General

Malware Config

Signatures

Files

• 1fd44f53bae4369a177295b93322f331112e67f7357e07ceef475a52f34918a0

  .dll windows x86

  7810ff66e03946c4c3b7ec5f08cedee6

  
  

  Code Sign

  04:00:00:00:00:01:2f:4e:e1:52:d7

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  13-04-2011 10:00

  Not After

  28-01-2028 12:00

  Subject

  CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14

  Certificate

  Issuer

  CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

  Not Before

  24-05-2016 00:00

  Not After

  24-06-2027 00:00

  Subject

  CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  0b:cd:0a:72:9f:a3:07:75:93:21:34:bb:83:2c:a0:e8

  Certificate

  Issuer

  CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-06-2020 00:00

  Not After

  30-06-2021 12:00

  Subject

  CN=成都仲启网络科技有限公司,O=成都仲启网络科技有限公司,L=成都市,ST=四川省,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  11-02-2011 12:00

  Not After

  10-02-2026 12:00

  Subject

  CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2013 12:00

  Not After

  22-10-2028 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  09:7f:ff:d3:9e:02:11:54:c4:f8:02:50:51:7e:df:38

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-06-2020 00:00

  Not After

  30-06-2021 12:00

  Subject

  CN=成都仲启网络科技有限公司,OU=IT,O=成都仲启网络科技有限公司,L=成都市,ST=四川省,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a

  Certificate

  Issuer

  CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

  Not Before

  19-02-2018 00:00

  Not After

  18-03-2029 10:00

  Subject

  CN=GlobalSign TSA for Advanced - G2

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  04:00:00:00:00:01:31:89:c6:50:04

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  02-08-2011 10:00

  Not After

  29-03-2029 10:00

  Subject

  CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  d7:16:1e:f0:d5:7c:b0:27:ab:94:84:b9:01:fd:ec:0a:c2:bd:42:f6:8e:bd:38:bb:d2:d3:65:cf:75:3f:ba:c8

  Signer

  Actual PE Digest

  d7:16:1e:f0:d5:7c:b0:27:ab:94:84:b9:01:fd:ec:0a:c2:bd:42:f6:8e:bd:38:bb:d2:d3:65:cf:75:3f:ba:c8

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=成都仲启网络科技有限公司,OU=IT,O=成都仲启网络科技有限公司,L=成都市,ST=四川省,C=CN

  14-01-2021 12:56

  Valid: true

  Chain 1

  CN=成都仲启网络科技有限公司,OU=IT,O=成都仲启网络科技有限公司,L=成都市,ST=四川省,C=CN

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  1a:c8:d3:af:84:6e:ec:dc:11:a9:68:06:31:a7:ee:c7:eb:82:8d:95

  Signer

  Actual PE Digest

  1a:c8:d3:af:84:6e:ec:dc:11:a9:68:06:31:a7:ee:c7:eb:82:8d:95

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=成都仲启网络科技有限公司,O=成都仲启网络科技有限公司,L=成都市,ST=四川省,C=CN

  14-01-2021 12:56

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  FlushFileBuffers

  LoadLibraryExA

  VirtualFree

  VirtualAlloc

  IsProcessorFeaturePresent

  FlushInstructionCache

  InterlockedPushEntrySList

  InterlockedDecrement

  InterlockedIncrement

  DecodePointer

  DeleteCriticalSection

  InitializeCriticalSectionAndSpinCount

  GetCurrentThreadId

  RaiseException

  LocalFree

  WideCharToMultiByte

  GetVersionExW

  GetModuleHandleW

  LoadLibraryW

  GetTickCount

  GetCurrentProcess

  OpenProcess

  GetProcAddress

  FreeLibrary

  CreateFileW

  ReadFile

  GetFileSize

  UnlockFile

  LockFile

  GetModuleFileNameW

  CreateMutexW

  LeaveCriticalSection

  EnterCriticalSection

  InitializeCriticalSection

  MoveFileExW

  MoveFileW

  FindNextFileW

  FindFirstFileW

  DeleteFileW

  GetFileAttributesW

  SetFileAttributesW

  GetFullPathNameW

  RemoveDirectoryW

  SetFileTime

  GetCurrentDirectoryW

  CreateDirectoryW

  SearchPathW

  WaitForSingleObjectEx

  FindFirstChangeNotificationW

  FindCloseChangeNotification

  CompareFileTime

  GetFileInformationByHandle

  SwitchToThread

  GetTimeZoneInformation

  GlobalFree

  GetDriveTypeW

  WriteFile

  CreateEventW

  WaitForSingleObject

  SetEvent

  WritePrivateProfileStringW

  MultiByteToWideChar

  LoadLibraryExW

  lstrcmpiW

  GlobalAlloc

  GetWindowsDirectoryW

  GetTempPathW

  FindResourceExW

  FindResourceW

  lstrlenW

  GlobalLock

  SizeofResource

  LoadResource

  SetLastError

  GetLastError

  GetProcessHeap

  HeapSize

  HeapFree

  HeapReAlloc

  HeapAlloc

  HeapDestroy

  LockResource

  DeleteFileA

  ReadConsoleW

  SetEndOfFile

  WriteConsoleW

  SetFilePointerEx

  SetStdHandle

  SetConsoleCtrlHandler

  SetEnvironmentVariableW

  SetEnvironmentVariableA

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineW

  GetCommandLineA

  GetCPInfo

  GetOEMCP

  IsValidCodePage

  FindNextFileA

  InterlockedPopEntrySList

  InitializeSListHead

  EncodePointer

  FindFirstFileExW

  FindFirstFileExA

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetLocaleInfoW

  LCMapStringW

  CompareStringW

  GetTimeFormatW

  GetDateFormatW

  GetConsoleMode

  GetConsoleCP

  GetStringTypeW

  GetFileType

  GetStdHandle

  GetACP

  GetCurrentThread

  GetModuleFileNameA

  ExitProcess

  GetModuleHandleExW

  CreateFileA

  GetTempFileNameA

  GetTempPathA

  FreeLibraryAndExitThread

  ResumeThread

  ExitThread

  CreateThread

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  InterlockedFlushSList

  RtlUnwind

  lstrcmpA

  DeviceIoControl

  GetSystemWindowsDirectoryW

  FreeResource

  GetSystemTimeAsFileTime

  QueryPerformanceCounter

  GetStartupInfoW

  FindClose

  GlobalUnlock

  CloseHandle

  Sleep

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  UnhandledExceptionFilter

  WaitForMultipleObjects

  GetLongPathNameW

  GetCurrentProcessId

  TerminateProcess

  GetExitCodeProcess

  GetLogicalDriveStringsW

  QueryDosDeviceW

  CopyFileW

  OutputDebugStringA

  OutputDebugStringW

  GetFileSizeEx

  GetLocalTime

  ResetEvent

  GetSystemInfo

  MapViewOfFile

  UnmapViewOfFile

  CreateFileMappingW

  FormatMessageW

  GetSystemDirectoryW

  GetTempFileNameW

  GetEnvironmentVariableW

  GetDiskFreeSpaceExW

  SetFilePointer

  GetFileAttributesExW

  InterlockedExchange

  InterlockedCompareExchange

  LocalAlloc

  GetPrivateProfileStringW

  GetShortPathNameW

  GetPrivateProfileIntW

  user32

  DefWindowProcW

  CallWindowProcW

  UnregisterClassW

  FindWindowExW

  SendMessageW

  PostMessageW

  GetShellWindow

  SetTimer

  SetWindowPos

  UpdateLayeredWindow

  ShowWindow

  DestroyWindow

  GetFocus

  MessageBoxW

  KillTimer

  RegisterWindowMessageW

  SendMessageTimeoutW

  SendNotifyMessageW

  FindWindowW

  CopyRect

  UnionRect

  EqualRect

  PtInRect

  SetCursor

  DrawFocusRect

  DestroyCursor

  MoveWindow

  IsDialogMessageW

  OffsetRect

  GetActiveWindow

  EndDialog

  DialogBoxParamW

  GetMonitorInfoW

  MonitorFromWindow

  LoadImageW

  GetWindow

  MapWindowPoints

  SetForegroundWindow

  GetSystemMetrics

  IsIconic

  IsWindowVisible

  PostQuitMessage

  CharNextW

  BringWindowToTop

  PeekMessageW

  DispatchMessageW

  TranslateMessage

  GetMessageW

  GetAsyncKeyState

  GetParent

  SetWindowLongW

  GetWindowLongW

  FillRect

  ScreenToClient

  GetWindowRect

  GetClientRect

  GetWindowTextLengthW

  GetWindowTextW

  SetWindowTextW

  InvalidateRect

  EndPaint

  BeginPaint

  ReleaseDC

  GetDC

  DrawTextW

  ReleaseCapture

  SetCapture

  GetWindowThreadProcessId

  IsWindow

  CreateWindowExW

  GetClassInfoExW

  wsprintfW

  LoadCursorW

  RegisterClassExW

  gdi32

  CreateDIBSection

  SetViewportOrgEx

  GetObjectW

  SaveDC

  SetTextColor

  SetBkMode

  SelectObject

  SelectClipRgn

  RestoreDC

  GetStockObject

  DeleteObject

  DeleteDC

  CreateRectRgnIndirect

  CreateCompatibleDC

  CreateCompatibleBitmap

  BitBlt

  CreateFontW

  EnumFontFamiliesW

  RectVisible

  OffsetViewportOrgEx

  advapi32

  GetTrusteeNameW

  CryptContextAddRef

  CryptDecrypt

  CryptEncrypt

  CryptImportKey

  CryptGenRandom

  CheckTokenMembership

  FreeSid

  AllocateAndInitializeSid

  RegSetValueExW

  RegQueryInfoKeyW

  RegEnumKeyExW

  RegDeleteValueW

  RegDeleteKeyW

  RegCreateKeyExW

  RegQueryValueExW

  RegOpenKeyExW

  RegEnumValueW

  RegCloseKey

  DuplicateTokenEx

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  OpenProcessToken

  GetUserNameW

  EqualSid

  DeleteAce

  LookupAccountSidW

  LookupAccountNameW

  SetEntriesInAclW

  GetExplicitEntriesFromAclW

  GetNamedSecurityInfoW

  SetNamedSecurityInfoW

  BuildExplicitAccessWithNameW

  CryptSetKeyParam

  ChangeServiceConfigW

  ChangeServiceConfig2W

  CloseServiceHandle

  ControlService

  CreateServiceW

  DeleteService

  LockServiceDatabase

  OpenSCManagerW

  OpenServiceW

  QueryServiceConfigW

  QueryServiceConfig2W

  QueryServiceLockStatusW

  QueryServiceStatus

  StartServiceW

  UnlockServiceDatabase

  CryptAcquireContextW

  CryptReleaseContext

  CryptDestroyKey

  GetTokenInformation

  shell32

  SHFileOperationW

  SHCreateDirectoryExW

  ShellExecuteExW

  SHBrowseForFolderW

  SHGetSpecialFolderPathW

  ord165

  SHChangeNotify

  CommandLineToArgvW

  ShellExecuteW

  SHGetPathFromIDListW

  ole32

  CoCreateGuid

  CoInitializeSecurity

  OleRun

  CoInitialize

  CoUninitialize

  CoCreateInstance

  CoTaskMemAlloc

  CoTaskMemRealloc

  CoTaskMemFree

  CreateStreamOnHGlobal

  oleaut32

  SysAllocStringLen

  VarUI4FromStr

  SysAllocString

  SysStringByteLen

  SysAllocStringByteLen

  SysFreeString

  SysStringLen

  VariantInit

  GetErrorInfo

  VariantChangeType

  SetErrorInfo

  CreateErrorInfo

  VariantClear

  VariantCopy

  shlwapi

  StrTrimA

  StrStrIA

  SHDeleteValueW

  wnsprintfW

  PathIsPrefixW

  PathRemoveFileSpecW

  SHSetValueW

  PathIsDirectoryW

  AssocQueryStringW

  SHGetValueW

  PathIsRootW

  PathIsRelativeW

  StrStrIW

  PathFindFileNameW

  PathFindExtensionW

  PathFileExistsW

  PathCombineW

  PathAppendW

  PathRenameExtensionA

  PathFindFileNameA

  StrCmpNIW

  StrCmpIW

  comctl32

  InitCommonControlsEx

  _TrackMouseEvent

  gdiplus

  GdiplusShutdown

  GdiplusStartup

  GdipCreateBitmapFromFileICM

  GdipAlloc

  GdipFree

  GdipCloneBrush

  GdipDeleteBrush

  GdipCreateSolidFill

  GdipCreatePen1

  GdipDeletePen

  GdipGetImageWidth

  GdipGetImageHeight

  GdipCreateImageAttributes

  GdipDisposeImageAttributes

  GdipSetImageAttributesColorMatrix

  GdipCreateFromHDC

  GdipDeleteGraphics

  GdipSetTextRenderingHint

  GdipDrawRectangleI

  GdipFillRectangleI

  GdipDrawImagePointRectI

  GdipDrawImageRectRect

  GdipDrawImageRectRectI

  GdipCreateFontFamilyFromName

  GdipDeleteFontFamily

  GdipCreateFont

  GdipDeleteFont

  GdipDrawString

  GdipMeasureString

  GdipCreateStringFormat

  GdipDeleteStringFormat

  GdipSetStringFormatFlags

  GdipSetStringFormatAlign

  GdipSetStringFormatLineAlign

  GdipSetStringFormatTrimming

  GdipCloneImage

  GdipDisposeImage

  GdipCreateBitmapFromStream

  GdipCreateBitmapFromFile

  GdipCreateBitmapFromStreamICM

  psapi

  GetModuleFileNameExW

  GetProcessImageFileNameW

  EnumProcesses

  setupapi

  SetupIterateCabinetW

  version

  GetFileVersionInfoW

  VerQueryValueW

  GetFileVersionInfoSizeW

  secur32

  GetUserNameExW

  wininet

  InternetGetConnectedState

  iphlpapi

  GetAdaptersInfo

  crypt32

  CertGetNameStringW

  wintrust

  WTHelperProvDataFromStateData

  WinVerifyTrust

  urlmon

  URLDownloadToFileW

  URLDownloadToCacheFileW

  Exports

  Exports

  BasicEntry

  Sections

  .text

  Size: 929KB - Virtual size: 929KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 195KB - Virtual size: 194KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 18KB - Virtual size: 26KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1.2MB - Virtual size: 1.2MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 47KB - Virtual size: 47KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ