2da7626d77c511ebc2d190fb4a736d94036e1db4fd15197acb78968effffce61

Sharing

Copy URL Twitter E-mail

General

Target

2da7626d77c511ebc2d190fb4a736d94036e1db4fd15197acb78968effffce61
Size

12.5MB
MD5

861e5b856d9fb5f860293e61913c7304
SHA1

b49aef07b81c669966c49de12a3f9385c9a90a91
SHA256

2da7626d77c511ebc2d190fb4a736d94036e1db4fd15197acb78968effffce61
SHA512

5d3d541e794aadfee6d1ba10601a82e989e0fdc7d57230dc860cdf302a701c7f826e7c4b57d08de98eda8ea04cc8c4c0d28a19519c101a2289ddfed2cca502bd
SSDEEP

196608:Ny6RqvmLYc6X0nmXY9dfPLpTDIVIflsf8dPv/U7kGFAR:k6Rqv2Yun79dfDp/IWflsf8dPv/Uv

Score

1^/10

Malware Config

Signatures

Files

2da7626d77c511ebc2d190fb4a736d94036e1db4fd15197acb78968effffce61
.exe windows x86

054959603e9d2281d199a7c39ab25ad6

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:cb:8b:e1:32:0d:54:c6:2a:11:75:08:2a:1b:ad:db
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09/12/2022, 00:00

Not After

09/12/2025, 23:59

Subject

CN=盛趣信息技术（上海）有限公司,O=盛趣信息技术（上海）有限公司,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d6:0e:31:cd:57:a4:4f:83:e0:5c:dc:f6:5e:16:eb:a2:14:7a:74:94:c1:1e:d9:60:8e:21:dd:f7:12:83:40:4c
Signer

Actual PE Digest

d6:0e:31:cd:57:a4:4f:83:e0:5c:dc:f6:5e:16:eb:a2:14:7a:74:94:c1:1e:d9:60:8e:21:dd:f7:12:83:40:4c

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
FreeLibrary
WideCharToMultiByte
GetFileAttributesA
DeleteCriticalSection
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetHandleCount
SetLastError
TlsGetValue
HeapSize
MoveFileA
HeapReAlloc
GetDriveTypeA
GetCPInfo
LCMapStringW
LCMapStringA
GetFileType
SetEndOfFile
FindFirstFileA
GetConsoleCP
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
CreateThread
LoadLibraryA
GetCurrentThreadId
CreateDirectoryA
GetTickCount
CloseHandle
RemoveDirectoryA
InitializeCriticalSection
DeleteFileA
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
GetStartupInfoA
GetProcessHeap
HeapAlloc
GetCommandLineA
HeapFree
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
ReleaseMutex
CreateMutexA
InterlockedExchangeAdd
TlsFree
TlsSetValue
TlsAlloc
GetSystemInfo
ReleaseSemaphore
CreateSemaphoreA
InterlockedCompareExchange
InterlockedExchange
Sleep
CopyFileA
GetConsoleMode
GetPrivateProfileIntA
lstrcatA
GetFullPathNameA
TerminateThread
GetExitCodeThread
WaitForMultipleObjects
GetPrivateProfileSectionA
GetFileSize
ReadFile
FindNextFileA
GetProcAddress
GetPrivateProfileStringA
FindClose
EnterCriticalSection
GetDiskFreeSpaceExA
GetCurrentDirectoryA
SetThreadPriority
CreateProcessA
GetModuleFileNameA
TryEnterCriticalSection
GlobalFree
SetFilePointer
ExitProcess
GetCurrentProcessId
GetLastError
LocalFree
WriteFile
IsBadStringPtrA
VirtualQuery
FormatMessageA
SetUnhandledExceptionFilter
GetSystemTime
WriteConsoleA
GetStdHandle
GlobalMemoryStatus
GlobalMemoryStatusEx
GlobalAlloc
GlobalLock
GetStringTypeW
GlobalUnlock
VerSetConditionMask
VerifyVersionInfoA
InterlockedIncrement
InterlockedDecrement
lstrcpyA
SetThreadAffinityMask
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentProcess
GetProcessAffinityMask
GetCurrentThread
GetLocalTime
GetModuleFileNameW
GetFullPathNameW
GetModuleHandleA
GetEnvironmentVariableW
WritePrivateProfileStringA
GetSystemDirectoryA
MultiByteToWideChar
OutputDebugStringA
CreateFileA
GetVersionExA
WaitForSingleObject
ResumeThread
SuspendThread
SetEnvironmentVariableA
CreateFileW
GetExitCodeProcess
GetLocaleInfoW
CompareStringW
CompareStringA
lstrlenA
DebugBreak
SetStdHandle
WriteConsoleW
GetConsoleOutputCP

user32

GetKeyboardState
GetCursorPos
GetKeyState
ShowCursor
CharPrevA
KillTimer
GetForegroundWindow
SetCursorPos
GetDesktopWindow
OpenClipboard
OffsetRect
PtInRect
GetClipboardData
DispatchMessageA
ClientToScreen
CreateWindowExA
PostQuitMessage
CloseClipboard
TranslateAcceleratorA
FindWindowExA
BeginPaint
LoadCursorFromFileA
MoveWindow
EmptyClipboard
GetWindowInfo
SetClipboardData
GetFocus
SetFocus
PostMessageA
CharNextA
FillRect
InvalidateRect
CreateDialogParamA
SetTimer
ReleaseDC
GetWindowRect
SetCursor
AdjustWindowRect
GetDC
PeekMessageA
SetParent
LoadBitmapA
UpdateWindow
ShowWindow
GetActiveWindow
MessageBoxA
DefWindowProcA
ChangeDisplaySettingsA
EnumDisplaySettingsA
SetWindowLongA
SetRect
IsWindow
LoadKeyboardLayoutA
LoadIconA
DestroyWindow
GetClientRect
GetSystemMetrics
TranslateMessage
IsWindowVisible
SetWindowTextA
IsIconic
LoadCursorA
EndPaint
RegisterClassA

gdi32

SetTextAlign
SetBkColor
CreateFontIndirectA
StretchBlt
CreateBitmap
CreateCompatibleBitmap
GetTextExtentPointA
CreateDIBSection
TextOutA
SetTextColor
GetStockObject
SelectObject
BitBlt
DeleteObject
DeleteDC
GetObjectA
CreateCompatibleDC
GetDeviceCaps

binkw32

_BinkWait@4
_BinkDoFrame@4
_BinkCopyToBuffer@28
_BinkNextFrame@4
_BinkOpen@8
_BinkClose@4

winmm

mmioRead
mmioGetInfo
mmioSetInfo
mmioAdvance
mmioOpenA
mmioAscend
mmioSeek
mmioDescend
mmioWrite
timeEndPeriod
timeGetDevCaps
timeBeginPeriod
timeGetTime
mmioCreateChunk
mmioClose

imm32

ImmGetContext
ImmAssociateContext
ImmReleaseContext

ws2_32

closesocket
connect
setsockopt
socket
inet_addr
WSARecv
WSACleanup
WSAStartup
ntohl
inet_ntoa
WSASend
WSAGetLastError
WSAAsyncSelect
ntohs
htons
htonl
shutdown

gpkitclt

ord1

wininet

InternetCloseHandle
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCrackUrlA

shlwapi

PathIsRelativeW

dbghelp

SymGetTypeInfo
SymSetOptions
SymInitialize
SymEnumSymbols
SymSetContext
SymGetLineFromAddr
SymFromAddr
StackWalk
SymFunctionTableAccess
SymGetModuleBase
SymCleanup

dsound

ord11

iphlpapi

GetAdaptersInfo

d3dx9_39

D3DXMatrixScaling
D3DXMatrixRotationX
D3DXMatrixRotationY
D3DXCreateLine
D3DXMatrixRotationZ
D3DXMatrixTranslation
D3DXSaveSurfaceToFileA
D3DXCreateSprite
D3DXCreateTexture
D3DXGetPixelShaderProfile
D3DXGetVertexShaderProfile
D3DXCreateVolumeTextureFromFileInMemory
D3DXCreateCubeTextureFromFileExA
D3DXCreateTextureFromFileInMemory
D3DXCreateCubeTextureFromFileInMemory
D3DXGetImageInfoFromFileInMemory
D3DXCreateBuffer
D3DXVec4Transform
D3DXMatrixTranspose
D3DXMatrixInverse
D3DXGetShaderConstantTable
D3DXCompileShaderFromFileA
D3DXCompileShader
D3DXAssembleShaderFromFileA
D3DXAssembleShader
D3DXCreateEffectCompiler
D3DXCreateEffect
D3DXCreateTextureFromFileExA
D3DXCreateVolumeTextureFromFileExA
D3DXGetShaderVersion
D3DXGetShaderInputSemantics
D3DXMatrixMultiply

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA
SHCreateDirectoryExA

ole32

CoInitialize
CoUninitialize

oleaut32

VariantChangeType
SysAllocString
VariantInit
SafeArrayCreate
SafeArrayPutElement
SysFreeString
VariantClear

Sections

.text
Size: 10.3MB - Virtual size: 10.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 152KB - Virtual size: 7.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 468KB - Virtual size: 465KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

054959603e9d2281d199a7c39ab25ad6

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:cb:8b:e1:32:0d:54:c6:2a:11:75:08:2a:1b:ad:dbCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

d6:0e:31:cd:57:a4:4f:83:e0:5c:dc:f6:5e:16:eb:a2:14:7a:74:94:c1:1e:d9:60:8e:21:dd:f7:12:83:40:4cSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

binkw32

winmm

imm32

ws2_32

gpkitclt

wininet

shlwapi

dbghelp

dsound

iphlpapi

d3dx9_39

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 10.3MB - Virtual size: 10.3MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 152KB - Virtual size: 7.8MB

.rsrc Size: 468KB - Virtual size: 465KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:cb:8b:e1:32:0d:54:c6:2a:11:75:08:2a:1b:ad:db
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

d6:0e:31:cd:57:a4:4f:83:e0:5c:dc:f6:5e:16:eb:a2:14:7a:74:94:c1:1e:d9:60:8e:21:dd:f7:12:83:40:4c
Signer

.text
Size: 10.3MB - Virtual size: 10.3MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 152KB - Virtual size: 7.8MB

.rsrc
Size: 468KB - Virtual size: 465KB