fcc3b34f29d935f8da0e276d3f67e7d74d21149307376a504dd78c42845ce716

Sharing

Copy URL Twitter E-mail

General

Target

fcc3b34f29d935f8da0e276d3f67e7d74d21149307376a504dd78c42845ce716
Size

5.6MB
MD5

6a3e0d3f6abaed1ba6e7138f64614aa7
SHA1

7589fc2b28a07ee0ede119b6474b15c10ce5a818
SHA256

fcc3b34f29d935f8da0e276d3f67e7d74d21149307376a504dd78c42845ce716
SHA512

4b089adf3a230785661fa4010d3653f22738a1a7934d67a66fdcd0462e6d7317761081ef455bf64507e12c7afc5ce186e1b4bdc3f493e0d053b4158e35cad2ca
SSDEEP

98304:78xJ85XaD/dF5pceNR1F/NXxl2SC/ps/qQ4rABAHmJwfDOYDUttoFfJFIz58mK4S:o1/lpceNJ/NXxl2S0O/qQPAmJwL0YU5e

Score

N/A

Malware Config

Signatures

Files

fcc3b34f29d935f8da0e276d3f67e7d74d21149307376a504dd78c42845ce716
.exe windows x86

6019d21402ec2a2d0f3571fd2f59273e

Code Sign

0a:55:64:b2:f5:d8:14:9b:e8:ad:bb:26:70:aa:27:66
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2020, 00:00

Not After

05/04/2023, 12:00

Subject

SERIALNUMBER=91110106355250957F,CN=北京杰思安全科技有限公司,O=北京杰思安全科技有限公司,ST=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:62:07:73:60:37:ed:e7:88:d5:90:04:9d:f0:71:79
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2020, 00:00

Not After

05/04/2023, 12:00

Subject

SERIALNUMBER=91110106355250957F,CN=北京杰思安全科技有限公司,O=北京杰思安全科技有限公司,ST=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:cf:45:e5:ad:c8:5b:14:ac:42:cc:af:f0:c1:d3:92:94:ea:83:e6:c1:10:5c:38:a4:a8:27:2c:9d:99:4a:b6
Signer

Actual PE Digest

5d:cf:45:e5:ad:c8:5b:14:ac:42:cc:af:f0:c1:d3:92:94:ea:83:e6:c1:10:5c:38:a4:a8:27:2c:9d:99:4a:b6

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91110106355250957F,CN=北京杰思安全科技有限公司,O=北京杰思安全科技有限公司,ST=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

14/11/2022, 02:29
Valid: true

Chain 1

SERIALNUMBER=91110106355250957F,CN=北京杰思安全科技有限公司,O=北京杰思安全科技有限公司,ST=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

2f:1c:19:f5:d2:9f:89:83:33:cc:eb:62:63:81:2a:e7:65:d1:49:37
Signer

Actual PE Digest

2f:1c:19:f5:d2:9f:89:83:33:cc:eb:62:63:81:2a:e7:65:d1:49:37

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=91110106355250957F,CN=北京杰思安全科技有限公司,O=北京杰思安全科技有限公司,ST=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

24/11/2022, 14:55
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventA
CreateSemaphoreA
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryA
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
GetModuleFileNameA
GetModuleFileNameW
LocalFree
FormatMessageA
FormatMessageW
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
SetLastError
SetFileTime
GetTickCount
GetModuleHandleW
GetSystemDirectoryA
GetSystemDirectoryW
GetTempPathA
GetTempPathW
GetWindowsDirectoryA
GetWindowsDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryA
GetCurrentDirectoryW
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
CreateFileW
SetFileAttributesA
SetFileAttributesW
DeleteFileA
DeleteFileW
MoveFileA
CloseHandle
FindClose
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetModuleHandleA
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindCloseChangeNotification
GetFileSize
WriteFile
ReadFile
SetEndOfFile
SetFilePointer
CreateFileA
CompareFileTime
FileTimeToSystemTime
DeleteCriticalSection
GetFileInformationByHandle
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
FileTimeToLocalFileTime
SetConsoleCtrlHandler
GetConsoleMode
SetConsoleMode
Sleep
CreateProcessW
GetCommandLineW
GetFileAttributesW
CopyFileW
MoveFileExW
SetFileApisToOEM
HeapSize
WriteConsoleW
GetStringTypeW
SetStdHandle
WaitForSingleObjectEx
OutputDebugStringW
WaitForSingleObject
ReleaseSemaphore
ResetEvent
SetEvent
InitializeCriticalSection
GetLastError
GetVersionExA
VirtualFree
MoveFileW
VirtualAlloc
OutputDebugStringA
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetFileAttributesExW
ExitProcess
GetCommandLineA
GetACP
HeapFree
HeapAlloc
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleCP
HeapReAlloc
ReadConsoleW
SetFilePointerEx
FindFirstFileExA
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
DecodePointer

user32

CharUpperW
CharUpperA
CharPrevExA
CharToOemA

advapi32

QueryServiceStatus
OpenServiceA
OpenSCManagerA
ControlService
CloseServiceHandle
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

oleaut32

VariantClear
SysAllocStringLen
SysAllocString
VariantCopy
SysFreeString

Sections

.text
Size: 508KB - Virtual size: 507KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6019d21402ec2a2d0f3571fd2f59273e

Code Sign

0a:55:64:b2:f5:d8:14:9b:e8:ad:bb:26:70:aa:27:66Certificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

05:62:07:73:60:37:ed:e7:88:d5:90:04:9d:f0:71:79Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

5d:cf:45:e5:ad:c8:5b:14:ac:42:cc:af:f0:c1:d3:92:94:ea:83:e6:c1:10:5c:38:a4:a8:27:2c:9d:99:4a:b6Signer

Signature Validations

Verification

14/11/2022, 02:29 Valid: true

Chain 1

2f:1c:19:f5:d2:9f:89:83:33:cc:eb:62:63:81:2a:e7:65:d1:49:37Signer

Signature Validations

Verification

24/11/2022, 14:55 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

Sections

.text Size: 508KB - Virtual size: 507KB

.rdata Size: 76KB - Virtual size: 76KB

.data Size: 7KB - Virtual size: 28KB

.rsrc Size: 42KB - Virtual size: 42KB

.reloc Size: 21KB - Virtual size: 20KB

0a:55:64:b2:f5:d8:14:9b:e8:ad:bb:26:70:aa:27:66
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

05:62:07:73:60:37:ed:e7:88:d5:90:04:9d:f0:71:79
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

5d:cf:45:e5:ad:c8:5b:14:ac:42:cc:af:f0:c1:d3:92:94:ea:83:e6:c1:10:5c:38:a4:a8:27:2c:9d:99:4a:b6
Signer

14/11/2022, 02:29
Valid: true

2f:1c:19:f5:d2:9f:89:83:33:cc:eb:62:63:81:2a:e7:65:d1:49:37
Signer

24/11/2022, 14:55
Valid: false

.text
Size: 508KB - Virtual size: 507KB

.rdata
Size: 76KB - Virtual size: 76KB

.data
Size: 7KB - Virtual size: 28KB

.rsrc
Size: 42KB - Virtual size: 42KB

.reloc
Size: 21KB - Virtual size: 20KB