20e3c849b91afa4776949ff8d34b2ccc5220c04842e09ebb01d8b4c313bafa5f

Sharing

Copy URL Twitter E-mail

General

Target

20e3c849b91afa4776949ff8d34b2ccc5220c04842e09ebb01d8b4c313bafa5f
Size

940KB
MD5

b9e36ef0dbd490e00b77f6e42d950726
SHA1

266ae513f2208b51542fa469e8edf6b2f0bcb7f7
SHA256

20e3c849b91afa4776949ff8d34b2ccc5220c04842e09ebb01d8b4c313bafa5f
SHA512

54a6ec35c411d6aab35999eff20e312148d3ef1fe38411486efc80f1a0e90ddd45df625a985ff94b5cc9239bf080d641ae21e8af43e263bc15354967777f661a
SSDEEP

24576:eWXn1tGmBTxeuQYXyP22MVH0QQcfLq8gMJvNuNWlx2pf:eWlImBT0F21H0JIz5YWl4p

Score

N/A

Malware Config

Signatures

Files

20e3c849b91afa4776949ff8d34b2ccc5220c04842e09ebb01d8b4c313bafa5f
.dll windows x86

8c583ada96281b3f39dc3739e0bf8698

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:9a:26:3a:7f:30:4e:31:02:80:90:19:49:54:4d:be:e1:2f:1a:f5:ff:04:e3:c0:54:6e:80:4e:e5:33:3e:29
Signer

Actual PE Digest

2e:9a:26:3a:7f:30:4e:31:02:80:90:19:49:54:4d:be:e1:2f:1a:f5:ff:04:e3:c0:54:6e:80:4e:e5:33:3e:29

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

28/07/2022, 05:14
Valid: true

Chain 1

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

55:34:79:6b:28:74:7b:7f:fc:1d:76:f9:60:81:9f:77:aa:a6:e6:b6
Signer

Actual PE Digest

55:34:79:6b:28:74:7b:7f:fc:1d:76:f9:60:81:9f:77:aa:a6:e6:b6

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

29/09/2022, 18:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
HeapAlloc
GetProcessHeap
GetCommandLineW
DecodeSystemPointer
EncodeSystemPointer
GetCurrentProcessId
MulDiv
WaitForSingleObject
CreateEventW
SetEvent
TerminateThread
LoadLibraryW
GetSystemTimeAsFileTime
GetProcessTimes
InitializeCriticalSection
lstrcmpiW
SetInformationJobObject
TerminateProcess
GetModuleFileNameW
CreateJobObjectW
OpenProcess
AssignProcessToJobObject
ResumeThread
CreateProcessW
GetModuleFileNameA
FreeLibrary
GetModuleHandleA
HeapLock
HeapWalk
GetProcessHeaps
HeapUnlock
GetVersionExW
GetHandleInformation
OpenFileMappingW
UnmapViewOfFile
DuplicateHandle
CreateFileMappingW
MapViewOfFile
IsBadReadPtr
ReadFile
VirtualFree
VirtualAlloc
CreateFileW
GetSystemInfo
GetFileSize
LoadLibraryExW
GetSystemDirectoryW
CreateToolhelp32Snapshot
TlsAlloc
Process32FirstW
GetNativeSystemInfo
OutputDebugStringA
LoadLibraryExA
OutputDebugStringW
HeapSize
UnregisterWaitEx
QueryDepthSList
ReleaseSemaphore
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
SetEndOfFile
TryEnterCriticalSection
SwitchToThread
GetTickCount
TlsGetValue
GetModuleHandleW
DeleteCriticalSection
GetProcAddress
DecodePointer
CreateThread
RaiseException
CloseHandle
GetLastError
Sleep
GetCurrentThreadId
LeaveCriticalSection
InterlockedCompareExchange
LoadLibraryA
WaitForMultipleObjects
FormatMessageA
GetVersionExA
SleepEx
WriteConsoleW
ReadConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
HeapFree
GetCurrentProcess
EnterCriticalSection
SetLastError
TlsSetValue
InterlockedExchange
WideCharToMultiByte
MultiByteToWideChar
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
Process32NextW
InterlockedDecrement
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStdHandle
GetACP
GetStringTypeW
CreateDirectoryW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
GetFileAttributesExW
ExitProcess
FreeLibraryAndExitThread
ExitThread
TlsFree
InterlockedFlushSList
RtlUnwind
VirtualQuery
GetCurrentThread
VirtualProtect
DeviceIoControl
FindClose
FindFirstFileW
WriteFile
DeleteFileW
CopyFileW
GetPrivateProfileStringA
ExpandEnvironmentStringsA
GetPrivateProfileStringW
GetModuleHandleExW
ExpandEnvironmentStringsW
GetSystemDefaultLangID
GetUserDefaultLangID
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

IsWindowVisible
DestroyWindow
SendMessageTimeoutW
UnregisterClassW
SetWindowLongW
RegisterClassExW
PostMessageW
CallWindowProcW
DefWindowProcW
GetMessageW
GetWindowThreadProcessId
TranslateMessage
GetPropW
CreateWindowExW
IsWindow
DispatchMessageW
SetTimer
SetPropW
PostThreadMessageW
KillTimer
PostQuitMessage
GetClassInfoExW
GetParent
GetAncestor
IsIconic
ReleaseDC
GetClientRect
SetParent
SendMessageA
GetAsyncKeyState
ShowWindow
GetWindowLongW
GetWindowTextW
LoadCursorW
PostMessageA
SetPropA
SendMessageW
MsgWaitForMultipleObjects
PeekMessageW
PostThreadMessageA
SetFocus
GetDesktopWindow
GetPropA
GetWindowRect
ScreenToClient
ClientToScreen
RegisterWindowMessageW
PtInRect
GetCursorPos
GetDC

gdi32

GetDeviceCaps

advapi32

RegOpenKeyW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash

shell32

ShellExecuteW
SHGetFolderPathW
SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

CoInitialize
OleUninitialize
CoTaskMemFree
CoInitializeEx
CoUninitialize
OleInitialize
CoCreateGuid

oleaut32

VariantCopy
VariantInit
SysFreeString
SysAllocString
VariantClear

shlwapi

PathFileExistsW
PathAppendW
PathFindFileNameW
PathCombineW
AssocQueryStringA
AssocQueryStringW
PathRemoveFileSpecW

winmm

timeSetEvent
timeKillEvent
timeGetTime

ws2_32

ioctlsocket
listen
accept
sendto
recvfrom
__WSAFDIsSet
send
WSAIoctl
WSASetLastError
setsockopt
recv
gethostname
socket
closesocket
bind
WSACleanup
select
ntohs
getsockopt
getsockname
getpeername
connect
htons
WSAGetLastError
freeaddrinfo
getaddrinfo
WSAStartup
htonl

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetSetOptionW
InternetOpenA

netapi32

NetApiBufferFree
Netbios
NetWkstaTransportEnum

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord143
ord46
ord211
ord60

Exports

Exports

??0HungDetectSlave@Util@@QAE@XZ
??1HungDetectSlave@Util@@QAE@XZ
?GetLastMsg@HungCheckInfo@Util@@SAXAAUtagMSG@@@Z
?Init@HungDetectSlave@Util@@QAEXPAUHWND__@@0@Z
?InitHungDetect@Util@@YAXPAUHWND__@@@Z
?OnTimer@HungDetectSlave@Util@@QAEJIIJAAH@Z
?PostHeartBeatMsg@HungDetectSlave@Util@@QAEHXZ
?SetHungCheckInfo@HungCheckInfo@Util@@SAXKK@Z
?SetLastMsg@HungCheckInfo@Util@@SAXABUtagMSG@@@Z
?SetUrl@HungDetectSlave@Util@@QAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?UnInit@HungDetectSlave@Util@@QAEXXZ
?UninitHungDetect@Util@@YAXXZ
CallPreProcInit
FixOpengl
GetBrowserUserAgent
GetClassObject
GetCurrentState
IgnoreLC
IsIgnoreLC
Prefetch
SetCrashStatusCode
SupportDU
SupportDragDrop
curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 664KB - Virtual size: 663KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared_
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c583ada96281b3f39dc3739e0bf8698

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

2e:9a:26:3a:7f:30:4e:31:02:80:90:19:49:54:4d:be:e1:2f:1a:f5:ff:04:e3:c0:54:6e:80:4e:e5:33:3e:29Signer

Signature Validations

Verification

28/07/2022, 05:14 Valid: true

Chain 1

55:34:79:6b:28:74:7b:7f:fc:1d:76:f9:60:81:9f:77:aa:a6:e6:b6Signer

Signature Validations

Verification

29/09/2022, 18:54 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

winmm

ws2_32

version

wininet

netapi32

wldap32

Exports

Exports

Sections

.text Size: 664KB - Virtual size: 663KB

.rdata Size: 161KB - Virtual size: 161KB

.data Size: 12KB - Virtual size: 18KB

.shared_ Size: 2KB - Virtual size: 1KB

.shared Size: 512B - Virtual size: 4B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 34KB - Virtual size: 33KB

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

2e:9a:26:3a:7f:30:4e:31:02:80:90:19:49:54:4d:be:e1:2f:1a:f5:ff:04:e3:c0:54:6e:80:4e:e5:33:3e:29
Signer

28/07/2022, 05:14
Valid: true

55:34:79:6b:28:74:7b:7f:fc:1d:76:f9:60:81:9f:77:aa:a6:e6:b6
Signer

29/09/2022, 18:54
Valid: false

.text
Size: 664KB - Virtual size: 663KB

.rdata
Size: 161KB - Virtual size: 161KB

.data
Size: 12KB - Virtual size: 18KB

.shared_
Size: 2KB - Virtual size: 1KB

.shared
Size: 512B - Virtual size: 4B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 34KB - Virtual size: 33KB