9d5d68b6d7d51b7da23cc8836da5402424ea4a73ae4e0809bf77801b13d57299

Sharing

Copy URL Twitter E-mail

General

Target

9d5d68b6d7d51b7da23cc8836da5402424ea4a73ae4e0809bf77801b13d57299
Size

539KB
MD5

62901a2e7fbd957443049140096fe938
SHA1

38dc5ab6c10c68472d4657ef73be297ea3e3cc5c
SHA256

9d5d68b6d7d51b7da23cc8836da5402424ea4a73ae4e0809bf77801b13d57299
SHA512

eef8359801ca2f1a346e6cfcec51d895b2e2074b49546430c0d6c7ae8c181ec663ca3a890fd858f9e26daac8a32d11458527f004b061a76145ed4d6b85bc33be
SSDEEP

12288:LSBNOlXxDWKz7K8mNuwBwDhwd261vF14YrcbEnq5JujEC+aW9R:OY01ObwS0jEC+aW9R

Score

1^/10

Malware Config

Signatures

Files

9d5d68b6d7d51b7da23cc8836da5402424ea4a73ae4e0809bf77801b13d57299
.exe windows x86

36d66eada616949be4f902a4ee6e677b

Code Sign

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:eb:33:1b:0d:f7:37:6d:90:b2:ec:25:b9:d3:c1:d7:0d:94:37:63:8e:66:98:6f:28:61:8c:c9:5c:2b:fa:04
Signer

Actual PE Digest

01:eb:33:1b:0d:f7:37:6d:90:b2:ec:25:b9:d3:c1:d7:0d:94:37:63:8e:66:98:6f:28:61:8c:c9:5c:2b:fa:04

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

20/05/2022, 08:08
Valid: true

Chain 1

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

c4:97:67:6a:1a:d9:62:39:fb:8e:30:53:e6:3e:16:94:f2:dd:ec:ee
Signer

Actual PE Digest

c4:97:67:6a:1a:d9:62:39:fb:8e:30:53:e6:3e:16:94:f2:dd:ec:ee

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

20/05/2022, 08:08
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockResource
FindResourceExW
InterlockedCompareExchange
lstrlenA
GlobalAlloc
FreeResource
LoadLibraryW
GetCurrentProcessId
DeviceIoControl
CreateFileW
SetFilePointer
ReadFile
WaitForSingleObject
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
InterlockedExchange
SetConsoleCtrlHandler
OutputDebugStringW
GetStdHandle
FatalAppExitA
HeapCreate
GetCurrentThread
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
ExitProcess
RtlUnwind
CreateThread
ExitThread
TlsFree
TlsAlloc
DeleteFileW
ReleaseMutex
CloseHandle
lstrcmpiW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InitializeCriticalSection
GetLastError
lstrlenW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
Sleep
GetModuleFileNameW
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
TlsGetValue
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateFileA
CreateMutexW
OpenMutexW
GetTempPathW
FlushFileBuffers
WriteFile
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
RaiseException
GetModuleHandleW
HeapFree
HeapAlloc
HeapDestroy
GetProcAddress
GetModuleFileNameA

user32

SetCapture
PtInRect
SetPropW
GetWindowRect
ReleaseDC
GetDC
SetWindowLongW
GetWindowLongW
RemovePropW
GetPropW
CallWindowProcW
IsWindowVisible
MoveWindow
SetWindowPos
DefWindowProcW
CreateWindowExW
GetClassInfoExW
LoadCursorW
RegisterClassExW
SetCursor
SendMessageTimeoutW
FindWindowW
CreateDialogParamW
PeekMessageW
DestroyWindow
ShowWindow
CharNextW
LoadImageW
GetSystemMetrics
DispatchMessageW
GetMonitorInfoW
MonitorFromWindow
GetClientRect
PostQuitMessage
SetTimer
EndPaint
BeginPaint
KillTimer
ScreenToClient
GetCursorPos
CopyRect
SetWindowTextW
SendMessageW
IsDialogMessageW
MessageBoxW
GetActiveWindow
wsprintfW
PostMessageW
UnregisterClassA
TranslateMessage
ReleaseCapture
GetMessageW
InvalidateRect
GetCapture
IsWindow

gdi32

DeleteObject
ExtTextOutW
BitBlt
CreateCompatibleBitmap
SetViewportOrgEx
DeleteDC
GetDeviceCaps
EnumFontsW
CreateDIBSection
CreateCompatibleDC
SelectObject
GetObjectW
SetBkColor

advapi32

RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey

shell32

ShellExecuteExW
ShellExecuteW
ord165

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CreateStreamOnHGlobal
CoUninitialize

oleaut32

SysFreeString
VarUI4FromStr

shlwapi

PathAppendW
PathFileExistsW
SHSetValueW
SHDeleteValueW
UrlUnescapeW
PathCombineW
StrStrIW
PathRemoveExtensionW
PathFindFileNameW
PathIsDirectoryW
SHGetValueW

comctl32

_TrackMouseEvent

gdiplus

GdipCreateFont
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRect
GdipMeasureString
GdipGetGenericFontFamilySansSerif
GdipDisposeImageAttributes
GdipDrawString
GdipSetTextRenderingHint
GdipDrawImageRectRectI
GdipSetStringFormatLineAlign
GdipGetImageWidth
GdipGetImageHeight
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipFree
GdipAlloc
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipSetImageAttributesColorMatrix
GdipSetInterpolationMode
GdipGraphicsClear
GdipCreateFontFamilyFromName
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDrawImageRect
GdiplusStartup
GdiplusShutdown
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateImageAttributes

wininet

InternetQueryOptionW
HttpSendRequestW
HttpOpenRequestW
InternetSetOptionW
InternetOpenW
InternetCrackUrlW
InternetCanonicalizeUrlW
HttpQueryInfoW
InternetReadFile
InternetConnectW
InternetCloseHandle

imm32

ImmDisableIME

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

urlmon

URLDownloadToCacheFileW

setupapi

SetupIterateCabinetW

Sections

.text
Size: 413KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36d66eada616949be4f902a4ee6e677b

Code Sign

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7eCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:deCertificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

01:eb:33:1b:0d:f7:37:6d:90:b2:ec:25:b9:d3:c1:d7:0d:94:37:63:8e:66:98:6f:28:61:8c:c9:5c:2b:fa:04Signer

Signature Validations

Verification

20/05/2022, 08:08 Valid: true

Chain 1

c4:97:67:6a:1a:d9:62:39:fb:8e:30:53:e6:3e:16:94:f2:dd:ec:eeSigner

Signature Validations

Verification

20/05/2022, 08:08 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

wininet

imm32

version

urlmon

setupapi

Sections

.text Size: 413KB - Virtual size: 412KB

.rdata Size: 49KB - Virtual size: 49KB

.data Size: 12KB - Virtual size: 21KB

.rsrc Size: 29KB - Virtual size: 29KB

.reloc Size: 16KB - Virtual size: 15KB

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

01:eb:33:1b:0d:f7:37:6d:90:b2:ec:25:b9:d3:c1:d7:0d:94:37:63:8e:66:98:6f:28:61:8c:c9:5c:2b:fa:04
Signer

20/05/2022, 08:08
Valid: true

c4:97:67:6a:1a:d9:62:39:fb:8e:30:53:e6:3e:16:94:f2:dd:ec:ee
Signer

20/05/2022, 08:08
Valid: false

.text
Size: 413KB - Virtual size: 412KB

.rdata
Size: 49KB - Virtual size: 49KB

.data
Size: 12KB - Virtual size: 21KB

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 16KB - Virtual size: 15KB