638d4b52935c5124f9e00753c2e12e7f26582ec6b4bbb5847942c1c0699eb8be

Sharing

Copy URL Twitter E-mail

General

Target

638d4b52935c5124f9e00753c2e12e7f26582ec6b4bbb5847942c1c0699eb8be
Size

990KB
MD5

c2509af2458f60cb9c7c01f63cbebd9e
SHA1

8020c7d006645720ecd2899831fb6fd7f2a38207
SHA256

638d4b52935c5124f9e00753c2e12e7f26582ec6b4bbb5847942c1c0699eb8be
SHA512

fbaa51e7b82a47252316172d09d0474ae6e51eda38dcf1f238edf1a0421394132c301db6cde9be8e4b7878b3e09b1b3a404d8c52f0c9e116755b176b09d7ab77
SSDEEP

24576:jp/+VczeM6kn9OzIoqIoPe68JKHIE5xHGEG51z:jcVczenkn9OzRoPg

Score

1^/10

Malware Config

Signatures

Files

638d4b52935c5124f9e00753c2e12e7f26582ec6b4bbb5847942c1c0699eb8be
.exe windows x64

5793d72842a08ba9b8ae695ddd278f69

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:99:09:0b:bd:99:a1:3e:66:7e:7a:28:c2:38:e5:20:63:37:87:65:ff:24:f3:fe:a5:a1:5f:ae:27:db:a6:e6
Signer

Actual PE Digest

d7:99:09:0b:bd:99:a1:3e:66:7e:7a:28:c2:38:e5:20:63:37:87:65:ff:24:f3:fe:a5:a1:5f:ae:27:db:a6:e6

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

09/05/2022, 13:31
Valid: true

Chain 1

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

e7:90:b8:49:51:f4:2f:45:05:de:bd:8d:ee:e1:c1:de:10:66:e3:90
Signer

Actual PE Digest

e7:90:b8:49:51:f4:2f:45:05:de:bd:8d:ee:e1:c1:de:10:66:e3:90

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

09/03/2023, 18:53
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapCreate
HeapFree
InitializeCriticalSectionEx
HeapSize
GetLastError
HeapReAlloc
CloseHandle
RaiseException
HeapAlloc
DeleteCriticalSection
GetProcessHeap
GlobalMemoryStatusEx
EnumSystemGeoID
WriteConsoleW
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetACP
LCMapStringW
GetFileType

user32

DefWindowProcW
DestroyWindow
CreateWindowExW
EndDialog
RegisterClassExW
LoadAcceleratorsW
LoadStringW
GetMessageW
DispatchMessageW
TranslateAcceleratorW
TranslateMessage
LoadIconW
LoadCursorW
PostQuitMessage
DialogBoxParamW
UpdateWindow
BeginPaint
EndPaint
ShowWindow

rpcrt4

UuidFromStringA

Sections

.text
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 598KB - Virtual size: 597KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5793d72842a08ba9b8ae695ddd278f69

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

d7:99:09:0b:bd:99:a1:3e:66:7e:7a:28:c2:38:e5:20:63:37:87:65:ff:24:f3:fe:a5:a1:5f:ae:27:db:a6:e6Signer

Signature Validations

Verification

09/05/2022, 13:31 Valid: true

Chain 1

e7:90:b8:49:51:f4:2f:45:05:de:bd:8d:ee:e1:c1:de:10:66:e3:90Signer

Signature Validations

Verification

09/03/2023, 18:53 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

rpcrt4

Sections

.text Size: 278KB - Virtual size: 278KB

.rdata Size: 598KB - Virtual size: 597KB

.data Size: 2KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 93KB - Virtual size: 92KB

.reloc Size: 2KB - Virtual size: 1KB

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

d7:99:09:0b:bd:99:a1:3e:66:7e:7a:28:c2:38:e5:20:63:37:87:65:ff:24:f3:fe:a5:a1:5f:ae:27:db:a6:e6
Signer

09/05/2022, 13:31
Valid: true

e7:90:b8:49:51:f4:2f:45:05:de:bd:8d:ee:e1:c1:de:10:66:e3:90
Signer

09/03/2023, 18:53
Valid: false

.text
Size: 278KB - Virtual size: 278KB

.rdata
Size: 598KB - Virtual size: 597KB

.data
Size: 2KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 93KB - Virtual size: 92KB

.reloc
Size: 2KB - Virtual size: 1KB