75d4f90d0523442e4c86a5bd0472d739820e18d00d1771ba8dec577c1b0a006a[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

75d4f90d0523442e4c86a5bd0472d739820e18d00d1771ba8dec577c1b0a006a.exe
Size

1.3MB
MD5

a480cdc298e679c64228a20b89519700
SHA1

93e57f35f562ed81183ce12badb83cdc4fba8d1b
SHA256

75d4f90d0523442e4c86a5bd0472d739820e18d00d1771ba8dec577c1b0a006a
SHA512

68a387bf0e02f4d8cd0f270888f8d54d96693104903cbb9c7e48478af12944e7ae9f3f28ffa4ef28f955e140fa9a14e04a26924feaaa3d8598d34ca86a4fffeb
SSDEEP

24576:0odxigQe71oxjH6THUn2lmzOmsOYgVI47Rfs:0odxnJq0HNlmzWOi

Score

1^/10

Malware Config

Signatures

Files

75d4f90d0523442e4c86a5bd0472d739820e18d00d1771ba8dec577c1b0a006a.exe
.exe windows x86

96d738731bda28a4237dab7c61a16e5f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:4c:40:1c:8b:ab:87:27:28:10:54:a8:2e:d6:46:de
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/07/2021, 00:00

Not After

18/07/2024, 23:59

Subject

SERIALNUMBER=91460000MA5T8M9381,CN=海南驰豹科技有限公司,O=海南驰豹科技有限公司,L=澄迈县,ST=海南省,C=CN,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b5b7e58d97e79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4f:a4:aa:5f:11:ea:f5:d5:73:14:f4:c2:d6:59:d3:81:f2:58:87:77:73:7d:8c:68:13:c1:17:37:fa:fa:cb
Signer

Actual PE Digest

0c:4f:a4:aa:5f:11:ea:f5:d5:73:14:f4:c2:d6:59:d3:81:f2:58:87:77:73:7d:8c:68:13:c1:17:37:fa:fa:cb

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertGetNameStringW
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateChain
CertOpenStore

user32

SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetWindowRect
AdjustWindowRectEx
ScreenToClient
MapWindowPoints
PtInRect
SetWindowLongW
GetClassLongW
GetClassNameW
GetTopWindow
WinHelpW
MonitorFromWindow
GetMonitorInfoW
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetDC
ReleaseDC
ClientToScreen
ShowWindow
SetWindowTextW
LoadCursorW
RealChildWindowFromPoint
SetTimer
KillTimer
InvalidateRect
GetSysColorBrush
CharUpperW
RegisterClipboardFormatW
UnregisterClassW
LoadIconW
SendMessageW
IsIconic
GetSystemMetrics
GetClientRect
EnableWindow
wsprintfW
SetRectEmpty
OffsetRect
GetParent
PostMessageW
PostQuitMessage
SetWindowPos
GetWindow
IsWindow
DestroyWindow
GetDlgItem
GetActiveWindow
IsWindowEnabled
GetWindowLongW
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
GetScrollPos
RedrawWindow
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
GetMenuItemCount
GetMenuItemID
GetSubMenu
CopyRect
GetSysColor
DestroyMenu
UnhookWindowsHookEx
GetWindowThreadProcessId
MessageBoxW
SetCursor
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadBitmapW
GetLastActivePopup

kernel32

RaiseException
OutputDebugStringW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStringTypeW
LCMapStringEx
LocalFree
EncodePointer
GetFileSizeEx
VerifyVersionInfoW
GetModuleHandleA
VerSetConditionMask
SleepEx
GetCurrentProcessId
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExW
FormatMessageW
SetLastError
LoadLibraryW
GetModuleHandleW
FreeLibrary
GetSystemDirectoryW
QueryPerformanceFrequency
QueryPerformanceCounter
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SystemTimeToFileTime
GetCurrentDirectoryW
CloseHandle
LocalFileTimeToFileTime
GetFileAttributesW
CreateFileW
SetFilePointer
SetFileTime
WriteFile
ReadFile
CreateDirectoryW
LeaveCriticalSection
EnterCriticalSection
CreateEventA
CreateDirectoryA
WideCharToMultiByte
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
HeapReAlloc
LockResource
GetLastError
Sleep
MultiByteToWideChar
HeapSize
FindClose
InitializeCriticalSectionEx
HeapFree
FindFirstFileW
SizeofResource
GetModuleFileNameA
GetTickCount
GetProcAddress
HeapQueryInformation
GetACP
LoadLibraryA
OutputDebugStringA
GetModuleFileNameW
GetCurrentThread
GetVersionExW
LoadLibraryExW
GlobalAlloc
GlobalLock
GlobalDeleteAtom
lstrcmpA
lstrcmpW
GlobalFree
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalUnlock
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
SetStdHandle
CreateProcessW
GetExitCodeProcess
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
GetCommandLineW
GetCommandLineA
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
ExitProcess
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetFileInformationByHandle
GetDriveTypeW
RtlUnwind
GetUserDefaultLCID
SystemTimeToTzSpecificLocalTime
GetFileAttributesExW
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
SetEndOfFile
GetVolumeInformationW
GetFullPathNameW
FlushFileBuffers
DeleteFileW
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
WaitForSingleObject

advapi32

RegCreateKeyExW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
CryptEncrypt
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
RegDeleteKeyW
RegDeleteValueW

gdi32

ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
TextOutW
SetMapMode
SelectObject
SaveDC
RestoreDC
RectVisible
PtVisible
GetStockObject
GetClipBox
Escape
DeleteObject
SetTextColor
SetBkColor
GetDeviceCaps
DeleteDC
CreateBitmap
ExtTextOutW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

comctl32

InitCommonControlsEx

bcrypt

BCryptGenRandom

oleacc

CreateStdAccessibleObject
LresultFromObject

ws2_32

WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt
WSAWaitForMultipleEvents
WSAStartup
gethostname
ioctlsocket
getpeername
sendto
recvfrom
freeaddrinfo
getaddrinfo
recv
listen
htonl
getsockname
connect
bind
accept
select
__WSAFDIsSet
WSAIoctl
setsockopt
socket
htons
WSACleanup

wldap32

ord219
ord46
ord14
ord216
ord73
ord208
ord41
ord117
ord145
ord26
ord27
ord127
ord167
ord142
ord301
ord147
ord133
ord79

ole32

CoUninitialize
CoCreateGuid
CoTaskMemFree
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
VariantInit
VariantClear
VariantChangeType
SysFreeString

shell32

ShellExecuteW

shlwapi

PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathFindExtensionW

Sections

.text
Size: 665KB - Virtual size: 664KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 438KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96d738731bda28a4237dab7c61a16e5f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:4c:40:1c:8b:ab:87:27:28:10:54:a8:2e:d6:46:deCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0c:4f:a4:aa:5f:11:ea:f5:d5:73:14:f4:c2:d6:59:d3:81:f2:58:87:77:73:7d:8c:68:13:c1:17:37:fa:fa:cbSigner

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

user32

kernel32

advapi32

gdi32

winspool.drv

comctl32

bcrypt

oleacc

ws2_32

wldap32

ole32

oleaut32

shell32

shlwapi

Sections

.text Size: 665KB - Virtual size: 664KB

.rdata Size: 149KB - Virtual size: 149KB

.data Size: 8KB - Virtual size: 21KB

.rsrc Size: 438KB - Virtual size: 440KB

.reloc Size: 30KB - Virtual size: 30KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:4c:40:1c:8b:ab:87:27:28:10:54:a8:2e:d6:46:de
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0c:4f:a4:aa:5f:11:ea:f5:d5:73:14:f4:c2:d6:59:d3:81:f2:58:87:77:73:7d:8c:68:13:c1:17:37:fa:fa:cb
Signer

.text
Size: 665KB - Virtual size: 664KB

.rdata
Size: 149KB - Virtual size: 149KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 438KB - Virtual size: 440KB

.reloc
Size: 30KB - Virtual size: 30KB