e79edc8964b400b4a1ee300f2f22a9ae0f3e3341fbef187a43db5ffc5e00d1ab

Sharing

Copy URL

Twitter E-mail

General

Target

e79edc8964b400b4a1ee300f2f22a9ae0f3e3341fbef187a43db5ffc5e00d1ab
Size

5.7MB
MD5

d4fdb4bc0d19c0a0186447639d5d0001
SHA1

d76cbe3f9c01e7d1efae7a847da5eefdfe2d3369
SHA256

e79edc8964b400b4a1ee300f2f22a9ae0f3e3341fbef187a43db5ffc5e00d1ab
SHA512

664208aad8c088e1da4685cca647bdb8b1fd31dce297f629c4e2ee3159617cb28749b34afdf91a9efa49b2bbe49b8b27b85bf87ff3770cf692ca444f95a108cb
SSDEEP

98304:p5/eYGscTk/HCvg3wd5ha5qgDxn4V4KQVgLkxETQhT27UiSV+pRXV8jpGg/5x:pNGw6gQ5kpl4V4jxETMiSVMF8jpdD

Score

1^/10

Malware Config

Signatures

Files

e79edc8964b400b4a1ee300f2f22a9ae0f3e3341fbef187a43db5ffc5e00d1ab
.exe windows x86

68c322693d25c1f768698b38d8704013

Code Sign

01:fb:56:23:5e:01:96:6d:80:34:7a:ae:7a:2f:b8:44
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28-05-2021 00:00

Not After

23-08-2023 23:59

Subject

SERIALNUMBER=91110105MA0198RL2R,CN=北京华网智讯信息有限公司,O=北京华网智讯信息有限公司,ST=北京市,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c09e69c9de998b3e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:7b:fb:8b:7a:cb:2b:53:db:77:53:69:4a:d3:5a:bc:d1:99:ab:19:fc:77:ba:08:c9:bb:c0:65:b6:50:c3:ef
Signer

Actual PE Digest

55:7b:fb:8b:7a:cb:2b:53:db:77:53:69:4a:d3:5a:bc:d1:99:ab:19:fc:77:ba:08:c9:bb:c0:65:b6:50:c3:ef

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91110105MA0198RL2R,CN=北京华网智讯信息有限公司,O=北京华网智讯信息有限公司,ST=北京市,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c09e69c9de998b3e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

23-02-2023 03:40
Valid: true

Chain 1

SERIALNUMBER=91110105MA0198RL2R,CN=北京华网智讯信息有限公司,O=北京华网智讯信息有限公司,ST=北京市,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c09e69c9de998b3e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedPopEntrySList
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
lstrlenA
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetFileSizeEx
GetFileInformationByHandle
InterlockedCompareExchange
SystemTimeToFileTime
GetSystemTime
ReadConsoleA
SetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
VerifyVersionInfoA
QueryDepthSList
UnregisterWaitEx
GlobalLock
MulDiv
GetLastError
MultiByteToWideChar
LocalFree
FormatMessageW
GetFileAttributesW
MoveFileExW
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
GetModuleHandleW
FindClose
FindFirstFileW
FindNextFileW
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GetSystemInfo
FileTimeToLocalFileTime
ResetEvent
ReleaseSemaphore
CreateSemaphoreW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetVersionExW
WaitForMultipleObjects
WriteFile
SetEndOfFile
GetCurrentDirectoryW
GlobalAlloc
RemoveDirectoryW
GetModuleHandleA
LocalAlloc
GetCurrentProcess
OutputDebugStringW
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetPrivateProfileIntW
GetPrivateProfileStringW
GlobalUnlock
GetLongPathNameW
GetEnvironmentVariableW
GlobalFree
GetExitCodeProcess
lstrcpyW
CreateProcessW
DecodePointer
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
GetVolumeInformationW
FileTimeToSystemTime
ReleaseMutex
CreateMutexW
SetPriorityClass
FlushInstructionCache
HeapCreate
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
GetFullPathNameW
GetLocalTime
GetVersionExA
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP
GetCurrentThread
GetStringTypeW
WriteConsoleW
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
SetStdHandle
GetConsoleCP
FlushFileBuffers
GetSystemDirectoryA
VerSetConditionMask
ExpandEnvironmentStringsA
PeekNamedPipe
SleepEx
FormatMessageA
TryEnterCriticalSection
DuplicateHandle
GetTempPathW
SetCurrentDirectoryW
GetModuleFileNameW
WideCharToMultiByte
OutputDebugStringA
InterlockedDecrement
InterlockedIncrement
WritePrivateProfileStringW
ReadFile
GetFileSize
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetExitCodeThread
TerminateThread
CreateThread
QueryDosDeviceW
GetWindowsDirectoryW
GetLogicalDriveStringsW
lstrcmpiW
LoadLibraryA
lstrlenW
SetLastError
GetProcessHeap
HeapFree
HeapAlloc
VirtualProtect
VirtualFree
VirtualAlloc
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
DeleteFileW
CreateFileW
GetSystemDirectoryW
LoadLibraryW
CloseHandle
DeviceIoControl
Sleep
OpenProcess
GetProcAddress
CreateDirectoryW
FreeLibrary

user32

GetCapture
IsZoomed
IsIconic
SetLayeredWindowAttributes
AnimateWindow
PostQuitMessage
TrackMouseEvent
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
MapWindowPoints
GetWindowRect
GetClientRect
GetActiveWindow
GetDlgItem
CreateWindowExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
GetFocus
SetFocus
PtInRect
EqualRect
IsRectEmpty
UnionRect
CopyRect
SetRect
KillTimer
SetTimer
DestroyWindow
LoadCursorW
IntersectRect
GetKeyState
SetWindowLongW
GetWindowLongW
GetForegroundWindow
UnregisterClassW
MsgWaitForMultipleObjects
SetMenuContextHelpId
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
AppendMenuW
GetMenuItemCount
DestroyMenu
CreatePopupMenu
IsWindowEnabled
IsMenu
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
SystemParametersInfoA
DrawTextW
GetClassNameW
PeekMessageW
DispatchMessageW
TranslateMessage
LoadStringW
IsWindowVisible
MessageBoxW
GetSystemMetrics
GetSysColor
EnableMenuItem
ClientToScreen
GetMessageW
CharNextW
LoadImageW
CreateIconFromResource
LoadBitmapW
PostMessageW
FindWindowW
SetCursor
SendMessageW
ShowWindow
SetWindowPos
SetWindowTextW
IsWindow
SetForegroundWindow
DestroyIcon
ScreenToClient
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
GetCursorPos
InvalidateRect
SystemParametersInfoW
GetUserObjectInformationW
GetProcessWindowStation
EndPaint
BeginPaint
UpdateWindow
ReleaseCapture
DestroyCursor
SetCapture
GetDC
ReleaseDC
InflateRect
OffsetRect
DrawIconEx
GetIconInfo
CharUpperW
CharPrevExA
wsprintfW

advapi32

SetSecurityDescriptorDacl
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegCloseKey
CreateProcessAsUserW
OpenProcessToken
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
DeregisterEventSource
RegisterEventSourceW
ReportEventW
DuplicateTokenEx
InitializeSecurityDescriptor
SetTokenInformation
ImpersonateLoggedOnUser
RevertToSelf
GetTokenInformation
LookupAccountSidW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHCreateDirectoryExW
SHGetPathFromIDListW
SHChangeNotify
SHFileOperationW

ole32

CoInitialize
CoTaskMemFree
CreateBindCtx
CLSIDFromProgID
CLSIDFromString
OleInitialize
OleUninitialize
CreateStreamOnHGlobal
OleLockRunning
CoUninitialize
CoCreateInstance
CoCreateGuid

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcessModules
EnumProcesses

shlwapi

SHCreateStreamOnFileEx
SHDeleteValueW
SHGetValueW
SHSetValueW
PathFileExistsW
SHDeleteKeyW
StrToIntExW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

gdiplus

GdipCloneImage
GdipFree
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImage
GdiplusStartup
GdipAlloc
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipSaveImageToFile
GdipGraphicsClear
GdiplusShutdown

imm32

ImmReleaseContext
ImmAssociateContext
ImmGetContext

gdi32

CreateSolidBrush
SetGraphicsMode
GetStockObject
Rectangle
SetBkMode
StretchBlt
CreateFontIndirectW
DeleteDC
EnumFontFamiliesExW
GetCharABCWidthsW
GetFontData
GetDeviceCaps
CreateBitmap
CreateRoundRectRgn
EnumFontsW
BitBlt
GetViewportOrgEx
GdiFlush
GetTextFaceW
ExtTextOutW
GetCurrentObject
SetViewportOrgEx
GetObjectW
CreateDIBSection
SelectObject
SelectClipRgn
IntersectClipRect
GetRegionData
ExtCreateRegion
DeleteObject
CreateCompatibleDC
SetWorldTransform
GetTextMetricsW
SetTextAlign
SetTextColor
RemoveFontMemResourceEx
AddFontMemResourceEx
GetTextExtentPointI
GetGlyphIndicesW
GetFontUnicodeRanges
GetOutlineTextMetricsW
GetGlyphOutlineW

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantCopy
SysAllocStringLen

crypt32

CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CryptQueryObject

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord143

ws2_32

freeaddrinfo
getaddrinfo
WSAIoctl
recvfrom
sendto
accept
listen
ioctlsocket
WSASetLastError
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
WSAStartup
WSACleanup
recv
setsockopt
send
WSAGetLastError
__WSAFDIsSet
socket
gethostname
select

usp10

ScriptShape
ScriptItemize
ScriptFreeCache

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 959KB - Virtual size: 958KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024KB - Virtual size: 85.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68c322693d25c1f768698b38d8704013

Code Sign

01:fb:56:23:5e:01:96:6d:80:34:7a:ae:7a:2f:b8:44Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

55:7b:fb:8b:7a:cb:2b:53:db:77:53:69:4a:d3:5a:bc:d1:99:ab:19:fc:77:ba:08:c9:bb:c0:65:b6:50:c3:efSigner

Signature Validations

Verification

23-02-2023 03:40 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

psapi

shlwapi

userenv

gdiplus

imm32

gdi32

oleaut32

crypt32

wldap32

ws2_32

usp10

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 959KB - Virtual size: 958KB

.data Size: 83KB - Virtual size: 212KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1024KB - Virtual size: 85.5MB

.reloc Size: 196KB - Virtual size: 196KB

01:fb:56:23:5e:01:96:6d:80:34:7a:ae:7a:2f:b8:44
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

55:7b:fb:8b:7a:cb:2b:53:db:77:53:69:4a:d3:5a:bc:d1:99:ab:19:fc:77:ba:08:c9:bb:c0:65:b6:50:c3:ef
Signer

23-02-2023 03:40
Valid: true

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 959KB - Virtual size: 958KB

.data
Size: 83KB - Virtual size: 212KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1024KB - Virtual size: 85.5MB

.reloc
Size: 196KB - Virtual size: 196KB