General

Malware Config

Signatures

Files

• ac13dc732c54140b112038211cb9050cedc9918419164748b663d4101ad6b028

  .exe windows x86

  f6f403a046c23aa1df2d2277920a9a83

  
  

  Code Sign

  04:00:00:00:00:01:21:58:53:08:a2

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  18-03-2009 10:00

  Not After

  18-03-2029 10:00

  Subject

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  15-06-2016 00:00

  Not After

  15-06-2024 00:00

  Subject

  CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageOCSPSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  78:24:30:8e:cf:37:cf:73:54:08:d8:d0

  Certificate

  Issuer

  CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  Not Before

  23-10-2017 07:14

  Not After

  24-10-2018 07:14

  Subject

  CN=Huai'an Qianfeng Network Technology Co.\, Ltd.,O=Huai'an Qianfeng Network Technology Co.\, Ltd.,L=淮安市,ST=江苏省,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12

  Certificate

  Issuer

  CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  12-01-2016 00:00

  Not After

  11-01-2031 23:59

  Subject

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6

  Certificate

  Issuer

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  02-01-2017 00:00

  Not After

  01-04-2028 23:59

  Subject

  CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12

  Certificate

  Issuer

  CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  12-01-2016 00:00

  Not After

  11-01-2031 23:59

  Subject

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6

  Certificate

  Issuer

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  02-01-2017 00:00

  Not After

  01-04-2028 23:59

  Subject

  CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  a9:b4:01:30:e0:5b:64:9e:4d:8e:8a:ea:f4:a9:01:a5:ac:5e:8b:cd:86:d7:e0:4d:cc:40:33:54:2e:4b:80:c5

  Signer

  Actual PE Digest

  a9:b4:01:30:e0:5b:64:9e:4d:8e:8a:ea:f4:a9:01:a5:ac:5e:8b:cd:86:d7:e0:4d:cc:40:33:54:2e:4b:80:c5

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=Huai'an Qianfeng Network Technology Co.\, Ltd.,O=Huai'an Qianfeng Network Technology Co.\, Ltd.,L=淮安市,ST=江苏省,C=CN

  27-12-2017 07:27

  Valid: true

  Chain 1

  CN=Huai'an Qianfeng Network Technology Co.\, Ltd.,O=Huai'an Qianfeng Network Technology Co.\, Ltd.,L=淮安市,ST=江苏省,C=CN

  CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  imm32

  ImmDisableIME

  ws2_32

  WSAGetLastError

  __WSAFDIsSet

  select

  WSASetLastError

  bind

  getpeername

  getsockname

  getsockopt

  ntohs

  WSAIoctl

  getaddrinfo

  freeaddrinfo

  recvfrom

  sendto

  accept

  listen

  ioctlsocket

  gethostname

  htonl

  ntohl

  WSAStartup

  connect

  htons

  setsockopt

  recv

  socket

  closesocket

  gethostbyname

  send

  WSACleanup

  winhttp

  WinHttpCloseHandle

  WinHttpConnect

  WinHttpCrackUrl

  WinHttpSetTimeouts

  WinHttpReceiveResponse

  WinHttpQueryDataAvailable

  WinHttpAddRequestHeaders

  WinHttpReadData

  WinHttpOpenRequest

  WinHttpSendRequest

  WinHttpOpen

  kernel32

  MultiByteToWideChar

  CreateEventW

  WaitForMultipleObjects

  DeleteFileA

  GetTickCount

  FreeLibrary

  LoadLibraryW

  GetTempPathW

  LoadLibraryA

  DeleteFileW

  GetSystemDefaultLangID

  GetTimeZoneInformation

  GetVersionExA

  GetSystemTime

  VirtualFree

  FreeResource

  InterlockedExchange

  ResetEvent

  GetExitCodeThread

  ResumeThread

  InterlockedIncrement

  GetVersionExW

  GetSystemInfo

  WideCharToMultiByte

  Process32First

  TerminateProcess

  Process32FirstW

  Process32Next

  Process32NextW

  CreateToolhelp32Snapshot

  GetTempFileNameW

  GetFileSize

  SystemTimeToTzSpecificLocalTime

  CreateDirectoryW

  WriteFile

  GetSystemDirectoryW

  GetFileAttributesA

  lstrcpynW

  GetFileAttributesW

  FileTimeToSystemTime

  ReadFile

  GetModuleFileNameW

  CreateFileW

  FindClose

  SetFilePointer

  SetEndOfFile

  SetFileTime

  SystemTimeToFileTime

  LocalFileTimeToFileTime

  GetCurrentDirectoryW

  lstrcmpiW

  lstrlenW

  GlobalAlloc

  GlobalSize

  GlobalLock

  GlobalUnlock

  GlobalFree

  lstrcatW

  OutputDebugStringW

  LocalAlloc

  LocalReAlloc

  GetSystemDirectoryA

  LocalUnlock

  LocalSize

  SetEvent

  lstrcpyW

  CreateThread

  SetProcessWorkingSetSize

  SetLastError

  SleepEx

  VerSetConditionMask

  GetModuleHandleA

  VerifyVersionInfoA

  FormatMessageA

  GetFileType

  GetStdHandle

  PeekNamedPipe

  ExpandEnvironmentStringsA

  GetThreadContext

  SetThreadContext

  VirtualQuery

  InterlockedCompareExchange

  FlushInstructionCache

  VirtualAlloc

  VirtualProtect

  SuspendThread

  LoadLibraryExW

  GetPrivateProfileIntA

  GetPrivateProfileStringA

  SwitchToThread

  DeviceIoControl

  GetModuleHandleExW

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetLocaleInfoW

  LCMapStringW

  CompareStringW

  GetStartupInfoW

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  UnhandledExceptionFilter

  GetCPInfo

  FindFirstFileExW

  GetFileInformationByHandle

  FileTimeToLocalFileTime

  SetFilePointerEx

  GetLocalTime

  RtlUnwind

  GetCommandLineW

  ExitThread

  IsProcessorFeaturePresent

  GetSystemTimeAsFileTime

  IsDebuggerPresent

  EncodePointer

  GetStringTypeW

  WaitForSingleObject

  CreateDirectoryA

  ExitProcess

  GetProcAddress

  GetCurrentThread

  lstrlenA

  SetEnvironmentVariableA

  WriteConsoleW

  LocalLock

  CreateProcessA

  GetFullPathNameW

  SetStdHandle

  FlushFileBuffers

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  QueryPerformanceCounter

  GetConsoleCP

  GetOEMCP

  IsValidCodePage

  ReadConsoleW

  GetModuleFileNameA

  GetTempPathA

  GetCurrentProcessId

  CloseHandle

  GetCurrentThreadId

  CreateFileMappingW

  InitializeCriticalSection

  GetModuleHandleW

  GetComputerNameW

  GetCurrentProcess

  SetUnhandledExceptionFilter

  UnmapViewOfFile

  MapViewOfFile

  CreateMutexW

  CreateFileA

  LockResource

  SizeofResource

  LoadResource

  FindResourceW

  FindResourceExW

  GlobalMemoryStatusEx

  GetDiskFreeSpaceExW

  GetLogicalDriveStringsW

  GetDriveTypeW

  Sleep

  InterlockedDecrement

  DeleteCriticalSection

  DecodePointer

  EnterCriticalSection

  HeapSize

  GetLastError

  RaiseException

  LeaveCriticalSection

  HeapDestroy

  InitializeCriticalSectionAndSpinCount

  GetProcessHeap

  HeapFree

  HeapAlloc

  HeapReAlloc

  AreFileApisANSI

  GetACP

  GetConsoleMode

  LocalFree

  user32

  EqualRect

  IsRectEmpty

  OffsetRect

  MapWindowPoints

  ClientToScreen

  GetActiveWindow

  GetClassNameW

  GetParent

  SetClassLongW

  GetClassLongW

  IntersectRect

  ScreenToClient

  SetCaretPos

  ShowCaret

  HideCaret

  DestroyCaret

  GetCaretBlinkTime

  CreateCaret

  GetClipboardData

  EmptyClipboard

  CharUpperBuffW

  CharLowerBuffW

  GetKeyState

  GetSysColor

  DrawTextW

  RedrawWindow

  GetFocus

  IsMenu

  GetMenuStringW

  DestroyMenu

  GetSubMenu

  GetMenuItemCount

  TrackPopupMenu

  UnregisterClassW

  EnumDisplaySettingsW

  DispatchMessageW

  SendMessageW

  IsWindow

  ShowWindow

  TranslateMessage

  SetForegroundWindow

  GetMessageW

  DefWindowProcW

  UpdateWindow

  CreateWindowExW

  PeekMessageW

  RegisterClassExW

  GetCursorPos

  SetCursor

  GetWindowRect

  GetClientRect

  RemovePropW

  SetPropW

  ReleaseCapture

  SetCapture

  GetPropW

  FillRect

  IsZoomed

  SetWindowRgn

  SystemParametersInfoW

  OpenClipboard

  CloseClipboard

  PtInRect

  SetClipboardData

  LoadCursorW

  PostQuitMessage

  CharNextA

  MessageBoxW

  PostMessageW

  GetDesktopWindow

  InvalidateRect

  EnableWindow

  SetWindowTextA

  EnableMenuItem

  GetWindowTextW

  LoadIconW

  GetSystemMenu

  GetSystemMetrics

  SetWindowLongW

  ReleaseDC

  GetWindowLongW

  GetDC

  BeginPaint

  DestroyWindow

  EndPaint

  CallWindowProcW

  KillTimer

  SetTimer

  CopyRect

  EndMenu

  GetIconInfo

  DestroyCursor

  LoadImageW

  SetRectEmpty

  wsprintfW

  UpdateLayeredWindow

  SetWindowPos

  SetFocus

  GetCapture

  gdi32

  SetBkColor

  SetTextColor

  GetTextExtentPoint32W

  GetTextExtentPointW

  GetTextMetricsW

  CreateBitmap

  CreatePatternBrush

  GetViewportOrgEx

  CombineRgn

  GetBkColor

  GetBkMode

  GetTextColor

  SetRectRgn

  CreateRoundRectRgn

  ExtCreateRegion

  GetRegionData

  GetStockObject

  GetCurrentObject

  GetClipBox

  EnumFontsW

  SetViewportOrgEx

  SelectClipRgn

  CreateRectRgn

  BitBlt

  CreateDIBSection

  StretchBlt

  SetDIBColorTable

  SetBkMode

  DeleteObject

  SelectObject

  CreateCompatibleDC

  CreateCompatibleBitmap

  CreateFontW

  DeleteDC

  TextOutA

  CreateSolidBrush

  TextOutW

  GetObjectW

  PatBlt

  GetDIBColorTable

  advapi32

  CryptGenRandom

  RegOpenKeyExW

  RegEnumKeyExW

  RegCloseKey

  CryptEncrypt

  CryptImportKey

  CryptDestroyKey

  CryptDestroyHash

  CryptHashData

  CryptCreateHash

  CryptGetHashParam

  RegQueryValueExW

  CryptReleaseContext

  CryptAcquireContextA

  RegOpenKeyExA

  RegQueryValueExA

  shell32

  SHGetFolderPathA

  ShellExecuteW

  SHGetPathFromIDListW

  Shell_NotifyIconW

  SHBrowseForFolderW

  SHGetSpecialFolderPathW

  ord165

  ShellExecuteA

  SHGetSpecialFolderPathA

  ole32

  CoCreateInstance

  CoSetProxyBlanket

  CoInitializeSecurity

  CoInitializeEx

  CoInitialize

  CoTaskMemFree

  CreateStreamOnHGlobal

  CLSIDFromString

  CLSIDFromProgID

  StringFromGUID2

  CoUninitialize

  oleaut32

  SysFreeString

  VariantClear

  VariantChangeType

  VariantInit

  LoadTypeLi

  DispGetIDsOfNames

  GetErrorInfo

  SysAllocString

  shlwapi

  PathAddBackslashW

  PathAppendW

  PathFileExistsW

  PathFileExistsA

  StrStrIW

  StrStrIA

  PathAppendA

  gdiplus

  GdipSetPenDashStyle

  GdipDeletePen

  GdipCreatePen1

  GdipCloneImage

  GdipBitmapLockBits

  GdipGetImagePaletteSize

  GdipDisposeImage

  GdipAlloc

  GdipDrawImageI

  GdipBitmapUnlockBits

  GdipGetImageGraphicsContext

  GdipDeleteGraphics

  GdipCreateBitmapFromScan0

  GdipGetImagePixelFormat

  GdipCreateBitmapFromStream

  GdipGetImagePalette

  GdipGetImageHeight

  GdipFree

  GdiplusShutdown

  GdipFillPieI

  GdipSetSmoothingMode

  GdipCreateFromHDC

  GdipCreateSolidFill

  GdipDeleteBrush

  GdiplusStartup

  GdipGetImageWidth

  GdipDrawRectangle

  GdipFillRectangle

  GdipLoadImageFromStream

  GdipImageGetFrameDimensionsList

  GdipImageGetFrameCount

  GdipImageSelectActiveFrame

  GdipGetPropertyItemSize

  GdipGetPropertyItem

  GdipCreateBitmapFromHBITMAP

  GdipDrawImageRectI

  GdipDrawLinesI

  GdipImageGetFrameDimensionsCount

  msimg32

  GradientFill

  TransparentBlt

  AlphaBlend

  iphlpapi

  GetAdaptersInfo

  setupapi

  SetupDiGetClassDevsW

  SetupDiGetDeviceRegistryPropertyA

  SetupDiEnumDeviceInfo

  SetupDiDestroyDeviceInfoList

  SetupIterateCabinetW

  d3d9

  Direct3DCreate9

  dbghelp

  MiniDumpWriteDump

  rasapi32

  RasEnumConnectionsW

  version

  VerQueryValueW

  GetFileVersionInfoA

  GetFileVersionInfoSizeA

  netapi32

  Netbios

  comctl32

  _TrackMouseEvent

  ord17

  crypt32

  CertFreeCertificateContext

  wldap32

  ord30

  ord200

  ord301

  ord79

  ord35

  ord33

  ord32

  ord27

  ord22

  ord41

  ord50

  ord60

  ord211

  ord46

  ord143

  ord26

  Sections

  .text

  Size: 903KB - Virtual size: 903KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 177KB - Virtual size: 177KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 25KB - Virtual size: 40KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .dtd

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .dtc

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .phx

  Size: 512B - Virtual size: 20B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 71KB - Virtual size: 70KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 50KB - Virtual size: 49KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ