11d290739bb33d34ad192088796de726

Sharing

Copy URL Twitter E-mail

General

Target

11d290739bb33d34ad192088796de726
Size

1.9MB
MD5

11d290739bb33d34ad192088796de726
SHA1

2e5179f114052585c500d30f58549a10ff332133
SHA256

362894fa6366216160fa9c3699f33c5bebdde7f3398e1c197026b82fe9c06bf3
SHA512

6724b9b010073c2073e73d6e3403abcafe730c72526c4c6781fa933e8a7669baee8caa3fcfe87e5c31099fcb07b9a63f115c8ce76951482339d9ccb276e528b3
SSDEEP

49152:+cU7ohihwOE/Le2qugTIE7BgGJEJrbtE3g1cnrWEy:+YhEwXe2qpd1TJOtHcnSJ

Score

1^/10

Malware Config

Signatures

Files

11d290739bb33d34ad192088796de726
.exe windows x86

5bf06fdb1a7d953d7c1b5b5ec181e95b

Code Sign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:ef:74:6f:16:e6:73:1b
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2017, 07:21

Not After

27/10/2018, 05:30

Subject

CN=广州华多网络科技有限公司,O=广州华多网络科技有限公司,L=广州市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:ef:74:6f:16:e6:73:1b
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2017, 07:21

Not After

27/10/2018, 05:30

Subject

CN=广州华多网络科技有限公司,O=广州华多网络科技有限公司,L=广州市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b9:07:95:db:80:0a:2a:aa:ba:6e:52:75:af:89:2f:37:58:87:f0:29:8c:f3:d6:7e:b0:4c:12:98:05:07:32:73
Signer

Actual PE Digest

b9:07:95:db:80:0a:2a:aa:ba:6e:52:75:af:89:2f:37:58:87:f0:29:8c:f3:d6:7e:b0:4c:12:98:05:07:32:73

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=广州华多网络科技有限公司,O=广州华多网络科技有限公司,L=广州市,C=CN

27/03/2023, 18:29
Valid: false

80:59:b4:a6:55:92:a9:af:37:d9:97:9e:64:17:f3:f6:fb:18:b2:54
Signer

Actual PE Digest

80:59:b4:a6:55:92:a9:af:37:d9:97:9e:64:17:f3:f6:fb:18:b2:54

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=广州华多网络科技有限公司,O=广州华多网络科技有限公司,L=广州市,C=CN

27/03/2023, 18:29
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
GetCurrentThreadId
CreateThread
GetModuleFileNameA
WriteConsoleW
GetLastError
CreateEventA
SetEvent
WaitForSingleObject
GetVersionExA
SetProcessShutdownParameters
CreateToolhelp32Snapshot
GetModuleHandleA
Process32Next
LoadLibraryA
GetProcAddress
CreateDirectoryA
Sleep
WriteFile
Process32First
GetCurrentProcess
MoveFileExA
CloseHandle
GetSystemInfo
DeviceIoControl
GlobalMemoryStatusEx
GetTickCount
SetStdHandle
HeapReAlloc
GetConsoleMode
GetConsoleCP
CreateFileW
CreateFileA
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
GetModuleHandleW
ExitProcess
DecodePointer
GetStdHandle
GetModuleFileNameW
EncodePointer
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
IsProcessorFeaturePresent
RaiseException
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
LCMapStringW
MultiByteToWideChar
GetStringTypeW
RtlUnwind
HeapSize
SetFilePointer
FlushFileBuffers

user32

PostThreadMessageA

advapi32

RegOpenKeyA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
OpenServiceA
RegQueryValueExA
OpenSCManagerA
RegDeleteValueA
StartServiceA
RegCreateKeyA
RegDeleteKeyA
CreateServiceA
RegSetValueExA
CloseServiceHandle
RegCloseKey
RegOpenKeyExA

shell32

SHGetFolderPathA

shlwapi

StrStrIA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bf06fdb1a7d953d7c1b5b5ec181e95b

Code Sign

1b:e7:15Certificate

Key Usages

07Certificate

Key Usages

32:ef:74:6f:16:e6:73:1bCertificate

Extended Key Usages

Key Usages

1b:e7:15Certificate

Key Usages

07Certificate

Key Usages

32:ef:74:6f:16:e6:73:1bCertificate

Extended Key Usages

Key Usages

b9:07:95:db:80:0a:2a:aa:ba:6e:52:75:af:89:2f:37:58:87:f0:29:8c:f3:d6:7e:b0:4c:12:98:05:07:32:73Signer

Signature Validations

Verification

27/03/2023, 18:29 Valid: false

80:59:b4:a6:55:92:a9:af:37:d9:97:9e:64:17:f3:f6:fb:18:b2:54Signer

Signature Validations

Verification

27/03/2023, 18:29 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

iphlpapi

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 11KB - Virtual size: 10KB

1b:e7:15
Certificate

07
Certificate

32:ef:74:6f:16:e6:73:1b
Certificate

1b:e7:15
Certificate

07
Certificate

32:ef:74:6f:16:e6:73:1b
Certificate

b9:07:95:db:80:0a:2a:aa:ba:6e:52:75:af:89:2f:37:58:87:f0:29:8c:f3:d6:7e:b0:4c:12:98:05:07:32:73
Signer

27/03/2023, 18:29
Valid: false

80:59:b4:a6:55:92:a9:af:37:d9:97:9e:64:17:f3:f6:fb:18:b2:54
Signer

27/03/2023, 18:29
Valid: false

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 11KB - Virtual size: 10KB