478eb7d2d7dc9a37928d59242389ea1dbcf5022abf0694afd42ff2752d780ce5

Sharing

Copy URL Twitter E-mail

General

Target

478eb7d2d7dc9a37928d59242389ea1dbcf5022abf0694afd42ff2752d780ce5
Size

12.5MB
MD5

88c75c4b750999e659d56fc3adf9e685
SHA1

73be4e20827ef4983ea55dcd4f23a7536478c88d
SHA256

478eb7d2d7dc9a37928d59242389ea1dbcf5022abf0694afd42ff2752d780ce5
SHA512

ac244004f798ca1f3eeed1a9d8dd9e9fdb49bf0105733777b005ce94d6bc1efcfc1223d221eaddc82e0bf891ec8465996d6a57ad49de8df984dc4571826e40a8
SSDEEP

393216:JjcT6FOZenk8BnJyAD9x2yWKRl6uv5o9izF:JjcTeOZenkunJyAx4yWKRl6uv2YF

Score

1^/10

Malware Config

Signatures

Files

478eb7d2d7dc9a37928d59242389ea1dbcf5022abf0694afd42ff2752d780ce5
.exe windows x86

c4b8d694777320b70f4202de0b3f2615

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:cb:8b:e1:32:0d:54:c6:2a:11:75:08:2a:1b:ad:db
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09/12/2022, 00:00

Not After

09/12/2025, 23:59

Subject

CN=盛趣信息技术（上海）有限公司,O=盛趣信息技术（上海）有限公司,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c4:f0:ed:52:9e:8e:8a:47:d7:73:a6:bc:ed:39:f8:06:e5:9f:c5:91:ea:19:53:46:76:8f:24:49:1a:1a:ad:9e
Signer

Actual PE Digest

c4:f0:ed:52:9e:8e:8a:47:d7:73:a6:bc:ed:39:f8:06:e5:9f:c5:91:ea:19:53:46:76:8f:24:49:1a:1a:ad:9e

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
WideCharToMultiByte
GetFileAttributesA
DeleteCriticalSection
CreateProcessA
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetHandleCount
SetLastError
TlsGetValue
HeapSize
MoveFileA
HeapReAlloc
GetDriveTypeA
GetCPInfo
LCMapStringW
LCMapStringA
GetFileType
SetEndOfFile
LeaveCriticalSection
GetConsoleCP
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
TryEnterCriticalSection
CreateThread
GetPrivateProfileIntA
GetModuleFileNameA
CreateDirectoryA
GetTickCount
CloseHandle
RemoveDirectoryA
InitializeCriticalSection
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
GetStartupInfoA
GetProcessHeap
HeapAlloc
GetCommandLineA
HeapFree
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
ReleaseMutex
CreateMutexA
InterlockedExchangeAdd
TlsFree
TlsSetValue
TlsAlloc
GetSystemInfo
ReleaseSemaphore
CreateSemaphoreA
InterlockedCompareExchange
InterlockedExchange
FindFirstFileA
Sleep
GetConsoleMode
CopyFileA
lstrcatA
GetFullPathNameA
TerminateThread
GetExitCodeThread
WaitForMultipleObjects
GetPrivateProfileSectionA
GetFileSize
ReadFile
DeleteFileA
FindNextFileA
GetProcAddress
GetPrivateProfileStringA
FindClose
EnterCriticalSection
GetDiskFreeSpaceExA
GetCurrentDirectoryA
SetThreadPriority
LoadLibraryA
GetCurrentThreadId
GlobalFree
SetThreadAffinityMask
QueryPerformanceFrequency
QueryPerformanceCounter
GetProcessAffinityMask
SetFilePointer
ExitProcess
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetLastError
LocalFree
WriteConsoleA
GetStdHandle
WriteFile
IsBadStringPtrA
VirtualQuery
FormatMessageA
GetStringTypeW
SetUnhandledExceptionFilter
GetSystemTime
GlobalMemoryStatus
InterlockedIncrement
InterlockedDecrement
GlobalMemoryStatusEx
GlobalAlloc
GlobalLock
GlobalUnlock
VerSetConditionMask
VerifyVersionInfoA
lstrcpyA
WritePrivateProfileStringA
GetLocalTime
GetModuleFileNameW
GetFullPathNameW
GetModuleHandleA
GetEnvironmentVariableW
GetSystemDirectoryA
MultiByteToWideChar
OutputDebugStringA
CreateFileA
GetVersionExA
WaitForSingleObject
ResumeThread
SuspendThread
SetEnvironmentVariableA
CreateFileW
GetExitCodeProcess
GetLocaleInfoW
CompareStringW
CompareStringA
lstrlenA
DebugBreak
SetStdHandle
WriteConsoleW
GetConsoleOutputCP

user32

GetKeyboardState
GetCursorPos
GetKeyState
ShowCursor
CharPrevA
KillTimer
GetForegroundWindow
SetCursorPos
GetWindowInfo
OpenClipboard
OffsetRect
PtInRect
GetClipboardData
PostQuitMessage
TranslateAcceleratorA
FindWindowExA
LoadCursorFromFileA
CloseClipboard
MoveWindow
InvalidateRect
CreateDialogParamA
SetTimer
ReleaseDC
EmptyClipboard
GetDesktopWindow
SetClipboardData
GetFocus
SetFocus
PostMessageA
CharNextA
FillRect
GetWindowRect
SetCursor
GetDC
PeekMessageA
SetParent
LoadBitmapA
IsWindow
UpdateWindow
ShowWindow
GetActiveWindow
MessageBoxA
DefWindowProcA
LoadIconA
RegisterClassA
LoadCursorA
EndPaint
ChangeDisplaySettingsA
EnumDisplaySettingsA
SetWindowLongA
SetRect
BeginPaint
LoadKeyboardLayoutA
IsIconic
CreateWindowExA
ClientToScreen
DispatchMessageA
AdjustWindowRect
DestroyWindow
GetClientRect
GetSystemMetrics
TranslateMessage
IsWindowVisible
SetWindowTextA

gdi32

SetTextAlign
SetBkColor
CreateFontIndirectA
StretchBlt
CreateBitmap
CreateCompatibleBitmap
GetTextExtentPointA
CreateDIBSection
TextOutA
SetTextColor
GetDeviceCaps
GetStockObject
SelectObject
BitBlt
DeleteObject
DeleteDC
GetObjectA
CreateCompatibleDC

binkw32

_BinkWait@4
_BinkDoFrame@4
_BinkCopyToBuffer@28
_BinkNextFrame@4
_BinkOpen@8
_BinkClose@4

winmm

mmioRead
mmioGetInfo
mmioSetInfo
mmioAdvance
mmioOpenA
mmioAscend
mmioSeek
mmioDescend
mmioWrite
timeEndPeriod
timeGetDevCaps
timeBeginPeriod
timeGetTime
mmioCreateChunk
mmioClose

imm32

ImmGetContext
ImmAssociateContext
ImmReleaseContext

ws2_32

closesocket
connect
setsockopt
socket
inet_addr
WSARecv
WSACleanup
WSAStartup
ntohl
inet_ntoa
WSASend
WSAGetLastError
WSAAsyncSelect
ntohs
htons
htonl
shutdown

gpkitclt

ord1

wininet

InternetCloseHandle
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCrackUrlA

shlwapi

PathIsRelativeW

dbghelp

SymGetTypeInfo
SymSetOptions
SymInitialize
SymEnumSymbols
SymSetContext
SymGetLineFromAddr
SymFromAddr
StackWalk
SymFunctionTableAccess
SymGetModuleBase
SymCleanup

dsound

ord11

iphlpapi

GetAdaptersInfo

d3dx9_39

D3DXMatrixScaling
D3DXMatrixRotationX
D3DXMatrixRotationY
D3DXCreateLine
D3DXMatrixRotationZ
D3DXMatrixTranslation
D3DXSaveSurfaceToFileA
D3DXCreateSprite
D3DXCreateTexture
D3DXGetPixelShaderProfile
D3DXGetVertexShaderProfile
D3DXCreateVolumeTextureFromFileInMemory
D3DXCreateCubeTextureFromFileExA
D3DXCreateTextureFromFileInMemory
D3DXCreateCubeTextureFromFileInMemory
D3DXGetImageInfoFromFileInMemory
D3DXCreateBuffer
D3DXVec4Transform
D3DXMatrixTranspose
D3DXMatrixInverse
D3DXGetShaderConstantTable
D3DXCompileShaderFromFileA
D3DXCompileShader
D3DXAssembleShaderFromFileA
D3DXAssembleShader
D3DXCreateEffectCompiler
D3DXCreateEffect
D3DXCreateTextureFromFileExA
D3DXCreateVolumeTextureFromFileExA
D3DXGetShaderVersion
D3DXGetShaderInputSemantics
D3DXMatrixMultiply

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA
SHCreateDirectoryExA

ole32

CoInitialize
CoUninitialize

oleaut32

VariantChangeType
SysAllocString
VariantInit
SafeArrayCreate
SafeArrayPutElement
SysFreeString
VariantClear

Sections

.text
Size: 10.3MB - Virtual size: 10.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 152KB - Virtual size: 7.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 468KB - Virtual size: 465KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4b8d694777320b70f4202de0b3f2615

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:cb:8b:e1:32:0d:54:c6:2a:11:75:08:2a:1b:ad:dbCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

c4:f0:ed:52:9e:8e:8a:47:d7:73:a6:bc:ed:39:f8:06:e5:9f:c5:91:ea:19:53:46:76:8f:24:49:1a:1a:ad:9eSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

binkw32

winmm

imm32

ws2_32

gpkitclt

wininet

shlwapi

dbghelp

dsound

iphlpapi

d3dx9_39

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 10.3MB - Virtual size: 10.3MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 152KB - Virtual size: 7.8MB

.rsrc Size: 468KB - Virtual size: 465KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:cb:8b:e1:32:0d:54:c6:2a:11:75:08:2a:1b:ad:db
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

c4:f0:ed:52:9e:8e:8a:47:d7:73:a6:bc:ed:39:f8:06:e5:9f:c5:91:ea:19:53:46:76:8f:24:49:1a:1a:ad:9e
Signer

.text
Size: 10.3MB - Virtual size: 10.3MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 152KB - Virtual size: 7.8MB

.rsrc
Size: 468KB - Virtual size: 465KB