d13cce35c1a7adc882ccb92d2419f650e0cf21b334fbc87c4783cb924e2f9212

Sharing

Copy URL Twitter E-mail

General

Target

d13cce35c1a7adc882ccb92d2419f650e0cf21b334fbc87c4783cb924e2f9212
Size

607KB
MD5

cadb7e3376b33baa6f9f93e6f02eeadb
SHA1

67b7e06738e94e65d7ead1ee8a2de7d20c72f34f
SHA256

d13cce35c1a7adc882ccb92d2419f650e0cf21b334fbc87c4783cb924e2f9212
SHA512

44da9f0bc1af8ed3aea08a8c47643d2a8166beec09325439acc4f66cdd6dca7a8bc79236fe8791c9213c5eac098291e5d6ee8fceaeb280dd269371125956a307
SSDEEP

12288:dWYWGVbwKYnbwGuVZ+ohPQ+LYV+D6VzbChNE5Vrgutnkh462OJlMshPSpPL1:dWNGlEn4VZ+oBbx6VzWEIutg4AJldaph

Score

N/A

Malware Config

Signatures

Files

d13cce35c1a7adc882ccb92d2419f650e0cf21b334fbc87c4783cb924e2f9212
.7z
flux v4.120 英文绿色版/flux.exe
.exe windows x86

cb0fc1b0d125c686e83500b5af8eba32

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:5c:82:09:a8:53:21:56:17:be:7d:b8:18:61:d3:99
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

17/06/2021, 00:00

Not After

16/06/2024, 23:59

Subject

CN=F.lux Software LLC,O=F.lux Software LLC,L=Los Angeles,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:5c:82:09:a8:53:21:56:17:be:7d:b8:18:61:d3:99
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

17/06/2021, 00:00

Not After

16/06/2024, 23:59

Subject

CN=F.lux Software LLC,O=F.lux Software LLC,L=Los Angeles,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:65:ab:2f:69:e6:fe:16:00:75:a3:5f:93:16:b5:0b:e2:b8:73:b7:76:db:1e:c9:ee:31:0d:45:a6:a4:65:d9
Signer

Actual PE Digest

74:65:ab:2f:69:e6:fe:16:00:75:a3:5f:93:16:b5:0b:e2:b8:73:b7:76:db:1e:c9:ee:31:0d:45:a6:a4:65:d9

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=F.lux Software LLC,O=F.lux Software LLC,L=Los Angeles,ST=California,C=US

18/06/2021, 00:09
Valid: true

Chain 1

CN=F.lux Software LLC,O=F.lux Software LLC,L=Los Angeles,ST=California,C=US

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

dc:53:03:f7:16:5b:6e:93:b2:24:85:7d:7c:a8:15:2b:56:4b:4c:95
Signer

Actual PE Digest

dc:53:03:f7:16:5b:6e:93:b2:24:85:7d:7c:a8:15:2b:56:4b:4c:95

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=F.lux Software LLC,O=F.lux Software LLC,L=Los Angeles,ST=California,C=US

18/06/2021, 00:09
Valid: true

Chain 1

CN=F.lux Software LLC,O=F.lux Software LLC,L=Los Angeles,ST=California,C=US

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

send
htons
select
ioctlsocket
WSAStartup
connect
setsockopt
closesocket
socket
bind
recv
sendto

winmm

timeBeginPeriod
timeGetTime

kernel32

ExitProcess
GetDiskFreeSpaceExA
QueryPerformanceCounter
TerminateProcess
OpenProcess
GetCurrentProcess
ResetEvent
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcessId
CloseHandle
CreateMutexA
LoadLibraryExA
GetModuleFileNameA
EnterCriticalSection
GetProcAddress
GetLastError
LeaveCriticalSection
CreateEventA
Sleep
GetTickCount
SetEvent
IsProcessorFeaturePresent
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
FreeLibrary
UnmapViewOfFile
ReadFile
WriteFile
HeapFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetFileSize
SetEndOfFile
SetFilePointer
lstrcmpW
DisableThreadLibraryCalls
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetHandleCount
GetConsoleMode
GetConsoleCP
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapReAlloc
VirtualFree
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemInfo
GetProcessHeap
HeapAlloc
GetSystemTimeAsFileTime
ExitThread
ResumeThread
GetModuleHandleW
VirtualAlloc
VirtualProtect
RtlUnwind
GetFileType
CreateThread
SetLastError
SetStdHandle
GetStartupInfoA
MultiByteToWideChar
WideCharToMultiByte
SetThreadPriority
TerminateThread
GetCurrentThreadId
lstrcpynA
LocalFree
FormatMessageA
LoadLibraryA
GetComputerNameA
GetProcessHandleCount
GlobalAlloc
GlobalLock
GlobalUnlock
CreateFileA
GetVersion
GetVersionExA
GetLocaleInfoA
GetStdHandle
VerSetConditionMask
VerifyVersionInfoA
GetSystemPowerStatus
SetThreadExecutionState
FileTimeToSystemTime
GetLocalTime
SystemTimeToFileTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
LocalFileTimeToFileTime
GetTimeFormatA
QueryPerformanceFrequency
GetFileAttributesExA
DeleteFileA
GetFileAttributesA
MulDiv
GetModuleHandleA
VirtualQuery
CreateDirectoryA
lstrlenW
RaiseException
LoadResource
SizeofResource
FindResourceA
lstrlenA
lstrcmpiA
IsDBCSLeadByte
FlushInstructionCache
lstrcmpA
GetCommandLineA

user32

CheckDlgButton
AppendMenuA
GetDlgItem
ReleaseDC
AppendMenuW
TrackPopupMenuEx
GetForegroundWindow
GetDC
GetLastInputInfo
WindowFromPoint
FindWindowExA
LoadIconA
SetForegroundWindow
PostMessageA
SetMenuDefaultItem
SystemParametersInfoA
SetWindowTextA
ShowWindow
CreatePopupMenu
SendMessageA
IsDlgButtonChecked
LoadImageA
EnableWindow
AdjustWindowRect
GetDesktopWindow
GetWindowThreadProcessId
RegisterHotKey
SetWindowTextW
DestroyMenu
MsgWaitForMultipleObjects
GetWindowTextLengthA
GetWindowTextA
LoadStringA
SetFocus
IsIconic
SetActiveWindow
GetWindowLongA
GetClassInfoA
SetWindowLongA
GetWindow
EnumThreadWindows
IsWindow
DestroyWindow
RegisterWindowMessageA
GetParent
GetClientRect
CreateWindowExA
IsWindowVisible
ShowWindowAsync
SetMenu
RegisterClassA
SetClassLongA
DefWindowProcA
SetWindowPos
MoveWindow
GetSystemMetrics
ReleaseCapture
GetActiveWindow
FlashWindowEx
PostQuitMessage
CallWindowProcA
wsprintfA
GetAsyncKeyState
LoadCursorA
SetCursor
ShowCursor
UnregisterClassA
GetCursorPos
SetCursorPos
IsDialogMessageA
TranslateAcceleratorA
TranslateMessage
MessageBoxA
EnumChildWindows
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
KillTimer
SetDlgItemTextA
FillRect
SetCapture
CharNextA
ScreenToClient
InvalidateRect
InvalidateRgn
RedrawWindow
IsChild
RegisterClassExA
DestroyAcceleratorTable
GetFocus
CreateAcceleratorTableA
EndDialog
DialogBoxParamA
AdjustWindowRectEx
GetMenu
SetParent
GetTopWindow
GetMessageExtraInfo
PeekMessageA
DispatchMessageA
EndPaint
GetClassNameA
GetClassInfoExA
BeginPaint
GetSysColor
EnumDisplayMonitors
MessageBeep
ExitWindowsEx
UpdateWindow
ClientToScreen
SetTimer
GetWindowRect
UnregisterHotKey

gdi32

CreatePen
Rectangle
CreateDIBSection
SetStretchBltMode
StretchBlt
GetObjectA
BitBlt
CreateCompatibleBitmap
DeleteObject
CreateSolidBrush
GetDeviceGammaRamp
GetICMProfileA
SetDeviceGammaRamp
GetDeviceCaps
GetStockObject
CreateDCA
DeleteDC
CreateCompatibleDC
SelectObject
GetKerningPairsA
GetGlyphOutlineA
CreateFontIndirectA
SetBkMode

advapi32

RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
CryptGenRandom
CryptAcquireContextA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
CheckTokenMembership
CreateWellKnownSid
RegOpenKeyExA

ole32

CoTaskMemRealloc
StringFromGUID2
CoRegisterClassObject
CreateStreamOnHGlobal
CoTaskMemAlloc
CoGetClassObject
OleLockRunning
OleInitialize
OleUninitialize
CoResumeClassObjects
CLSIDFromProgID
CoSetProxyBlanket
CoInitialize
CoTaskMemFree
CoUninitialize
CoInitializeEx
CLSIDFromString
CoCreateInstance

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
SysStringLen
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect

psapi

GetProcessMemoryInfo
GetModuleFileNameExA

setupapi

SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsExA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

wininet

InternetWriteFile
HttpQueryInfoA
InternetQueryDataAvailable
InternetReadFile
DeleteUrlCacheEntry
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetSetOptionA
HttpAddRequestHeadersA
HttpSendRequestExA
HttpEndRequestA
InternetCrackUrlA

urlmon

URLDownloadToFileA
UrlMkSetSessionOption
URLDownloadToCacheFileA

dbghelp

MiniDumpWriteDump

comctl32

InitCommonControlsEx
CreatePropertySheetPageA
PropertySheetA

shlwapi

PathAddBackslashA
SHDeleteValueA

wintrust

WinVerifyTrust

shell32

SHGetSpecialFolderPathA
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

Sections

.text
Size: 724KB - Virtual size: 724KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 504KB - Virtual size: 541KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
flux v4.120 英文绿色版/runtime/flux.preset.json
flux v4.120 英文绿色版/runtime/flux.psd
flux v4.120 英文绿色版/runtime/flux.tre
flux v4.120 英文绿色版/主界面.png
.png
flux v4.120 英文绿色版/开机自动启动及禁止自动更新等初始化设置.bat
flux v4.120 英文绿色版/清理.bat
flux v4.120 英文绿色版/说明.txt

Sharing

General

Malware Config

Signatures

Files

cb0fc1b0d125c686e83500b5af8eba32

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

37:5c:82:09:a8:53:21:56:17:be:7d:b8:18:61:d3:99Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

37:5c:82:09:a8:53:21:56:17:be:7d:b8:18:61:d3:99Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

74:65:ab:2f:69:e6:fe:16:00:75:a3:5f:93:16:b5:0b:e2:b8:73:b7:76:db:1e:c9:ee:31:0d:45:a6:a4:65:d9Signer

Signature Validations

Verification

18/06/2021, 00:09 Valid: true

Chain 1

dc:53:03:f7:16:5b:6e:93:b2:24:85:7d:7c:a8:15:2b:56:4b:4c:95Signer

Signature Validations

Verification

18/06/2021, 00:09 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

winmm

kernel32

user32

gdi32

advapi32

ole32

oleaut32

psapi

setupapi

version

wininet

urlmon

dbghelp

comctl32

shlwapi

wintrust

shell32

Sections

.text Size: 724KB - Virtual size: 724KB

.rdata Size: 164KB - Virtual size: 163KB

.data Size: 504KB - Virtual size: 541KB

.rsrc Size: 29KB - Virtual size: 28KB

.reloc Size: 40KB - Virtual size: 39KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

37:5c:82:09:a8:53:21:56:17:be:7d:b8:18:61:d3:99
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

37:5c:82:09:a8:53:21:56:17:be:7d:b8:18:61:d3:99
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

74:65:ab:2f:69:e6:fe:16:00:75:a3:5f:93:16:b5:0b:e2:b8:73:b7:76:db:1e:c9:ee:31:0d:45:a6:a4:65:d9
Signer

18/06/2021, 00:09
Valid: true

dc:53:03:f7:16:5b:6e:93:b2:24:85:7d:7c:a8:15:2b:56:4b:4c:95
Signer

18/06/2021, 00:09
Valid: true

.text
Size: 724KB - Virtual size: 724KB

.rdata
Size: 164KB - Virtual size: 163KB

.data
Size: 504KB - Virtual size: 541KB

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 40KB - Virtual size: 39KB