181e5c31bf5091cc91872d170219ada550ef6e04f62e6cd4338337cb5de1549f

Sharing

Copy URL Twitter E-mail

General

Target

181e5c31bf5091cc91872d170219ada550ef6e04f62e6cd4338337cb5de1549f
Size

3.4MB
MD5

bc48bd4643e6240c4831ae1aed283048
SHA1

e487c74fe559e9117eaa150c74579c15818f93b0
SHA256

181e5c31bf5091cc91872d170219ada550ef6e04f62e6cd4338337cb5de1549f
SHA512

c5af398bd106c481acb67f3b1971818043c002ca338cc91f43d3092ebe0df4a936a3583e2ee415ead0b15e3ef503cb572f7b423b7366ccbfb33a79c0a4bd8701
SSDEEP

98304:oxk10I4y4MxP4AhnuySlleaPV9G24kuDmNC47:uk10dQ4EuhllxG2iDij7

Score

1^/10

Malware Config

Signatures

Files

181e5c31bf5091cc91872d170219ada550ef6e04f62e6cd4338337cb5de1549f
.dll windows x64

078d8ef5838a0cbba4d5006ef49a0472

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

db:d5:59:00:7c:93:fe:d9:27:99:4d:b5:49:aa:76:ea:a6:3d:a6:3e:90:93:33:2c:29:18:bd:c3:1b:0b:57:ce
Signer

Actual PE Digest

db:d5:59:00:7c:93:fe:d9:27:99:4d:b5:49:aa:76:ea:a6:3d:a6:3e:90:93:33:2c:29:18:bd:c3:1b:0b:57:ce

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

15/03/2022, 10:12
Valid: true

Chain 1

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

16:a1:cd:40:0e:ee:e0:4b:2b:e1:c5:d1:1d:e8:dc:8d:03:7f:91:fb
Signer

Actual PE Digest

16:a1:cd:40:0e:ee:e0:4b:2b:e1:c5:d1:1d:e8:dc:8d:03:7f:91:fb

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

03/05/2023, 12:03
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Module32FirstW
Module32NextW
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
SetLastError
DeviceIoControl
RemoveVectoredExceptionHandler
GetSystemDirectoryW
AddVectoredExceptionHandler
VirtualQueryEx
GetLogicalDriveStringsA
GetWindowsDirectoryA
FindFirstFileA
FindClose
QueryDosDeviceW
SetFilePointerEx
FileTimeToSystemTime
FindNextFileA
SetFileAttributesW
FindFirstFileW
GetFileSize
GetFileAttributesW
FindNextFileW
RemoveDirectoryW
SetFileTime
SetFilePointer
SetEndOfFile
GetWindowsDirectoryW
CreateMutexW
CreateFileMappingW
ReleaseMutex
GetLogicalProcessorInformation
GetDiskFreeSpaceExW
IsWow64Process
CreatePipe
CreateProcessA
PeekNamedPipe
SetThreadAffinityMask
GetCurrentThread
GetTickCount
VirtualFree
VirtualAlloc
RtlVirtualUnwind
RtlLookupFunctionEntry
VirtualProtectEx
CreateFileA
GetFileSizeEx
GetEnvironmentVariableA
OpenProcess
DeleteFileA
CreateFileMappingA
MapViewOfFileEx
CreateMutexA
GetFileInformationByHandle
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetStringTypeW
ConnectNamedPipe
GetSystemTimeAsFileTime
LCMapStringEx
GetCPInfo
RtlCaptureContext
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
SetStdHandle
FreeEnvironmentStringsW
CreateEventA
LocalFree
GetOverlappedResult
ResetEvent
DisconnectNamedPipe
EncodePointer
CreateNamedPipeW
GetCurrentProcess
CancelIo
ReadFile
GetModuleHandleW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
FreeLibrary
LoadLibraryW
GetCurrentProcessId
ResumeThread
TerminateThread
WaitForMultipleObjects
QueryPerformanceCounter
WaitForSingleObject
SetEvent
CreateThread
CreateEventW
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
GetProcessHeap
DeleteCriticalSection
WriteConsoleW
DecodePointer
HeapAlloc
RaiseException
CloseHandle
HeapReAlloc
OutputDebugStringW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
GetConsoleOutputCP
FlushFileBuffers
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
GetLastError
GetConsoleMode
MultiByteToWideChar
HeapSize
GetCurrentThreadId
CreateFileW
InitializeCriticalSectionEx
InitializeCriticalSection
LeaveCriticalSection
CreateToolhelp32Snapshot
GetModuleFileNameW
WriteFile
GetStdHandle
EnterCriticalSection
HeapFree
TryEnterCriticalSection
CreateDirectoryW
Sleep
RtlUnwind

advapi32

CryptGenKey
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
RegOpenKeyExW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyA
RegQueryInfoKeyA
RegOpenKeyW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
CryptAcquireContextW
CryptReleaseContext
CryptGetUserKey
CryptExportKey
CryptDestroyKey
OpenEventLogW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
RegSaveKeyA
RegEnumKeyExA
CryptSetProvParam
GetSecurityDescriptorDacl
CryptGetProvParam
DeregisterEventSource
ReportEventW
RegisterEventSourceW
CloseEventLog
ReadEventLogW
InitializeSecurityDescriptor

ole32

CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
StringFromCLSID
CoCreateGuid
CoUninitialize

shell32

SHGetFolderPathAndSubDirW
SHGetFolderPathA
SHGetSpecialFolderPathA

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
VariantClear
VariantInit
SysStringLen
SysAllocString
SysFreeString

shlwapi

PathRemoveFileSpecW
StrCmpIW
PathCombineW
PathFindFileNameA
StrStrIA
PathAppendW
PathCombineA
PathIsSameRootA
PathAppendA
SHGetValueW
SHEnumKeyExW
StrRStrIW
PathRemoveFileSpecA
PathAddBackslashA
PathAddBackslashW
PathFileExistsA
PathAddExtensionA
StrStrIW

ws2_32

inet_addr
WSAStartup
WSACleanup
htons
getaddrinfo
freeaddrinfo
socket
WSAGetLastError
ioctlsocket
ntohs
recvfrom
sendto
connect
setsockopt
select
getsockopt
closesocket
bind

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

iphlpapi

IcmpSendEcho
IcmpCreateFile
GetIpForwardTable
GetInterfaceInfo
SendARP
GetIfEntry
GetIpAddrTable
GetIfTable
GetAdaptersInfo
IcmpCloseHandle
GetAdaptersAddresses

rasapi32

RasEnumConnectionsA

crypt32

CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertGetNameStringA
CertGetSubjectCertificateFromStore
CryptMsgGetParam
CryptQueryObject

rpcrt4

UuidFromStringA

winhttp

WinHttpReceiveResponse
WinHttpConnect
WinHttpReadData
WinHttpCloseHandle
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpOpen
WinHttpQueryHeaders
WinHttpCheckPlatform

Exports

Exports

CreateObject
GetBugReport

Sections

.text
Size: 795KB - Virtual size: 795KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 488KB - Virtual size: 487KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 454KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 1.0MB - Virtual size: 10.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

078d8ef5838a0cbba4d5006ef49a0472

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

db:d5:59:00:7c:93:fe:d9:27:99:4d:b5:49:aa:76:ea:a6:3d:a6:3e:90:93:33:2c:29:18:bd:c3:1b:0b:57:ceSigner

Signature Validations

Verification

15/03/2022, 10:12 Valid: true

Chain 1

16:a1:cd:40:0e:ee:e0:4b:2b:e1:c5:d1:1d:e8:dc:8d:03:7f:91:fbSigner

Signature Validations

Verification

03/05/2023, 12:03 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

shell32

oleaut32

shlwapi

ws2_32

version

setupapi

iphlpapi

rasapi32

crypt32

rpcrt4

winhttp

Exports

Exports

Sections

.text Size: 795KB - Virtual size: 795KB

.rdata Size: 488KB - Virtual size: 487KB

.data Size: 23KB - Virtual size: 454KB

.pdata Size: 28KB - Virtual size: 28KB

_RDATA Size: 512B - Virtual size: 244B

.vmp0 Size: 1.0MB - Virtual size: 10.8MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

db:d5:59:00:7c:93:fe:d9:27:99:4d:b5:49:aa:76:ea:a6:3d:a6:3e:90:93:33:2c:29:18:bd:c3:1b:0b:57:ce
Signer

15/03/2022, 10:12
Valid: true

16:a1:cd:40:0e:ee:e0:4b:2b:e1:c5:d1:1d:e8:dc:8d:03:7f:91:fb
Signer

03/05/2023, 12:03
Valid: false

.text
Size: 795KB - Virtual size: 795KB

.rdata
Size: 488KB - Virtual size: 487KB

.data
Size: 23KB - Virtual size: 454KB

.pdata
Size: 28KB - Virtual size: 28KB

_RDATA
Size: 512B - Virtual size: 244B

.vmp0
Size: 1.0MB - Virtual size: 10.8MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB