76cf9a45231b0d27cb7fa2d3c2064a8d263e43822c825d311a6f89f220513e45

Sharing

Copy URL Twitter E-mail

General

Target

76cf9a45231b0d27cb7fa2d3c2064a8d263e43822c825d311a6f89f220513e45
Size

107KB
MD5

91ac2b9d7c93a8caf4d0aaf2ade477dd
SHA1

e7b1357cc255a57f21d7bd99686036f026bcc9f8
SHA256

76cf9a45231b0d27cb7fa2d3c2064a8d263e43822c825d311a6f89f220513e45
SHA512

bcc1fbc98366f54f5a4c057070fa20a43275cbd706e87dabf9c1be478af1a86bb9bafbb96ea062f8868b217f6abbe9e6ad28b10ff10628d24afefa3a1cbf5616
SSDEEP

3072:wfUkYltnAGoX1tQmkcoESa23MX91JW4qGw3yOxtsFCutebDAm:wlY3AGu23Mt2N4oscuEDAm

Score

1^/10

Malware Config

Signatures

Files

76cf9a45231b0d27cb7fa2d3c2064a8d263e43822c825d311a6f89f220513e45
.dll regsvr32 windows x86

6ad4b20b6de02540dd185e3bff0fbd9c

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:db:32:84:67:94:91:21:7e:9d:35:fb:39:72:a3:21:29:16:f1:e9:9d:3c:1e:e3:f4:4c:42:64:35:b7:8b:76
Signer

Actual PE Digest

a8:db:32:84:67:94:91:21:7e:9d:35:fb:39:72:a3:21:29:16:f1:e9:9d:3c:1e:e3:f4:4c:42:64:35:b7:8b:76

Digest Algorithm

sha256

PE Digest Matches

false

40:9c:cc:f3:87:2f:a2:11:e9:bf:e7:a4:a3:12:d4:b7:7b:0a:5e:95
Signer

Actual PE Digest

40:9c:cc:f3:87:2f:a2:11:e9:bf:e7:a4:a3:12:d4:b7:7b:0a:5e:95

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

common

?ConvertXMLStrToTXData@Convert@Util@@YAHPA_WPAPA_WPAUITXData@@0@Z
ord33
ord34
?CreateTXBuffer@Data@Util@@YAHPAPAUITXBuffer@@@Z
?GetRegulatedTime@Time@Util@@YA_NAA_J@Z
??0CTXStringW@@QAE@PB_W@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
?Format@CTXStringW@@QAAXPB_WZZ
?GetMainThreadLoop@Misc@Util@@YAPAVMessageLoopForUI@AsyncTask@@XZ
?IsInitAsyncMsgLoop@Misc@Util@@YAHXZ
?LogTaskStart@Misc@Util@@YAKPB_W@Z
?LogTaskEnd@Misc@Util@@YAXK@Z
?TXLoadString@@YAPB_WPB_W0@Z
?ConvertToPureFile@FS@@YA?AVCTXStringW@@PB_W@Z
??0CTXBSTR@@QAE@PB_W@Z
??1CTXStringA@@QAE@XZ
??0CTXStringA@@QAE@UtagUTF8@@PB_WH@Z
?GetString@CTXStringA@@QBEPBDXZ
?GetLength@CTXStringA@@QBEHXZ
??BCTXStringA@@QBEPBDXZ
??YCTXStringW@@QAEAAV0@_W@Z
?GetString@CTXStringW@@QBEPB_WXZ
?GetAt@CTXStringW@@QBE_WH@Z
?GetLength@CTXStringW@@QBEHXZ
?IsEmpty@CTXStringW@@QBE_NXZ
?Find@CTXStringW@@QBEHPB_WH@Z
?IsTencentTrusted@Misc@Util@@YAHPB_W@Z
?GetLogicThreadLoop@Misc@Util@@YAPAVMessageLoop@AsyncTask@@XZ
?CreateTXArray@Data@Util@@YAHPAPAUITXArray@@@Z
?GetBSTRPtr@CTXStringW@@QAEPAPA_WXZ
??0CTXStringW@@QAE@UtagUTF8@@PBDH@Z
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
??ICTXBSTR@@QAEPAPA_WXZ
??1CTXBSTR@@QAE@XZ
??BCTXBSTR@@QBEPA_WXZ
??0CTXBSTR@@QAE@ABV0@@Z
??0CTXBSTR@@QAE@XZ
??BCTXStringW@@QBEPB_WXZ
?CompareNoCase@CTXStringW@@QBEHPB_W@Z
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
??0CTXStringW@@QAE@PA_W@Z
??0CTXStringW@@QAE@ABV0@@Z
?ConvertTXDataStringBundle@Convert@Util@@YAHPAUITXData@@@Z
?GetTXDataStr@Data@Util@@YAHPAUITXDataRead@@PBDAAVCTXStringW@@@Z
?CreateTXData@Data@Util@@YAHPAPAUITXData@@@Z
?GetBSTR@CTXStringW@@QBEPA_WXZ
??0CTXStringW@@QAE@XZ
??0CTXStringA@@QAE@PBD@Z
??1CTXStringW@@QAE@XZ

gf

?GetDPIScale@DPI@GF@Util@@YAMXZ

kernelutil

?DataReport@DataReport2@Util@@YAXKKKPA_W0H@Z
?GetSelfUin@Contact@Util@@YAKXZ
??0COIDBSoloJobV@@IAE@QB_W0KW4ChannelType@OIDBSoloJob@@@Z
??1COIDBSoloJobV@@UAE@XZ
?innerRequest@COIDBSoloJobV@@IAEHKPAUITXData@@PAUIRequestSink@OIDBSoloJob@@@Z
?IsWin7OrGreater@OSVersion@@YAHXZ
?GetMajorVer@Version@@YAEXZ
?GetMinorVer@Version@@YAEXZ
?GetBuildVer@Version@@YAKXZ
?GetPubNo@Version@@YAKXZ
?Release@?$RefCountedThreadSafe@VCBaseRspDataV@OIDBSoloJob@@U?$RefCountedThreadPtrDestruct@VCBaseRspDataV@OIDBSoloJob@@@destruct@AsyncTask@@@AsyncTask@@QAEXXZ
?Release@?$RefCountedThreadSafe@VCOIDBSoloJobV@@U?$RefCountedThreadPtrDestruct@VCOIDBSoloJobV@@@destruct@AsyncTask@@@AsyncTask@@QAEXXZ

apputil

?RegisterExtension@API@AdvConfig@@YAHABU_GUID@@PAGIPAUIUnknown@@@Z

asynctask

??1Lock@AsyncTask@@QAE@XZ
?PostDelayedTask@MessageLoop@AsyncTask@@QAEXPAVTask@2@_J@Z
?PostTask@MessageLoop@AsyncTask@@QAEXPAVTask@2@@Z
?AssertAcquired@Lock@AsyncTask@@QBEXXZ
?Acquire@Lock@AsyncTask@@QAEXXZ
?Release@Lock@AsyncTask@@QAEXXZ
??0Lock@AsyncTask@@QAE@XZ

tinyxml

?Value@TiXmlNode@@QBEPBDXZ
?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?GetText@TiXmlElement@@QBEPBDXZ
??0TiXmlDocument@@QAE@XZ
??1TiXmlDocument@@UAE@XZ
?LoadXML@TiXmlDocument@@QAE_NPADHW4TiXmlEncoding@@@Z
?RootElement@TiXmlDocument@@QAEPAVTiXmlElement@@XZ

kernel32

TerminateProcess
OutputDebugStringW
GetCurrentProcessId
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
OpenEventW
CreateEventW
CloseHandle
EncodePointer
DecodePointer
InterlockedIncrement
InterlockedDecrement
FreeLibrary
GetProcAddress
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
SizeofResource
lstrcmpiW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
MultiByteToWideChar
GetThreadLocale
SetThreadLocale
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
InterlockedExchange
InterlockedCompareExchange
FindClose
CreateDirectoryW
FindFirstFileW
SetEvent
InitializeSListHead

user32

CharNextW

advapi32

RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetSpecialFolderPathW

ole32

StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

LoadTypeLi
SysStringLen
SysFreeString
LoadRegTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysAllocString
VarUI4FromStr

shlwapi

PathFileExistsW

msvcp140

?_Xinvalid_argument@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

vcruntime140

memmove
_except_handler4_common
__std_exception_destroy
__std_exception_copy
__std_type_info_destroy_list
__CxxFrameHandler3
_CxxThrowException
_purecall
wcsstr
memcmp
memcpy
memset

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_errno
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_cexit
_initterm_e
_initterm
_register_onexit_function
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table

api-ms-win-crt-string-l1-1-0

wcscpy_s
wcscat_s
wcsncpy_s
wcslen

api-ms-win-crt-heap-l1-1-0

free
_recalloc
malloc
_callnewh

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

strtoll
wcstol
atoi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ad4b20b6de02540dd185e3bff0fbd9c

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

a8:db:32:84:67:94:91:21:7e:9d:35:fb:39:72:a3:21:29:16:f1:e9:9d:3c:1e:e3:f4:4c:42:64:35:b7:8b:76Signer

40:9c:cc:f3:87:2f:a2:11:e9:bf:e7:a4:a3:12:d4:b7:7b:0a:5e:95Signer

Headers

DLL Characteristics

File Characteristics

Imports

common

gf

kernelutil

apputil

asynctask

tinyxml

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp140

version

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

Exports

Exports

Sections

.text Size: 62KB - Virtual size: 62KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a8:db:32:84:67:94:91:21:7e:9d:35:fb:39:72:a3:21:29:16:f1:e9:9d:3c:1e:e3:f4:4c:42:64:35:b7:8b:76
Signer

40:9c:cc:f3:87:2f:a2:11:e9:bf:e7:a4:a3:12:d4:b7:7b:0a:5e:95
Signer

.text
Size: 62KB - Virtual size: 62KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB