e6fc93e01e153b70a51e5d1d25d7eab7518d762fd8889ef9d383a9413faddbe0

Sharing

Copy URL Twitter E-mail

General

Target

e6fc93e01e153b70a51e5d1d25d7eab7518d762fd8889ef9d383a9413faddbe0
Size

1.0MB
MD5

1b852d42cfa90c15dc0263d29f0c8664
SHA1

f4daecaa4779bfa3b74ca5a91cb4e1e0ffaf2679
SHA256

e6fc93e01e153b70a51e5d1d25d7eab7518d762fd8889ef9d383a9413faddbe0
SHA512

7a90e6451262247f2b3dd8e701a4ba67e62dfb3b92021f4e4ee23596892381384751309a2d9d80544e8f0ea7940148df9eccfa27946ce6ac1ada5dfe2e305011
SSDEEP

12288:0y/OodrkOlCYzzD5g2RnkTp2/GPTSzHIX9Id/pytOBPP82Ox+JrwiP+1ckGoFAKF:tOodrkOcIjkTp2ePTMpy+lB8sWcnoee

Score

1^/10

Malware Config

Signatures

Files

e6fc93e01e153b70a51e5d1d25d7eab7518d762fd8889ef9d383a9413faddbe0
.exe windows x64

b09d5787a7abebc2fa2c94b34c9e7685

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:84:4f:05:a8:06:45:4d:52:ef:d9:c9:c4:d3:00:e0
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

22/09/2022, 00:00

Not After

24/09/2025, 23:59

Subject

CN=北京深盾科技股份有限公司,O=北京深盾科技股份有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:84:4f:05:a8:06:45:4d:52:ef:d9:c9:c4:d3:00:e0
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

22/09/2022, 00:00

Not After

24/09/2025, 23:59

Subject

CN=北京深盾科技股份有限公司,O=北京深盾科技股份有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:7c:c1:c7:d4:90:21:41:6c:a5:18:de:de:69:af:3d:b5:0f:01:25:b3:cf:b8:f0:60:83:8e:99:44:36:86:89
Signer

Actual PE Digest

9c:7c:c1:c7:d4:90:21:41:6c:a5:18:de:de:69:af:3d:b5:0f:01:25:b3:cf:b8:f0:60:83:8e:99:44:36:86:89

Digest Algorithm

sha256

PE Digest Matches

false

96:d3:ad:84:3a:16:3a:e0:8a:99:87:db:6f:b7:a5:19:b2:13:8b:80
Signer

Actual PE Digest

96:d3:ad:84:3a:16:3a:e0:8a:99:87:db:6f:b7:a5:19:b2:13:8b:80

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CertFreeCertificateChainEngine
CertFreeCertificateChain
CertFindExtension
CryptDecodeObjectEx
CertGetCertificateChain
CertEnumCertificatesInStore
PFXImportCertStore
CertFindCertificateInStore
CertCloseStore
CryptQueryObject
CertCreateCertificateChainEngine
CertOpenStore
CryptStringToBinaryW
CertAddCertificateContextToStore
CertFreeCertificateContext

kernel32

GetProcAddress
VirtualAlloc
LoadLibraryA
GetSystemInfo
FindFirstFileW
FindResourceExW
FindResourceW
LoadResource
WideCharToMultiByte
Sleep
SizeofResource
CreateEventA
MultiByteToWideChar
lstrlenW
CreateDirectoryA
GetLastError
FindClose
LockResource
GetModuleFileNameA
SetFilePointer
SystemTimeToFileTime
CreateDirectoryW
SetFileTime
WriteFile
GetFileAttributesW
ReadFile
CreateFileW
GetCurrentDirectoryW
CloseHandle
LocalFileTimeToFileTime
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetSystemDirectoryW
LoadLibraryW
OpenEventA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
DeleteFileA
GetModuleHandleW
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentProcessId
SetEnvironmentVariableA
GetDriveTypeA
CreateFileA
GetConsoleOutputCP
WriteConsoleA
LCMapStringW
LCMapStringA
HeapQueryInformation
HeapReAlloc
GetTimeZoneInformation
GetCurrentDirectoryA
GetProcessHeap
HeapAlloc
HeapFree
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
HeapDestroy
HeapCreate
HeapSetInformation
FlsFree
FlsAlloc
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
DebugBreak
RtlPcToFileHeader
RaiseException
RtlUnwindEx
IsBadReadPtr
HeapValidate
HeapSize
GetDateFormatA
GetTimeFormatA
ExitThread
CreateThread
GetDriveTypeW
GetFileInformationByHandle
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ExitProcess
GetStartupInfoW
FileTimeToSystemTime
GetTickCount
SetEndOfFile
FlushFileBuffers
GetCurrentProcess
lstrlenA
GetAtomNameW
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
LocalFree
SetErrorMode
GlobalFlags
MulDiv
GetFullPathNameW
CompareStringW
GetVersionExW
GlobalGetAtomNameW
GlobalFindAtomW
GetVersionExA
SetEvent
GlobalAddAtomW
WritePrivateProfileStringW
FreeResource
GlobalFree
CompareStringA
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
GetCurrentThreadId
GetLocaleInfoW
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
GlobalLock
lstrcmpW
GlobalUnlock
GetFileSizeEx
SleepEx
GetModuleHandleA
VerSetConditionMask
VerifyVersionInfoW
WaitForSingleObject
MoveFileExW
GetEnvironmentVariableA
SetLastError
FormatMessageW
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SystemParametersInfoW
ModifyMenuW
InsertMenuItemW
GetMenuItemInfoW
GetMenuState
GetMenuItemID
EnableMenuItem
CheckMenuItem
IsMenu
CreatePopupMenu
GrayStringW
DrawTextExW
DrawTextW
GetSysColorBrush
SetRectEmpty
FillRect
GetMenuItemCount
GetSubMenu
UnpackDDElParam
ReuseDDElParam
LoadMenuW
DestroyMenu
ReleaseCapture
TranslateAcceleratorW
LoadAcceleratorsW
RegisterWindowMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
SendDlgItemMessageA
GetSysColor
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
WinHelpW
TrackPopupMenu
GetClassLongW
GetClassLongPtrW
GetClassNameW
GetWindowLongPtrW
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
SetWindowLongPtrW
RemovePropW
DefWindowProcW
SetMenu
GetMenu
GetMessageTime
GetMessagePos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetSystemMetrics
SetCursor
GetKeyState
CallNextHookEx
PeekMessageW
GetCursorPos
SetWindowsHookExW
GetMessageW
TranslateMessage
DispatchMessageW
GetMenuCheckMarkDimensions
LoadBitmapW
SetMenuItemBitmaps
TabbedTextOutW
EndDialog
CreateDialogIndirectParamW
DestroyWindow
LoadIconW
LoadCursorW
GetForegroundWindow
SetForegroundWindow
GetTopWindow
GetNextDlgTabItem
wsprintfW
PostQuitMessage
RegisterClipboardFormatW
SendMessageW
GetWindowThreadProcessId
GetDesktopWindow
GetCapture
SetActiveWindow
GetActiveWindow
ShowOwnedPopups
IsWindowVisible
ValidateRect
InvalidateRect
UpdateWindow
ReleaseDC
GetClipboardFormatNameA
GetClipboardFormatNameW
PtInRect
GetWindowDC
GetDC
UnregisterClassW
OffsetRect
EnableWindow
IsWindowEnabled
InflateRect
GetLastActivePopup
GetParent
GetWindowLongW
MessageBoxW
GetWindow
SetWindowPos
IsWindow
GetDlgItem
SendDlgItemMessageW
IsDialogMessageW
SetWindowTextW
GetWindowTextW
GetDlgCtrlID
SetWindowLongW
ShowWindow
SetFocus
GetFocus
PostMessageW
IsIconic
BringWindowToTop
GetWindowRect
GetClientRect
MapWindowPoints
ClientToScreen
ScreenToClient
BeginPaint
EndPaint

gdi32

GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
ExtTextOutW
GetDeviceCaps
CreateSolidBrush
CreatePatternBrush
CreateFontIndirectW
DeleteDC
PtVisible
RectVisible
BitBlt
GetPixel
TextOutW
GetTextExtentPoint32W
Escape
GetStockObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
GetObjectType
SaveDC
RestoreDC
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegEnumKeyW
RevertToSelf
SetThreadToken
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptDestroyKey
CryptEncrypt
CryptImportKey
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegOpenKeyW
OpenThreadToken
RegQueryValueW
RegDeleteKeyW
RegSetValueExW

shell32

DragFinish
DragQueryFileW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathFindExtensionW

ole32

StringFromCLSID
CoTaskMemFree

oleaut32

VariantClear
VariantChangeType
VariantInit

ws2_32

ioctlsocket
gethostname
getpeername
__WSAFDIsSet
select
connect
recv
WSAIoctl
setsockopt
getaddrinfo
freeaddrinfo
htonl
socket
listen
getsockname
accept
recvfrom
bind
sendto
htons
WSASetLastError
ntohs
WSACloseEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
getsockopt
WSACreateEvent
WSAStartup
WSACleanup
WSAGetLastError
send
closesocket

wldap32

ord117
ord14
ord219
ord145
ord208
ord26
ord133
ord147
ord127
ord142
ord79
ord167
ord301
ord27
ord41
ord46
ord216
ord73

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wefwerf
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wefwerf
Size: 714KB - Virtual size: 713KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 313KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b09d5787a7abebc2fa2c94b34c9e7685

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0f:84:4f:05:a8:06:45:4d:52:ef:d9:c9:c4:d3:00:e0Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0f:84:4f:05:a8:06:45:4d:52:ef:d9:c9:c4:d3:00:e0Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

9c:7c:c1:c7:d4:90:21:41:6c:a5:18:de:de:69:af:3d:b5:0f:01:25:b3:cf:b8:f0:60:83:8e:99:44:36:86:89Signer

96:d3:ad:84:3a:16:3a:e0:8a:99:87:db:6f:b7:a5:19:b2:13:8b:80Signer

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

ws2_32

wldap32

Sections

.text Size: - Virtual size: 1.0MB

.rdata Size: - Virtual size: 294KB

.data Size: - Virtual size: 43KB

.pdata Size: - Virtual size: 57KB

.wefwerf Size: - Virtual size: 56KB

.wefwerf Size: 714KB - Virtual size: 713KB

.reloc Size: 512B - Virtual size: 24B

.rsrc Size: 313KB - Virtual size: 332KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:84:4f:05:a8:06:45:4d:52:ef:d9:c9:c4:d3:00:e0
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:84:4f:05:a8:06:45:4d:52:ef:d9:c9:c4:d3:00:e0
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

9c:7c:c1:c7:d4:90:21:41:6c:a5:18:de:de:69:af:3d:b5:0f:01:25:b3:cf:b8:f0:60:83:8e:99:44:36:86:89
Signer

96:d3:ad:84:3a:16:3a:e0:8a:99:87:db:6f:b7:a5:19:b2:13:8b:80
Signer

.text
Size: - Virtual size: 1.0MB

.rdata
Size: - Virtual size: 294KB

.data
Size: - Virtual size: 43KB

.pdata
Size: - Virtual size: 57KB

.wefwerf
Size: - Virtual size: 56KB

.wefwerf
Size: 714KB - Virtual size: 713KB

.reloc
Size: 512B - Virtual size: 24B

.rsrc
Size: 313KB - Virtual size: 332KB