6de75a6615641ea99378f9c484414fc265164bca5c26bea433a9362a84fb396b

Sharing

Copy URL Twitter E-mail

General

Target

6de75a6615641ea99378f9c484414fc265164bca5c26bea433a9362a84fb396b
Size

2.5MB
MD5

dd211937e486faeee1b27ce318071f0d
SHA1

76cfc0cbc906ad103501aed1c4c9d198d74c918c
SHA256

6de75a6615641ea99378f9c484414fc265164bca5c26bea433a9362a84fb396b
SHA512

8d44dcff37e55eb6cc26386588c465ae02361018ef289348a265e3288d04896855885afb387d28bd6f817c9e41dd762019b7ed293038a08a249a0acfd5cfbd09
SSDEEP

49152:KK8g7xoILYd58tR5ik8Dp/KUy4m5G8nVVFNFba/9Hm11oB/ZUVf:KK8SCn4R5ivjjADF7a/9CH

Score

N/A

Malware Config

Signatures

Files

6de75a6615641ea99378f9c484414fc265164bca5c26bea433a9362a84fb396b
.exe windows x86

0bdb30ed6414c2ae61afd97164153ca3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5b:32:d2:7a:2e:b6:b4:cf:47:4f:83:97:38:12:9c:46
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/10/2017, 00:00

Not After

10/10/2019, 23:59

Subject

CN=北京布丁跳跳科技有限公司,OU=IT,O=北京布丁跳跳科技有限公司,L=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:7b:68:fb:e4:74:c7:69:f8:4e:87:90:2a:7a:f2:85
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

10/10/2017, 00:00

Not After

10/10/2019, 23:59

Subject

CN=北京布丁跳跳科技有限公司,OU=IT,O=北京布丁跳跳科技有限公司,L=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:46:40:f8:ab:5b:b8:7a:a1:5f:54:7c:c0:f6:de:df:07:50:32:56:8d:87:4e:d1:d6:9a:2b:2a:02:53:50:c0
Signer

Actual PE Digest

18:46:40:f8:ab:5b:b8:7a:a1:5f:54:7c:c0:f6:de:df:07:50:32:56:8d:87:4e:d1:d6:9a:2b:2a:02:53:50:c0

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=北京布丁跳跳科技有限公司,OU=IT,O=北京布丁跳跳科技有限公司,L=Beijing,C=CN

07/01/2019, 03:22
Valid: false

dd:c8:b9:e7:0d:7a:64:3b:f4:c9:e3:05:62:9c:b7:8f:06:98:dc:14
Signer

Actual PE Digest

dd:c8:b9:e7:0d:7a:64:3b:f4:c9:e3:05:62:9c:b7:8f:06:98:dc:14

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=北京布丁跳跳科技有限公司,OU=IT,O=北京布丁跳跳科技有限公司,L=Beijing,C=CN

07/01/2019, 03:22
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW

kernel32

MoveFileExW
GetCurrentThreadId
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentProcess
FreeLibrary
LoadLibraryW
FileTimeToSystemTime
InterlockedDecrement
FormatMessageW
ExpandEnvironmentStringsW
CreateFileA
CreateMutexW
ReleaseMutex
Sleep
lstrlenW
GetVersion
GetFileInformationByHandle
ExitThread
InterlockedIncrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
GlobalAlloc
GlobalFree
CreateProcessW
WaitForSingleObject
GetTickCount
MultiByteToWideChar
CreateDirectoryW
GetTempPathW
FindResourceW
GetThreadLocale
GetEnvironmentVariableW
FlushConsoleInputBuffer
GlobalMemoryStatus
WaitForMultipleObjects
PeekNamedPipe
GetSystemDirectoryA
SleepEx
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
LoadLibraryA
SetConsoleCtrlHandler
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentDirectoryA
GetFullPathNameA
GetStringTypeW
GetStringTypeA
IsValidLocale
LoadResource
LockResource
SizeofResource
WriteFile
DeleteFileW
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetLogicalDriveStringsW
QueryDosDeviceW
GetLastError
VirtualFree
LocalAlloc
LocalFree
VirtualAlloc
OpenProcess
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
CreateThread
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateFileW
GetFileSize
ReadFile
CloseHandle
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
HeapSize
IsValidCodePage
GetOEMCP
GetACP
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
LeaveCriticalSection
HeapFree
GetProcessHeap
GetConsoleCP
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
HeapCreate
HeapDestroy
HeapReAlloc
GetCPInfo
WritePrivateProfileStringW
AreFileApisANSI
WideCharToMultiByte
ReadConsoleInputA
SetConsoleMode
LCMapStringW
LCMapStringA
GetStartupInfoW
GetVersionExA
GetDriveTypeA
FindFirstFileA
FileTimeToLocalFileTime
MoveFileW
RtlUnwind
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
HeapAlloc

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
GetDesktopWindow

advapi32

DuplicateTokenEx
ImpersonateLoggedOnUser
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegCloseKey
RegSetValueExW
RegCreateKeyExW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RevertToSelf
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoInitialize
CoUninitialize
CLSIDFromString

psapi

GetProcessImageFileNameW
EnumProcessModules
GetModuleFileNameExW

crypt32

CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptQueryObject
CryptMsgGetParam
CertCloseStore
CryptMsgClose

ws2_32

recvfrom
accept
gethostname
ioctlsocket
select
sendto
getservbyport
gethostbyaddr
shutdown
WSACleanup
WSAStartup
WSAGetLastError
closesocket
socket
recv
send
getsockname
ntohs
bind
htons
getsockopt
getpeername
setsockopt
connect
WSASetLastError
inet_addr
gethostbyname
inet_ntoa
htonl
getservbyname
listen
__WSAFDIsSet

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024KB - Virtual size: 30.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0bdb30ed6414c2ae61afd97164153ca3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5b:32:d2:7a:2e:b6:b4:cf:47:4f:83:97:38:12:9c:46Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

17:7b:68:fb:e4:74:c7:69:f8:4e:87:90:2a:7a:f2:85Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

18:46:40:f8:ab:5b:b8:7a:a1:5f:54:7c:c0:f6:de:df:07:50:32:56:8d:87:4e:d1:d6:9a:2b:2a:02:53:50:c0Signer

Signature Validations

Verification

07/01/2019, 03:22 Valid: false

dd:c8:b9:e7:0d:7a:64:3b:f4:c9:e3:05:62:9c:b7:8f:06:98:dc:14Signer

Signature Validations

Verification

07/01/2019, 03:22 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

psapi

crypt32

ws2_32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 276KB - Virtual size: 274KB

.data Size: 40KB - Virtual size: 73KB

.rsrc Size: 1024KB - Virtual size: 30.9MB

.reloc Size: 148KB - Virtual size: 144KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5b:32:d2:7a:2e:b6:b4:cf:47:4f:83:97:38:12:9c:46
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

17:7b:68:fb:e4:74:c7:69:f8:4e:87:90:2a:7a:f2:85
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

18:46:40:f8:ab:5b:b8:7a:a1:5f:54:7c:c0:f6:de:df:07:50:32:56:8d:87:4e:d1:d6:9a:2b:2a:02:53:50:c0
Signer

07/01/2019, 03:22
Valid: false

dd:c8:b9:e7:0d:7a:64:3b:f4:c9:e3:05:62:9c:b7:8f:06:98:dc:14
Signer

07/01/2019, 03:22
Valid: false

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 276KB - Virtual size: 274KB

.data
Size: 40KB - Virtual size: 73KB

.rsrc
Size: 1024KB - Virtual size: 30.9MB

.reloc
Size: 148KB - Virtual size: 144KB