General

Malware Config

Signatures

Files

• 8c5002e3b88f478d1420de7cabec2363b0c104920d0e45c1a090537ba4aaccb1

  .dll windows x86

  0ffed49c7e079cd694f4752dc1ec1404

  
  

  Code Sign

  04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2013 12:00

  Not After

  22-10-2028 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  05:96:d2:56:44:93:23:61:0b:79:65:20:54:21:f3:96

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  25-05-2021 00:00

  Not After

  29-05-2024 23:59

  Subject

  CN=天津六六游科技有限公司,O=天津六六游科技有限公司,ST=天津市,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12

  Certificate

  Issuer

  CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  12-01-2016 00:00

  Not After

  11-01-2031 23:59

  Subject

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12

  Certificate

  Issuer

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  23-12-2017 00:00

  Not After

  22-03-2029 23:59

  Subject

  CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  e9:a5:13:63:9d:39:35:4d:a1:67:c2:27:84:9f:b0:8a:7b:a7:b0:a3:39:b8:28:96:9a:5c:5e:de:2e:dc:82:40

  Signer

  Actual PE Digest

  e9:a5:13:63:9d:39:35:4d:a1:67:c2:27:84:9f:b0:8a:7b:a7:b0:a3:39:b8:28:96:9a:5c:5e:de:2e:dc:82:40

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=天津六六游科技有限公司,O=天津六六游科技有限公司,ST=天津市,C=CN

  20-03-2023 12:15

  Valid: true

  Chain 1

  CN=天津六六游科技有限公司,O=天津六六游科技有限公司,ST=天津市,C=CN

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  WaitForSingleObject

  Sleep

  CloseHandle

  GetTickCount

  lstrcmpiW

  LoadLibraryW

  GetModuleFileNameW

  GlobalAddAtomW

  GlobalFindAtomW

  GetLongPathNameW

  OpenProcess

  TerminateProcess

  GetExitCodeProcess

  CreateProcessW

  GetStartupInfoW

  LockResource

  LoadResource

  SizeofResource

  FindResourceW

  FindResourceExW

  InterlockedIncrement

  InterlockedDecrement

  GlobalAlloc

  GlobalLock

  GlobalUnlock

  GlobalMemoryStatusEx

  GetCurrentThreadId

  SetLastError

  SetErrorMode

  InitializeCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  ReadFile

  FindClose

  MulDiv

  GetSystemTime

  CreatePipe

  PeekNamedPipe

  lstrcmpW

  lstrcpynW

  lstrlenA

  lstrlenW

  CreateMutexW

  LoadLibraryExW

  GetSystemDirectoryW

  DeleteFileW

  FindFirstFileW

  FindNextFileW

  GetVersionExW

  MultiByteToWideChar

  WideCharToMultiByte

  LocalFree

  GetCommandLineW

  GetWindowsDirectoryW

  WritePrivateProfileStringW

  IsDebuggerPresent

  EncodePointer

  InitializeSListHead

  InterlockedPopEntrySList

  InterlockedPushEntrySList

  FlushInstructionCache

  IsProcessorFeaturePresent

  VirtualAlloc

  FreeLibrary

  LoadLibraryExA

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  GetFileSize

  WriteFile

  FlushFileBuffers

  CreateFileW

  DeviceIoControl

  lstrcmpA

  lstrcmpiA

  CreateFileA

  RtlUnwind

  InterlockedFlushSList

  TlsAlloc

  GetCurrentProcessId

  TlsSetValue

  TlsFree

  CreateThread

  ExitThread

  FreeLibraryAndExitThread

  GetModuleHandleExW

  ExitProcess

  GetModuleFileNameA

  GetACP

  GetStdHandle

  GetFileType

  GetStringTypeW

  LCMapStringW

  FindFirstFileExA

  FindNextFileA

  IsValidCodePage

  GetOEMCP

  GetCPInfo

  GetCommandLineA

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  SetStdHandle

  GetConsoleCP

  GetConsoleMode

  SetFilePointerEx

  ReadConsoleW

  WriteConsoleW

  WaitForSingleObjectEx

  FreeResource

  InterlockedCompareExchange

  GetPrivateProfileStringW

  LocalAlloc

  GetSystemInfo

  ResetEvent

  CreateDirectoryW

  GetTempFileNameW

  FormatMessageW

  CopyFileW

  ReleaseMutex

  GetFileAttributesExW

  CreateFileMappingW

  UnmapViewOfFile

  MapViewOfFile

  SetFilePointer

  WaitForMultipleObjects

  GetExitCodeThread

  MoveFileW

  GetFileSizeEx

  GlobalFree

  MoveFileExW

  GetFileAttributesW

  SetFileAttributesW

  GetFullPathNameW

  RemoveDirectoryW

  GetDiskFreeSpaceExW

  GetTempPathW

  GetDriveTypeW

  GetLogicalDriveStringsW

  Process32NextW

  Process32FirstW

  CreateToolhelp32Snapshot

  GlobalDeleteAtom

  CreateEventW

  SetEvent

  TerminateThread

  TlsGetValue

  GetSystemWindowsDirectoryW

  SetEndOfFile

  SetFileTime

  GetFileInformationByHandle

  GetModuleHandleA

  InterlockedExchange

  OutputDebugStringW

  ExpandEnvironmentStringsW

  GetModuleHandleW

  SystemTimeToFileTime

  GetLocalTime

  DeleteCriticalSection

  InitializeCriticalSectionAndSpinCount

  GetLastError

  RaiseException

  GetProcessHeap

  GetCurrentProcess

  HeapSize

  HeapFree

  HeapReAlloc

  HeapAlloc

  HeapDestroy

  GetProcAddress

  VirtualFree

  DecodePointer

  user32

  CharUpperW

  ScreenToClient

  MapWindowPoints

  GetSysColor

  FillRect

  GetWindowLongW

  SetWindowLongW

  ClientToScreen

  GetWindowRect

  GetClientRect

  GetWindowTextLengthW

  SetWindowTextW

  RedrawWindow

  InvalidateRgn

  InvalidateRect

  GetDesktopWindow

  GetParent

  FindWindowW

  GetClassNameW

  GetWindow

  LoadCursorW

  MonitorFromWindow

  GetMonitorInfoW

  IsIconic

  SetTimer

  KillTimer

  GetSystemMetrics

  CreatePopupMenu

  DestroyMenu

  AppendMenuW

  TrackPopupMenu

  UpdateWindow

  GetCursorPos

  PtInRect

  LoadImageW

  MonitorFromPoint

  DialogBoxParamW

  UnregisterClassW

  CopyRect

  EndDialog

  MessageBoxW

  SystemParametersInfoW

  SetCursor

  OffsetRect

  SetWindowRgn

  UpdateLayeredWindow

  SetRect

  IsRectEmpty

  SendMessageTimeoutW

  FindWindowExW

  PostThreadMessageW

  GetMessageW

  TranslateMessage

  DispatchMessageW

  PeekMessageW

  SendMessageW

  PostQuitMessage

  IsWindow

  ShowWindow

  ShowWindowAsync

  GetWindowTextW

  GetWindowThreadProcessId

  SetWinEventHook

  UnhookWinEvent

  WaitForInputIdle

  wsprintfW

  RegisterWindowMessageW

  PostMessageW

  DefWindowProcW

  EndPaint

  BeginPaint

  ReleaseDC

  GetDC

  SetForegroundWindow

  DestroyAcceleratorTable

  CreateAcceleratorTableW

  ReleaseCapture

  SetCapture

  GetFocus

  SetFocus

  CharNextW

  GetDlgItem

  BringWindowToTop

  IsWindowVisible

  SetWindowPos

  MoveWindow

  DestroyWindow

  IsChild

  CreateWindowExW

  GetClassInfoExW

  RegisterClassExW

  CallWindowProcW

  advapi32

  OpenProcessToken

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  RegCreateKeyExW

  RegDeleteKeyW

  RegDeleteValueW

  RegEnumKeyExW

  RegQueryInfoKeyW

  RegSetValueExW

  EqualSid

  RegEnumKeyExA

  RegCloseKey

  RegOpenKeyExW

  RegQueryValueExW

  DeleteAce

  RegOpenKeyExA

  RegQueryValueExA

  LookupAccountSidW

  GetUserNameW

  LookupAccountNameW

  SetEntriesInAclW

  GetExplicitEntriesFromAclW

  GetNamedSecurityInfoW

  SetNamedSecurityInfoW

  BuildExplicitAccessWithNameW

  GetTrusteeNameW

  GetTokenInformation

  shell32

  SHCreateDirectoryExW

  SHBrowseForFolderW

  SHGetPathFromIDListW

  Shell_NotifyIconW

  CommandLineToArgvW

  SHFileOperationW

  ord75

  ord165

  ord680

  SHChangeNotify

  SHGetSpecialFolderPathW

  ShellExecuteW

  ShellExecuteExW

  SHLoadInProc

  oleaut32

  SysStringLen

  VariantInit

  VariantClear

  VarUI4FromStr

  LoadTypeLi

  LoadRegTypeLi

  OleCreateFontIndirect

  SysAllocStringLen

  SysAllocStringByteLen

  SysFreeString

  SysAllocString

  SysStringByteLen

  shlwapi

  StrCmpW

  SHSetValueA

  SHGetValueA

  PathRelativePathToW

  SHSetValueW

  PathFileExistsW

  StrCmpNIW

  StrTrimA

  StrStrIA

  StrCmpIW

  SHDeleteKeyW

  SHGetValueW

  PathRemoveFileSpecW

  PathIsRelativeW

  StrToInt64ExW

  wvnsprintfW

  wnsprintfA

  SHStrDupW

  PathFindExtensionW

  StrToIntW

  PathIsPrefixW

  PathFindFileNameW

  PathStripToRootW

  StrStrIW

  wnsprintfW

  PathAppendW

  PathCombineW

  SHDeleteValueW

  PathIsDirectoryW

  comctl32

  InitCommonControlsEx

  _TrackMouseEvent

  psapi

  EnumProcesses

  GetModuleFileNameExW

  gdiplus

  GdipCreateBitmapFromStream

  GdiplusStartup

  GdiplusShutdown

  GdipCreateBitmapFromFile

  GdipSetStringFormatTrimming

  GdipSetStringFormatLineAlign

  GdipSetStringFormatAlign

  GdipSetStringFormatFlags

  GdipDeleteStringFormat

  GdipCreateStringFormat

  GdipMeasureString

  GdipDrawString

  GdipGetImageHeight

  GdipGetImageWidth

  GdipDisposeImage

  GdipCloneImage

  GdipFree

  GdipAlloc

  GdipDeleteFont

  GdipCreateFont

  GdipDeleteFontFamily

  GdipCreateBitmapFromStreamICM

  GdipSetTextRenderingHint

  GdipSetImageAttributesColorMatrix

  GdipDisposeImageAttributes

  GdipCreateImageAttributes

  GdipCreateSolidFill

  GdipDeleteBrush

  GdipDrawImagePointRectI

  GdipDrawImageRectRectI

  GdipDrawImageRectRect

  GdipDeleteGraphics

  GdipCreateFromHDC

  GdipCreateFontFamilyFromName

  gdi32

  CreateSolidBrush

  DeleteDC

  CreateFontIndirectW

  CreateCompatibleDC

  SetBkColor

  SetBkMode

  SetTextColor

  GetDeviceCaps

  GetObjectW

  BitBlt

  GetCurrentObject

  CreateCompatibleBitmap

  GetStockObject

  DeleteObject

  CreateRectRgn

  CombineRgn

  ExtTextOutW

  EnumFontFamiliesW

  CreateFontW

  SetViewportOrgEx

  SaveDC

  RestoreDC

  SelectObject

  ole32

  CoUninitialize

  CoInitialize

  CoCreateGuid

  CoCreateInstance

  CoSetProxyBlanket

  CreateStreamOnHGlobal

  OleLockRunning

  OleUninitialize

  OleInitialize

  PropVariantClear

  CoTaskMemFree

  CoTaskMemRealloc

  CoTaskMemAlloc

  CLSIDFromProgID

  CLSIDFromString

  CoGetClassObject

  StringFromGUID2

  OleRun

  urlmon

  URLDownloadToCacheFileW

  version

  GetFileVersionInfoW

  VerQueryValueW

  GetFileVersionInfoSizeW

  winhttp

  WinHttpAddRequestHeaders

  WinHttpOpenRequest

  WinHttpSetTimeouts

  WinHttpSetCredentials

  WinHttpReadData

  WinHttpConnect

  WinHttpCloseHandle

  WinHttpOpen

  WinHttpSendRequest

  WinHttpReceiveResponse

  WinHttpQueryHeaders

  WinHttpSetOption

  WinHttpQueryDataAvailable

  iphlpapi

  GetAdaptersInfo

  setupapi

  SetupIterateCabinetW

  Exports

  Exports

  BasicEntry

  InstallEntryW

  Start

  StartEast

  Sections

  .text

  Size: 519KB - Virtual size: 518KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 237KB - Virtual size: 236KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 17KB - Virtual size: 24KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 3.2MB - Virtual size: 3.2MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 31KB - Virtual size: 30KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ