1b29abba3c8e250bdd7cf6263c09be40d9eaaf92d48f541e9efc23d7b3792119

Sharing

Copy URL

Twitter E-mail

General

Target

1b29abba3c8e250bdd7cf6263c09be40d9eaaf92d48f541e9efc23d7b3792119
Size

5.6MB
MD5

021bdad0a837f772ada7d3d3f2e9ca73
SHA1

263af64d5af4806b7189808face29bf0bd0bedd5
SHA256

1b29abba3c8e250bdd7cf6263c09be40d9eaaf92d48f541e9efc23d7b3792119
SHA512

fbe8fbad1054de4ce4844e47862f3270bfcdb5fc93eb8086d2243e65068e1cf0302b75b331130e6e183481722ca8070f86a2abe4c6248a8c854644fddfc10305
SSDEEP

98304:2zCeZFiI9QNiwkEKHJkGcvKD6g04ZNgLhWqhtmWGKYlR622MJZ:2fIIQJLUcIe4intmRKY+DY

Score

1^/10

Malware Config

Signatures

Files

1b29abba3c8e250bdd7cf6263c09be40d9eaaf92d48f541e9efc23d7b3792119
.exe windows x86

731a8bb0fbeb2e2892b5ee73518dcf43

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:f9:72:12:dc:76:2a:1d:bf:5f:ca:c2:37:37:d1:f2
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

20-07-2022 00:00

Not After

18-07-2025 23:59

Subject

CN=北京布丁跳跳科技有限公司,O=北京布丁跳跳科技有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d2:d7:46:72:44:67:8a:62:97:20:7a:be:ee:6e:d3:81:cf:1a:68:50:ec:ac:3e:4a:2a:76:fd:9a:21:3b:b9:79
Signer

Actual PE Digest

d2:d7:46:72:44:67:8a:62:97:20:7a:be:ee:6e:d3:81:cf:1a:68:50:ec:ac:3e:4a:2a:76:fd:9a:21:3b:b9:79

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=北京布丁跳跳科技有限公司,O=北京布丁跳跳科技有限公司,ST=北京市,C=CN

18-04-2023 11:57
Valid: true

Chain 1

CN=北京布丁跳跳科技有限公司,O=北京布丁跳跳科技有限公司,ST=北京市,C=CN

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=北京布丁跳跳科技有限公司,O=北京布丁跳跳科技有限公司,ST=北京市,C=CN

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
VerSetConditionMask
ExpandEnvironmentStringsA
PeekNamedPipe
SleepEx
FormatMessageA
VerifyVersionInfoA
SwitchToFiber
DeleteFiber
CreateFiber
MulDiv
GetLastError
MultiByteToWideChar
LocalFree
FormatMessageW
GetFileAttributesW
MoveFileExW
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
GetModuleHandleW
FindClose
FindFirstFileW
FindNextFileW
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GetSystemInfo
FileTimeToLocalFileTime
ResetEvent
ReleaseSemaphore
CreateSemaphoreW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetVersionExW
WaitForMultipleObjects
WriteFile
SetEndOfFile
GetSystemDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
GetModuleHandleA
GlobalFree
LocalAlloc
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
SetConsoleMode
lstrcpyW
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DecodePointer
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
CopyFileW
GetLongPathNameW
GetEnvironmentVariableW
GetPrivateProfileIntW
GetPrivateProfileStringW
ConvertFiberToThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetVolumeInformationW
FileTimeToSystemTime
ReleaseMutex
CreateMutexW
DeviceIoControl
SetPriorityClass
FlushInstructionCache
HeapCreate
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
GetFullPathNameW
GetLocalTime
GetVersionExA
OutputDebugStringW
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP
GetStringTypeW
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
GetConsoleCP
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
WaitForSingleObjectEx
SetStdHandle
FlushFileBuffers
WriteConsoleW
ReadConsoleA
GetSystemTime
SystemTimeToFileTime
InterlockedCompareExchange
GetFileInformationByHandle
GetFileSizeEx
MapViewOfFile
UnmapViewOfFile
UnhandledExceptionFilter
ConvertThreadToFiber
CreateFileMappingW
lstrlenA
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
GlobalUnlock
GlobalLock
GlobalAlloc
DeleteFileW
GetTempPathW
SetCurrentDirectoryW
GetModuleFileNameW
WideCharToMultiByte
OutputDebugStringA
InterlockedDecrement
InterlockedIncrement
CreateFileW
WritePrivateProfileStringW
ReadFile
GetFileSize
CreateEventW
Sleep
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetExitCodeThread
TerminateThread
CreateThread
QueryDosDeviceW
GetWindowsDirectoryW
LoadLibraryW
GetLogicalDriveStringsW
lstrcmpiW
CloseHandle
OpenProcess
LoadLibraryA
lstrlenW
SetLastError
GetProcessHeap
HeapFree
HeapAlloc
VirtualFree
VirtualAlloc
GetProcAddress
FreeLibrary

user32

SetMenuContextHelpId
MsgWaitForMultipleObjects
GetMessageW
CharNextW
LoadImageW
CreateIconFromResource
LoadBitmapW
DestroyIcon
ScreenToClient
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
GetCursorPos
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
ReleaseCapture
SetCapture
GetCapture
IsZoomed
IsIconic
SetLayeredWindowAttributes
AnimateWindow
PostQuitMessage
PostMessageW
TrackMouseEvent
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
MapWindowPoints
GetWindowRect
GetClientRect
GetActiveWindow
GetDlgItem
CreateWindowExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
GetFocus
SetFocus
GetMenuItemInfoW
IsRectEmpty
UnionRect
CopyRect
SetRect
SetCursor
KillTimer
SetTimer
DestroyWindow
DestroyCursor
LoadCursorW
IntersectRect
LoadStringW
wsprintfW
GetKeyState
SetWindowLongW
GetWindowLongW
GetForegroundWindow
SetMenuInfo
GetMenuInfo
TrackPopupMenu
AppendMenuW
SendMessageW
ShowWindow
SetWindowPos
SetWindowTextW
IsWindow
SetForegroundWindow
FindWindowW
UnregisterClassW
GetClassNameW
PeekMessageW
DispatchMessageW
TranslateMessage
CharPrevExA
CharUpperW
GetIconInfo
DrawIconEx
OffsetRect
InflateRect
ReleaseDC
GetMenuItemCount
ClientToScreen
DestroyMenu
CreatePopupMenu
IsWindowEnabled
IsMenu
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
SystemParametersInfoA
DrawTextW
IsWindowVisible
MessageBoxW
GetSystemMetrics
GetSysColor
EnableMenuItem
PtInRect
SystemParametersInfoW
GetUserObjectInformationW
GetProcessWindowStation
GetDC
EqualRect

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
LookupAccountNameW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
DeregisterEventSource
RegisterEventSourceW
OpenProcessToken
GetTokenInformation
SetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountSidW
CreateProcessAsUserW
DuplicateTokenEx
RevertToSelf
ImpersonateLoggedOnUser
ReportEventW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyW
RegSetValueW
EqualSid
GetLengthSid
InitializeAcl
GetAclInformation
AddAce
GetAce
AddAccessAllowedAce
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
SetFileSecurityW
GetFileSecurityW

shell32

SHBrowseForFolderW
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetFolderPathW
SHGetPathFromIDListW
SHFileOperationW

ole32

CreateBindCtx
CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoUninitialize
CoCreateGuid
OleInitialize
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
OleUninitialize

psapi

GetProcessImageFileNameW
EnumProcessModules
EnumProcesses
GetModuleFileNameExW

shlwapi

PathFileExistsW
StrToIntExW
SHCreateStreamOnFileEx

gdiplus

GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipDisposeImage
GdipCloneImage
GdipImageGetFrameDimensionsCount
GdiplusStartup
GdipFree
GdipAlloc
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdiplusShutdown
GdipImageGetFrameDimensionsList
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipSaveImageToFile
GdipGraphicsClear
GdipDrawImageRectI
GdipGetImageEncodersSize
GdipGetImageEncoders

imm32

ImmReleaseContext
ImmAssociateContext
ImmGetContext

gdi32

IntersectClipRect
SelectClipRgn
SelectObject
GetRegionData
ExtCreateRegion
DeleteObject
BitBlt
EnumFontsW
CreateRoundRectRgn
CreateBitmap
StretchBlt
SetBkMode
GdiFlush
GetTextFaceW
ExtTextOutW
SetWorldTransform
GetTextMetricsW
SetTextAlign
SetTextColor
RemoveFontMemResourceEx
AddFontMemResourceEx
GetTextExtentPointI
GetGlyphIndicesW
GetFontUnicodeRanges
GetOutlineTextMetricsW
GetGlyphOutlineW
GetFontData
GetCharABCWidthsW
EnumFontFamiliesExW
GetViewportOrgEx
GetCurrentObject
SetViewportOrgEx
GetObjectW
CreateDIBSection
Rectangle
GetStockObject
CreateSolidBrush
CreateFontIndirectW
SetGraphicsMode
DeleteDC
CreateCompatibleDC
GetDeviceCaps

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantCopy
SysAllocStringLen

crypt32

CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CryptQueryObject
CertFreeCertificateContext
CertGetNameStringW
CryptMsgClose

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wldap32

ord35
ord200
ord301
ord79
ord30
ord143
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord33
ord32

ws2_32

sendto
accept
listen
ioctlsocket
gethostname
recvfrom
WSAStartup
WSACleanup
recv
send
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
bind
closesocket
connect
getpeername
getsockname
freeaddrinfo
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo

usp10

ScriptFreeCache
ScriptItemize
ScriptShape

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 940KB - Virtual size: 940KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024KB - Virtual size: 49.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

731a8bb0fbeb2e2892b5ee73518dcf43

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:f9:72:12:dc:76:2a:1d:bf:5f:ca:c2:37:37:d1:f2Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

d2:d7:46:72:44:67:8a:62:97:20:7a:be:ee:6e:d3:81:cf:1a:68:50:ec:ac:3e:4a:2a:76:fd:9a:21:3b:b9:79Signer

Signature Validations

Verification

18-04-2023 11:57 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

psapi

shlwapi

gdiplus

imm32

gdi32

oleaut32

crypt32

userenv

wldap32

ws2_32

usp10

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 940KB - Virtual size: 940KB

.data Size: 79KB - Virtual size: 206KB

.gfids Size: 512B - Virtual size: 432B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1024KB - Virtual size: 49.5MB

.reloc Size: 190KB - Virtual size: 190KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:f9:72:12:dc:76:2a:1d:bf:5f:ca:c2:37:37:d1:f2
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

d2:d7:46:72:44:67:8a:62:97:20:7a:be:ee:6e:d3:81:cf:1a:68:50:ec:ac:3e:4a:2a:76:fd:9a:21:3b:b9:79
Signer

18-04-2023 11:57
Valid: true

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 940KB - Virtual size: 940KB

.data
Size: 79KB - Virtual size: 206KB

.gfids
Size: 512B - Virtual size: 432B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1024KB - Virtual size: 49.5MB

.reloc
Size: 190KB - Virtual size: 190KB