618de904228356exeexeexeex[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

618de904228356exeexeexeex.exe
Size

19.8MB
MD5

618de90422835603ed8e22cbea9e99a2
SHA1

cbec69b0f5c505aa503742d7c6d0d615d09cca7e
SHA256

b5694bf6eb3903f460628026a4f03312055a881bed6b4c8b2fb1379d9ddd72fc
SHA512

b603135899bfc66ee32936c40f8f583e3a9e6a9f858a60b92d23d062b8f645b0f9f868d54f491453974410f5da8d1bd060fbacb69406225708c2e021edc0c7f6
SSDEEP

393216:rWHfRUw++hcxTgDE2FBbKmiMBMPeSP3MdSq4a5jy4PeeJ:wRUXxB2FBumiMeRP3MdSpaty4PR

Score

1^/10

Malware Config

Signatures

Files

618de904228356exeexeexeex.exe
.exe windows x86

3bd7b3cc6c76b8bfd3fd106fb7408d31

Code Sign

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

24/08/2022, 00:00

Not After

29/08/2025, 23:59

Subject

CN=深圳市联软科技股份有限公司,O=深圳市联软科技股份有限公司,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

24/08/2022, 00:00

Not After

29/08/2025, 23:59

Subject

CN=深圳市联软科技股份有限公司,O=深圳市联软科技股份有限公司,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

df:12:48:9b:09:0a:c9:0c:84:10:be:3a:9d:67:bd:50:d0:dc:89:9b:85:36:99:de:18:41:55:fb:26:8f:8b:29
Signer

Actual PE Digest

df:12:48:9b:09:0a:c9:0c:84:10:be:3a:9d:67:bd:50:d0:dc:89:9b:85:36:99:de:18:41:55:fb:26:8f:8b:29

Digest Algorithm

sha256

PE Digest Matches

true

7c:ea:7e:73:e3:d4:10:e4:b7:a6:9f:cd:c5:5b:c3:24:9c:2b:d0:15
Signer

Actual PE Digest

7c:ea:7e:73:e3:d4:10:e4:b7:a6:9f:cd:c5:5b:c3:24:9c:2b:d0:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSizeEx
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetDiskFreeSpaceW
RemoveDirectoryW
GetFileAttributesExW
FindNextFileW
CopyFileW
MoveFileExW
VirtualAllocEx
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
lstrlenW
CreateProcessW
CreateMutexW
OpenMutexW
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
GetCurrentThread
GetExitCodeThread
SuspendThread
ResumeThread
InterlockedExchangeAdd
SetLocalTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetLogicalDrives
OpenFileMappingW
GetCommandLineW
TryEnterCriticalSection
lstrcmpiA
ReleaseMutex
CreateMutexA
GetVolumeInformationW
SetEvent
ResetEvent
CreateEventA
OpenEventA
TerminateThread
GetVolumeNameForVolumeMountPointW
ReleaseSemaphore
CreateEventW
CreateSemaphoreW
InitializeCriticalSection
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
FlushInstructionCache
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
WriteConsoleW
HeapSize
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
FindNextFileA
VirtualFree
FindFirstFileExA
SetConsoleCtrlHandler
SetStdHandle
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetLocaleInfoW
EnumSystemLocalesW
GetTimeFormatW
GetDateFormatW
GetACP
GetStdHandle
GetModuleFileNameA
GetTimeZoneInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
OutputDebugStringW
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
CompareStringW
GetStringTypeW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
EncodePointer
FindFirstFileW
GetFullPathNameW
FindResourceW
FindClose
SizeofResource
LoadResource
SetLastError
LockResource
FreeResource
DosDateTimeToFileTime
GetFileType
SystemTimeToFileTime
GetCurrentDirectoryW
DuplicateHandle
SetFilePointer
ProcessIdToSessionId
QueryDosDeviceW
SetCurrentDirectoryW
GetTempPathW
GetSystemDirectoryW
GetEnvironmentVariableW
FormatMessageW
ReadProcessMemory
GetCurrentProcessId
GetProcessHeap
VirtualAlloc
FindFirstFileExW
LocalAlloc
SetFileTime
WriteFile
MoveFileW
GetDriveTypeW
BeginUpdateResourceW
GetFileSize
LocalFree
UpdateResourceW
GetDiskFreeSpaceExW
MultiByteToWideChar
EndUpdateResourceW
GetLogicalDriveStringsW
CreateFileW
DeviceIoControl
ReadFile
CreateDirectoryW
DeleteCriticalSection
GetWindowsDirectoryW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
SetFileAttributesW
OpenProcess
GetFileAttributesW
OutputDebugStringA
WideCharToMultiByte
CloseHandle
DeleteFileW
GetSystemWindowsDirectoryW
GetCurrentThreadId
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoA
IsValidCodePage
ExpandEnvironmentStringsW
GetLongPathNameW
GetShortPathNameW
IsBadReadPtr
GetModuleHandleA
LoadLibraryA
GetModuleFileNameW
GetVersionExA
GetModuleHandleW
GetLocalTime
GetVersionExW
GetTickCount
MulDiv
LeaveCriticalSection
HeapReAlloc
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
GetCurrentProcess
GetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
Sleep
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement

user32

GetActiveWindow
MessageBoxW
ShowWindow
GetWindowRect
MonitorFromRect
GetDC
ReleaseDC
DestroyWindow
PostQuitMessage
MapVirtualKeyA
CharLowerBuffW
DestroyMenu
UpdateLayeredWindow
IsMenu
SendMessageW
CreatePopupMenu
IsZoomed
SetWindowPos
wsprintfW
IsWindow
CheckMenuItem
DrawTextW
IsWindowVisible
GetWindowPlacement
GetMenuItemCount
InsertMenuW
AppendMenuW
TrackPopupMenu
LoadBitmapW
LoadCursorW
CreateIconFromResource
LoadImageW
GetSystemMetrics
GetSysColor
EnableMenuItem
ClientToScreen
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetIconInfo
DestroyCursor
LoadIconW
TrackMouseEvent
OffsetRect
CharNextW
GetKeyState
GetFocus
PtInRect
EqualRect
SetRect
SetCursor
GetDesktopWindow
DeleteMenu
IsWindowEnabled
EnableWindow
GetWindow
MapWindowPoints
GetDlgItem
GetMenuInfo
SetMenuInfo
GetMenuItemInfoW
SetForegroundWindow
SetMenuContextHelpId
MsgWaitForMultipleObjects
GetForegroundWindow
OpenInputDesktop
CloseDesktop
GetThreadDesktop
GetUserObjectInformationW
RegisterClassW
RegisterDeviceNotificationW
UnregisterDeviceNotification
SystemParametersInfoA
SetActiveWindow
PostMessageW
AnimateWindow
SetLayeredWindowAttributes
CreateWindowExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
GetMonitorInfoW
MonitorFromWindow
DestroyIcon
GetClassNameW
GetParent
SetWindowLongW
GetWindowLongW
IsRectEmpty
UnionRect
IntersectRect
InflateRect
CopyRect
ScreenToClient
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
GetCursorPos
GetClientRect
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetCapture
SetFocus
IsIconic

gdi32

CreateFontIndirectW
SetGraphicsMode
SelectObject
DeleteDC
CreateCompatibleDC
CreateSolidBrush
CreateRoundRectRgn
EnumFontsW
DeleteObject
BitBlt
GetDeviceCaps
GetClipBox
GetStockObject
Rectangle
SetBkMode
GetObjectW
GetDCOrgEx
StretchBlt
CreateCompatibleBitmap
SetViewportOrgEx
CreateBitmap
GetCurrentObject
GetViewportOrgEx

advapi32

RegOpenKeyExW
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
LookupAccountNameW
LogonUserW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegRestoreKeyW
RegSaveKeyW
RegSetValueExW
SetEntriesInAclW
BuildExplicitAccessWithNameW
SetTokenInformation
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
CreateProcessAsUserW
CreateProcessWithLogonW
DuplicateTokenEx
ConvertStringSidToSidW
RegQueryValueExA
GetAce
ConvertSidToStringSidW
RevertToSelf
ImpersonateLoggedOnUser
SetSecurityInfo
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
SetFileSecurityW
SetSecurityDescriptorDacl
AdjustTokenPrivileges
LookupPrivilegeValueW
GetUserNameW
GetLengthSid
GetAclInformation
AddAce
AddAccessAllowedAceEx
GetSecurityDescriptorControl
SetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetNamedSecurityInfoW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
GetNamedSecurityInfoW

shell32

SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteExW
SHBrowseForFolderW
ord680
ShellExecuteW
SHGetPathFromIDListW

ole32

CoUninitialize
CLSIDFromProgID
CreateBindCtx
CoCreateInstance
CoInitialize
CLSIDFromString
OleLockRunning
OleUninitialize
OleInitialize

oleaut32

SysFreeString
GetErrorInfo
VariantInit
VariantClear
VariantChangeType
SetErrorInfo
SysAllocString
CreateErrorInfo

shlwapi

SHDeleteKeyW
SHCopyKeyW
StrToIntExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

imm32

ImmGetContext
ImmAssociateContext
ImmReleaseContext

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQuerySessionInformationW

crypt32

CertVerifyTimeValidity
CertFreeCertificateContext
CryptQueryObject
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CertFindCertificateInStore
CertGetNameStringW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

netapi32

DsGetDcNameW
NetApiBufferFree
NetGetJoinInformation
NetUserAdd
NetUserEnum
NetUserGetInfo
NetUserSetInfo
NetUserDel
NetUserGetLocalGroups
NetUserChangePassword
NetLocalGroupEnum
NetLocalGroupGetMembers
NetLocalGroupAddMembers
NetLocalGroupDelMembers

setupapi

SetupDiRemoveDevice
SetupDiEnumDeviceInfo
CM_Request_Device_EjectW
CM_Query_And_Remove_SubTreeW
CM_Get_Device_ID_ListW
CM_Get_DevNode_Status
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
CM_Get_Device_IDW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_Interface_ListW
CM_Get_Parent
CM_Get_Device_Interface_List_SizeW

ws2_32

htonl
ntohl

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 498KB - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 672KB - Virtual size: 671KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

nxg.7z
Size: 15.6MB - Virtual size: 15.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

7z.zip
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lib.zip
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nxg.ini
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cus.zip
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3bd7b3cc6c76b8bfd3fd106fb7408d31

Code Sign

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0Certificate

Extended Key Usages

Key Usages

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0Certificate

Extended Key Usages

Key Usages

df:12:48:9b:09:0a:c9:0c:84:10:be:3a:9d:67:bd:50:d0:dc:89:9b:85:36:99:de:18:41:55:fb:26:8f:8b:29Signer

7c:ea:7e:73:e3:d4:10:e4:b7:a6:9f:cd:c5:5b:c3:24:9c:2b:d0:15Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

imm32

rpcrt4

wtsapi32

crypt32

userenv

netapi32

setupapi

ws2_32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 498KB - Virtual size: 498KB

.data Size: 27KB - Virtual size: 99KB

Shared Size: 512B - Virtual size: 1B

.rsrc Size: 672KB - Virtual size: 671KB

.reloc Size: 103KB - Virtual size: 103KB

nxg.7z Size: 15.6MB - Virtual size: 15.6MB

7z.zip Size: 512KB - Virtual size: 512KB

lib.zip Size: 158KB - Virtual size: 158KB

nxg.ini Size: 512B - Virtual size: 400B

cus.zip Size: 512B - Virtual size: 168B

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0
Certificate

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0
Certificate

df:12:48:9b:09:0a:c9:0c:84:10:be:3a:9d:67:bd:50:d0:dc:89:9b:85:36:99:de:18:41:55:fb:26:8f:8b:29
Signer

7c:ea:7e:73:e3:d4:10:e4:b7:a6:9f:cd:c5:5b:c3:24:9c:2b:d0:15
Signer

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 498KB - Virtual size: 498KB

.data
Size: 27KB - Virtual size: 99KB

Shared
Size: 512B - Virtual size: 1B

.rsrc
Size: 672KB - Virtual size: 671KB

.reloc
Size: 103KB - Virtual size: 103KB

nxg.7z
Size: 15.6MB - Virtual size: 15.6MB

7z.zip
Size: 512KB - Virtual size: 512KB

lib.zip
Size: 158KB - Virtual size: 158KB

nxg.ini
Size: 512B - Virtual size: 400B

cus.zip
Size: 512B - Virtual size: 168B