDirectoryA
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStartupInfoA
SetHandleCount
GetModuleFileNameA
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
VirtualQuery
GetModuleHandleA
VirtualProtect
GetFileType
SetStdHandle
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetThreadLocale
GetLocaleInfoA
GetACP
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
LocalAlloc
OpenProcess
GetSystemDirectoryW
RemoveDirectoryW
FindClose
GetTickCount
SetEndOfFile
WriteFile
CreateDirectoryW
GetFileAttributesW
SetFilePointer
GetCurrentThread
SetThreadPriority
InterlockedDecrement
InterlockedIncrement
MapViewOfFileEx
lstrcmpiW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LoadLibraryExW
DeleteCriticalSection
MapViewOfFile
CreateFileMappingW
CreateThread
UnmapViewOfFile
WaitForSingleObject
Sleep
TerminateThread
GetDiskFreeSpaceExW
GetDriveTypeW
MoveFileExW
DeleteFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
FindResourceW
FlushInstructionCache
CreateFileW
FreeLibrary
GetFileSize
LoadLibraryW
WideCharToMultiByte
ReadFile
lstrlenW
GetModuleFileNameW
GetLastError
InterlockedExchange
OutputDebugStringW
GetLocalTime
RaiseException
GetPrivateProfileStringW
CloseHandle
LeaveCriticalSection
GetCurrentProcess
EnterCriticalSection
SetLastError
FreeResource
InitializeCriticalSection
lstrlenA
GetModuleHandleW
FindResourceExW
MultiByteToWideChar
GetProcAddress
LoadResource
GetVersionExW
GetPrivateProfileIntW
LockResource
GetWindowsDirectoryW
GetCurrentThreadId
SizeofResource
SleepEx
FindFirstFileA

user32

LoadBitmapW
CharNextW
FindWindowExW
UpdateWindow
AttachThreadInput
CharUpperW
CharLowerW
EndPaint
GetDlgItem
SetActiveWindow
IsRectEmpty
EqualRect
CallWindowProcW
SetWindowTextW
UnregisterClassA
BringWindowToTop
DestroyWindow
SetCursor
GetParent
GetForegroundWindow
PostThreadMessageW
GetWindowTextW
GetNextDlgTabItem
RegisterClassExW
ClientToScreen
GetWindow
DrawIconEx
PeekMessageW
GetWindowRect
SystemParametersInfoW
SetWindowPos
MonitorFromWindow
OffsetRect
GetWindowLongW
TranslateMessage
GetMonitorInfoW
IntersectRect
GetClientRect
UpdateLayeredWindow
SetWindowLongW
DispatchMessageW
MapWindowPoints
FindWindowW
DrawFrameControl
RegisterWindowMessageW
GetKeyState
WindowFromPoint
GetClassInfoExW
GetScrollPos
CopyRect
SetCapture
DestroyIcon
ReleaseCapture
SetRect
GetCursorPos
ScreenToClient
IsWindow
DefWindowProcW
IsWindowVisible
LoadImageW
PtInRect
SetForegroundWindow
LoadIconW
InvalidateRect
MoveWindow
InflateRect
CreateWindowExW
GetActiveWindow
GetDC
DrawTextW
GetDesktopWindow
ReleaseDC
GetDlgCtrlID
IsWindowEnabled
EnableWindow
GetFocus
SetRectEmpty
PostMessageW
IsChild
SendMessageW
GetWindowThreadProcessId
SetFocus
BeginPaint
LoadCursorW
GetMessageW
ShowWindow
IsDialogMessageW
SetTimer
GetWindowTextLengthW
SetWindowRgn
KillTimer

gdi32

LineTo
CombineRgn
DeleteDC
BitBlt
Rectangle
RectInRegion
CreateCompatibleBitmap
GetViewportOrgEx
DeleteObject
CreateBitmap
SetViewportOrgEx
StretchBlt
SelectObject
SetTextColor
SaveDC
CreateCompatibleDC
MoveToEx
ExtSelectClipRgn
CreateDIBSection
GetStockObject
OffsetRgn
CreatePen
GetObjectW
SetBkColor
RestoreDC
SetBkMode
ExtTextOutW
GetTextColor
SelectClipRgn
TextOutW
CreateRoundRectRgn
CreateRectRgnIndirect
GetDeviceCaps
GetClipRgn
CreateFontIndirectW
RoundRect
GetCurrentObject
SetStretchBltMode
GetTextMetricsW
CreateFontW
CreateRectRgn
GetTextExtentPoint32W

advapi32

RegSetValueExW
RegOpenKeyW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegEnumKeyExW
RegDeleteValueW

shell32

SHGetFolderPathW
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHFileOperationW
ShellExecuteW

ole32

CoUninitialize
CoSetProxyBlanket
CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemRealloc
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
VarUI4FromStr
SysStringLen
VariantInit
VariantCopy
VariantClear
SysAllocString

shlwapi

PathAppendW
PathFindExtensionW
PathFindFileNameW
StrToIntW
StrToIntA
PathAddBackslashW
PathRemoveFileSpecW
PathFileExistsW

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipLoadImageFromStream
GdipGetImagePixelFormat
GdipCloneBitmapArea
GdipCreateBitmapFromHBITMAP
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipImageRotateFlip
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipGetFontCollectionFamilyList
GdipCreateLineBrushI
GdipCloneFontFamily
GdipDrawImagePointsRectI
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromScan0
GdipTranslateWorldTransform
GdipDrawLine
GdiplusShutdown
GdipDeleteFontFamily
GdipFillRectangleI
GdipDrawRectangleI
GdipSetStringFormatTrimming
GdipFree
GdipLoadImageFromFile
GdipRotateWorldTransform
GdipGetImageGraphicsContext
GdipDrawImageRectRect
GdipSetSmoothingMode
GdipDrawLinesI
GdipDisposeImage
GdipDeleteFont
GdipSetPenMode
GdipSetPixelOffsetMode
GdipGetImageHeight
GdipGetFamily
GdipSetPenStartCap
GdipGetImageWidth
GdipSetPenEndCap
GdipCreateSolidFill
GdipSetInterpolationMode
GdipDrawString
GdipDeletePen
GdipDeleteGraphics
GdipAddPathStringI
GdipDrawImageRectI
GdipCreatePen1
GdipCreateFromHDC
GdipGetFontSize
GdipFillPath
GdipAddPathPieI
GdipCloneBrush
GdipCreateStringFormat
GdipGraphicsClear
GdipSetTextRenderingHint
GdipDeleteStringFormat
GdipDrawImageI
GdipAddPathRectangleI
GdipDeleteBrush
GdipSetStringFormatAlign
GdipCreateImageAttributes
GdipCreateFont
GdipNewPrivateFontCollection
GdipDisposeImageAttributes
GdipDrawPath
GdipMeasureString
GdipDeletePrivateFontCollection
GdipSetCompositingQuality
GdipSetClipPath
GdipClosePathFigure
GdipCreateFontFromLogfontW
GdipDrawImageRectRectI
GdipAddPathArcI
GdipPrivateAddFontFile
GdipSetImageAttributesColorMatrix
GdipSetPenDashStyle
GdipSetStringFormatLineAlign
GdipDeletePath
GdipGetFontCollectionFamilyCount
GdipFillRectangle
GdipSetStringFormatFlags
GdipCreatePath
GdipAlloc
GdipResetWorldTransform

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

rasapi32

RasEnumConnectionsW

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile
GetAdaptersInfo

Sections

.text
Size: 732KB - Virtual size: 728KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 548KB - Virtual size: 547KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83cfcd8439a1cb185c23ac380f5bba41

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0f:07:a9:cf:a6:a7:15:67:67:f0:5e:17:b7:51:c5:c5Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

0f:07:a9:cf:a6:a7:15:67:67:f0:5e:17:b7:51:c5:c5Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

3e:87:ae:60:03:00:e1:35:63:9c:08:84:c1:38:ee:7e:83:13:6e:46:34:57:17:8c:fe:5b:a0:16:aa:19:b0:24Signer

Signature Validations

Verification

07-07-2020 10:33 Valid: true

Chain 1

ad:59:05:55:a1:d4:a4:43:f8:9a:f2:6c:e2:b4:0e:53:91:e9:1a:2fSigner

Signature Validations

Verification

07-07-2020 10:33 Valid: true

Chain 1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

version

wtsapi32

psapi

rasapi32

iphlpapi

Sections

.text Size: 732KB - Virtual size: 728KB

.rdata Size: 156KB - Virtual size: 152KB

.data Size: 28KB - Virtual size: 46KB

.rsrc Size: 548KB - Virtual size: 547KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0f:07:a9:cf:a6:a7:15:67:67:f0:5e:17:b7:51:c5:c5
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

0f:07:a9:cf:a6:a7:15:67:67:f0:5e:17:b7:51:c5:c5
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

3e:87:ae:60:03:00:e1:35:63:9c:08:84:c1:38:ee:7e:83:13:6e:46:34:57:17:8c:fe:5b:a0:16:aa:19:b0:24
Signer

07-07-2020 10:33
Valid: true

ad:59:05:55:a1:d4:a4:43:f8:9a:f2:6c:e2:b4:0e:53:91:e9:1a:2f
Signer

07-07-2020 10:33
Valid: true

.text
Size: 732KB - Virtual size: 728KB

.rdata
Size: 156KB - Virtual size: 152KB

.data
Size: 28KB - Virtual size: 46KB

.rsrc
Size: 548KB - Virtual size: 547KB