3e5b42cf87cd5f1e8c3df0f8f170915efdff887f16f5ca812b355947718cfcf8

Sharing

Copy URL Twitter E-mail

General

Target

3e5b42cf87cd5f1e8c3df0f8f170915efdff887f16f5ca812b355947718cfcf8
Size

4.6MB
MD5

a44fcdb611a2969da74d39cebb20052d
SHA1

be8916ffe64533f7cacaa89d0a0d93b2839825bc
SHA256

3e5b42cf87cd5f1e8c3df0f8f170915efdff887f16f5ca812b355947718cfcf8
SHA512

72f6a5d3a9123818da2ae8fcbf8cac5ad58e5c47b28c707292a5ddf2f3a72e59302c262451a2a2175ea684804c413a5736b753c64a97f5d2fd4b2d9a1766d765
SSDEEP

98304:/c7ky7v+AmyMLThQcLVSoq7A5ljjriN05/vcpuiFX48agmgwmj:KkVLTKcxS9A5ljnK0ZvcpumKlgwmj

Score

1^/10

Malware Config

Signatures

Files

3e5b42cf87cd5f1e8c3df0f8f170915efdff887f16f5ca812b355947718cfcf8
.dll windows x86

9f721f879fb1d1a9e54ba97a56f06d9a

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:3b:ed:41:4b:80:02:26:6d:40:ce:82:cf:6b:78:54:6d:53:42:ee:66:a8:b6:61:26:d8:9e:ac:2f:4c:67:b8
Signer

Actual PE Digest

25:3b:ed:41:4b:80:02:26:6d:40:ce:82:cf:6b:78:54:6d:53:42:ee:66:a8:b6:61:26:d8:9e:ac:2f:4c:67:b8

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

02/05/2023, 07:33
Valid: true

Chain 1

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

bc:27:c4:fd:6d:08:ca:dd:75:76:29:6c:62:53:64:78:3d:1a:f7:98
Signer

Actual PE Digest

bc:27:c4:fd:6d:08:ca:dd:75:76:29:6c:62:53:64:78:3d:1a:f7:98

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

03/05/2023, 12:02
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptAcquireContextW
CryptReleaseContext
CryptGetUserKey
CryptGenKey
CryptExportKey
CryptDestroyKey
OpenEventLogW
ReadEventLogW
CloseEventLog
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptGetProvParam
GetSecurityDescriptorDacl
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
CryptSetProvParam
RegEnumKeyA
RegQueryInfoKeyA
GetUserNameA
RegOpenKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSaveKeyA
RegEnumKeyExA

shlwapi

PathCombineW
StrCmpIW
PathIsSameRootA
StrStrIW
StrRStrIW
SHEnumKeyExW
PathCombineA
StrStrIA
PathFindFileNameA
PathAppendA
PathRemoveFileSpecA
PathAppendW
PathRemoveFileSpecW
PathFileExistsA
PathAddBackslashA
PathAddBackslashW
PathAddExtensionA
SHGetValueW

ws2_32

getaddrinfo
freeaddrinfo
ioctlsocket
connect
ntohs
select
WSAStartup
socket
WSAGetLastError
inet_addr
WSACleanup
getsockopt
closesocket
htons
bind
sendto
recvfrom
setsockopt

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ole32

CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
StringFromCLSID
CoInitializeEx
CoTaskMemFree
CoCreateGuid

shell32

SHGetFolderPathAndSubDirW
SHGetFolderPathA
SHGetSpecialFolderPathA

setupapi

SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW

kernel32

RtlUnwind
GetACP
GetOEMCP
TlsAlloc
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
InterlockedFlushSList
TlsGetValue
TlsSetValue
TlsFree
ExitThread
FreeLibraryAndExitThread
ExitProcess
IsValidLocale
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetCommandLineA
ReadConsoleW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
IsProcessorFeaturePresent
FindFirstFileExW
OpenFileMappingA
GetFileInformationByHandle
VirtualProtectEx
VirtualQueryEx
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
ResumeThread
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleFileNameA
GetModuleHandleA
TryEnterCriticalSection
InitializeCriticalSection
DeleteFileA
GetFileSizeEx
CreateFileA
GetEnvironmentVariableA
OpenProcess
LoadLibraryA
FindNextFileA
FileTimeToSystemTime
CreateThread
GlobalMemoryStatus
GetDiskFreeSpaceExW
GetComputerNameA
SetFilePointerEx
QueryDosDeviceW
DeviceIoControl
FindFirstFileA
GetWindowsDirectoryA
GetLogicalDriveStringsA
GetWindowsDirectoryW
SetEndOfFile
SetFilePointer
SetFileTime
RemoveDirectoryW
FindClose
FindNextFileW
ReadFile
GetFileSize
GetModuleHandleExW
IsValidCodePage
FindFirstFileW
SetFileAttributesW
GetModuleHandleW
GetCurrentThread
PeekNamedPipe
CreateProcessA
CreatePipe
GetCurrentProcess
GetCurrentProcessId
GetConsoleMode
GetStdHandle
CreateFileW
GetFileAttributesW
CloseHandle
RaiseException
GetLastError
SetLastError
HeapAlloc
HeapReAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateMutexW
CreateEventW
Sleep
TerminateProcess
GetCurrentThreadId
GlobalMemoryStatusEx
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
VirtualAlloc
VirtualFree
CreateFileMappingW
MapViewOfFile
MapViewOfFileEx
UnmapViewOfFile
QueueUserWorkItem
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryW
LocalFree
SetThreadAffinityMask
CreateFileMappingA
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
GetLocaleInfoW
GetSystemDefaultLCID
GetUserDefaultLCID
EnumSystemLocalesW
DeleteCriticalSection
HeapSize
GetProcessHeap
WriteFile
OutputDebugStringW
WriteConsoleW
CreateDirectoryW

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
VariantChangeType
VariantClear
VariantInit
SysFreeString
SysStringLen
SysAllocString

rpcrt4

UuidFromStringA

iphlpapi

GetNetworkParams
GetIpForwardTable
GetIfEntry
GetAdaptersInfo
GetIfTable
GetIpAddrTable
SendARP
GetInterfaceInfo
IcmpCreateFile
IcmpSendEcho
IcmpCloseHandle
GetAdaptersAddresses

rasapi32

RasEnumConnectionsA

crypt32

CryptQueryObject
CryptMsgGetParam
CertGetSubjectCertificateFromStore
CertGetNameStringA
CertFreeCertificateContext
CertCloseStore
CryptMsgClose

winhttp

WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpReadData
WinHttpConnect
WinHttpOpen
WinHttpCheckPlatform
WinHttpCloseHandle

Exports

Exports

CreateObject
GetBugReport

Sections

.text
Size: 729KB - Virtual size: 729KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f721f879fb1d1a9e54ba97a56f06d9a

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

25:3b:ed:41:4b:80:02:26:6d:40:ce:82:cf:6b:78:54:6d:53:42:ee:66:a8:b6:61:26:d8:9e:ac:2f:4c:67:b8Signer

Signature Validations

Verification

02/05/2023, 07:33 Valid: true

Chain 1

bc:27:c4:fd:6d:08:ca:dd:75:76:29:6c:62:53:64:78:3d:1a:f7:98Signer

Signature Validations

Verification

03/05/2023, 12:02 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shlwapi

ws2_32

version

ole32

shell32

setupapi

kernel32

oleaut32

rpcrt4

iphlpapi

rasapi32

crypt32

winhttp

Exports

Exports

Sections

.text Size: 729KB - Virtual size: 729KB

.rdata Size: 423KB - Virtual size: 423KB

.data Size: 15KB - Virtual size: 330KB

.vmp0 Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 30KB - Virtual size: 29KB

.rsrc Size: 1KB - Virtual size: 1KB

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

25:3b:ed:41:4b:80:02:26:6d:40:ce:82:cf:6b:78:54:6d:53:42:ee:66:a8:b6:61:26:d8:9e:ac:2f:4c:67:b8
Signer

02/05/2023, 07:33
Valid: true

bc:27:c4:fd:6d:08:ca:dd:75:76:29:6c:62:53:64:78:3d:1a:f7:98
Signer

03/05/2023, 12:02
Valid: false

.text
Size: 729KB - Virtual size: 729KB

.rdata
Size: 423KB - Virtual size: 423KB

.data
Size: 15KB - Virtual size: 330KB

.vmp0
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 30KB - Virtual size: 29KB

.rsrc
Size: 1KB - Virtual size: 1KB