General

Malware Config

Signatures

Files

• 41d3c6bd3ce9f01f49f53ae5ef03c1d583b556e8327a4c6c27148809564738a2

  .exe windows x86

  c3e55a24b4b7de063114765c8878d463

  
  

  Code Sign

  04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2013 12:00

  Not After

  22-10-2028 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  05:96:d2:56:44:93:23:61:0b:79:65:20:54:21:f3:96

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  25-05-2021 00:00

  Not After

  29-05-2024 23:59

  Subject

  CN=天津六六游科技有限公司,O=天津六六游科技有限公司,ST=天津市,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12

  Certificate

  Issuer

  CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  12-01-2016 00:00

  Not After

  11-01-2031 23:59

  Subject

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12

  Certificate

  Issuer

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  23-12-2017 00:00

  Not After

  22-03-2029 23:59

  Subject

  CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  41:65:87:39:0c:1b:97:fc:47:40:a8:02:1d:77:cd:39:38:8f:26:39:c7:5a:8d:30:1d:1f:b0:d4:3b:36:7a:88

  Signer

  Actual PE Digest

  41:65:87:39:0c:1b:97:fc:47:40:a8:02:1d:77:cd:39:38:8f:26:39:c7:5a:8d:30:1d:1f:b0:d4:3b:36:7a:88

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=天津六六游科技有限公司,O=天津六六游科技有限公司,ST=天津市,C=CN

  23-03-2023 02:11

  Valid: true

  Chain 1

  CN=天津六六游科技有限公司,O=天津六六游科技有限公司,ST=天津市,C=CN

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  MulDiv

  GetSystemTime

  CreatePipe

  PeekNamedPipe

  lstrcmpW

  lstrcmpiW

  lstrcpynW

  lstrlenA

  lstrlenW

  CreateMutexW

  LoadLibraryW

  LoadLibraryExW

  GetModuleFileNameW

  GetModuleHandleW

  CreateProcessW

  GetStartupInfoW

  FindResourceW

  FindResourceExW

  GetSystemDirectoryW

  DeleteFileW

  FindFirstFileW

  FindNextFileW

  GetVersionExW

  MultiByteToWideChar

  WideCharToMultiByte

  LocalFree

  GetCommandLineW

  GetWindowsDirectoryW

  WritePrivateProfileStringW

  IsDebuggerPresent

  OutputDebugStringW

  EncodePointer

  InitializeSListHead

  InterlockedPopEntrySList

  InterlockedPushEntrySList

  FlushInstructionCache

  IsProcessorFeaturePresent

  VirtualAlloc

  VirtualFree

  LoadLibraryExA

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TerminateProcess

  QueryPerformanceCounter

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  GetFileSize

  WriteFile

  FlushFileBuffers

  CreateFileW

  DeviceIoControl

  lstrcmpA

  lstrcmpiA

  CreateFileA

  RtlUnwind

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  CreateThread

  ExitThread

  SizeofResource

  GetModuleHandleExW

  ExitProcess

  GetStdHandle

  GetACP

  GetStringTypeW

  GetFileType

  FindClose

  LCMapStringW

  FindFirstFileExW

  IsValidCodePage

  GetOEMCP

  GetCPInfo

  GetCommandLineA

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  WaitForSingleObjectEx

  SetStdHandle

  GetConsoleCP

  GetConsoleMode

  SetFilePointerEx

  ReadConsoleW

  WriteConsoleW

  SetEndOfFile

  GetSystemWindowsDirectoryW

  FreeResource

  InterlockedCompareExchange

  GetPrivateProfileStringW

  LocalAlloc

  GetSystemInfo

  ResetEvent

  CreateDirectoryW

  GetTempFileNameW

  FormatMessageW

  GlobalAddAtomW

  TerminateThread

  CopyFileW

  ReleaseMutex

  GetExitCodeProcess

  GetFileAttributesExW

  CreateFileMappingW

  UnmapViewOfFile

  MapViewOfFile

  SetFilePointer

  WaitForMultipleObjects

  GetExitCodeThread

  MoveFileW

  GetLocalTime

  GetFileSizeEx

  GlobalFree

  MoveFileExW

  GetFileAttributesW

  SetFileAttributesW

  GetTickCount

  GetFullPathNameW

  RemoveDirectoryW

  GetDiskFreeSpaceExW

  GetTempPathW

  GetDriveTypeW

  GetLogicalDriveStringsW

  Process32NextW

  Process32FirstW

  CreateToolhelp32Snapshot

  GlobalFindAtomW

  GlobalDeleteAtom

  OpenProcess

  GetLongPathNameW

  CreateEventW

  SetEvent

  CloseHandle

  LoadResource

  Sleep

  WaitForSingleObject

  LeaveCriticalSection

  EnterCriticalSection

  InitializeCriticalSection

  SetErrorMode

  SetLastError

  GetCurrentThreadId

  GetCurrentProcess

  GlobalMemoryStatusEx

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  GetProcAddress

  FreeLibrary

  LockResource

  InterlockedDecrement

  InterlockedIncrement

  SetFileTime

  ReadFile

  GetFileInformationByHandle

  GetModuleHandleA

  InterlockedExchange

  DeleteCriticalSection

  InitializeCriticalSectionAndSpinCount

  GetLastError

  DecodePointer

  RaiseException

  GetProcessHeap

  HeapSize

  HeapFree

  HeapReAlloc

  HeapAlloc

  HeapDestroy

  FreeLibraryAndExitThread

  user32

  MonitorFromPoint

  DialogBoxParamW

  CopyRect

  EndDialog

  MonitorFromWindow

  LoadImageW

  LoadCursorW

  GetCursorPos

  UpdateWindow

  TrackPopupMenu

  DestroyMenu

  CreatePopupMenu

  GetSystemMetrics

  KillTimer

  SetTimer

  IsIconic

  UnregisterClassW

  ShowWindowAsync

  CharUpperW

  GetClassNameW

  AppendMenuW

  GetWindow

  MessageBoxW

  UnhookWinEvent

  SetWinEventHook

  SystemParametersInfoW

  SetCursor

  OffsetRect

  SetWindowRgn

  UpdateLayeredWindow

  SetRect

  GetMonitorInfoW

  PtInRect

  PostQuitMessage

  IsRectEmpty

  WaitForInputIdle

  SendMessageTimeoutW

  GetWindowThreadProcessId

  FindWindowExW

  PostThreadMessageW

  wsprintfW

  RegisterWindowMessageW

  GetMessageW

  TranslateMessage

  DispatchMessageW

  PeekMessageW

  SendMessageW

  PostMessageW

  DefWindowProcW

  CallWindowProcW

  RegisterClassExW

  FindWindowW

  GetParent

  GetDesktopWindow

  SetWindowLongW

  GetWindowLongW

  FillRect

  GetSysColor

  MapWindowPoints

  ScreenToClient

  ClientToScreen

  GetWindowRect

  GetClientRect

  GetWindowTextLengthW

  GetWindowTextW

  SetWindowTextW

  RedrawWindow

  InvalidateRgn

  InvalidateRect

  EndPaint

  BeginPaint

  ReleaseDC

  GetDC

  SetForegroundWindow

  DestroyAcceleratorTable

  CreateAcceleratorTableW

  ReleaseCapture

  SetCapture

  GetFocus

  SetFocus

  CharNextW

  GetDlgItem

  BringWindowToTop

  IsWindowVisible

  SetWindowPos

  MoveWindow

  ShowWindow

  DestroyWindow

  IsChild

  IsWindow

  CreateWindowExW

  GetClassInfoExW

  shlwapi

  wnsprintfW

  SHStrDupW

  PathAppendW

  wvnsprintfW

  StrToInt64ExW

  PathIsPrefixW

  StrToIntW

  StrCmpIW

  StrStrIA

  StrTrimA

  StrCmpNIW

  PathRemoveFileSpecW

  PathIsDirectoryW

  PathFindFileNameW

  PathFindExtensionW

  PathFileExistsW

  PathCombineW

  PathRelativePathToW

  SHDeleteValueW

  SHGetValueW

  SHSetValueW

  wnsprintfA

  StrStrIW

  PathStripToRootW

  SHGetValueA

  SHSetValueA

  StrCmpW

  PathIsRelativeW

  SHDeleteKeyW

  comctl32

  _TrackMouseEvent

  InitCommonControlsEx

  gdiplus

  GdipDrawImageRectRectI

  GdipSetStringFormatTrimming

  GdipSetStringFormatLineAlign

  GdipSetStringFormatAlign

  GdipSetStringFormatFlags

  GdipDeleteStringFormat

  GdipCreateStringFormat

  GdiplusStartup

  GdipCreateBitmapFromStreamICM

  GdipCreateBitmapFromStream

  GdipGetImageHeight

  GdipGetImageWidth

  GdipDisposeImage

  GdipCloneImage

  GdipFree

  GdipAlloc

  GdipMeasureString

  GdipDrawString

  GdipDeleteFont

  GdipCreateFont

  GdipDeleteFontFamily

  GdiplusShutdown

  GdipSetTextRenderingHint

  GdipSetImageAttributesColorMatrix

  GdipDisposeImageAttributes

  GdipCreateImageAttributes

  GdipCreateSolidFill

  GdipDeleteBrush

  GdipDrawImagePointRectI

  GdipCreateFontFamilyFromName

  GdipDrawImageRectRect

  GdipDeleteGraphics

  GdipCreateFromHDC

  GdipCreateBitmapFromFile

  gdi32

  CreateRectRgn

  EnumFontFamiliesW

  CreateFontW

  ExtTextOutW

  CombineRgn

  SetTextColor

  BitBlt

  CreateCompatibleBitmap

  CreateCompatibleDC

  CreateSolidBrush

  DeleteDC

  DeleteObject

  GetDeviceCaps

  GetStockObject

  GetObjectW

  RestoreDC

  SaveDC

  SetViewportOrgEx

  CreateFontIndirectW

  GetCurrentObject

  SetBkColor

  SelectObject

  SetBkMode

  advapi32

  GetUserNameW

  RegQueryValueExA

  RegOpenKeyExA

  RegEnumKeyExA

  RegSetValueExW

  RegQueryValueExW

  RegQueryInfoKeyW

  RegOpenKeyExW

  RegCloseKey

  RegCreateKeyExW

  RegDeleteKeyW

  GetTokenInformation

  GetTrusteeNameW

  BuildExplicitAccessWithNameW

  SetNamedSecurityInfoW

  GetNamedSecurityInfoW

  GetExplicitEntriesFromAclW

  SetEntriesInAclW

  LookupAccountNameW

  LookupAccountSidW

  DeleteAce

  EqualSid

  LookupPrivilegeValueW

  RegEnumKeyExW

  RegDeleteValueW

  OpenProcessToken

  AdjustTokenPrivileges

  shell32

  ShellExecuteW

  SHGetSpecialFolderPathW

  SHChangeNotify

  CommandLineToArgvW

  Shell_NotifyIconW

  ord165

  SHBrowseForFolderW

  SHCreateDirectoryExW

  SHLoadInProc

  ShellExecuteExW

  ord75

  SHFileOperationW

  SHGetPathFromIDListW

  ord680

  ole32

  CoInitialize

  CoCreateGuid

  OleRun

  CoUninitialize

  CoSetProxyBlanket

  CreateStreamOnHGlobal

  OleLockRunning

  OleUninitialize

  OleInitialize

  PropVariantClear

  CoTaskMemFree

  CoTaskMemRealloc

  CoTaskMemAlloc

  StringFromGUID2

  CLSIDFromProgID

  CLSIDFromString

  CoCreateInstance

  CoGetClassObject

  oleaut32

  SysStringByteLen

  SysAllocStringByteLen

  OleCreateFontIndirect

  LoadRegTypeLi

  LoadTypeLi

  VarUI4FromStr

  VariantClear

  VariantInit

  SysStringLen

  SysFreeString

  SysAllocStringLen

  SysAllocString

  urlmon

  URLDownloadToCacheFileW

  psapi

  GetModuleFileNameExW

  EnumProcesses

  version

  GetFileVersionInfoW

  VerQueryValueW

  GetFileVersionInfoSizeW

  winhttp

  WinHttpOpenRequest

  WinHttpSetTimeouts

  WinHttpSetOption

  WinHttpSendRequest

  WinHttpReadData

  WinHttpConnect

  WinHttpCloseHandle

  WinHttpOpen

  WinHttpAddRequestHeaders

  WinHttpSetCredentials

  WinHttpReceiveResponse

  WinHttpQueryDataAvailable

  WinHttpQueryHeaders

  iphlpapi

  GetAdaptersInfo

  setupapi

  SetupIterateCabinetW

  Sections

  .text

  Size: 517KB - Virtual size: 517KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 236KB - Virtual size: 236KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 17KB - Virtual size: 25KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 3.2MB - Virtual size: 3.2MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 31KB - Virtual size: 30KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ