b45b48797b41917cb1bc22335468bb2a2b275a9359778a97a0cbb4de928f5fba

Sharing

Copy URL

Twitter E-mail

General

Target

b45b48797b41917cb1bc22335468bb2a2b275a9359778a97a0cbb4de928f5fba
Size

580KB
MD5

c9af42c889a925c6a747d0b0b40d05f7
SHA1

650a621692a27c61679e07936b8862ddac263ff7
SHA256

b45b48797b41917cb1bc22335468bb2a2b275a9359778a97a0cbb4de928f5fba
SHA512

442a2524e8d1cb7298e2c79b8bf4efd1f69e52fc82c1b307d9f1e6351e7120a69c5d8eb16a4038cdb0909dc0916e5853eb1157f42bd10c74925c2fdf49b19e8e
SSDEEP

12288:E4DpVKA+WG/fL7iE/dREK0/W9RylumJE+zj:EuyfWG3r/PEKZTBmJJ

Score

N/A

Malware Config

Signatures

Files

b45b48797b41917cb1bc22335468bb2a2b275a9359778a97a0cbb4de928f5fba
.exe windows x86

5fa192c025b8e228cb50faaacc447d5a

Code Sign

21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

06/10/2011, 08:39

Not After

06/10/2046, 08:39

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:15:64:b5:7b:21:20:06:28:66:7b:ea:18:2d:93:f4
Certificate

Issuer

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Not Before

22/11/2021, 07:19

Not After

28/09/2022, 07:52

Subject

CN=Nanjing BaiZeyou Network Technology Co.\, Ltd.,O=Nanjing BaiZeyou Network Technology Co.\, Ltd.,L=Nanjing,ST=Jiangsu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

26/05/2021, 06:46

Not After

18/05/2027, 06:46

Subject

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:59:cf:26:a7:43:fb:4b:82:26:87:ae:b3:8d:6b:49:79:2d:ca:21:c6:fb:09:f4:aa:fe:4f:31:b7:bf:f6:98
Signer

Actual PE Digest

30:59:cf:26:a7:43:fb:4b:82:26:87:ae:b3:8d:6b:49:79:2d:ca:21:c6:fb:09:f4:aa:fe:4f:31:b7:bf:f6:98

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nanjing BaiZeyou Network Technology Co.\, Ltd.,O=Nanjing BaiZeyou Network Technology Co.\, Ltd.,L=Nanjing,ST=Jiangsu,C=CN

13/06/2022, 01:29
Valid: true

Chain 1

CN=Nanjing BaiZeyou Network Technology Co.\, Ltd.,O=Nanjing BaiZeyou Network Technology Co.\, Ltd.,L=Nanjing,ST=Jiangsu,C=CN

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmDisableIME

kernel32

GetProcAddress
GetModuleHandleW
FreeLibrary
GetEnvironmentVariableA
GetCurrentThread
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
GetTickCount
CreateEventW
GetExitCodeThread
ResumeThread
VirtualProtect
VirtualFree
InterlockedCompareExchange
VirtualAlloc
SuspendThread
GetThreadContext
FlushInstructionCache
SetThreadContext
VirtualQuery
SetLastError
LoadLibraryExW
WriteFile
FindClose
GetModuleFileNameW
CreateFileW
LoadLibraryW
FindNextFileW
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
WideCharToMultiByte
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
CloseHandle
DeleteFileW
GetLastError
Sleep
CreateMutexW
GetTempPathW
GetProcessHeap
WriteConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetACP
GetStdHandle
ExitProcess
HeapReAlloc
HeapFree
HeapAlloc
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
RaiseException
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
CreateDirectoryW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
EncodePointer
DecodePointer
TlsAlloc
TlsGetValue

user32

ShowWindow
wsprintfW
PostQuitMessage
KillTimer
CallWindowProcW
RegisterClassExW
CreateWindowExW
DefWindowProcW
GetMessageW
SetWindowLongW
TranslateMessage
GetWindowLongW
SetTimer
DispatchMessageW
PostMessageW
DestroyWindow

ole32

CoCreateGuid

shlwapi

PathFileExistsW
PathAppendW

urlmon

URLDownloadToFileW

setupapi

SetupIterateCabinetW

iphlpapi

GetAdaptersInfo

winhttp

WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpSetTimeouts

Sections

.text
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5fa192c025b8e228cb50faaacc447d5a

Code Sign

21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9Certificate

Key Usages

27:15:64:b5:7b:21:20:06:28:66:7b:ea:18:2d:93:f4Certificate

Extended Key Usages

Key Usages

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

30:59:cf:26:a7:43:fb:4b:82:26:87:ae:b3:8d:6b:49:79:2d:ca:21:c6:fb:09:f4:aa:fe:4f:31:b7:bf:f6:98Signer

Signature Validations

Verification

13/06/2022, 01:29 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

imm32

kernel32

user32

ole32

shlwapi

urlmon

setupapi

iphlpapi

winhttp

Sections

.text Size: 228KB - Virtual size: 227KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 4KB - Virtual size: 7KB

.gfids Size: 512B - Virtual size: 400B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 265KB - Virtual size: 265KB

21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9
Certificate

27:15:64:b5:7b:21:20:06:28:66:7b:ea:18:2d:93:f4
Certificate

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

30:59:cf:26:a7:43:fb:4b:82:26:87:ae:b3:8d:6b:49:79:2d:ca:21:c6:fb:09:f4:aa:fe:4f:31:b7:bf:f6:98
Signer

13/06/2022, 01:29
Valid: true

.text
Size: 228KB - Virtual size: 227KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 4KB - Virtual size: 7KB

.gfids
Size: 512B - Virtual size: 400B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 265KB - Virtual size: 265KB