33df28e51c460b67950afb3b534d1a33bb452a7a18115ca3b5f26f7ef60dbb06

Sharing

Copy URL Twitter E-mail

General

Target

33df28e51c460b67950afb3b534d1a33bb452a7a18115ca3b5f26f7ef60dbb06
Size

1.1MB
MD5

2d488dd2a2c18080c5a936944f91fdc7
SHA1

e7c2473d5b39a78630a99571dbb1f3db06a32d81
SHA256

33df28e51c460b67950afb3b534d1a33bb452a7a18115ca3b5f26f7ef60dbb06
SHA512

58991f2f1d5ef86ab07e6cc178a3e199b66cedcd8fc5c87218cb367a4b186d989369b0474a6bd769aea7a065e968804c90bbdb747006bf47c4dbc885c0171290
SSDEEP

24576:l5dQjhmCLaYXIa9egtsnPV5F2ov6n0X7x9:FQFmC2/a9Intz2ov6n0X

Score

N/A

Malware Config

Signatures

Files

33df28e51c460b67950afb3b534d1a33bb452a7a18115ca3b5f26f7ef60dbb06
.dll windows x86

5b767a2644dc26553f6fd79a282567f1

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ca:14:48:8c:c2:1a:dd:fe:61:a0:44:fe:ec:fa:ff:dc:30:e4:b8:04:d0:e9:d2:ef:57:8e:79:7f:1b:1c:a0:1b
Signer

Actual PE Digest

ca:14:48:8c:c2:1a:dd:fe:61:a0:44:fe:ec:fa:ff:dc:30:e4:b8:04:d0:e9:d2:ef:57:8e:79:7f:1b:1c:a0:1b

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

17/03/2020, 02:36
Valid: true

Chain 1

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

8c:11:d4:a7:d1:1c:60:91:1c:6c:2d:b1:7c:7a:be:75:23:db:ed:b6
Signer

Actual PE Digest

8c:11:d4:a7:d1:1c:60:91:1c:6c:2d:b1:7c:7a:be:75:23:db:ed:b6

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

17/03/2020, 02:36
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
WaitForSingleObject
LoadLibraryW
MultiByteToWideChar
GetProcessTimes
ReadProcessMemory
DuplicateHandle
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
WideCharToMultiByte
FindResourceExW
FindResourceW
GetTickCount
SizeofResource
LoadResource
LockResource
GetPrivateProfileIntW
GetModuleHandleW
CreateMutexW
CloseHandle
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetLastError
GetCurrentThreadId
OpenProcess
GetProcAddress
DeleteCriticalSection
WaitForSingleObjectEx
WriteConsoleW
SetFilePointerEx
SetEndOfFile
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetStdHandle
GetACP
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer
WriteFile
ReadFile
FlushFileBuffers
GetModuleFileNameW
CreateProcessW
GetStartupInfoW
CreateFileW
GetLocalTime
DeleteFileW
InterlockedExchange
InterlockedCompareExchange
SetEvent
WaitForMultipleObjects
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
EncodePointer
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
LoadLibraryExW
Sleep
InterlockedExchangeAdd
FreeLibrary
InterlockedIncrement
InterlockedDecrement
WritePrivateProfileStringW
DeviceIoControl
lstrcmpA
lstrcmpiA
GetSystemDirectoryW
CreateFileA
FreeResource
GetSystemWindowsDirectoryW
GetVersionExW
RtlUnwind
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetFileType
GetConsoleMode
ReadConsoleW
GetConsoleCP
ResetEvent

user32

MonitorFromPoint
GetWindowInfo
GetWindow
GetAncestor
SendMessageTimeoutW
ShowWindow
FindWindowW
GetShellWindow
GetDesktopWindow
SetWindowLongW
GetWindowLongW
WindowFromPoint
GetWindowRect
GetForegroundWindow
KillTimer
SetTimer
DestroyWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
PostQuitMessage
DefWindowProcW
SendMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
GetMonitorInfoW
GetWindowThreadProcessId
UnregisterClassW
LoadCursorW

advapi32

RegEnumKeyExW
DuplicateTokenEx
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW
RegSetValueExW

shell32

SHGetSpecialFolderPathW
ord165
ShellExecuteW
SHCreateDirectoryExW

shlwapi

PathFileExistsW
PathCombineW
SHGetValueW
PathFindFileNameW
StrCmpIW
PathRemoveFileSpecW
StrCmpNIW
PathRenameExtensionW
StrStrIW
SHGetValueA
PathAppendW
SHSetValueA
StrStrIA
StrTrimA

psapi

GetModuleFileNameExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

ole32

CoCreateGuid
CoInitializeEx

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

Exports

Exports

CreateTrayClient

Sections

.text
Size: 831KB - Virtual size: 831KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b767a2644dc26553f6fd79a282567f1

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7eCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:deCertificate

Extended Key Usages

Key Usages

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

ca:14:48:8c:c2:1a:dd:fe:61:a0:44:fe:ec:fa:ff:dc:30:e4:b8:04:d0:e9:d2:ef:57:8e:79:7f:1b:1c:a0:1bSigner

Signature Validations

Verification

17/03/2020, 02:36 Valid: true

Chain 1

8c:11:d4:a7:d1:1c:60:91:1c:6c:2d:b1:7c:7a:be:75:23:db:ed:b6Signer

Signature Validations

Verification

17/03/2020, 02:36 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

psapi

version

crypt32

wintrust

wininet

iphlpapi

ole32

urlmon

Exports

Exports

Sections

.text Size: 831KB - Virtual size: 831KB

.rdata Size: 184KB - Virtual size: 184KB

.data Size: 16KB - Virtual size: 25KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 40KB - Virtual size: 40KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

ca:14:48:8c:c2:1a:dd:fe:61:a0:44:fe:ec:fa:ff:dc:30:e4:b8:04:d0:e9:d2:ef:57:8e:79:7f:1b:1c:a0:1b
Signer

17/03/2020, 02:36
Valid: true

8c:11:d4:a7:d1:1c:60:91:1c:6c:2d:b1:7c:7a:be:75:23:db:ed:b6
Signer

17/03/2020, 02:36
Valid: false

.text
Size: 831KB - Virtual size: 831KB

.rdata
Size: 184KB - Virtual size: 184KB

.data
Size: 16KB - Virtual size: 25KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 40KB - Virtual size: 40KB