f5c5c9e93d3ca4c67945bbda15de9143f6b661ca6bb6f664f48cd83e74739974

Sharing

Copy URL

Twitter E-mail

General

Target

f5c5c9e93d3ca4c67945bbda15de9143f6b661ca6bb6f664f48cd83e74739974
Size

7.2MB
MD5

05a701097dc2877b7ffe128ce2d7f2a2
SHA1

213f3caf5ed12fee5ba7303c09a5f681bdae212c
SHA256

f5c5c9e93d3ca4c67945bbda15de9143f6b661ca6bb6f664f48cd83e74739974
SHA512

d304550dc7241305636720d0f095d9b78a4638c9ea5472d1c36800e17ea29734ffba75949c25c80c89c7d25e89aa181d7b553d45d15bf90472bc9b7e9895c2b1
SSDEEP

196608:ogzb4IhM70oMQKAaqgXPj2CAHnlqtv1O85QqT:oVIaE4oXPjbYqt4qT

Score

N/A

Malware Config

Signatures

Files

f5c5c9e93d3ca4c67945bbda15de9143f6b661ca6bb6f664f48cd83e74739974
.exe windows x86

7912ecb4f7bbbe53029069d73813f689

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:82:ab:a6:7f:8b:c6:74:df:9f:b3:ec:a5:91:bd:ce
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30-08-2019 00:00

Not After

12-11-2021 12:00

Subject

CN=天津六六游科技有限公司,OU=技术部,O=天津六六游科技有限公司,L=天津市,ST=天津市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:ba:f7:50:38:18:8a:99:16:8a:78:bb:12:de:4b:22
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30-08-2019 00:00

Not After

12-11-2021 12:00

Subject

CN=天津六六游科技有限公司,OU=技术部,O=天津六六游科技有限公司,L=天津市,ST=天津市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

28-01-2021 11:08

Not After

01-03-2032 11:08

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:9b:49:0f:ba:b3:83:9d:28:ad:30:a6:b4:13:8f:b8:f7:4e:48:30:d6:a6:4f:3c:65:86:64:2a:5b:c0:80:d4
Signer

Actual PE Digest

5d:9b:49:0f:ba:b3:83:9d:28:ad:30:a6:b4:13:8f:b8:f7:4e:48:30:d6:a6:4f:3c:65:86:64:2a:5b:c0:80:d4

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=天津六六游科技有限公司,OU=技术部,O=天津六六游科技有限公司,L=天津市,ST=天津市,C=CN

21-10-2021 08:41
Valid: true

Chain 1

CN=天津六六游科技有限公司,OU=技术部,O=天津六六游科技有限公司,L=天津市,ST=天津市,C=CN

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

52:f9:2d:e2:46:a3:af:8e:50:43:97:a8:7f:08:f4:7d:72:61:72:48
Signer

Actual PE Digest

52:f9:2d:e2:46:a3:af:8e:50:43:97:a8:7f:08:f4:7d:72:61:72:48

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=天津六六游科技有限公司,OU=技术部,O=天津六六游科技有限公司,L=天津市,ST=天津市,C=CN

21-10-2021 08:40
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsPrefixW
PathFindExtensionW
StrCmpIW
StrStrIA
StrTrimA
StrCmpNIW
PathIsDirectoryW
PathRemoveFileSpecW
PathStripToRootW
PathFileExistsW
PathCombineW
PathAppendW
wnsprintfW
wnsprintfA
wvnsprintfW
PathFindFileNameW
StrStrIW
SHSetValueW
StrToIntW
SHGetValueA
SHSetValueA
StrCmpW
PathIsRelativeW
PathRelativePathToW
SHDeleteKeyW
SHDeleteValueW
SHGetValueW
StrToInt64ExW

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipDrawImagePointRectI
GdiplusStartup
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipSetTextRenderingHint
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdiplusShutdown
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipCreateImageAttributes
GdipCreateSolidFill
GdipDeleteBrush
GdipGetImageHeight
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipDeleteGraphics
GdipCreateFromHDC

kernel32

lstrcmpW
lstrcmpiW
lstrcpynW
lstrlenA
lstrlenW
CreateMutexW
LoadLibraryW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
CreateProcessW
GetStartupInfoW
FindResourceW
FindResourceExW
GetSystemDirectoryW
DeleteFileW
FindFirstFileW
FindNextFileW
GetVersionExW
MultiByteToWideChar
WideCharToMultiByte
LocalFree
GetCommandLineW
GetWindowsDirectoryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
GetFileSize
WriteFile
FlushFileBuffers
CreateFileW
DeviceIoControl
lstrcmpA
lstrcmpiA
CreateFileA
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
ExitProcess
GetACP
GetStringTypeW
GetFileType
LCMapStringW
MulDiv
WaitForSingleObjectEx
CreatePipe
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
WriteConsoleW
InterlockedExchange
CloseHandle
FindClose
ReadFile
SizeofResource
LoadResource
Sleep
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
SetEndOfFile
GetSystemWindowsDirectoryW
FreeResource
InterlockedCompareExchange
GlobalAddAtomW
TerminateThread
GetPrivateProfileStringW
LocalAlloc
GetSystemInfo
ResetEvent
CreateDirectoryW
GetTempFileNameW
WritePrivateProfileStringW
FormatMessageW
CopyFileW
ReleaseMutex
GetExitCodeProcess
GetFileAttributesExW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
SetFilePointer
WaitForMultipleObjects
GetExitCodeThread
MoveFileW
GetLocalTime
GetFileSizeEx
GlobalFree
MoveFileExW
GetFileAttributesW
SetFileAttributesW
GetTickCount
GetFullPathNameW
RemoveDirectoryW
GetDiskFreeSpaceExW
GetTempPathW
GetDriveTypeW
GetLogicalDriveStringsW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalFindAtomW
GlobalDeleteAtom
OpenProcess
GetLongPathNameW
CreateEventW
SetEvent
PeekNamedPipe
FindFirstFileExW
SetFileTime
DecodePointer
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
InitializeCriticalSection
SetErrorMode
SetLastError
GetLastError
GetCurrentThreadId
RaiseException
GetCurrentProcess
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
LockResource
HeapDestroy
GlobalMemoryStatusEx
GlobalUnlock
GlobalLock
GlobalAlloc
GetProcAddress
FreeLibrary
GetSystemTime

user32

AppendMenuW
TrackPopupMenu
UpdateWindow
DestroyMenu
PtInRect
LoadImageW
MonitorFromPoint
CopyRect
GetCursorPos
RegisterWindowMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageW
PostMessageW
DefWindowProcW
CallWindowProcW
UnregisterClassW
UnhookWinEvent
SetWinEventHook
MessageBoxW
SystemParametersInfoW
wsprintfW
SetCursor
SetWindowRgn
UpdateLayeredWindow
OffsetRect
CreatePopupMenu
SetRect
IsRectEmpty
WaitForInputIdle
SendMessageTimeoutW
GetWindowThreadProcessId
FindWindowExW
PostThreadMessageW
EndDialog
DialogBoxParamW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
IsWindow
IsChild
DestroyWindow
ShowWindow
MoveWindow
SetWindowPos
GetSystemMetrics
KillTimer
SetTimer
IsIconic
ShowWindowAsync
PostQuitMessage
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
GetWindow
GetClassNameW
FindWindowW
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
FillRect
GetSysColor
MapWindowPoints
ScreenToClient
ClientToScreen
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
SetForegroundWindow
DestroyAcceleratorTable
CreateAcceleratorTableW
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
GetDlgItem
BringWindowToTop
IsWindowVisible

gdi32

GetObjectW
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
SetViewportOrgEx
BitBlt
SetBkMode
SetTextColor
CreateFontIndirectW
CreateFontW
EnumFontFamiliesW
ExtTextOutW
CombineRgn
CreateRectRgn
SaveDC
GetCurrentObject
CreateCompatibleBitmap
SetBkColor
RestoreDC

advapi32

RegEnumKeyExA
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
GetTokenInformation
GetTrusteeNameW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
SetEntriesInAclW
LookupAccountNameW
LookupAccountSidW
DeleteAce
EqualSid
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
GetUserNameW

shell32

CommandLineToArgvW
Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW
SHLoadInProc
ord680
SHChangeNotify
ShellExecuteExW
ord75
SHFileOperationW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteW
ord165

ole32

CoInitialize
CoCreateGuid
OleRun
CoUninitialize
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateInstance

oleaut32

SysAllocStringLen
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysStringLen
VariantInit
VariantClear
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect

urlmon

URLDownloadToCacheFileW

psapi

GetModuleFileNameExW
EnumProcesses

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winhttp

WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSetOption
WinHttpSetCredentials
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable

iphlpapi

GetAdaptersInfo

setupapi

SetupIterateCabinetW

Sections

.text
Size: 478KB - Virtual size: 478KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7912ecb4f7bbbe53029069d73813f689

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0b:82:ab:a6:7f:8b:c6:74:df:9f:b3:ec:a5:91:bd:ceCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

05:ba:f7:50:38:18:8a:99:16:8a:78:bb:12:de:4b:22Certificate

Extended Key Usages

Key Usages

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

5d:9b:49:0f:ba:b3:83:9d:28:ad:30:a6:b4:13:8f:b8:f7:4e:48:30:d6:a6:4f:3c:65:86:64:2a:5b:c0:80:d4Signer

Signature Validations

Verification

21-10-2021 08:41 Valid: true

Chain 1

52:f9:2d:e2:46:a3:af:8e:50:43:97:a8:7f:08:f4:7d:72:61:72:48Signer

Signature Validations

Verification

21-10-2021 08:40 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

comctl32

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

urlmon

psapi

version

winhttp

iphlpapi

setupapi

Sections

.text Size: 478KB - Virtual size: 478KB

.rdata Size: 229KB - Virtual size: 229KB

.data Size: 16KB - Virtual size: 24KB

.rsrc Size: 3.6MB - Virtual size: 3.6MB

.reloc Size: 29KB - Virtual size: 28KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0b:82:ab:a6:7f:8b:c6:74:df:9f:b3:ec:a5:91:bd:ce
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

05:ba:f7:50:38:18:8a:99:16:8a:78:bb:12:de:4b:22
Certificate

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

5d:9b:49:0f:ba:b3:83:9d:28:ad:30:a6:b4:13:8f:b8:f7:4e:48:30:d6:a6:4f:3c:65:86:64:2a:5b:c0:80:d4
Signer

21-10-2021 08:41
Valid: true

52:f9:2d:e2:46:a3:af:8e:50:43:97:a8:7f:08:f4:7d:72:61:72:48
Signer

21-10-2021 08:40
Valid: false

.text
Size: 478KB - Virtual size: 478KB

.rdata
Size: 229KB - Virtual size: 229KB

.data
Size: 16KB - Virtual size: 24KB

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

.reloc
Size: 29KB - Virtual size: 28KB