d647c5244203f0cc8656841078b9457e864b3cdb067424844b62b459025c2920

Sharing

Copy URL Twitter E-mail

General

Target

d647c5244203f0cc8656841078b9457e864b3cdb067424844b62b459025c2920
Size

5.3MB
MD5

97df8b5c1d175fcb914c2baccfc3eecd
SHA1

9990a98b528edb15a5e300a92b5965b6636d4d8f
SHA256

d647c5244203f0cc8656841078b9457e864b3cdb067424844b62b459025c2920
SHA512

6321524e8f35de47f0c3078905e7a74b4d33f29c79bcd619fe24ca78e02077de2510e5a635c49b18e452302547470e8966e9469c6e8c0484fdf148c45f0e26fb
SSDEEP

98304:buBVxu3nP8pvrfy0WhQwm1sY+oJ9skEpV5sf07Nr4lpfXKqZucpq:bu5Knwq06xm1d9ygpyqvk

Score

1^/10

Malware Config

Signatures

Files

d647c5244203f0cc8656841078b9457e864b3cdb067424844b62b459025c2920
.exe windows x86

a8a9fe6e1ea0ff2b2624635fa5221550

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:29:05:7a:2c:5c:96:5b:55:7d:a2:6b:b6:fd:30:43
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/08/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=91110105MA004D100H,CN=北京智慧章鱼科技有限公司,O=北京智慧章鱼科技有限公司,ST=北京市,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c0ce79fb3e699afe5b1b1e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:82:f3:cd:5e:76:bf:91:61:4e:aa:76:2a:be:a5:a3:59:ad:56:03:a2:39:12:2a:4b:db:0e:72:a2:b1:e3:8a
Signer

Actual PE Digest

a4:82:f3:cd:5e:76:bf:91:61:4e:aa:76:2a:be:a5:a3:59:ad:56:03:a2:39:12:2a:4b:db:0e:72:a2:b1:e3:8a

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91110105MA004D100H,CN=北京智慧章鱼科技有限公司,O=北京智慧章鱼科技有限公司,ST=北京市,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c0ce79fb3e699afe5b1b1e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

16/01/2023, 02:19
Valid: true

Chain 1

SERIALNUMBER=91110105MA004D100H,CN=北京智慧章鱼科技有限公司,O=北京智慧章鱼科技有限公司,ST=北京市,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c0ce79fb3e699afe5b1b1e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

SERIALNUMBER=91110105MA004D100H,CN=北京智慧章鱼科技有限公司,O=北京智慧章鱼科技有限公司,ST=北京市,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c0ce79fb3e699afe5b1b1e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedCompareExchange
QueryPerformanceFrequency
GetFileInformationByHandle
GetFileSizeEx
MapViewOfFile
UnmapViewOfFile
MulDiv
GetLastError
MultiByteToWideChar
LocalFree
FormatMessageW
GetFileAttributesW
MoveFileExW
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
VirtualAlloc
VirtualFree
FindClose
FindFirstFileW
FindNextFileW
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GlobalMemoryStatus
GetSystemInfo
FileTimeToLocalFileTime
ResetEvent
ReleaseSemaphore
CreateSemaphoreW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetVersionExW
WaitForMultipleObjects
SetEndOfFile
SetLastError
GetSystemDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
GetModuleHandleA
GetFileAttributesExA
GlobalFree
LocalAlloc
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DecodePointer
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
lstrcpyW
GetFileAttributesExW
CreateFileMappingW
WinExec
GetPrivateProfileIntW
GetPrivateProfileStringW
GetLongPathNameW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetVolumeInformationW
FileTimeToSystemTime
ReleaseMutex
CreateMutexW
DeviceIoControl
SetPriorityClass
FlushInstructionCache
HeapCreate
FreeResource
GetFullPathNameW
GetLocalTime
GetVersionExA
LoadLibraryA
OutputDebugStringW
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP
GetFileType
GetStringTypeW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
GetConsoleCP
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
WaitForSingleObjectEx
SetStdHandle
FlushFileBuffers
WriteConsoleW
CopyFileW
lstrlenA
SleepEx
VerSetConditionMask
GetSystemDirectoryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
PeekNamedPipe
FormatMessageA
GetSystemTime
SystemTimeToFileTime
FlushConsoleInputBuffer
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
ReadConsoleInputA
SetConsoleMode
GlobalUnlock
GlobalLock
GlobalAlloc
DeleteFileW
GetTempPathW
FindResourceW
WriteFile
SizeofResource
LoadResource
LockResource
SetCurrentDirectoryW
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
OutputDebugStringA
InterlockedDecrement
InterlockedIncrement
CreateFileW
WritePrivateProfileStringW
GetModuleFileNameW
ReadFile
GetFileSize
CreateEventW
Sleep
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetExitCodeThread
TerminateThread
CreateThread
QueryDosDeviceW
GetWindowsDirectoryW
LoadLibraryW
GetLogicalDriveStringsW
lstrlenW
lstrcmpiW
CloseHandle
OpenProcess
GetProcAddress

user32

GetMenuItemInfoW
SetMenuContextHelpId
MsgWaitForMultipleObjects
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
ReleaseCapture
SetCapture
GetCapture
IsZoomed
IsIconic
SetLayeredWindowAttributes
AnimateWindow
PostQuitMessage
PostMessageW
TrackMouseEvent
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
MapWindowPoints
GetWindowRect
GetClientRect
GetActiveWindow
GetDlgItem
CreateWindowExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
GetFocus
SetFocus
PtInRect
IsRectEmpty
UnionRect
CopyRect
SetRect
SetMenuInfo
KillTimer
SetTimer
DestroyWindow
DestroyCursor
LoadCursorW
IntersectRect
LoadStringW
GetKeyState
SetWindowLongW
GetWindowLongW
GetForegroundWindow
UnregisterClassW
GetClassNameW
wsprintfW
CharPrevExA
CharUpperW
GetIconInfo
DrawIconEx
OffsetRect
InflateRect
GetMenuInfo
TrackPopupMenu
AppendMenuW
GetMenuItemCount
SendMessageW
ShowWindow
SetWindowPos
DestroyMenu
CreatePopupMenu
IsWindowEnabled
IsMenu
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
SystemParametersInfoA
DrawTextW
IsWindowVisible
ReleaseDC
GetDC
GetSystemMetrics
GetSysColor
GetCursorPos
EnableMenuItem
ClientToScreen
PeekMessageW
DispatchMessageW
SetWindowTextW
IsWindow
SetForegroundWindow
FindWindowW
TranslateMessage
GetMessageW
CharNextW
LoadImageW
CreateIconFromResource
LoadBitmapW
DestroyIcon
ScreenToClient
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
SystemParametersInfoW
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
SetCursor
EqualRect

advapi32

GetFileSecurityW
SetFileSecurityW
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
AddAccessAllowedAce
GetAce
AddAce
GetAclInformation
InitializeAcl
GetLengthSid
EqualSid
RegSetValueW
RegDeleteKeyW
RegCreateKeyW
RegOpenKeyW
RegEnumKeyW
RegDeleteValueW
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
LookupAccountNameW
OpenProcessToken
GetTokenInformation
SetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountSidW
CreateProcessAsUserW
DuplicateTokenEx
RevertToSelf
ImpersonateLoggedOnUser
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
CryptEnumProvidersA
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
RegCloseKey
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
ShellExecuteExW
SHCreateDirectoryExW
SHFileOperationW
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CreateBindCtx
OleInitialize
OleUninitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoUninitialize
CoInitialize
CoCreateInstance
CoCreateGuid

shlwapi

PathFileExistsW
StrToIntExW
SHCreateStreamOnFileEx

gdiplus

GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdipGetImageHeight
GdipFree
GdipAlloc
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipImageGetFrameDimensionsCount
GdiplusStartup
GdipGetImageEncoders
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipGraphicsClear
GdipDrawImageRectI
GdipImageGetFrameDimensionsList

crypt32

CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CertGetCertificateContextProperty

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

EnumProcessModules
GetModuleFileNameExW
EnumProcesses
GetProcessImageFileNameW

imm32

ImmReleaseContext
ImmAssociateContext
ImmGetContext

gdi32

CreateFontIndirectW
SetGraphicsMode
GdiFlush
GetTextFaceW
ExtTextOutW
SetWorldTransform
GetTextMetricsW
SetTextAlign
SetTextColor
RemoveFontMemResourceEx
AddFontMemResourceEx
GetTextExtentPointI
GetGlyphIndicesW
GetFontUnicodeRanges
GetOutlineTextMetricsW
CreateSolidBrush
GetFontData
GetCharABCWidthsW
EnumFontFamiliesExW
GetDeviceCaps
CreateBitmap
CreateRoundRectRgn
EnumFontsW
BitBlt
GetViewportOrgEx
GetCurrentObject
SetViewportOrgEx
GetObjectW
CreateDIBSection
SelectObject
SelectClipRgn
IntersectClipRect
GetStockObject
Rectangle
SetBkMode
StretchBlt
GetRegionData
ExtCreateRegion
DeleteObject
DeleteDC
GetGlyphOutlineW
CreateCompatibleDC

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantCopy
SysAllocStringLen

wldap32

ord35
ord33
ord32
ord27
ord26
ord22
ord79
ord50
ord60
ord211
ord46
ord217
ord143
ord301
ord30
ord200
ord41

ws2_32

setsockopt
ntohs
select
WSASetLastError
recv
send
htons
getsockopt
getsockname
getpeername
connect
bind
getservbyname
gethostbyname
htonl
shutdown
gethostname
ioctlsocket
sendto
recvfrom
__WSAFDIsSet
socket
WSAGetLastError
listen
accept
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
WSAIoctl
closesocket

usp10

ScriptItemize
ScriptFreeCache
ScriptShape

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 814KB - Virtual size: 813KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024KB - Virtual size: 35.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8a9fe6e1ea0ff2b2624635fa5221550

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:29:05:7a:2c:5c:96:5b:55:7d:a2:6b:b6:fd:30:43Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

a4:82:f3:cd:5e:76:bf:91:61:4e:aa:76:2a:be:a5:a3:59:ad:56:03:a2:39:12:2a:4b:db:0e:72:a2:b1:e3:8aSigner

Signature Validations

Verification

16/01/2023, 02:19 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

gdiplus

crypt32

userenv

psapi

imm32

gdi32

oleaut32

wldap32

ws2_32

usp10

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 814KB - Virtual size: 813KB

.data Size: 104KB - Virtual size: 231KB

.gfids Size: 512B - Virtual size: 436B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1024KB - Virtual size: 35.1MB

.reloc Size: 185KB - Virtual size: 184KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:29:05:7a:2c:5c:96:5b:55:7d:a2:6b:b6:fd:30:43
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a4:82:f3:cd:5e:76:bf:91:61:4e:aa:76:2a:be:a5:a3:59:ad:56:03:a2:39:12:2a:4b:db:0e:72:a2:b1:e3:8a
Signer

16/01/2023, 02:19
Valid: true

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 814KB - Virtual size: 813KB

.data
Size: 104KB - Virtual size: 231KB

.gfids
Size: 512B - Virtual size: 436B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1024KB - Virtual size: 35.1MB

.reloc
Size: 185KB - Virtual size: 184KB