804f7147e312427db9e7498b81ce734f986c93367fd248d8501df1086cb85926

Sharing

Copy URL Twitter E-mail

General

Target

804f7147e312427db9e7498b81ce734f986c93367fd248d8501df1086cb85926
Size

2.8MB
MD5

a336372107b9802ca1cfd178d75615e1
SHA1

2248552a473210b52abe077c1649b316a882de30
SHA256

804f7147e312427db9e7498b81ce734f986c93367fd248d8501df1086cb85926
SHA512

5cafbd8d373cf0864945818dea70a9a0772b6e9ffbd40275c885191753bb7866fdca72c0455ef4074ec2f3339d8b11df366dca50ad88a8d8979bafb98cff6aec
SSDEEP

49152:n/pJ2QdpIso+XhQsuIh4yDEgIMg/nBIKXTb+XiifIFGg1xbOMmL01:RJBDIsIsu4ggIPIqTqXJIFGCxyMmo1

Score

1^/10

Malware Config

Signatures

Files

804f7147e312427db9e7498b81ce734f986c93367fd248d8501df1086cb85926
.dll regsvr32 windows x86

bd650d4798a326834d26d69d2b1a79f9

Code Sign

03:fd:3e:81:a2:3e:67:96:8b:af:99:9b:7a:1b:3b:bc
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/09/2020, 00:00

Not After

03/11/2021, 12:00

Subject

CN=成都奇鲁科技有限公司,O=成都奇鲁科技有限公司,L=成都市,ST=四川省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:40:d3:8f:ff:0f:6e:d2:9e:05:c9:9c:d2:ef:6d:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/09/2020, 00:00

Not After

03/11/2021, 12:00

Subject

CN=成都奇鲁科技有限公司,O=成都奇鲁科技有限公司,L=成都市,ST=四川省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:0b:5d:74:13:1f:fc:af:cd:d9:44:36:30:00:82:7f:5e:9a:57:e6:ab:43:cc:21:92:f2:47:a9:c5:4e:3b:bf
Signer

Actual PE Digest

9c:0b:5d:74:13:1f:fc:af:cd:d9:44:36:30:00:82:7f:5e:9a:57:e6:ab:43:cc:21:92:f2:47:a9:c5:4e:3b:bf

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=成都奇鲁科技有限公司,O=成都奇鲁科技有限公司,L=成都市,ST=四川省,C=CN

17/12/2020, 06:25
Valid: true

Chain 1

CN=成都奇鲁科技有限公司,O=成都奇鲁科技有限公司,L=成都市,ST=四川省,C=CN

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

6d:cb:56:87:a8:68:9e:04:5e:05:15:00:92:0f:0f:0f:69:b1:bd:1b
Signer

Actual PE Digest

6d:cb:56:87:a8:68:9e:04:5e:05:15:00:92:0f:0f:0f:69:b1:bd:1b

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=成都奇鲁科技有限公司,O=成都奇鲁科技有限公司,L=成都市,ST=四川省,C=CN

17/12/2020, 06:25
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetVersionExW
DeleteFileW
GetTickCount
SetLastError
GetCurrentThreadId
InterlockedExchange
Process32NextW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
WideCharToMultiByte
Process32FirstW
CreateToolhelp32Snapshot
CreateFileW
CloseHandle
FlushFileBuffers
ReadFile
WriteFile
GetCurrentProcess
OpenProcess
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalMemoryStatusEx
SetThreadLocale
FindResourceExW
FindResourceW
SizeofResource
LoadResource
lstrcmpiW
LoadLibraryW
GetProcAddress
MultiByteToWideChar
GetPrivateProfileStringW
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
SetEndOfFile
SetStdHandle
WaitForSingleObjectEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameA
GetFileType
GetStdHandle
GetProcessHeap
HeapSize
VirtualQuery
VirtualProtect
GetSystemInfo
InterlockedFlushSList
RtlUnwind
CreateFileA
GetSystemDirectoryW
lstrcmpiA
lstrcmpA
DeviceIoControl
GetSystemWindowsDirectoryW
FreeResource
LoadLibraryExW
GetModuleHandleW
EncodePointer
GetThreadLocale
LockResource
Sleep
InterlockedCompareExchange
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
ReadConsoleW
DecodePointer
InterlockedExchangeAdd
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
GetStringTypeW
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCurrentProcessId
GetPrivateProfileIntW
WritePrivateProfileStringW
LocalFree
UnhandledExceptionFilter

user32

SendMessageW
SendMessageTimeoutW
DefWindowProcW
IsWindow
PostMessageW
UnregisterClassW
ReleaseCapture
CallWindowProcW
GetWindowThreadProcessId
GetShellWindow
CharNextW
LoadCursorW
FindWindowExW
GetParent
SetWindowLongW
GetWindowLongW
OffsetRect
CopyRect
ScreenToClient
GetWindowRect
GetClientRect
wsprintfW
UnionRect
EqualRect
PtInRect
SetCursor
DrawFocusRect
GetDesktopWindow
EnumDisplaySettingsW
MonitorFromWindow
GetMonitorInfoW
RegisterClassExW
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
KillTimer
SetTimer
SetCapture
GetAsyncKeyState
ShowWindow
DestroyWindow
CreateWindowExW
GetClassInfoExW

gdi32

GetObjectW
RectVisible
CreateDIBSection
SelectObject
SaveDC
RestoreDC
GetDeviceCaps
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetViewportOrgEx
CreateFontW
EnumFontFamiliesW
OffsetViewportOrgEx

comdlg32

CommDlgExtendedError
GetSaveFileNameW

advapi32

RegCreateKeyExW
RegOpenKeyExA
RegEnumKeyExA
DuplicateTokenEx
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExA
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
ord165
ShellExecuteW

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
StringFromGUID2
CoCreateGuid
CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

RegisterTypeLi
UnRegisterTypeLi
GetErrorInfo
LoadRegTypeLi
SysFreeString
SysStringLen
VarUI4FromStr
LoadTypeLi
SysAllocString

shlwapi

SHSetValueA
AssocQueryStringW
PathFindExtensionW
SHGetValueW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
SHGetValueA
StrStrIA
StrTrimA
StrCmpNIW
StrStrIW
PathCombineW
StrCmpIW

comctl32

_TrackMouseEvent

gdiplus

GdiplusShutdown
GdipFree
GdiplusStartup
GdipSetStringFormatTrimming
GdipCloneImage
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateBitmapFromStream
GdipSetStringFormatFlags
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipAlloc
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDeleteBrush
GdipCreateSolidFill
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipFillRectangleI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDrawString
GdipDisposeImage

iphlpapi

GetAdaptersInfo
GetInterfaceInfo
GetIfEntry
GetPerAdapterInfo

sensapi

IsNetworkAlive

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetGetConnectedState

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 506KB - Virtual size: 506KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd650d4798a326834d26d69d2b1a79f9

Code Sign

03:fd:3e:81:a2:3e:67:96:8b:af:99:9b:7a:1b:3b:bcCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

02:40:d3:8f:ff:0f:6e:d2:9e:05:c9:9c:d2:ef:6d:4fCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

9c:0b:5d:74:13:1f:fc:af:cd:d9:44:36:30:00:82:7f:5e:9a:57:e6:ab:43:cc:21:92:f2:47:a9:c5:4e:3b:bfSigner

Signature Validations

Verification

17/12/2020, 06:25 Valid: true

Chain 1

6d:cb:56:87:a8:68:9e:04:5e:05:15:00:92:0f:0f:0f:69:b1:bd:1bSigner

Signature Validations

Verification

17/12/2020, 06:25 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

iphlpapi

sensapi

version

wininet

crypt32

wintrust

urlmon

Exports

Exports

Sections

.text Size: 506KB - Virtual size: 506KB

.rdata Size: 142KB - Virtual size: 142KB

.data Size: 15KB - Virtual size: 22KB

.rsrc Size: 246KB - Virtual size: 245KB

.reloc Size: 26KB - Virtual size: 26KB

03:fd:3e:81:a2:3e:67:96:8b:af:99:9b:7a:1b:3b:bc
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

02:40:d3:8f:ff:0f:6e:d2:9e:05:c9:9c:d2:ef:6d:4f
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

9c:0b:5d:74:13:1f:fc:af:cd:d9:44:36:30:00:82:7f:5e:9a:57:e6:ab:43:cc:21:92:f2:47:a9:c5:4e:3b:bf
Signer

17/12/2020, 06:25
Valid: true

6d:cb:56:87:a8:68:9e:04:5e:05:15:00:92:0f:0f:0f:69:b1:bd:1b
Signer

17/12/2020, 06:25
Valid: false

.text
Size: 506KB - Virtual size: 506KB

.rdata
Size: 142KB - Virtual size: 142KB

.data
Size: 15KB - Virtual size: 22KB

.rsrc
Size: 246KB - Virtual size: 245KB

.reloc
Size: 26KB - Virtual size: 26KB