b12145e1e042fe6c0d437720e02dda5c75b841715cce71a3730026f1748bf0be

Sharing

Copy URL Twitter E-mail

General

Target

b12145e1e042fe6c0d437720e02dda5c75b841715cce71a3730026f1748bf0be
Size

5.6MB
MD5

b6e1e3127e900a474740c5be2a7feaad
SHA1

6a0ff91e1bcdf34d0b034d8fa744df30ab98bcb7
SHA256

b12145e1e042fe6c0d437720e02dda5c75b841715cce71a3730026f1748bf0be
SHA512

de93242f542c63d3d1c1485f9980d49bdc6d38ce7fb557230e1d7280fec754193ed6de3da7ddf1fe6a1ca489b05f6d700e06c0937510eed1d8c43d6d8bd9d541
SSDEEP

98304:5ovvb403+M2JF037GxEyvn9xuxTHxTgey7WTKyRKji:Cvqg7AvnX9D7WTx

Score

1^/10

Malware Config

Signatures

Files

b12145e1e042fe6c0d437720e02dda5c75b841715cce71a3730026f1748bf0be
.exe windows x86

077a412d1ed158eadd4ffe142d0a5239

Code Sign

08:c8:ec:ea:59:44:ae:e2:2b:b2:18:50:8e:97:98:b8
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/07/2020, 00:00

Not After

03/08/2023, 12:00

Subject

CN=Qi An Xin Technology Group Inc.,O=Qi An Xin Technology Group Inc.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:bc:db:09:00:11:fd:11:c3:34:1d:74:52:75:e9:9a
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06/08/2020, 00:00

Not After

03/08/2023, 12:00

Subject

SERIALNUMBER=91110105397625067T,CN=Qi An Xin Technology Group Inc.,O=Qi An Xin Technology Group Inc.,ST=Beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

89:76:ff:25:d9:a3:0a:2f:93:25:86:71:73:46:25:02:71:e8:41:cd:e7:5c:17:d4:a8:d3:a2:c4:82:d8:82:a1
Signer

Actual PE Digest

89:76:ff:25:d9:a3:0a:2f:93:25:86:71:73:46:25:02:71:e8:41:cd:e7:5c:17:d4:a8:d3:a2:c4:82:d8:82:a1

Digest Algorithm

sha256

PE Digest Matches

false

81:c1:33:4f:50:ff:76:05:67:5b:17:fb:f0:a4:2d:ce:8c:91:c2:25
Signer

Actual PE Digest

81:c1:33:4f:50:ff:76:05:67:5b:17:fb:f0:a4:2d:ce:8c:91:c2:25

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AreFileApisANSI
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetThreadTimes
GetSystemTimeAsFileTime
GetTickCount
VirtualAlloc
VirtualFree
ConvertThreadToFiber
GetTimeZoneInformation
CompareStringW
LCMapStringW
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesW
GetComputerNameExW
GetSystemDirectoryW
lstrlenW
CreateProcessW
GetExitCodeProcess
SetEndOfFile
GetLongPathNameW
CreateDirectoryW
FreeResource
ReadFile
GetFileSize
FlushFileBuffers
WriteFile
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
ReadConsoleA
SetConsoleMode
SystemTimeToFileTime
GetSystemTime
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
CreatePipe
SetStdHandle
SetEnvironmentVariableW
ReadConsoleW
IsValidLocale
GetConsoleMode
GetConsoleCP
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
ExitProcess
CreateMutexW
GetCommandLineW
FormatMessageW
FormatMessageA
LocalFree
TlsFree
TlsAlloc
WaitForMultipleObjects
WaitForSingleObject
GetFileAttributesW
MoveFileExA
WritePrivateProfileStringW
GetWindowsDirectoryW
GetEnvironmentVariableW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
MoveFileExW
CopyFileW
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
OutputDebugStringW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
FindClose
GetPrivateProfileStringW
GetTempPathW
LockResource
FindResourceExW
Sleep
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetConsoleCtrlHandler
GetModuleHandleExW
ExitThread
RtlUnwind
DuplicateHandle
FreeLibraryAndExitThread
GetCurrentThread
CreateThread
CreateFileA
VerifyVersionInfoA
VerSetConditionMask
PeekNamedPipe
GetFileType
GetEnvironmentVariableA
CompareFileTime
LoadLibraryA
RaiseException
GetModuleHandleA
GetSystemDirectoryA
SleepEx
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileSizeEx
RtlCaptureStackBackTrace
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetComputerNameA
GetWindowsDirectoryA
InitializeCriticalSection
OutputDebugStringA
GetTempPathA
GetStdHandle
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OpenProcess
CloseHandle
IsDebuggerPresent
GetStringTypeW
GetCPInfo
TlsSetValue
TlsGetValue
QueryPerformanceFrequency
QueryPerformanceCounter
CreateHardLinkW
DeviceIoControl
SetFilePointerEx
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
GetCurrentDirectoryW
SwitchToThread
GetDriveTypeW
DeleteFileW
CreateFileW
LoadLibraryW
GetVersionExW
MultiByteToWideChar
lstrcmpiW
FindResourceW
SizeofResource
LoadResource
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
SetEvent

user32

PostQuitMessage
CallWindowProcW
SetWindowPos
GetDlgItem
GetUserObjectInformationW
GetProcessWindowStation
EnableWindow
GetSystemMetrics
DefWindowProcW
SendMessageW
LoadCursorW
SetWindowLongW
CharNextW
ShowWindow
DestroyWindow
CreateWindowExW
GetClassInfoExW
IsDialogMessageW
MonitorFromWindow
GetMonitorInfoW
PostMessageW
RegisterClassExW
UnregisterClassW
PeekMessageW
DispatchMessageW
SetWindowTextW
GetClientRect
GetWindowRect
MessageBoxW
MapWindowPoints
GetWindowLongW
GetParent
GetWindow
TranslateMessage
GetMessageW
LoadImageW

advapi32

CryptGetHashParam
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
GetUserNameA
SetTokenInformation
GetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
RegLoadKeyW
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
CryptEnumProvidersW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoCreateGuid
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize

oleaut32

VarUI4FromStr

shlwapi

SHGetValueW
SHDeleteKeyW
PathCombineW
PathAppendW
SHSetValueW
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW
PathIsDirectoryW
StrStrIW

comctl32

InitCommonControlsEx

ws2_32

getnameinfo
shutdown
gethostname
sendto
recvfrom
WSAEventSelect
WSAStartup
WSACleanup
inet_addr
inet_ntoa
WSAAddressToStringW
getaddrinfo
closesocket
connect
getsockname
setsockopt
socket
WSAAddressToStringA
freeaddrinfo
__WSAFDIsSet
select
WSASetLastError
WSACloseEvent
ntohl
ioctlsocket
listen
htonl
send
WSAEnumNetworkEvents
WSAGetLastError
bind
getpeername
getsockopt
htons
ntohs
WSAIoctl
accept
recv
WSACreateEvent

version

VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

dbghelp

SymCleanup
SymSetOptions
SymInitialize
SymFromAddr
UnDecorateSymbolName

wldap32

ord22
ord41
ord45
ord27
ord50
ord46
ord143
ord32
ord33
ord35
ord26
ord79
ord30
ord200
ord211
ord301
ord60

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertFreeCertificateChain
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CertOpenSystemStoreA
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptDecodeObjectEx
CertDuplicateCertificateContext

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 583KB - Virtual size: 583KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 25KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

077a412d1ed158eadd4ffe142d0a5239

Code Sign

08:c8:ec:ea:59:44:ae:e2:2b:b2:18:50:8e:97:98:b8Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

0a:bc:db:09:00:11:fd:11:c3:34:1d:74:52:75:e9:9aCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

89:76:ff:25:d9:a3:0a:2f:93:25:86:71:73:46:25:02:71:e8:41:cd:e7:5c:17:d4:a8:d3:a2:c4:82:d8:82:a1Signer

81:c1:33:4f:50:ff:76:05:67:5b:17:fb:f0:a4:2d:ce:8c:91:c2:25Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

version

psapi

iphlpapi

userenv

dbghelp

wldap32

crypt32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 583KB - Virtual size: 583KB

.data Size: 25KB - Virtual size: 107KB

.rsrc Size: 2.9MB - Virtual size: 2.9MB

.reloc Size: 86KB - Virtual size: 152KB

08:c8:ec:ea:59:44:ae:e2:2b:b2:18:50:8e:97:98:b8
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

0a:bc:db:09:00:11:fd:11:c3:34:1d:74:52:75:e9:9a
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

89:76:ff:25:d9:a3:0a:2f:93:25:86:71:73:46:25:02:71:e8:41:cd:e7:5c:17:d4:a8:d3:a2:c4:82:d8:82:a1
Signer

81:c1:33:4f:50:ff:76:05:67:5b:17:fb:f0:a4:2d:ce:8c:91:c2:25
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 583KB - Virtual size: 583KB

.data
Size: 25KB - Virtual size: 107KB

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

.reloc
Size: 86KB - Virtual size: 152KB