0835437ab88f8a6d60e4053373b6c3d3932e5684cd07cce6772ebd349948fd48

Sharing

Copy URL

Twitter E-mail

General

Target

0835437ab88f8a6d60e4053373b6c3d3932e5684cd07cce6772ebd349948fd48
Size

854KB
MD5

8e71fd3dfacccd0f651df44e2d836c1d
SHA1

8820903f366e0d8647732934412217be00f86d14
SHA256

0835437ab88f8a6d60e4053373b6c3d3932e5684cd07cce6772ebd349948fd48
SHA512

7930c668d6c3d35a2596af0f4d85b9a38494bab4d81727c634cbb78e8f6d095b76d4b58182038f6447d54711253bcc7f0987b31a55e6e004bb2f9141f454212c
SSDEEP

12288:E/aT++N0Dg0LxQ/muW13rw2nrAN/oF4ZEdWFUmrNR:shDg0LxQ/m513r9rAN/4JWGmrNR

Score

N/A

Malware Config

Signatures

Files

0835437ab88f8a6d60e4053373b6c3d3932e5684cd07cce6772ebd349948fd48
.exe windows x86

73a8a8eec18e5350020467cd4aab91e6

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:69:00:5d:bc:45:70:12:e3:71:66:72:1c:4c:b0:eb
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12-04-2021 00:00

Not After

20-04-2022 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:00:30:38:3c:61:72:03:4f:78:18:91:23:65:bd:ce:9e:f4:7b:ed:dd:29:4c:78:9f:e0:6e:54:17:ca:0e:49
Signer

Actual PE Digest

7e:00:30:38:3c:61:72:03:4f:78:18:91:23:65:bd:ce:9e:f4:7b:ed:dd:29:4c:78:9f:e0:6e:54:17:ca:0e:49

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Beijing Kingsoft Security software Co.\,Ltd,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

07-01-2022 07:48
Valid: true

Chain 1

CN=Beijing Kingsoft Security software Co.\,Ltd,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
InitializeCriticalSection
FindFirstFileW
FindClose
CreateMutexW
Sleep
InterlockedIncrement
InterlockedDecrement
FreeLibrary
lstrcmpiW
LoadLibraryExW
RaiseException
SetEvent
DeleteFileW
MoveFileExW
OpenEventW
GetDiskFreeSpaceExW
FindNextFileW
RemoveDirectoryW
WriteFile
GetFileAttributesW
CreateDirectoryW
SystemTimeToFileTime
GetFileSize
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
SetFilePointer
GetProcAddress
GetCurrentDirectoryW
LocalFileTimeToFileTime
UnhandledExceptionFilter
GetCurrentProcess
GetStartupInfoW
GetLocalTime
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
LoadLibraryW
GetModuleHandleW
GetPrivateProfileIntW
CloseHandle
ReadFile
CreateFileW
lstrlenW
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetLastError
SetLastError
GetModuleFileNameW
FindResourceExW
LoadResource
LockResource
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
GetVersion
GetFileType
GetStdHandle
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
SleepEx
ExpandEnvironmentStringsA
FormatMessageA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
CreateEventW
GetTickCount
InterlockedCompareExchange
LocalFree
SizeofResource
SetFileTime
FindResourceW
SetUnhandledExceptionFilter

user32

CharNextW
DestroyWindow
DefWindowProcW
UnregisterClassA
GetUserObjectInformationW
MessageBoxA
GetProcessWindowStation

advapi32

RegisterEventSourceA
DeregisterEventSource
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyW
RegCreateKeyExW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
ReportEventA

shell32

SHCreateDirectoryExW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoInitialize

oleaut32

VarUI4FromStr

shlwapi

PathAddBackslashW
PathIsDirectoryW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
PathRemoveBackslashW
PathFindExtensionW
PathFindFileNameW
SHGetValueW

comctl32

InitCommonControlsEx

msvcp80

??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr80

vswprintf_s
memmove_s
memcpy_s
wcslen
wcscspn
wcsspn
_invalid_parameter_noinfo
??2@YAPAXI@Z
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
_wtoi
_time32
calloc
free
_recalloc
_wfopen
fread
fwrite
feof
fclose
??_V@YAXPAX@Z
memset
srand
_time64
fwprintf
fflush
_purecall
_wcsicmp
_beginthreadex
malloc
wcsncpy_s
_endthreadex
wcscmp
wcschr
wcscat_s
wcscat
rand
_vswprintf
iswspace
strlen
_vscwprintf
strncmp
memcpy
wcsncpy
strcmp
fputc
sscanf_s
_vsnprintf_s
atoi
fopen_s
fprintf
ferror
ftell
fseek
isspace
strchr
isalnum
tolower
isalpha
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
strncpy
wcsrchr
wcsstr
_wcslwr_s
??3@YAXPAX@Z
strerror
__iob_func
strtoul
sscanf
getenv
_vsnprintf
raise
realloc
qsort
isdigit
fopen
_setmode
_fileno
fgets
_errno
_strnicmp
isxdigit
_gmtime64
isupper
memchr
_stricmp
strtol
fputs
signal
_getch
strrchr
sprintf
strstr
_strtoi64
__sys_nerr
_stat64
_strdup
__CxxFrameHandler3
memmove
_CxxThrowException

ws2_32

__WSAFDIsSet
htons
WSACleanup
getpeername
setsockopt
select
ioctlsocket
WSAStartup
closesocket
WSAGetLastError
recv
send
getsockname
ntohs
connect
socket
WSASetLastError
freeaddrinfo
getsockopt
bind
getaddrinfo

psapi

GetModuleFileNameExW

Sections

.text
Size: 632KB - Virtual size: 628KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73a8a8eec18e5350020467cd4aab91e6

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0b:69:00:5d:bc:45:70:12:e3:71:66:72:1c:4c:b0:ebCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

7e:00:30:38:3c:61:72:03:4f:78:18:91:23:65:bd:ce:9e:f4:7b:ed:dd:29:4c:78:9f:e0:6e:54:17:ca:0e:49Signer

Signature Validations

Verification

07-01-2022 07:48 Valid: true

Chain 1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msvcp80

msvcr80

ws2_32

psapi

Sections

.text Size: 632KB - Virtual size: 628KB

.rdata Size: 200KB - Virtual size: 199KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 1KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0b:69:00:5d:bc:45:70:12:e3:71:66:72:1c:4c:b0:eb
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

7e:00:30:38:3c:61:72:03:4f:78:18:91:23:65:bd:ce:9e:f4:7b:ed:dd:29:4c:78:9f:e0:6e:54:17:ca:0e:49
Signer

07-01-2022 07:48
Valid: true

.text
Size: 632KB - Virtual size: 628KB

.rdata
Size: 200KB - Virtual size: 199KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 1KB