8509e24a1a8b871aa01ed4416c65146321855544b3e4c28be2592446ba7e832b

Sharing

Copy URL Twitter E-mail

General

Target

8509e24a1a8b871aa01ed4416c65146321855544b3e4c28be2592446ba7e832b
Size

1.0MB
MD5

2c841727923f2a0bea053afb195ca592
SHA1

beae826bb676292865fec08bfdecf280ed106e9b
SHA256

8509e24a1a8b871aa01ed4416c65146321855544b3e4c28be2592446ba7e832b
SHA512

ddd1fc9a2aee55f274895d027c77ed6ec4fa7b0a9b5a842e028fb5513ac329b68a30bb1ce86fc0f13dab54ab22aa1277221bf45b4c20647add4a74d3e911dfd8
SSDEEP

24576:hOKx0gE6xFKv+5K32HSfXKWX+dmeocXmbhGe/c:zx0gxgv+kR+dNXPsc

Score

1^/10

Malware Config

Signatures

Files

8509e24a1a8b871aa01ed4416c65146321855544b3e4c28be2592446ba7e832b
.dll windows x86

5dac47c5c0df44abd3b9c8063e27dc23

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:7b:8b:d9:11:0d:00:8c:d6:ed:14:5c:2b:d1:df:da
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/05/2021, 00:00

Not After

30/05/2024, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:ed:cb:99:54:85:28:f7:67:99:01:35:d5:26:0f:7b:ae:9b:6c:72:9b:8c:03:27:ee:20:4d:51:f8:fd:5e:2f
Signer

Actual PE Digest

13:ed:cb:99:54:85:28:f7:67:99:01:35:d5:26:0f:7b:ae:9b:6c:72:9b:8c:03:27:ee:20:4d:51:f8:fd:5e:2f

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalReAlloc
TlsFree
SetErrorMode
InterlockedIncrement
GlobalFlags
GetFileTime
GetCPInfo
GetOEMCP
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapReAlloc
VirtualAlloc
GetSystemTimeAsFileTime
ExitThread
GetCommandLineA
GetProcessHeap
RtlUnwind
RaiseException
ExitProcess
HeapSize
SetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
GlobalHandle
GetStdHandle
GetACP
TlsSetValue
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetConsoleCtrlHandler
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GlobalReAlloc
TlsGetValue
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
CreateFileW
SetConsoleMode
ReadConsoleInputA
FlushConsoleInputBuffer
GlobalMemoryStatus
IsValidCodePage
TlsAlloc
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
GetThreadLocale
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetModuleFileNameW
GetCurrentProcessId
GlobalAddAtomA
SuspendThread
ResumeThread
SetThreadPriority
SetLastError
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
ReadFile
WriteFile
FlushFileBuffers
SystemTimeToFileTime
GetTickCount
CreateThread
SetEnvironmentVariableA
GetFileAttributesA
LocalAlloc
FindClose
FindFirstFileA
TerminateProcess
GetExitCodeProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
LocalFree
WaitForSingleObject
CreateProcessA
FreeLibrary
LoadLibraryW
GetSystemDefaultLangID
GlobalMemoryStatusEx
InterlockedDecrement
CloseHandle
DeviceIoControl
CreateFileA
GetPrivateProfileSectionA
GetPrivateProfileStringA
OutputDebugStringW
GetVersionExA
GetCurrentProcess
GetModuleHandleA
GetTempPathA
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringA
GetProcAddress
LoadLibraryA
WideCharToMultiByte
WritePrivateProfileStringA
Sleep
GetPrivateProfileIntA
GetLocalTime
SetEvent
FindResourceA
LoadResource
LockResource
SizeofResource
CreateEventA
lstrlenA
MultiByteToWideChar
lstrlenW
GetVersion
InterlockedExchange
CompareStringW
CompareStringA
GetLastError
GetEnvironmentVariableA

user32

RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
GetWindowTextA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
CharUpperA
SetWindowTextA
MapWindowPoints
SetForegroundWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
CopyRect
PtInRect
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
MoveWindow
ShowWindow
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
GetDC
ReleaseDC
SetWindowsHookExA
MessageBoxA
GetDlgItem
GetProcessWindowStation
GetUserObjectInformationW
GetWindowRect
GetParent
UnhookWindowsHookEx
EnumDisplayDevicesA
EnumDisplaySettingsExA
wsprintfA
GetClientRect
EndPaint
UnregisterClassA
GetSysColorBrush
LoadCursorA
GetWindowPlacement
GetSystemMetrics
GetWindow
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
CallNextHookEx
GetMessageA
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
PeekMessageA
DispatchMessageA
PostMessageA
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
DestroyMenu
SendMessageA
EnableWindow
GetDlgCtrlID
BeginPaint

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
RectVisible
PtVisible
DeleteObject
GetDeviceCaps
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
SetBkMode
SetMapMode
Escape
ExtTextOutA
TextOutA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

DuplicateTokenEx
ReportEventA
DeregisterEventSource
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
FreeSid
EqualSid
AllocateAndInitializeSid
RegCreateKeyExA
RegOpenKeyA
SetTokenInformation
RegisterEventSourceA
OpenProcessToken
GetTokenInformation
CreateProcessAsUserA
RegQueryValueExW
RegOpenKeyExW
CloseServiceHandle
ControlService
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegEnumKeyExA
RegCreateKeyA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shlwapi

UrlUnescapeA
PathStripToRootA
PathFindExtensionA
PathFindFileNameA
PathIsUNCA

ole32

CoInitialize
CLSIDFromProgID
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VariantChangeType
GetErrorInfo

ws2_32

WSACleanup
WSAStartup
WSASetLastError

rpcrt4

UuidFromStringA
UuidToStringA
RpcStringFreeA
UuidCreateSequential

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

sqlite3

sqlite3_exec
sqlite3_free
sqlite3_free_table
sqlite3_get_table
sqlite3_open

setupapi

CM_Get_DevNode_Registry_PropertyA
CM_Locate_DevNodeA
CM_Get_DevNode_Status

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsA

wininet

InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetQueryDataAvailable
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
InternetSetOptionA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetGetConnectedState

Exports

Exports

CreateBaseDeviceObject
CreateTrayObject
DestroyHardScore
DgToolsIsInstall
FixMe
FuncRep
GetComputerCName
GetDriverNode
GetDriverNode2
GetDriverToolsNode
GetHardInfo
GetHardScore
GetHttpFileSize
GetLenoveDrvListReccount
GetLenovoDriver
GetLenovoHardwareListInfo
GetLenovoHardwareListNode
GetLenovoProductWarranty
GetLenovoSn
GetLenovoWeixinUrl
GetLocalInfo2
GetLocalInfo4
GetMainBoard
GetMyInfo_A
GetMyInfo_B
GetMyInfo_C
GetMyInfo_D
GetMyInfo_E
GetMyInfo_G
GetMyInfo_H
GetSoftwareLicensingProduct
InitDgBaseModle
InitHardScore
InitLenovoWeixinUrl
IsLenovo2
LnFuncRealRep
LnFuncRep
LnRepCache
LnSupRateRep
MainWorkProc
NewInfo
ProductWarrantyInfo
RepInst
RepLenovoZeroDriver
RepUnInst
ServiceUninit
TestFunction
UnInitDgBaseModle

Sections

.text
Size: 728KB - Virtual size: 725KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5dac47c5c0df44abd3b9c8063e27dc23

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

07:7b:8b:d9:11:0d:00:8c:d6:ed:14:5c:2b:d1:df:daCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

13:ed:cb:99:54:85:28:f7:67:99:01:35:d5:26:0f:7b:ae:9b:6c:72:9b:8c:03:27:ee:20:4d:51:f8:fd:5e:2fSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

ole32

oleaut32

ws2_32

rpcrt4

iphlpapi

version

sqlite3

setupapi

wtsapi32

wininet

Exports

Exports

Sections

.text Size: 728KB - Virtual size: 725KB

.rdata Size: 224KB - Virtual size: 220KB

.data Size: 16KB - Virtual size: 102KB

.rsrc Size: 16KB - Virtual size: 14KB

.reloc Size: 64KB - Virtual size: 62KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

07:7b:8b:d9:11:0d:00:8c:d6:ed:14:5c:2b:d1:df:da
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

13:ed:cb:99:54:85:28:f7:67:99:01:35:d5:26:0f:7b:ae:9b:6c:72:9b:8c:03:27:ee:20:4d:51:f8:fd:5e:2f
Signer

.text
Size: 728KB - Virtual size: 725KB

.rdata
Size: 224KB - Virtual size: 220KB

.data
Size: 16KB - Virtual size: 102KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 64KB - Virtual size: 62KB