81e54a6e17b41ed3ffd3c6e18c926324b67d1dd6156bd30197ad476c12e9729f

Sharing

Copy URL Twitter E-mail

General

Target

81e54a6e17b41ed3ffd3c6e18c926324b67d1dd6156bd30197ad476c12e9729f
Size

2.1MB
MD5

5c4ff5fad50a5b7949e3a84fb0e91c0a
SHA1

c33c08ecf062e25fe902e6dd62378e3eda352687
SHA256

81e54a6e17b41ed3ffd3c6e18c926324b67d1dd6156bd30197ad476c12e9729f
SHA512

95e859a876627cbdb96381c3a2922abc5d28ff9eed487133ad820feba3061b8cf093708960188b82035e5bef7a732a82f938dcf462ce34466e6d89a5264cf714
SSDEEP

49152:SQThjUVPiw8RhGJLy15VAGGqA9e36hxDF4OnQn/8BF6fvyiUMBgM:SQTpUEw8Rh9FAjM6rDF4OnQn/8T6Xyij

Score

N/A

Malware Config

Signatures

Files

81e54a6e17b41ed3ffd3c6e18c926324b67d1dd6156bd30197ad476c12e9729f
.exe windows x86

7a0ba09fa1f645884fb2054eedc4572e

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:5a:1b:98:ac:63:a3:f1:c4:23:af:d6:64:ee:79:75
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/02/2019, 00:00

Not After

25/02/2020, 12:00

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,L=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:3d:c0:c1:2d:50:e6:bd:31:c1:66:38:47:51:1d:e4
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/02/2017, 00:00

Not After

14/03/2020, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c0:02:f5:4f:56:54:8f:64:db:86:3c:47:2b:3a:29:eb:b6:a1:ea:6a:9c:83:97:09:ca:14:97:5e:2d:b3:c5:2f
Signer

Actual PE Digest

c0:02:f5:4f:56:54:8f:64:db:86:3c:47:2b:3a:29:eb:b6:a1:ea:6a:9c:83:97:09:ca:14:97:5e:2d:b3:c5:2f

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,L=beijing,ST=beijing,C=CN

14/11/2019, 06:33
Valid: false

cb:2a:a0:fa:d9:cf:1f:de:0c:00:30:d1:ed:12:f6:21:c7:57:b1:96
Signer

Actual PE Digest

cb:2a:a0:fa:d9:cf:1f:de:0c:00:30:d1:ed:12:f6:21:c7:57:b1:96

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,L=Beijing,C=CN

14/11/2019, 06:33
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
QueryDosDeviceW
IsBadWritePtr
HeapAlloc
GetProcessHeap
HeapFree
GetFileSizeEx
FileTimeToSystemTime
GetSystemDirectoryW
GetDiskFreeSpaceExW
GetComputerNameA
InterlockedCompareExchange
GetCurrentThread
GetThreadContext
SetThreadContext
VirtualQuery
VirtualFree
VirtualAlloc
VirtualProtect
ResumeThread
OpenEventW
OpenMutexW
VerSetConditionMask
VerifyVersionInfoW
OpenFileMappingW
TerminateProcess
MapViewOfFile
UnmapViewOfFile
WaitNamedPipeW
CreateDirectoryW
RemoveDirectoryW
OutputDebugStringA
FileTimeToLocalFileTime
GetFileTime
SetEndOfFile
SetFilePointerEx
GetLogicalDriveStringsW
Module32FirstW
TerminateThread
CreateThread
GetExitCodeProcess
LocalFileTimeToFileTime
SetFileTime
GetCurrentDirectoryW
GetSystemTimeAsFileTime
GetModuleFileNameW
GetCurrentDirectoryA
GetFullPathNameA
FindFirstFileA
GetDriveTypeA
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetStdHandle
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetVersionExA
GetThreadLocale
GetACP
IsProcessorFeaturePresent
LoadLibraryA
HeapSize
HeapReAlloc
HeapDestroy
GetLocaleInfoA
InterlockedExchange
SystemTimeToFileTime
lstrcmpW
MulDiv
ReadProcessMemory
WriteProcessMemory
FreeResource
GetFileSize
ReadFile
CreateFileW
MoveFileExW
CloseHandle
WaitForSingleObject
CreateProcessW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
FindResourceExW
GetWindowsDirectoryW
LoadResource
GetModuleHandleW
LockResource
EnterCriticalSection
GetCurrentThreadId
SizeofResource
FindResourceW
GetVersionExW
FreeLibrary
FlushInstructionCache
GetCurrentProcess
InitializeCriticalSection
LoadLibraryW
lstrlenW
LeaveCriticalSection
OutputDebugStringW
lstrlenA
GetLastError
WideCharToMultiByte
SetLastError
MultiByteToWideChar
RaiseException
GetProcAddress
VirtualFreeEx
VirtualAllocEx
GetModuleFileNameA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
ProcessIdToSessionId
SetFilePointer
CreateFileA
LocalAlloc
ReleaseMutex
CreateMutexW
lstrcmpiW
LoadLibraryExW
InterlockedDecrement
InterlockedIncrement
ExitProcess
FlushFileBuffers
WriteFile
LocalFree
ResetEvent
WaitForMultipleObjects
SetEvent
GetCommandLineW
GlobalAlloc
GlobalLock
Sleep
GlobalUnlock
CopyFileW
GlobalFree
FindNextFileW
DeleteFileW
GetTempPathW
CreateEventW
GetTickCount
GetFileAttributesW
FindClose
FindFirstFileW
GetUserDefaultLCID
DeleteCriticalSection
GetModuleHandleA
GetLocalTime
GetExitCodeThread

user32

DefWindowProcW
GetParent
EqualRect
CreateWindowExW
GetWindowRect
InvalidateRect
GetDC
RegisterClassExW
MapWindowPoints
GetDlgItem
GetSystemMetrics
EnumDisplayDevicesW
EnumDisplaySettingsW
FindWindowExW
FindWindowW
GetClassNameW
FillRect
CreateAcceleratorTableW
GetSysColor
DestroyAcceleratorTable
GetWindowTextLengthW
RedrawWindow
GetWindowTextW
InvalidateRgn
SetRectEmpty
UnregisterClassA
DrawIconEx
CallWindowProcW
IsWindowVisible
GetNextDlgTabItem
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SetWindowTextW
GetFocus
IsChild
LoadBitmapW
PostQuitMessage
CreatePopupMenu
DestroyMenu
PostThreadMessageW
SetActiveWindow
AttachThreadInput
wsprintfW
RegisterWindowMessageW
IsWindow
SetFocus
SystemParametersInfoW
MoveWindow
GetWindow
ShowWindow
GetClassInfoExW
ReleaseCapture
SetRect
PtInRect
SetWindowPos
SetCapture
DrawFrameControl
LoadCursorW
DestroyWindow
PostMessageW
OffsetRect
LoadImageW
GetMonitorInfoW
MonitorFromWindow
SetCursor
LoadIconW
GetCursorPos
SendMessageW
ClientToScreen
InflateRect
DestroyIcon
CopyRect
GetDlgCtrlID
GetClientRect
UpdateLayeredWindow
DrawTextW
KillTimer
GetDesktopWindow
IntersectRect
ReleaseDC
EndPaint
BeginPaint
ScreenToClient
SetWindowLongW
GetWindowLongW
SetForegroundWindow
IsDialogMessageW
GetActiveWindow
IsWindowEnabled
SetTimer
EnableWindow
WindowFromPoint
GetShellWindow
GetWindowThreadProcessId
GetForegroundWindow
MonitorFromPoint
TrackPopupMenu
AppendMenuW
CharNextW
SendMessageTimeoutW

gdi32

CreateBitmap
CreateCompatibleDC
CreateRectRgn
GetClipRgn
DeleteObject
RectInRegion
SelectClipRgn
CreateRoundRectRgn
ExtTextOutW
SetBkColor
Rectangle
GetTextColor
MoveToEx
CreateFontIndirectW
LineTo
CreateDIBSection
DeleteDC
CreateCompatibleBitmap
GetTextExtentPoint32W
TextOutW
SetBkMode
BitBlt
GetViewportOrgEx
GetObjectW
ExtSelectClipRgn
GetStockObject
SelectObject
RestoreDC
CreateRectRgnIndirect
OffsetRgn
SetViewportOrgEx
SetTextColor
SaveDC
CombineRgn
CreatePen
RoundRect
StretchBlt
SetStretchBltMode
CreateSolidBrush
GetCurrentObject
GetDeviceCaps

advapi32

RegOpenKeyExW
RegQueryValueExW
RegOpenKeyW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
OpenProcessToken
GetUserNameW
LookupPrivilegeValueW
AdjustTokenPrivileges
SetSecurityDescriptorDacl
QueryServiceStatusEx
CloseServiceHandle
OpenServiceW
InitializeSecurityDescriptor
OpenSCManagerW
GetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
QueryServiceConfigW
ChangeServiceConfigW
RegCloseKey

shell32

CommandLineToArgvW
SHCreateDirectoryExW
SHQueryRecycleBinW
SHGetPathFromIDListW
SHFileOperationW
SHGetSpecialFolderPathW
SHBindToParent
ShellExecuteW
Shell_NotifyIconW
ord680
SHGetFolderPathW

ole32

CoCreateGuid
CLSIDFromProgID
OleUninitialize
OleInitialize
StringFromGUID2
OleLockRunning
CLSIDFromString
CoGetClassObject
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal

oleaut32

LoadRegTypeLi
VariantClear
LoadTypeLi
SysStringLen
VariantInit
DispCallFunc
SysStringByteLen
OleCreateFontIndirect
SysAllocStringLen
VarUI4FromStr
SysAllocString
SysFreeString

shlwapi

PathFindExtensionW
SHGetValueW
PathFindFileNameW
PathAppendW
StrRetToBufW
PathRemoveFileSpecW
StrToIntW
PathAddBackslashW
PathFileExistsW
StrToIntA

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipLoadImageFromStream
GdipImageRotateFlip
GdipDrawImagePointsRectI
GdipCreateBitmapFromStream
GdipDeletePrivateFontCollection
GdipAddPathRectangleI
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawImageRectRect
GdipCreateImageAttributes
GdipCreateHBITMAPFromBitmap
GdipDrawString
GdipSetPixelOffsetMode
GdipPrivateAddFontFile
GdipFillRectangleI
GdipAlloc
GdipCreateFont
GdipMeasureString
GdipSetClipPath
GdipGetImageHeight
GdipDrawPath
GdipAddPathStringI
GdipGetImageWidth
GdipGetFontCollectionFamilyList
GdipDrawImageRectRectI
GdipDrawLine
GdipGetFamily
GdipGetFontCollectionFamilyCount
GdipSetSmoothingMode
GdipDrawRectangleI
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDisposeImage
GdipGetFontSize
GdipDeleteFont
GdipCloneImage
GdipGraphicsClear
GdipCreateFontFromLogfontW
GdipDrawImageRectI
GdipCreateFromHDC
GdipLoadImageFromFile
GdipDrawImageI
GdipAddPathArcI
GdipDeleteGraphics
GdipFillPath
GdipCreatePen1
GdipTranslateWorldTransform
GdipCloneBrush
GdipSetCompositingQuality
GdipRotateWorldTransform
GdipResetWorldTransform
GdipDeleteBrush
GdipCreatePath
GdipCreateStringFormat
GdiplusShutdown
GdipDeletePath
GdipDeletePen
GdipDeleteStringFormat
GdipFillRectangle
GdiplusStartup
GdipSetStringFormatFlags
GdipAddPathPieI
GdipDrawLinesI
GdipSetStringFormatAlign
GdipClosePathFigure
GdipSetPenEndCap
GdipSetStringFormatLineAlign
GdipCreateBitmapFromScan0
GdipSetPenStartCap
GdipSetStringFormatTrimming
GdipNewPrivateFontCollection
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipSetPenDashStyle
GdipSetPenMode
GdipFree
GdipDeleteFontFamily
GdipCloneFontFamily

ws2_32

connect
ioctlsocket
select
__WSAFDIsSet
getaddrinfo
freeaddrinfo
WSASetLastError
socket
getsockopt
setsockopt
getpeername
htons
WSACleanup
WSAStartup
closesocket
WSAGetLastError
recv
send
getsockname
ntohs
bind

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetModuleFileNameExW

crypt32

CertNameToStrW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

userenv

DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 572KB - Virtual size: 569KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a0ba09fa1f645884fb2054eedc4572e

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

07:5a:1b:98:ac:63:a3:f1:c4:23:af:d6:64:ee:79:75Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

07:3d:c0:c1:2d:50:e6:bd:31:c1:66:38:47:51:1d:e4Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

c0:02:f5:4f:56:54:8f:64:db:86:3c:47:2b:3a:29:eb:b6:a1:ea:6a:9c:83:97:09:ca:14:97:5e:2d:b3:c5:2fSigner

Signature Validations

Verification

14/11/2019, 06:33 Valid: false

cb:2a:a0:fa:d9:cf:1f:de:0c:00:30:d1:ed:12:f6:21:c7:57:b1:96Signer

Signature Validations

Verification

14/11/2019, 06:33 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

ws2_32

version

psapi

crypt32

wtsapi32

userenv

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 304KB - Virtual size: 301KB

.data Size: 24KB - Virtual size: 34KB

.rsrc Size: 572KB - Virtual size: 569KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

07:5a:1b:98:ac:63:a3:f1:c4:23:af:d6:64:ee:79:75
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

07:3d:c0:c1:2d:50:e6:bd:31:c1:66:38:47:51:1d:e4
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

c0:02:f5:4f:56:54:8f:64:db:86:3c:47:2b:3a:29:eb:b6:a1:ea:6a:9c:83:97:09:ca:14:97:5e:2d:b3:c5:2f
Signer

14/11/2019, 06:33
Valid: false

cb:2a:a0:fa:d9:cf:1f:de:0c:00:30:d1:ed:12:f6:21:c7:57:b1:96
Signer

14/11/2019, 06:33
Valid: false

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 304KB - Virtual size: 301KB

.data
Size: 24KB - Virtual size: 34KB

.rsrc
Size: 572KB - Virtual size: 569KB