Sus Backdoor[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Sus Backdoor.zip
Size

1.6MB
MD5

e1bbbbe3970176506f568bfcfb109b12
SHA1

64abebbe341cb867983cd452114a89ec24f913a9
SHA256

fb1c4ec572e9dae87f45177a25da754352556cf996911a4a7c5538e5f42e1e62
SHA512

92a6655981163d463ea1d0dd3d1e8c4f14c0803c763958b5cc34ada3531f88dfa504ea942ec118f7c518dd06f6611d41a07e791f522878e9e0927218e2dee8f8
SSDEEP

49152:8H0IZ2EG4XV+n8mS2gbpo4mCvdURXT+EprFusvt5:8lLa8mQbelkQjfusvt5

Score

1^/10

Malware Config

Signatures

Files

Sus Backdoor.zip
.zip

Password: infected
UnityPlayer.dll
.dll windows x86

6250a2e28dc92727d7a9768d28e98b52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsValidLocale
WriteConsoleW
GetStringTypeW
SetEnvironmentVariableA
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleCP
FatalAppExitA
GetLocaleInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetStdHandle
SetHandleCount
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsValidCodePage
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
ExitProcess
CreateThread
VirtualAlloc
ExitThread
HeapSize
HeapQueryInformation
VirtualQuery
GetSystemInfo
GetFileType
SetStdHandle
RaiseException
EncodePointer
EnumSystemLocalesA
DecodePointer
HeapReAlloc
RtlUnwind
LocalLock
LocalUnlock
FindResourceExW
SearchPathA
GetProfileIntA
GetTickCount
GetDiskFreeSpaceA
ReplaceFileA
GetUserDefaultLCID
Sleep
InitializeCriticalSectionAndSpinCount
SetErrorMode
GetNumberFormatA
GetWindowsDirectoryA
GetTempPathA
GetTempFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentDirectoryA
GetFileTime
GetFileSizeEx
GetFileAttributesA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
SetFileAttributesA
GetFileAttributesExA
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetTimeZoneInformation
LCMapStringW
GetCommandLineA
CompareStringW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
MoveFileA
DeleteFileA
CreateFileA
lstrcmpiA
GetStringTypeExA
GetACP
GetAtomNameA
GetOEMCP
GetCPInfo
lstrcpyA
InterlockedIncrement
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetModuleFileNameA
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
CloseHandle
GlobalFlags
lstrcmpA
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
FormatMessageA
LocalFree
lstrlenW
MulDiv
FindResourceA
FreeResource
GetCurrentThreadId
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
CompareStringA
LoadLibraryW
lstrcmpW
GlobalLock
GlobalUnlock
GetCurrentProcessId
GetModuleHandleA
GlobalGetAtomNameA
GlobalAddAtomA
MultiByteToWideChar
WideCharToMultiByte
ActivateActCtx
GetLastError
DeactivateActCtx
FindResourceW
LoadResource
LockResource
SizeofResource
WinExec
HeapAlloc
GetThreadLocale
lstrlenA
GetProcessHeap
HeapFree
FreeLibrary
GetProcAddress
LoadLibraryA
IsBadReadPtr
SetLastError
VirtualFree
VirtualProtect
CreateFileW

user32

RegisterClipboardFormatA
GetUpdateRect
GetDoubleClickTime
CopyIcon
SetMenuDefaultItem
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetNextDlgGroupItem
CopyImage
GetIconInfo
GetNextDlgTabItem
HideCaret
InvertRect
GetMenuDefaultItem
GetDCEx
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
CopyAcceleratorTableA
MessageBeep
LoadMenuW
SetCursorPos
SetRect
InSendMessage
DestroyAcceleratorTable
SetClassLongA
NotifyWinEvent
LockWindowUpdate
WindowFromPoint
IsMenu
GetAsyncKeyState
UpdateLayeredWindow
EnableScrollBar
SetCapture
KillTimer
SetTimer
MonitorFromPoint
DrawIconEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawStateA
UnregisterClassA
CharUpperA
UnionRect
GetSystemMenu
DeleteMenu
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
ShowOwnedPopups
PostQuitMessage
LoadCursorA
GetSysColorBrush
MapVirtualKeyA
GetKeyNameTextA
EndPaint
BeginPaint
GetWindowDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
SetParent
SetWindowRgn
IsZoomed
IsRectEmpty
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
RealChildWindowFromPoint
ClientToScreen
SystemParametersInfoA
GetSystemMetrics
GetMenuItemInfoA
InflateRect
GetMenuStringA
IsClipboardFormatAvailable
InsertMenuA
RemoveMenu
ScrollWindowEx
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
MessageBoxA
GetClassInfoExA
RegisterClassA
GetWindowRect
ScreenToClient
DeferWindowPos
GetScrollInfo
SetScrollInfo
PtInRect
SetWindowPlacement
GetWindowPlacement
DefWindowProcA
CallWindowProcA
GetClassNameA
GetSysColor
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
GetMenuBarInfo
WinHelpA
LoadImageA
CharUpperBuffA
SubtractRect
FrameRect
SendNotifyMessageA
WaitMessage
EndDialog
GetTabbedTextExtentA
GetTabbedTextExtentW
WindowFromDC
GetDialogBaseUnits
GetWindowRgn
EnumChildWindows
MapVirtualKeyExA
IsCharLowerA
DestroyIcon
SetFocus
GetWindowThreadProcessId
IsWindowEnabled
EqualRect
GetDlgItem
GetDlgCtrlID
GetKeyState
LoadIconW
SetCursor
CreateMenu
DestroyCursor
DrawIcon
MapDialogRect
PostThreadMessageA
AppendMenuA
CreateDialogIndirectParamA
PeekMessageA
GetCapture
ReleaseCapture
LoadAcceleratorsA
SetActiveWindow
IsWindowVisible
InvalidateRect
UpdateWindow
IsIconic
InsertMenuItemA
CreatePopupMenu
GetClassInfoA
IntersectRect
OffsetRect
SetRectEmpty
CopyRect
GetLastActivePopup
PostMessageA
SetMenu
GetDesktopWindow
GetWindow
ShowWindow
EnableWindow
AdjustWindowRectEx
RedrawWindow
SetWindowPos
GetClientRect
GetWindowLongA
SetWindowLongA
IsWindow
TranslateAcceleratorA
TranslateMDISysAccel
BringWindowToTop
GetActiveWindow
DrawMenuBar
CreateWindowExA
GetParent
GetMenuItemCount
GetSubMenu
GetMenuItemID
DefMDIChildProcA
SendMessageA
GetMenu
DefFrameProcA
ReleaseDC

gdi32

CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
CreateDIBitmap
GetTextMetricsA
EnumFontFamiliesA
GetTextCharsetInfo
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetCharWidthA
CreateFontA
StretchDIBits
CreateEllipticRgn
CreatePolygonRgn
GetBkColor
GetTextColor
Polyline
Ellipse
Polygon
CreateRoundRectRgn
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
GetRgnBox
Rectangle
SetPixel
PlayMetaFile
GetObjectType
StretchBlt
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
RoundRect
EnumFontFamiliesExA
ExtFloodFill
SetPaletteEntries
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceA
GetTextExtentPointA
GetTextExtentPoint32W
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
SetPixelV
GetWindowExtEx
GetViewportExtEx
SelectClipPath
SetDIBColorTable
EnumMetaFile
CreateRectRgn
PlayMetaFileRecord
SelectPalette
GetPixel
GetStockObject
CreatePatternBrush
CreateDIBPatternBrushPt
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetDIBits
CreateCompatibleBitmap
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetLayout
GetLayout
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateDIBSection
GetCurrentObject
SelectObject
DeleteDC
DeleteObject
GetTextExtentPoint32A
ExtTextOutA
BitBlt
CreateFontIndirectA
CreateDCA
CopyMetaFileA
GetDeviceCaps
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
CreateCompatibleDC
StartDocA

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
GetJobA
OpenPrinterA
DocumentPropertiesA

advapi32

RegEnumKeyExA
RegSetValueA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyExW
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueA
RegEnumKeyA
GetFileSecurityA
SetFileSecurityA
RegCloseKey
RegDeleteValueA
RegEnumValueA
RegSetValueExA

shell32

ExtractIconA
DragFinish
DragQueryFileA
SHGetFileInfoA
SHAppBarMessage
SHAddToRecentDocs
ShellExecuteExA
SHBrowseForFolderA
SHGetMalloc
SHGetSpecialFolderPathA
ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetDesktopFolder

comctl32

ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Create
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_Remove
ImageList_DrawEx

shlwapi

PathStripToRootA
PathIsUNCA
PathRemoveExtensionA
PathFindFileNameA
PathFindExtensionA
PathRemoveFileSpecW

ole32

CreateItemMoniker
OleGetIconOfClass
OleCreateLinkToFile
OleCreateFromFile
OleSetContainedObject
GetHGlobalFromILockBytes
OleLoad
OleCreate
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleSaveToStream
WriteClassStm
OleSave
StgCreateDocfileOnILockBytes
PropVariantCopy
OleSetMenuDescriptor
OleLockRunning
CreateStreamOnHGlobal
StgIsStorageFile
StgOpenStorage
OleIsCurrentClipboard
StgOpenStorageOnILockBytes
StgCreateDocfile
CLSIDFromString
StringFromGUID2
CoDisconnectObject
CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
OleSetClipboard
IsAccelerator
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoGetMalloc
OleRegGetMiscStatus
OleRegEnumVerbs
OleIsRunning
OleQueryLinkFromData
OleQueryCreateFromData
OleRun
OleGetClipboard
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoInitializeEx
DoDragDrop
CreateFileMoniker
OleFlushClipboard
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateILockBytesOnHGlobal
CreateGenericComposite

oleaut32

VariantClear
SysAllocString
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarDateFromStr
SysReAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocStringLen
VariantInit
VariantChangeType
SafeArrayGetElement

oledlg

ord8

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundA

Exports

Exports

UnityMain

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 515KB - Virtual size: 515KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 374KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
k361.exe
.exe windows x86

01e20355b5974d2d8443a426ccb6aad1

Code Sign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:55

Not After

15-04-2021 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:9a:9c:a6:87:2f:1a:6c:01:65:bb:49
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

20-04-2021 08:47

Not After

20-04-2024 08:47

Subject

SERIALNUMBER=91440300MA5ETNLL5J,CN=深圳龙谷网络科技有限公司,O=深圳龙谷网络科技有限公司,STREET=南山区粤海街道科技园社区科苑路8号讯美科技广场3号楼2007,L=深圳市,ST=广东省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13085348454e5a48454e,1.3.6.1.4.1.311.60.2.1.2=#13094755414e47444f4e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ee:40:64:80:3a:f9:32:a9:97:db:8f:db:23:0d:dc:64:b4:91:bb:2e:71:a5:da:b3:78:fd:65:e5:b5:b4:90:4d
Signer

Actual PE Digest

ee:40:64:80:3a:f9:32:a9:97:db:8f:db:23:0d:dc:64:b4:91:bb:2e:71:a5:da:b3:78:fd:65:e5:b5:b4:90:4d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91440300MA5ETNLL5J,CN=深圳龙谷网络科技有限公司,O=深圳龙谷网络科技有限公司,STREET=南山区粤海街道科技园社区科苑路8号讯美科技广场3号楼2007,L=深圳市,ST=广东省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13085348454e5a48454e,1.3.6.1.4.1.311.60.2.1.2=#13094755414e47444f4e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

27-09-2021 12:10
Valid: true

Chain 1

SERIALNUMBER=91440300MA5ETNLL5J,CN=深圳龙谷网络科技有限公司,O=深圳龙谷网络科技有限公司,STREET=南山区粤海街道科技园社区科苑路8号讯美科技广场3号楼2007,L=深圳市,ST=广东省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13085348454e5a48454e,1.3.6.1.4.1.311.60.2.1.2=#13094755414e47444f4e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

unityplayer

UnityMain

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
GetLastError
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStdHandle
WriteFile
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
DecodePointer
CreateFileW
RaiseException

advapi32

SystemFunction036

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

6250a2e28dc92727d7a9768d28e98b52

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 515KB - Virtual size: 515KB

.data Size: 374KB - Virtual size: 405KB

.idata Size: 23KB - Virtual size: 23KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 181KB - Virtual size: 181KB

01e20355b5974d2d8443a426ccb6aad1

Code Sign

04:00:00:00:00:01:25:07:1d:f9:afCertificate

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

33:9a:9c:a6:87:2f:1a:6c:01:65:bb:49Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

ee:40:64:80:3a:f9:32:a9:97:db:8f:db:23:0d:dc:64:b4:91:bb:2e:71:a5:da:b3:78:fd:65:e5:b5:b4:90:4dSigner

Signature Validations

Verification

27-09-2021 12:10 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

unityplayer

kernel32

advapi32

Exports

Exports

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 180B

.rsrc Size: 552KB - Virtual size: 552KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 515KB - Virtual size: 515KB

.data
Size: 374KB - Virtual size: 405KB

.idata
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 181KB - Virtual size: 181KB

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

33:9a:9c:a6:87:2f:1a:6c:01:65:bb:49
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

ee:40:64:80:3a:f9:32:a9:97:db:8f:db:23:0d:dc:64:b4:91:bb:2e:71:a5:da:b3:78:fd:65:e5:b5:b4:90:4d
Signer

27-09-2021 12:10
Valid: true

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 180B

.rsrc
Size: 552KB - Virtual size: 552KB

.reloc
Size: 3KB - Virtual size: 3KB