642e6c4f18fc50887dfa3db42c97a614bba355d61711f5dbb53d2cf5033d0bb0

Sharing

Copy URL

Twitter E-mail

General

Target

642e6c4f18fc50887dfa3db42c97a614bba355d61711f5dbb53d2cf5033d0bb0
Size

4.8MB
MD5

2a393706da4daff5347548b823278692
SHA1

e0dac04c7dcbad3d880c24f685e2dbd3ca1ab719
SHA256

642e6c4f18fc50887dfa3db42c97a614bba355d61711f5dbb53d2cf5033d0bb0
SHA512

ad844391300cc0f8228af8d2960bba2a64692fd80f9696a1b8e46758030ed7b40ce0255286d0ae101ac99bac7ef2f10aab4b5c79596ec0a41b45efb63a3e5c8c
SSDEEP

98304:dRnokA/rhXHcBeGL72LdEkVGntPakFDG9f5X:TnokirhMBzMuk21akQ9fh

Score

N/A

Malware Config

Signatures

Files

642e6c4f18fc50887dfa3db42c97a614bba355d61711f5dbb53d2cf5033d0bb0
.exe windows x86

6a9c0cf1fd705762b621badde47f62bc

Code Sign

21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

06-10-2011 08:39

Not After

06-10-2046 08:39

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:15:64:b5:7b:21:20:06:28:66:7b:ea:18:2d:93:f4
Certificate

Issuer

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Not Before

22-11-2021 07:19

Not After

28-09-2022 07:52

Subject

CN=Nanjing BaiZeyou Network Technology Co.\, Ltd.,O=Nanjing BaiZeyou Network Technology Co.\, Ltd.,L=Nanjing,ST=Jiangsu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

26-05-2021 06:46

Not After

18-05-2027 06:46

Subject

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fc:ce:b9:91:05:16:87:2a:92:87:5c:8c:8c:6e:f1:0c:5f:0e:bc:b4:11:66:a0:37:88:cd:3f:3f:ca:3d:6a:00
Signer

Actual PE Digest

fc:ce:b9:91:05:16:87:2a:92:87:5c:8c:8c:6e:f1:0c:5f:0e:bc:b4:11:66:a0:37:88:cd:3f:3f:ca:3d:6a:00

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nanjing BaiZeyou Network Technology Co.\, Ltd.,O=Nanjing BaiZeyou Network Technology Co.\, Ltd.,L=Nanjing,ST=Jiangsu,C=CN

13-06-2022 02:43
Valid: true

Chain 1

CN=Nanjing BaiZeyou Network Technology Co.\, Ltd.,O=Nanjing BaiZeyou Network Technology Co.\, Ltd.,L=Nanjing,ST=Jiangsu,C=CN

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

_TrackMouseEvent
ord17

gdiplus

GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenDashStyle
GdipDrawImageRectI
GdipSetSmoothingMode
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStream
GdipFillRectangle
GdipDrawRectangle
GdipDrawLinesI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromScan0

shlwapi

PathFileExistsW
PathAppendW
PathAddBackslashW

msimg32

AlphaBlend
GradientFill

iphlpapi

GetAdaptersInfo

kernel32

SizeofResource
HeapFree
GetCurrentProcess
WriteFile
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
FreeResource
HeapSize
GetLastError
DeleteFileW
HeapReAlloc
CloseHandle
RaiseException
LoadResource
FindResourceW
HeapAlloc
DecodePointer
GetProcAddress
DeleteCriticalSection
GetProcessHeap
CreateProcessW
GetModuleHandleW
FreeLibrary
CopyFileW
LoadLibraryExW
MultiByteToWideChar
ReadFile
SetFilePointer
VirtualFree
SystemTimeToFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
WideCharToMultiByte
lstrcmpiW
lstrlenW
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
GetFileSize
lstrcatW
OutputDebugStringW
LocalAlloc
LocalReAlloc
LocalLock
LocalUnlock
LocalSize
LocalFree
lstrcpyW
SetProcessWorkingSetSize
GetTempFileNameW
GetTickCount
OpenProcess
TerminateProcess
SetFileTime
Process32FirstW
Process32NextW
InterlockedDecrement
GetLocalTime
FileTimeToSystemTime
RtlUnwind
FindFirstFileW
FindNextFileW
WriteConsoleW
VirtualAlloc
GetModuleHandleA
SetFileAttributesW
GetStdHandle
GetFileInformationByHandle
SetEndOfFile
LoadLibraryW
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCPInfo
GetLocaleInfoW
LCMapStringW
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
ExitProcess
GetModuleHandleExW
GetACP
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
FindClose
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
CreateToolhelp32Snapshot

user32

OffsetRect
ClientToScreen
CopyRect
SetRectEmpty
LoadCursorW
GetClassNameW
GetParent
GetDesktopWindow
DrawTextW
GetPropW
FillRect
IsZoomed
SetWindowRgn
SystemParametersInfoW
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
CharUpperBuffW
CharLowerBuffW
CharUpperW
GetKeyState
GetSysColor
PtInRect
IsRectEmpty
GetFocus
EnableWindow
TranslateMessage
DispatchMessageW
GetMessageW
SetClassLongW
GetClassLongW
IntersectRect
ScreenToClient
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
GetIconInfo
PostQuitMessage
SetWindowLongW
ShowWindow
RegisterClassExW
GetSystemMetrics
CreateWindowExW
MessageBoxW
DefWindowProcW
GetWindowLongW
UpdateWindow
SendMessageW
PostMessageW
IsWindow
wsprintfW
DestroyCursor
LoadImageW
EqualRect
GetCaretBlinkTime
CreateCaret
GetCursorPos
SetCursor
GetWindowRect
GetClientRect
RemovePropW
SetPropW
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetCapture
SetFocus
SetWindowPos
UpdateLayeredWindow
DestroyWindow
CallWindowProcW

gdi32

SetBkMode
SetTextColor
GetTextExtentPoint32W
CreateCompatibleBitmap
GetViewportOrgEx
GetTextMetricsW
TextOutW
CreateFontW
CombineRgn
CreateRoundRectRgn
ExtCreateRegion
GetRegionData
GetStockObject
GetCurrentObject
GetClipBox
EnumFontsW
SetViewportOrgEx
GetObjectW
CreateDIBSection
SelectObject
SelectClipRgn
BitBlt
CreateCompatibleDC
CreateRectRgn
DeleteDC
SetBkColor
GetTextExtentPointW
DeleteObject

advapi32

OpenProcessToken
RegCreateKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW

shell32

SHBrowseForFolderW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
ShellExecuteW
CommandLineToArgvW
ord165

ole32

CoCreateInstance
CoTaskMemFree
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
StringFromGUID2
CoInitializeEx
CoInitializeSecurity
CLSIDFromProgID

oleaut32

LoadTypeLi
SysFreeString
DispGetIDsOfNames
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantClear
SysAllocString
SysAllocStringLen
SysStringLen

ws2_32

gethostbyname
socket
send
recv
htons
connect
closesocket
WSAStartup

Sections

.text
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a9c0cf1fd705762b621badde47f62bc

Code Sign

21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9Certificate

Key Usages

27:15:64:b5:7b:21:20:06:28:66:7b:ea:18:2d:93:f4Certificate

Extended Key Usages

Key Usages

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

fc:ce:b9:91:05:16:87:2a:92:87:5c:8c:8c:6e:f1:0c:5f:0e:bc:b4:11:66:a0:37:88:cd:3f:3f:ca:3d:6a:00Signer

Signature Validations

Verification

13-06-2022 02:43 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

gdiplus

shlwapi

msimg32

iphlpapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

Sections

.text Size: 456KB - Virtual size: 456KB

.rdata Size: 117KB - Virtual size: 116KB

.data Size: 20KB - Virtual size: 23KB

.rsrc Size: 4.2MB - Virtual size: 4.2MB

21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9
Certificate

27:15:64:b5:7b:21:20:06:28:66:7b:ea:18:2d:93:f4
Certificate

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

fc:ce:b9:91:05:16:87:2a:92:87:5c:8c:8c:6e:f1:0c:5f:0e:bc:b4:11:66:a0:37:88:cd:3f:3f:ca:3d:6a:00
Signer

13-06-2022 02:43
Valid: true

.text
Size: 456KB - Virtual size: 456KB

.rdata
Size: 117KB - Virtual size: 116KB

.data
Size: 20KB - Virtual size: 23KB

.rsrc
Size: 4.2MB - Virtual size: 4.2MB