288c9db43eefa78a005aad3606eb26f57f6acc45c750349e79e09cdde7e22c09

Sharing

Copy URL

Twitter E-mail

General

Target

288c9db43eefa78a005aad3606eb26f57f6acc45c750349e79e09cdde7e22c09
Size

2.0MB
MD5

65131a7f489514b5be72c1dd94a46f40
SHA1

ae73dee3fa6b12aea76d71e781b706cc2d0b64d1
SHA256

288c9db43eefa78a005aad3606eb26f57f6acc45c750349e79e09cdde7e22c09
SHA512

a8ab17fb80368f3dbb2754b81f962384977f2f8d829e92bd8403ce74ac230e4250942c1321cda018f447c2c7fc6453867a7e3dae75a497cbb217348433525f9f
SSDEEP

49152:sk9+GAL69ZhqdxIT9H2Q10H7y3O216k4xIUi9hOyiUMBaM:sk9+GAO9ZhqdxIpWHmNFJr9hOyiUMBaM

Score

1^/10

Malware Config

Signatures

Files

288c9db43eefa78a005aad3606eb26f57f6acc45c750349e79e09cdde7e22c09
.exe windows x86

34ce3a044ea3941a2077f0b230730482

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:7b:8b:d9:11:0d:00:8c:d6:ed:14:5c:2b:d1:df:da
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26-05-2021 00:00

Not After

30-05-2024 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09-06-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

46:65:99:53:0d:77:f4:28:ae:83:ca:3b:6c:af:10:41:a5:d3:fa:e5:82:7e:2b:e2:6d:5c:0d:4b:4b:39:be:51
Signer

Actual PE Digest

46:65:99:53:0d:77:f4:28:ae:83:ca:3b:6c:af:10:41:a5:d3:fa:e5:82:7e:2b:e2:6d:5c:0d:4b:4b:39:be:51

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Beijing Kingsoft Security software Co.\,Ltd,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

22-07-2022 07:13
Valid: true

Chain 1

CN=Beijing Kingsoft Security software Co.\,Ltd,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
CopyFileW
GetFileAttributesW
GetTempPathW
GetCurrentDirectoryW
MoveFileW
SetCurrentDirectoryW
RemoveDirectoryW
QueryDosDeviceW
SetEndOfFile
FlushFileBuffers
GetSystemTimeAsFileTime
FileTimeToSystemTime
InitializeCriticalSectionAndSpinCount
FileTimeToLocalFileTime
GetUserDefaultLangID
GetComputerNameA
GetSystemDirectoryW
GetStdHandle
WaitForMultipleObjects
VirtualFree
VirtualAlloc
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
lstrcpyW
lstrcatW
SetFileAttributesW
DeviceIoControl
CreateFileA
LoadLibraryA
OpenMutexW
OpenEventW
OpenSemaphoreW
GetCurrentProcessId
ExpandEnvironmentStringsW
CreateProcessW
SetUnhandledExceptionFilter
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
GetLogicalDriveStringsW
GetLocaleInfoW
GetCurrentDirectoryA
GetFullPathNameA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
GetTimeZoneInformation
GetModuleFileNameA
IsValidCodePage
GetOEMCP
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
FindFirstFileA
GetDriveTypeA
GetCPInfo
LCMapStringW
LCMapStringA
ExitProcess
RtlUnwind
GetStartupInfoW
VirtualQuery
GetModuleHandleA
VirtualProtect
GetFileType
SetStdHandle
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
IsProcessorFeaturePresent
GetThreadLocale
GetLocaleInfoA
GetACP
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetTempFileNameW
FindClose
GetSystemInfo
InterlockedCompareExchange
ProcessIdToSessionId
LocalFree
LocalAlloc
OpenProcess
WriteFile
GetTickCount
SetFilePointer
GetCurrentThread
SetThreadPriority
LoadLibraryExW
lstrcmpiW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetPrivateProfileIntW
GetPrivateProfileStringW
DeleteCriticalSection
QueryPerformanceFrequency
CreateEventW
MapViewOfFileEx
MapViewOfFile
CreateFileMappingW
CreateThread
UnmapViewOfFile
MoveFileExW
Sleep
GetDiskFreeSpaceExW
GetDriveTypeW
TerminateThread
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
DeleteFileW
RaiseException
SetLastError
FlushInstructionCache
InterlockedIncrement
InterlockedDecrement
GetWindowsDirectoryW
FreeResource
CreateFileW
GetFileSize
ReadFile
GetCurrentThreadId
InitializeCriticalSection
GetFullPathNameW
GetExitCodeThread
GetVersionExW
OutputDebugStringW
GetLocalTime
GetSystemTime
SetEvent
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
GetModuleFileNameW
WaitForSingleObject
CloseHandle
GetCurrentProcess
GetModuleHandleW
GetLastError
WideCharToMultiByte
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
lstrlenA
MultiByteToWideChar
WriteConsoleA

user32

DefWindowProcW
LoadBitmapW
CharNextW
UpdateWindow
BringWindowToTop
CreateWindowExW
CharUpperW
InvalidateRect
CharLowerW
DrawIconEx
SetRectEmpty
SetWindowLongW
SendMessageW
LoadCursorW
SetCursor
PtInRect
RegisterWindowMessageW
UnregisterClassA
FindWindowExW
ShowWindow
ReleaseDC
GetDC
LoadImageW
GetWindowTextW
DrawFrameControl
KillTimer
IntersectRect
IsRectEmpty
InflateRect
UnionRect
PostMessageW
DrawTextW
SetWindowTextW
IsWindow
IsWindowVisible
SetForegroundWindow
LoadIconW
DestroyWindow
CallWindowProcW
GetClassInfoExW
PostThreadMessageW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetDlgCtrlID
GetActiveWindow
GetDesktopWindow
IsWindowEnabled
EnableWindow
GetWindowThreadProcessId
GetForegroundWindow
SystemParametersInfoW
SetWindowPos
AttachThreadInput
SetActiveWindow
GetFocus
IsChild
GetParent
IsDialogMessageW
ClientToScreen
OffsetRect
CopyRect
RegisterClassExW
GetWindow
GetWindowRect
GetWindowLongW
GetClientRect
MapWindowPoints
GetDlgItem
BeginPaint
EndPaint
MonitorFromWindow
GetMonitorInfoW
SetCapture
ReleaseCapture
GetCursorPos
SetFocus
GetNextDlgTabItem
ScreenToClient
MoveWindow
GetKeyState
WindowFromPoint
GetScrollPos
SetRect
UpdateLayeredWindow
EqualRect
SetTimer
GetSystemMetrics
GetWindowTextLengthW
SetWindowRgn
DestroyIcon

gdi32

MoveToEx
LineTo
GetCurrentObject
TextOutW
GetTextColor
DeleteDC
GetDIBits
CreateDCW
CreatePen
GetWindowOrgEx
SelectClipRgn
SetBkMode
RoundRect
GetClipRgn
RestoreDC
OffsetRgn
ExtSelectClipRgn
CombineRgn
CreateRectRgn
GetViewportOrgEx
SaveDC
RectInRegion
GetTextExtentPoint32W
CreateCompatibleDC
SelectObject
SetViewportOrgEx
SetWindowOrgEx
DeleteObject
GetRgnBox
SetTextColor
StretchBlt
CreateBitmap
CreateCompatibleBitmap
BitBlt
SetBkColor
CreateRoundRectRgn
CreateRectRgnIndirect
GetStockObject
CreateFontIndirectW
SetGraphicsMode
CreateDIBSection
Rectangle
SetWorldTransform
GetWorldTransform
SetStretchBltMode
GetTextMetricsW
CreateFontW
GetObjectW
ExtTextOutW

advapi32

RegSetValueExW
RegCreateKeyExW
RegOpenKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetSpecialFolderPathW
SHFileOperationW
SHGetFolderPathW
Shell_NotifyIconW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW

ole32

CoUninitialize
CoSetProxyBlanket
CoCreateGuid
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CreateStreamOnHGlobal
CoInitializeEx

oleaut32

VarUI4FromStr
SysFreeString
SysAllocStringLen
SysStringLen
VariantInit
VariantCopy
VariantClear
SysAllocString

shlwapi

StrToIntA
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW
PathAddBackslashW
PathFileExistsW
PathAppendW
StrToIntW

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend

gdiplus

GdipImageRotateFlip
GdipCloneBitmapArea
GdipGetImagePixelFormat
GdipDrawImagePointsRectI
GdipCreateBitmapFromStream
GdipNewPrivateFontCollection
GdipCreateBitmapFromHBITMAP
GdipLoadImageFromStream
GdipFree
GdipCreateHBITMAPFromBitmap
GdipDeleteFontFamily
GdipAlloc
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipDrawLinesI
GdipDeletePrivateFontCollection
GdipPrivateAddFontFile
GdipGetFontCollectionFamilyCount
GdiplusShutdown
GdipCloneBrush
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateSolidFill
GdipFillRectangleI
GdipCreatePen1
GdipDeleteBrush
GdipCreateLineBrushI
GdiplusStartup
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipFillRectangle
GdipDeleteFont
GdipCreateFont
GdipCreateFontFromLogfontW
GdipSetStringFormatLineAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipSetTextRenderingHint
GdipCloneImage
GdipLoadImageFromFile
GdipDisposeImage
GdipGetImageHeight
GdipGetImageWidth
GdipSetInterpolationMode
GdipDrawImageRectI
GdipSetCompositingQuality
GdipGetImageGraphicsContext
GdipSetPixelOffsetMode
GdipGetFamily
GdipAddPathStringI
GdipGetFontSize
GdipFillPath
GdipGraphicsClear
GdipDrawImageI
GdipAddPathRectangleI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipSetPenDashStyle
GdipAddPathPieI
GdipSetClipPath
GdipDrawImageRectRectI
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipResetWorldTransform
GdipDrawPath
GdipClosePathFigure
GdipAddPathArcI
GdipDeletePath
GdipCreatePath
GdipDrawRectangleI
GdipDrawLine
GdipSetSmoothingMode
GdipSetPenMode
GdipSetPenStartCap
GdipSetPenEndCap
GdipDeletePen
GdipMeasureString

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

rasapi32

RasEnumConnectionsW

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile
GetAdaptersInfo

Sections

.text
Size: 824KB - Virtual size: 823KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 844KB - Virtual size: 842KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34ce3a044ea3941a2077f0b230730482

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

07:7b:8b:d9:11:0d:00:8c:d6:ed:14:5c:2b:d1:df:daCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

46:65:99:53:0d:77:f4:28:ae:83:ca:3b:6c:af:10:41:a5:d3:fa:e5:82:7e:2b:e2:6d:5c:0d:4b:4b:39:be:51Signer

Signature Validations

Verification

22-07-2022 07:13 Valid: true

Chain 1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

wtsapi32

psapi

version

rasapi32

iphlpapi

Sections

.text Size: 824KB - Virtual size: 823KB

.rdata Size: 196KB - Virtual size: 195KB

.data Size: 32KB - Virtual size: 51KB

.rsrc Size: 844KB - Virtual size: 842KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

07:7b:8b:d9:11:0d:00:8c:d6:ed:14:5c:2b:d1:df:da
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

46:65:99:53:0d:77:f4:28:ae:83:ca:3b:6c:af:10:41:a5:d3:fa:e5:82:7e:2b:e2:6d:5c:0d:4b:4b:39:be:51
Signer

22-07-2022 07:13
Valid: true

.text
Size: 824KB - Virtual size: 823KB

.rdata
Size: 196KB - Virtual size: 195KB

.data
Size: 32KB - Virtual size: 51KB

.rsrc
Size: 844KB - Virtual size: 842KB