a27eb0f76e6a418e154d248aaa5c7e2104064b293daf738aa91a086989e414fe

Sharing

Copy URL

Twitter E-mail

General

Target

a27eb0f76e6a418e154d248aaa5c7e2104064b293daf738aa91a086989e414fe
Size

1.2MB
MD5

e7c5993f667e0fed6ed42816d9121c30
SHA1

1e82b9fe2283601ae15b56a84ada4e84ce79513d
SHA256

a27eb0f76e6a418e154d248aaa5c7e2104064b293daf738aa91a086989e414fe
SHA512

f277f7fe0a01f076f6bd69b8626a857d44f19e7127207b3498254dc205971b4cd59ad791867b3d0c015c0fb4019de87171d505a559ad263bbe3e4b9a63aef891
SSDEEP

24576:p0QuuAo+kX8ADPTw7UWJ8nnSEOpcCF016AT9:iQ+ojX8A3wd8nnSH9

Score

1^/10

Malware Config

Signatures

Files

a27eb0f76e6a418e154d248aaa5c7e2104064b293daf738aa91a086989e414fe
.exe windows x86

aeed0fc9d9d4ea38315a34df4c8c1429

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:35:01:ea:17:c5:39:29:8d:be:59:1e:52:8b:f6:60
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/02/2021, 15:35

Not After

06/03/2032, 15:35

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bc:59:2d:50:fd:75:eb:a5:0b:fb:90:17:6d:b0:e5:21:89:06:54:3f:b6:18:6e:a3:1c:78:7e:0f:47:26:f5:4d
Signer

Actual PE Digest

bc:59:2d:50:fd:75:eb:a5:0b:fb:90:17:6d:b0:e5:21:89:06:54:3f:b6:18:6e:a3:1c:78:7e:0f:47:26:f5:4d

Digest Algorithm

sha256

PE Digest Matches

false

28:4e:9f:b2:c3:5f:34:4e:5e:20:24:29:7c:78:11:25:01:55:13:28
Signer

Actual PE Digest

28:4e:9f:b2:c3:5f:34:4e:5e:20:24:29:7c:78:11:25:01:55:13:28

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
WaitForSingleObject
CreateThread
GetVersion
ReadFile
GetWindowsDirectoryW
GetStartupInfoW
GetEnvironmentVariableW
GlobalFree
GlobalAlloc
GetUserDefaultLangID
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
Module32NextW
Module32FirstW
lstrcmpW
GlobalUnlock
GlobalLock
GlobalHandle
lstrcpynW
GetTickCount
DeviceIoControl
InitializeCriticalSection
GlobalMemoryStatus
TerminateThread
SuspendThread
SetEvent
SetCurrentDirectoryW
CreateEventW
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesW
GetCurrentDirectoryW
SetFileTime
FileTimeToSystemTime
GetFileSize
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
lstrcmpA
lstrcmpiA
SetProcessWorkingSetSize
CreateProcessW
GetVersionExW
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
MulDiv
GetLocaleInfoW
GetSystemInfo
FatalAppExitA
HeapSize
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetCurrentThread
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetCPInfo
LCMapStringW
HeapReAlloc
ExitProcess
RtlUnwind
HeapSetInformation
TlsFree
TlsAlloc
ReleaseMutex
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
TlsGetValue
GetSystemTime
FormatMessageW
OutputDebugStringW
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
GetSystemTimeAsFileTime
CreateFileA
DecodePointer
EncodePointer
InterlockedExchange
Sleep
LocalFree
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
GetLocalTime
SetFilePointer
GetCurrentProcessId
SetConsoleCtrlHandler
OpenProcess
WideCharToMultiByte
lstrcpyW
GetCommandLineW
CopyFileW
GetTempPathW
GetTempFileNameW
DeleteFileW
LoadLibraryExW
MultiByteToWideChar
FindNextFileW
FindFirstFileW
FindClose
lstrlenA
SetLastError
lstrcmpiW
GetModuleHandleW
CreateDirectoryW
FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
CreateFileW
WriteFile
CloseHandle
GetCurrentThreadId
CreateMutexW
GetProcAddress
FreeLibrary
GetModuleFileNameW
LoadLibraryW
lstrlenW
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
RaiseException
EnterCriticalSection
GetConsoleCP
VirtualQuery

user32

PeekMessageW
CharNextW
GetMessageW
TranslateMessage
DispatchMessageW
FindWindowW
IsIconic
SetForegroundWindow
GetClassInfoW
RegisterClassW
LoadStringW
UnregisterClassA
ShowWindow
PostMessageW
SetWindowLongW
GetCursorPos
LoadCursorW
RegisterClassExW
CreateAcceleratorTableW
GetWindowTextLengthW
RegisterWindowMessageW
DialogBoxIndirectParamW
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
HideCaret
DestroyMenu
LoadMenuW
GetSubMenu
EnableMenuItem
GetKeyState
IsDialogMessageW
PostQuitMessage
LoadImageW
UpdateWindow
SetRect
IsRectEmpty
CreateCaret
GetClassInfoExW
DestroyAcceleratorTable
GetDesktopWindow
FillRect
ReleaseCapture
GetClassNameW
DestroyWindow
MessageBoxW
GetActiveWindow
CreateDialogParamW
DefWindowProcW
SendMessageW
CreateWindowExW
GetClientRect
RedrawWindow
GetParent
OffsetRect
DrawTextW
IsWindow
PtInRect
ReleaseDC
GetDC
BeginPaint
EndPaint
DialogBoxParamW
GetWindowLongW
CallWindowProcW
EnumDisplayDevicesW
GetSystemMetrics
SetLayeredWindowAttributes
SetTimer
KillTimer
SetWindowRgn
SetWindowPos
GetWindowRect
IsChild
SetCapture
ShowCaret
SetCaretPos
wsprintfW
SetCursor
InvalidateRgn
ClientToScreen
GetSysColor
MapDialogRect
SetWindowContextHelpId
SendDlgItemMessageW
SetWindowTextW
GetWindow
MonitorFromWindow
GetMonitorInfoW
EndDialog
GetFocus
EnableWindow
GetWindowTextW
FindWindowExW
SetDlgItemTextW
SetFocus
MoveWindow
CharLowerW
IsWindowEnabled
SendMessageTimeoutW
ExitWindowsEx
ScreenToClient
MapWindowPoints
GetDlgItem
IsWindowVisible
InvalidateRect

gdi32

EnumFontFamiliesW
GetStockObject
GetObjectW
CreateSolidBrush
CreateRectRgn
CreatePolygonRgn
CombineRgn
SetTextColor
CreateFontIndirectW
BitBlt
CreatePen
SelectObject
Rectangle
ExtTextOutW
SetBkColor
CreateCompatibleDC
SetViewportOrgEx
CreateCompatibleBitmap
GetDeviceCaps
CreateFontW
DeleteObject
DeleteDC
SetBkMode

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ExtractIconExW
ShellExecuteW
SHCreateDirectoryExW

ole32

CoTaskMemAlloc
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoInitialize
OleInitialize
CoUninitialize
OleUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

oleaut32

SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
VariantChangeType
SysAllocStringLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SysAllocString

shlwapi

PathIsRelativeW
PathFileExistsW
SHGetValueW
PathAppendW
PathRemoveFileSpecW
SHSetValueW
StrCmpNA
PathRemoveBackslashW
StrCmpNIW
StrCmpNW
PathIsDirectoryW
PathCanonicalizeW
PathFindExtensionW
PathRemoveExtensionW
PathRenameExtensionW
PathFindFileNameW
StrCmpW
StrToIntExW
SHSetValueA
SHGetValueA
StrRChrA
PathCombineW

comctl32

_TrackMouseEvent
InitCommonControlsEx

iphlpapi

GetAdaptersInfo
GetNetworkParams

version

VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

HttpQueryInfoW
HttpQueryInfoA
InternetErrorDlg
InternetOpenUrlW
InternetCrackUrlW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpAddRequestHeadersA
InternetQueryOptionW
InternetSetOptionW
HttpSendRequestW
InternetConnectW
InternetReadFile
InternetOpenW
InternetCloseHandle

urlmon

URLDownloadToCacheFileW

ws2_32

gethostname
gethostbyname
inet_ntoa

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

riched20

ord4

netapi32

Netbios

Sections

.text
Size: 611KB - Virtual size: 611KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aeed0fc9d9d4ea38315a34df4c8c1429

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7eCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:deCertificate

Extended Key Usages

Key Usages

01:35:01:ea:17:c5:39:29:8d:be:59:1e:52:8b:f6:60Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

bc:59:2d:50:fd:75:eb:a5:0b:fb:90:17:6d:b0:e5:21:89:06:54:3f:b6:18:6e:a3:1c:78:7e:0f:47:26:f5:4dSigner

28:4e:9f:b2:c3:5f:34:4e:5e:20:24:29:7c:78:11:25:01:55:13:28Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

iphlpapi

version

wininet

urlmon

ws2_32

wintrust

crypt32

riched20

netapi32

Sections

.text Size: 611KB - Virtual size: 611KB

.rdata Size: 133KB - Virtual size: 132KB

.data Size: 43KB - Virtual size: 64KB

Size: 449KB - Virtual size: 449KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

01:35:01:ea:17:c5:39:29:8d:be:59:1e:52:8b:f6:60
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

bc:59:2d:50:fd:75:eb:a5:0b:fb:90:17:6d:b0:e5:21:89:06:54:3f:b6:18:6e:a3:1c:78:7e:0f:47:26:f5:4d
Signer

28:4e:9f:b2:c3:5f:34:4e:5e:20:24:29:7c:78:11:25:01:55:13:28
Signer

.text
Size: 611KB - Virtual size: 611KB

.rdata
Size: 133KB - Virtual size: 132KB

.data
Size: 43KB - Virtual size: 64KB