6cb57abf24555b677b91c65fd57c8747fc8f59b5ac884a19c2a0de43900a1499

Sharing

Copy URL

Twitter E-mail

General

Target

6cb57abf24555b677b91c65fd57c8747fc8f59b5ac884a19c2a0de43900a1499
Size

5.7MB
MD5

8d4a9e2e4004a114c966112677b31f41
SHA1

d0fd6bb0d67d621d351d513118ef4a40d3234c5a
SHA256

6cb57abf24555b677b91c65fd57c8747fc8f59b5ac884a19c2a0de43900a1499
SHA512

b35ca9a093fea947be851496f24ff497e8f257b93aad8b2ed4de341ae6aaff0b0795a6d4e9270997ecc70b02f804607d2ca1e92674af556d1fe2548b41875d40
SSDEEP

98304:2I5xy9AkbAdj1ycEg+iJNkdzx616+A5RPAZavENUiSV+pRXV8jpGgk:2uCMgo+4Woo+Ar2a9iSVMF8jpdk

Score

1^/10

Malware Config

Signatures

Files

6cb57abf24555b677b91c65fd57c8747fc8f59b5ac884a19c2a0de43900a1499
.exe windows x86

61f246525aaff17bbbd99ae9473af1fd

Code Sign

01:fb:56:23:5e:01:96:6d:80:34:7a:ae:7a:2f:b8:44
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28-05-2021 00:00

Not After

23-08-2023 23:59

Subject

SERIALNUMBER=91110105MA0198RL2R,CN=北京华网智讯信息有限公司,O=北京华网智讯信息有限公司,ST=北京市,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c09e69c9de998b3e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:98:46:e8:97:ce:5c:d1:55:06:b0:3a:12:72:fe:ed:e1:cd:96:ac:1c:f4:8b:b3:92:f8:72:bf:a1:39:6e:3a
Signer

Actual PE Digest

43:98:46:e8:97:ce:5c:d1:55:06:b0:3a:12:72:fe:ed:e1:cd:96:ac:1c:f4:8b:b3:92:f8:72:bf:a1:39:6e:3a

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91110105MA0198RL2R,CN=北京华网智讯信息有限公司,O=北京华网智讯信息有限公司,ST=北京市,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c09e69c9de998b3e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

19-04-2023 07:48
Valid: true

Chain 1

SERIALNUMBER=91110105MA0198RL2R,CN=北京华网智讯信息有限公司,O=北京华网智讯信息有限公司,ST=北京市,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c09e69c9de998b3e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
InterlockedDecrement
InterlockedIncrement
WritePrivateProfileStringW
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
lstrlenA
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetFileSizeEx
GetFileInformationByHandle
InterlockedCompareExchange
SystemTimeToFileTime
GetSystemTime
ReadConsoleA
SetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
VerifyVersionInfoA
GetSystemDirectoryA
VerSetConditionMask
ExpandEnvironmentStringsA
PeekNamedPipe
SleepEx
FormatMessageA
SwitchToThread
ReadFile
GetFileSize
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
GetModuleFileNameW
SetCurrentDirectoryW
GetTempPathW
GlobalAlloc
MulDiv
GetLastError
MultiByteToWideChar
LocalFree
FormatMessageW
GetFileAttributesW
MoveFileExW
SetFileTime
SetFileAttributesW
CompareFileTime
LocalFileTimeToFileTime
GetModuleHandleW
FindClose
FindFirstFileW
FindNextFileW
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GetSystemInfo
FileTimeToLocalFileTime
EnterCriticalSection
ReleaseSemaphore
CreateSemaphoreW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetVersionExW
WaitForMultipleObjects
WriteFile
SetEndOfFile
GetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
GetModuleHandleA
LocalAlloc
GetCurrentProcess
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
UnhandledExceptionFilter
GlobalLock
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetPrivateProfileIntW
GetPrivateProfileStringW
GetLongPathNameW
GetEnvironmentVariableW
GlobalFree
GetExitCodeProcess
lstrcpyW
CreateProcessW
DecodePointer
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
GetVolumeInformationW
FileTimeToSystemTime
ReleaseMutex
CreateMutexW
SetPriorityClass
FlushInstructionCache
HeapCreate
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
GetFullPathNameW
GetLocalTime
GetVersionExA
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP
GetStringTypeW
WriteConsoleW
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
SetStdHandle
GetConsoleCP
FlushFileBuffers
InitializeCriticalSection
WideCharToMultiByte
SetUnhandledExceptionFilter
GetExitCodeThread
TerminateThread
CreateThread
QueryDosDeviceW
GetWindowsDirectoryW
GetLogicalDriveStringsW
lstrcmpiW
LoadLibraryA
lstrlenW
SetLastError
GetProcessHeap
HeapFree
HeapAlloc
VirtualFree
VirtualAlloc
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalUnlock
DeleteFileW
CreateFileW
GetSystemDirectoryW
LoadLibraryW
CloseHandle
DeviceIoControl
Sleep
OpenProcess
GetProcAddress
ResetEvent
FreeLibrary

user32

MessageBoxW
DrawTextW
SystemParametersInfoA
CharLowerBuffW
MapVirtualKeyA
UpdateLayeredWindow
IsMenu
CreatePopupMenu
DestroyMenu
GetMenuItemCount
AppendMenuW
TrackPopupMenu
GetMenuInfo
SetMenuInfo
GetMenuItemInfoW
SetMenuContextHelpId
MonitorFromWindow
GetWindow
GetParent
MapWindowPoints
GetWindowRect
GetClientRect
GetActiveWindow
GetDlgItem
CreateWindowExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
GetFocus
SetFocus
PtInRect
EqualRect
IsRectEmpty
UnionRect
CopyRect
SetRect
SetCursor
GetSystemMetrics
SetTimer
DestroyWindow
DestroyCursor
LoadCursorW
IntersectRect
GetKeyState
LoadStringW
SetWindowLongW
GetWindowLongW
GetForegroundWindow
UnregisterClassW
GetClassNameW
PeekMessageW
GetSysColor
EnableMenuItem
CharNextW
LoadImageW
CreateIconFromResource
LoadBitmapW
PostMessageW
FindWindowW
SendMessageW
PostQuitMessage
ShowWindow
SetWindowPos
DispatchMessageW
TranslateMessage
wsprintfW
CharPrevExA
CharUpperW
GetIconInfo
DrawIconEx
OffsetRect
InflateRect
ReleaseDC
GetDC
SetWindowTextW
GetCursorPos
IsWindow
SetForegroundWindow
ClientToScreen
IsWindowEnabled
MsgWaitForMultipleObjects
IsWindowVisible
GetMonitorInfoW
GetMessageW
DestroyIcon
ScreenToClient
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
ReleaseCapture
SetCapture
GetCapture
IsZoomed
IsIconic
SetLayeredWindowAttributes
AnimateWindow
TrackMouseEvent
SystemParametersInfoW
GetUserObjectInformationW
GetProcessWindowStation
KillTimer

advapi32

CryptAcquireContextW
CryptReleaseContext
RegisterEventSourceW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
GetTokenInformation
LookupAccountSidW
RevertToSelf
ImpersonateLoggedOnUser
SetTokenInformation
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
DuplicateTokenEx
CreateProcessAsUserW
OpenProcessToken
CryptGenRandom
DeregisterEventSource
ReportEventW

shell32

SHChangeNotify
SHBrowseForFolderW
ShellExecuteExW
SHCreateDirectoryExW
SHGetFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoCreateGuid
CoTaskMemFree
CreateBindCtx
CLSIDFromProgID
CLSIDFromString
CoInitialize
OleInitialize
OleUninitialize
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
OleLockRunning

psapi

GetProcessImageFileNameW
EnumProcessModules
EnumProcesses
GetModuleFileNameExW

shlwapi

SHCreateStreamOnFileEx
SHDeleteValueW
SHGetValueW
SHDeleteKeyW
PathFileExistsW
StrToIntExW
SHSetValueW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

gdiplus

GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipFree
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateBitmapFromStream
GdiplusStartup
GdipSaveImageToFile
GdipDrawImageI
GdipDeleteGraphics
GdipImageGetFrameCount
GdiplusShutdown
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipGraphicsClear
GdipDrawImageRectI
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipGetImageEncoders
GdipImageGetFrameDimensionsList

imm32

ImmReleaseContext
ImmAssociateContext
ImmGetContext

gdi32

SetViewportOrgEx
GetObjectW
SetGraphicsMode
EnumFontFamiliesExW
GetCharABCWidthsW
GetFontData
GetGlyphOutlineW
GetOutlineTextMetricsW
GetFontUnicodeRanges
GetGlyphIndicesW
GetTextExtentPointI
AddFontMemResourceEx
RemoveFontMemResourceEx
SetTextColor
DeleteDC
DeleteObject
ExtCreateRegion
GetRegionData
IntersectClipRect
SelectClipRgn
SelectObject
CreateDIBSection
GetCurrentObject
GetViewportOrgEx
BitBlt
EnumFontsW
CreateRoundRectRgn
CreateBitmap
GetDeviceCaps
StretchBlt
SetBkMode
Rectangle
GetStockObject
CreateSolidBrush
CreateFontIndirectW
CreateCompatibleDC
GdiFlush
GetTextFaceW
ExtTextOutW
SetWorldTransform
GetTextMetricsW
SetTextAlign

oleaut32

SysFreeString
SysStringLen
VariantClear
VariantCopy
SysAllocStringLen
SysAllocString

crypt32

CryptQueryObject
CertGetNameStringW
CryptMsgClose
CertFreeCertificateContext
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore

wldap32

ord79
ord35
ord30
ord301
ord143
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord33
ord200
ord32

ws2_32

sendto
accept
listen
ioctlsocket
gethostname
recvfrom
WSAStartup
WSACleanup
recv
send
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
bind
closesocket
connect
getpeername
getsockname
getsockopt
freeaddrinfo
htons
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo

usp10

ScriptItemize
ScriptShape
ScriptFreeCache

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 955KB - Virtual size: 955KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024KB - Virtual size: 92.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61f246525aaff17bbbd99ae9473af1fd

Code Sign

01:fb:56:23:5e:01:96:6d:80:34:7a:ae:7a:2f:b8:44Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

43:98:46:e8:97:ce:5c:d1:55:06:b0:3a:12:72:fe:ed:e1:cd:96:ac:1c:f4:8b:b3:92:f8:72:bf:a1:39:6e:3aSigner

Signature Validations

Verification

19-04-2023 07:48 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

psapi

shlwapi

userenv

gdiplus

imm32

gdi32

oleaut32

crypt32

wldap32

ws2_32

usp10

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 955KB - Virtual size: 955KB

.data Size: 79KB - Virtual size: 210KB

.rsrc Size: 1024KB - Virtual size: 92.9MB

.reloc Size: 193KB - Virtual size: 192KB

01:fb:56:23:5e:01:96:6d:80:34:7a:ae:7a:2f:b8:44
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

43:98:46:e8:97:ce:5c:d1:55:06:b0:3a:12:72:fe:ed:e1:cd:96:ac:1c:f4:8b:b3:92:f8:72:bf:a1:39:6e:3a
Signer

19-04-2023 07:48
Valid: true

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 955KB - Virtual size: 955KB

.data
Size: 79KB - Virtual size: 210KB

.rsrc
Size: 1024KB - Virtual size: 92.9MB

.reloc
Size: 193KB - Virtual size: 192KB