ea6e996106c5f0149ee279f85fbb722cb063952b04f1459de48cc5971d0598d3

Sharing

Copy URL Twitter E-mail

General

Target

ea6e996106c5f0149ee279f85fbb722cb063952b04f1459de48cc5971d0598d3
Size

1.2MB
MD5

12e8391879ee9a30a33a6967ecdf34e5
SHA1

ebdcbde727e84236d34801bd9b93a5d5c49638aa
SHA256

ea6e996106c5f0149ee279f85fbb722cb063952b04f1459de48cc5971d0598d3
SHA512

7012a722f2b9e5e3b4abb2bffd47f25c930bc84da0500f59890bfc5652bfbe8d6e01ea1fec127b6c9bad053c8fe68fb59d2d0821a14a9d9f70e9577325c52f6d
SSDEEP

24576:f7G6fuS9VriqHlRnfnSvQk5+OAojnAvM9x:f7GuPPnfS4X16nAve

Score

N/A

Malware Config

Signatures

Files

ea6e996106c5f0149ee279f85fbb722cb063952b04f1459de48cc5971d0598d3
.exe windows x86

e15033533796659e34277306995eaad1

Code Sign

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:9e:4a:0a:dd:ca:50:dc:90:69:f8:20:2a:d0:21:4b:46:b4:53:1d:59:25:e1:b5:7b:64:6a:cd:aa:f1:a6:de
Signer

Actual PE Digest

23:9e:4a:0a:dd:ca:50:dc:90:69:f8:20:2a:d0:21:4b:46:b4:53:1d:59:25:e1:b5:7b:64:6a:cd:aa:f1:a6:de

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

24/03/2020, 02:08
Valid: true

Chain 1

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

cc:18:d9:19:35:cd:c3:a5:b7:5e:26:0a:6f:00:9d:f0:bf:b4:1b:09
Signer

Actual PE Digest

cc:18:d9:19:35:cd:c3:a5:b7:5e:26:0a:6f:00:9d:f0:bf:b4:1b:09

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

24/03/2020, 02:08
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleExW
FlushViewOfFile
UnmapViewOfFile
SetEndOfFile
CreateFileMappingW
MapViewOfFile
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetLongPathNameW
IsBadReadPtr
DeviceIoControl
GetWindowsDirectoryW
GetDriveTypeW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GetVolumeInformationW
HeapAlloc
GetProcessHeap
OpenProcess
HeapFree
GetFileAttributesExW
lstrlenA
GetFileSize
MapViewOfFileEx
InterlockedCompareExchange
ExpandEnvironmentStringsW
GetWindowsDirectoryA
GetTempPathW
LocalFree
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
GlobalMemoryStatusEx
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
Thread32First
Thread32Next
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
ReadProcessMemory
lstrcpyW
GetProcessId
Module32FirstW
Module32NextW
lstrcmpA
OpenThread
GetThreadTimes
SuspendThread
GetThreadContext
SetThreadContext
ResumeThread
OutputDebugStringA
OpenEventW
SetFilePointerEx
GetThreadLocale
SetThreadLocale
GetNativeSystemInfo
CreateIoCompletionPort
GetExitCodeThread
TerminateThread
PostQueuedCompletionStatus
InterlockedExchange
GetQueuedCompletionStatus
lstrcpynA
SetThreadAffinityMask
CreateProcessW
QueryPerformanceCounter
OpenFileMappingW
SetErrorMode
DuplicateHandle
SetThreadPriority
CreateMutexW
WideCharToMultiByte
SetEnvironmentVariableA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
GetStringTypeA
IsValidLocale
GetVersion
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
FatalAppExitA
HeapCreate
GetModuleFileNameA
GetStdHandle
CompareStringA
CompareStringW
LCMapStringW
LCMapStringA
GetCPInfo
GetStringTypeW
ExitProcess
GetFileAttributesW
CreateThread
ExitThread
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsAlloc
ReleaseMutex
HeapWalk
HeapLock
HeapUnlock
TlsSetValue
TlsGetValue
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
CreateFileA
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetLocalTime
Sleep
SetFileAttributesW
MoveFileExW
GetFileSizeEx
ReadFile
OutputDebugStringW
WriteFile
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateFileW
SetFilePointer
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GetSystemDirectoryW
GetCurrentProcessId
GetTickCount
DeleteFileW
SetCurrentDirectoryW
GetCommandLineW
LoadLibraryW
lstrcmpiW
LoadLibraryExW
MultiByteToWideChar
GetLastError
lstrlenW
FindResourceExW
FreeLibrary
LoadResource
LockResource
SizeofResource
FindResourceW
GetModuleFileNameW
RaiseException
GetModuleHandleA
GetSystemInfo
GetVersionExW
DeleteCriticalSection
CloseHandle
CreateEventW
ResetEvent
WaitForSingleObject
InitializeCriticalSection
SetEvent
LeaveCriticalSection
EnterCriticalSection
MulDiv
GetModuleHandleW
GetProcAddress
GetCurrentProcess
FlushInstructionCache
InterlockedDecrement
InterlockedIncrement
SetLastError
EnumSystemLocalesA
GetStartupInfoW
GetCurrentThreadId
GetCurrentThread

user32

RegisterClassW
UnregisterClassA
GetClassInfoW
SystemParametersInfoW
CopyRect
SetRectEmpty
GetCursorPos
PtInRect
LoadImageW
GetSystemMetrics
PostQuitMessage
DestroyWindow
DialogBoxParamW
SetWindowLongW
SetWindowTextW
IsIconic
IsZoomed
MoveWindow
SetWindowPos
BringWindowToTop
GetWindowRect
ClientToScreen
ScreenToClient
ShowWindow
SendMessageW
UnregisterClassW
MsgWaitForMultipleObjects
GetDesktopWindow
SetPropW
RegisterWindowMessageW
GetPropW
SetActiveWindow
EnumDesktopWindows
EnumWindows
wsprintfW
GetWindowThreadProcessId
AttachThreadInput
IsDialogMessageW
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindow
GetParent
LoadCursorW
DefWindowProcW
CharNextW
IsWindow
FindWindowW
CreateDialogParamW
CreateWindowExW
DispatchMessageW
TranslateMessage
GetMessageW
EnableWindow
PeekMessageW
ReleaseDC
GetDC
GetClassInfoExW
RegisterClassExW
EndDialog
SetTimer
KillTimer
WaitForInputIdle
EqualRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetDlgItem
CallWindowProcW
GetForegroundWindow
SetFocus
PostMessageW
IsWindowVisible
SetForegroundWindow
FindWindowExW

gdi32

GetDeviceCaps

advapi32

GetSidIdentifierAuthority
RegDeleteKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountSidW
GetTokenInformation
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
EnumServicesStatusExW
OpenSCManagerW
DuplicateTokenEx
ConvertSidToStringSidW
LookupAccountNameW
GetUserNameW
GetUserNameA
LookupAccountNameA
GetSidSubAuthority
GetSidSubAuthorityCount
IsValidSid
AccessCheck
MapGenericMask
DuplicateToken
OpenProcessToken
GetFileSecurityW
SaferCreateLevel
SaferComputeTokenFromLevel
CreateProcessAsUserW
SaferCloseLevel
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegQueryValueExA

shell32

ShellExecuteW
ord165
SHGetFolderPathW
SHGetSpecialFolderPathW
ord680
SHGetFileInfoW
ShellExecuteExW

ole32

CoCreateInstance
CoCreateGuid
CoInitializeEx
CLSIDFromString
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemRealloc
CoUninitialize
StringFromCLSID
CoInitialize

oleaut32

CreateErrorInfo
VariantChangeType
SysAllocStringLen
SysStringLen
SetErrorInfo
GetErrorInfo
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
VariantCopy
SysFreeString
SysAllocString
SafeArrayUnlock
SafeArrayLock
SafeArrayCopy
SafeArrayGetVartype
VariantClear
DispCallFunc
VariantInit
SafeArrayCreate
SafeArrayDestroy

shlwapi

PathFileExistsW
SHGetValueW
StrStrIW
PathAppendW
PathCombineW
PathRemoveFileSpecW
PathIsRelativeW
PathFindFileNameW
SHSetValueW
SHDeleteValueW
PathIsDirectoryW
SHDeleteKeyW
PathIsRootW
PathCanonicalizeW
PathRemoveBackslashW
PathIsPrefixW
PathCommonPrefixW
PathRelativePathToW
StrCmpNIW
StrFormatByteSizeW
UrlGetPartW
StrCpyNW
PathFindExtensionW
PathAppendA
ord176
PathAddBackslashW
StrStrIA
StrChrA
StrChrW
StrRChrA
StrCmpIW

comctl32

InitCommonControlsEx

gdiplus

GdipAlloc
GdipGetImageHeight
GdipGetImageWidth
GdiplusShutdown
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipFree
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdiplusStartup

version

VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

iphlpapi

GetAdaptersInfo
GetIpAddrTable

dbghelp

ImageDirectoryEntryToData
ImageNtHeader

crypt32

CryptBinaryToStringA
CryptDecodeObject
CryptMsgClose
CertCloseStore
CryptStringToBinaryA
CryptBinaryToStringW
CryptStringToBinaryW
CertGetNameStringW
CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertFreeCertificateContext

ws2_32

inet_addr
WSAStartup
htons
socket
gethostbyname
WSACleanup
closesocket
shutdown
recv
send
connect

wininet

InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoW
InternetOpenA

wintrust

WTHelperProvDataFromStateData
CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext

setupapi

SetupIterateCabinetW

msi

ord217
ord173

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

urlmon

UrlMkSetSessionOption

Sections

.text
Size: 912KB - Virtual size: 911KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e15033533796659e34277306995eaad1

Code Sign

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7eCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:deCertificate

Extended Key Usages

Key Usages

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

23:9e:4a:0a:dd:ca:50:dc:90:69:f8:20:2a:d0:21:4b:46:b4:53:1d:59:25:e1:b5:7b:64:6a:cd:aa:f1:a6:deSigner

Signature Validations

Verification

24/03/2020, 02:08 Valid: true

Chain 1

cc:18:d9:19:35:cd:c3:a5:b7:5e:26:0a:6f:00:9d:f0:bf:b4:1b:09Signer

Signature Validations

Verification

24/03/2020, 02:08 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

version

iphlpapi

dbghelp

crypt32

ws2_32

wininet

wintrust

setupapi

msi

psapi

urlmon

Sections

.text Size: 912KB - Virtual size: 911KB

.rdata Size: 141KB - Virtual size: 140KB

.data Size: 24KB - Virtual size: 52KB

.rsrc Size: 64KB - Virtual size: 63KB

.reloc Size: 54KB - Virtual size: 54KB

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

23:9e:4a:0a:dd:ca:50:dc:90:69:f8:20:2a:d0:21:4b:46:b4:53:1d:59:25:e1:b5:7b:64:6a:cd:aa:f1:a6:de
Signer

24/03/2020, 02:08
Valid: true

cc:18:d9:19:35:cd:c3:a5:b7:5e:26:0a:6f:00:9d:f0:bf:b4:1b:09
Signer

24/03/2020, 02:08
Valid: false

.text
Size: 912KB - Virtual size: 911KB

.rdata
Size: 141KB - Virtual size: 140KB

.data
Size: 24KB - Virtual size: 52KB

.rsrc
Size: 64KB - Virtual size: 63KB

.reloc
Size: 54KB - Virtual size: 54KB