e1ddb011fefdde3a2909c68163271c33332e08abda86ee32e4afb2a26b7e8a60

Sharing

Copy URL

Twitter E-mail

General

Target

e1ddb011fefdde3a2909c68163271c33332e08abda86ee32e4afb2a26b7e8a60
Size

3.0MB
MD5

91d24fa2a5d68ce643d81c09e6bafac4
SHA1

69ca3de8945c028db219875cc88f8ac5c017fb7f
SHA256

e1ddb011fefdde3a2909c68163271c33332e08abda86ee32e4afb2a26b7e8a60
SHA512

c514a1bc032d60e7584e5829278d6f30b7beeaf99662e6b042084c65a144e7c8dc7251d8400defabc3e20f639df380887ac5f49034afc37c1ff15e7f62b6c4c3
SSDEEP

49152:+jjP7f/pggggMqjhaHU2WKmqqgSt2NDJcl+IGC6haVGnqxx5sw4+4KP/hvozfita:8jDhDKetkFU+Gx5qghXa

Score

1^/10

Malware Config

Signatures

Files

e1ddb011fefdde3a2909c68163271c33332e08abda86ee32e4afb2a26b7e8a60
.dll windows x86

eca46e319c9aa12cbfd12e30114b8554

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:5f:25:e1:89:89:78:db:66:65:5d:af:8a:91:88:b3
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26-04-2021 00:00

Not After

04-05-2022 23:59

Subject

CN=沧州句号网络科技有限公司,O=沧州句号网络科技有限公司,L=沧州市,ST=河北省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:5f:25:e1:89:89:78:db:66:65:5d:af:8a:91:88:b3
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26-04-2021 00:00

Not After

04-05-2022 23:59

Subject

CN=沧州句号网络科技有限公司,O=沧州句号网络科技有限公司,L=沧州市,ST=河北省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:69:af:6b:cf:09:a4:c4:16:5b:24:d1:26:c1:05:82:83:5c:db:9d:39:56:30:28:59:6e:b9:3b:03:f2:61:fb
Signer

Actual PE Digest

3e:69:af:6b:cf:09:a4:c4:16:5b:24:d1:26:c1:05:82:83:5c:db:9d:39:56:30:28:59:6e:b9:3b:03:f2:61:fb

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=沧州句号网络科技有限公司,O=沧州句号网络科技有限公司,L=沧州市,ST=河北省,C=CN

07-12-2021 08:19
Valid: true

Chain 1

CN=沧州句号网络科技有限公司,O=沧州句号网络科技有限公司,L=沧州市,ST=河北省,C=CN

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

71:b7:05:38:a1:89:ac:ae:c3:7a:2f:46:90:f6:be:ab:44:fe:ed:b5
Signer

Actual PE Digest

71:b7:05:38:a1:89:ac:ae:c3:7a:2f:46:90:f6:be:ab:44:fe:ed:b5

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=沧州句号网络科技有限公司,O=沧州句号网络科技有限公司,L=沧州市,ST=河北省,C=CN

07-12-2021 08:19
Valid: true

Chain 1

CN=沧州句号网络科技有限公司,O=沧州句号网络科技有限公司,L=沧州市,ST=河北省,C=CN

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenMutexW
CreateFileMappingW
OpenFileMappingW
WaitForMultipleObjects
GetSystemInfo
FormatMessageW
GlobalAlloc
GlobalFree
TerminateProcess
GetFileInformationByHandle
GetHandleInformation
lstrcmpiW
lstrlenW
CreateProcessW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
GetTempPathW
RemoveDirectoryW
GetFileAttributesW
GetEnvironmentVariableW
CreateDirectoryA
DeviceIoControl
GetSystemDirectoryA
ResetEvent
VirtualProtect
SetLastError
LoadLibraryA
IsBadReadPtr
GetThreadLocale
MapViewOfFile
ReleaseMutex
SetErrorMode
SetUnhandledExceptionFilter
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
MoveFileW
VirtualQuery
FindResourceExW
GetVersionExW
CreateFileW
CreateFileA
SetFilePointer
ReadFile
WriteFile
GetFileSize
SetFileAttributesW
CreateDirectoryW
SetCurrentDirectoryA
SetFileTime
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteFileW
GetTickCount
SizeofResource
LockResource
LoadResource
FindResourceW
GetModuleFileNameA
FreeLibrary
LoadLibraryW
GetNativeSystemInfo
MoveFileExW
CopyFileW
GetSystemDirectoryW
GetSystemTime
FindClose
FindNextFileW
FindFirstFileW
VerifyVersionInfoW
VerSetConditionMask
SetEvent
CreateMutexW
CreateEventW
WaitForSingleObject
GetCurrentThreadId
GetCommandLineW
Sleep
GetModuleFileNameW
WideCharToMultiByte
MultiByteToWideChar
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
InterlockedIncrement
InterlockedDecrement
GetLastError
QueryDosDeviceW
GetLogicalDriveStringsW
Process32NextW
SystemTimeToFileTime
ConvertThreadToFiber
ConvertFiberToThread
GlobalMemoryStatus
CreateFiber
DeleteFiber
SwitchToFiber
SetConsoleMode
ReadConsoleA
RtlCaptureStackBackTrace
Process32FirstW
CreateToolhelp32Snapshot
VirtualAlloc
LocalFree
OutputDebugStringA
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
LocalAlloc
VirtualFree
CloseHandle
GetModuleHandleW
GetProcAddress
GetCurrentProcessId
OpenProcess
CreateMutexA
SetConsoleCtrlHandler
WriteConsoleW
SetEndOfFile
SetStdHandle
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
ReadConsoleW
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetFileAttributesExW
GetModuleHandleExW
ResumeThread
ExitThread
SetFilePointerEx
OpenEventW
UnmapViewOfFile
IsDebuggerPresent
OutputDebugStringW
TryEnterCriticalSection
GetStringTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SleepEx
CompareFileTime
GetEnvironmentVariableA
GetFileType
GetStdHandle
PeekNamedPipe
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
WaitForSingleObjectEx
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
SetProcessAffinityMask
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
WaitForMultipleObjectsEx
RtlUnwind
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode

user32

PostMessageW
PostQuitMessage
GetWindowThreadProcessId
UpdateWindow
GetProcessWindowStation
AllowSetForegroundWindow
UnregisterClassW
LoadStringW
SetWindowPos
GetUserObjectInformationW
MessageBoxW
GetDesktopWindow
GetSystemMetrics
FindWindowW

advapi32

CryptDecrypt
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
RegOpenKeyExW
RegCloseKey
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
RegCreateKeyExW
RegQueryValueExA
RegDeleteValueW
RegDeleteKeyW
StartServiceW
QueryServiceStatusEx
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
EnumDependentServicesW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
BuildExplicitAccessWithNameW
SetNamedSecurityInfoA
GetNamedSecurityInfoA
GetUserNameA
LookupAccountNameA
AdjustTokenPrivileges
SetEntriesInAclW
FreeSid
AllocateAndInitializeSid
RegSetKeySecurity
RegOpenKeyExA
RegOpenKeyW
RegEnumKeyExW
RegEnumKeyExA
DuplicateTokenEx
CreateProcessAsUserW
LookupPrivilegeValueW
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthorityCount
GetSidSubAuthority
SetTokenInformation
GetTokenInformation
OpenProcessToken
ImpersonateLoggedOnUser
GetUserNameW
RevertToSelf
RegQueryValueExW
RegSetValueExW
CryptGenRandom

shell32

ShellExecuteW
ShellExecuteExW
CommandLineToArgvW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetFolderPathA

ole32

CoCreateGuid
CoInitialize
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysFreeString
SysAllocStringByteLen
VariantClear
SysStringByteLen
VariantInit
SysAllocString

shlwapi

PathFileExistsW
PathFindFileNameW
PathFindFileNameA
PathCombineW
SHSetValueW
SHGetValueW
SHDeleteKeyW
PathRemoveFileSpecW
PathRemoveFileSpecA
PathFileExistsA
PathRemoveExtensionW
ord176
PathAppendW
PathFindExtensionW

crypt32

CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertEnumCertificatesInStore
CryptQueryObject
CertOpenSystemStoreW
CertGetNameStringW
CertCloseStore
CryptMsgClose
CertFindCertificateInStore
CertFreeCertificateContext
CryptMsgGetParam
CertOpenStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcesses
EnumProcessModules

dbghelp

MiniDumpWriteDump

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoA
VerQueryValueA

urlmon

ObtainUserAgentString

iphlpapi

GetAdaptersInfo

ws2_32

gethostname
sendto
recvfrom
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
freeaddrinfo
shutdown
select
__WSAFDIsSet
ioctlsocket
getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
closesocket
listen
htonl
accept
gethostbyname
getsockopt
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
getnameinfo
htons
WSACleanup
getaddrinfo

wldap32

ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord216
ord145
ord219
ord46
ord14

Exports

Exports

QxvdWRaaXBj
Run

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 573KB - Virtual size: 573KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eca46e319c9aa12cbfd12e30114b8554

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0b:5f:25:e1:89:89:78:db:66:65:5d:af:8a:91:88:b3Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0b:5f:25:e1:89:89:78:db:66:65:5d:af:8a:91:88:b3Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

3e:69:af:6b:cf:09:a4:c4:16:5b:24:d1:26:c1:05:82:83:5c:db:9d:39:56:30:28:59:6e:b9:3b:03:f2:61:fbSigner

Signature Validations

Verification

07-12-2021 08:19 Valid: true

Chain 1

71:b7:05:38:a1:89:ac:ae:c3:7a:2f:46:90:f6:be:ab:44:fe:ed:b5Signer

Signature Validations

Verification

07-12-2021 08:19 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

psapi

dbghelp

userenv

wtsapi32

version

urlmon

iphlpapi

ws2_32

wldap32

Exports

Exports

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 573KB - Virtual size: 573KB

.data Size: 50KB - Virtual size: 77KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 113KB - Virtual size: 112KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0b:5f:25:e1:89:89:78:db:66:65:5d:af:8a:91:88:b3
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0b:5f:25:e1:89:89:78:db:66:65:5d:af:8a:91:88:b3
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

3e:69:af:6b:cf:09:a4:c4:16:5b:24:d1:26:c1:05:82:83:5c:db:9d:39:56:30:28:59:6e:b9:3b:03:f2:61:fb
Signer

07-12-2021 08:19
Valid: true

71:b7:05:38:a1:89:ac:ae:c3:7a:2f:46:90:f6:be:ab:44:fe:ed:b5
Signer

07-12-2021 08:19
Valid: true

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 573KB - Virtual size: 573KB

.data
Size: 50KB - Virtual size: 77KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 113KB - Virtual size: 112KB