dcfbfb66d5f5e1965fc824dfc03a323fa1624fb1296829feab6827c304d37d5a

Sharing

Copy URL Twitter E-mail

General

Target

dcfbfb66d5f5e1965fc824dfc03a323fa1624fb1296829feab6827c304d37d5a
Size

1.4MB
MD5

8f188ca4b15b33e0ae1e681d2c4a2a69
SHA1

870d29cab655d72a370b3fd3ad28840dfb090ece
SHA256

dcfbfb66d5f5e1965fc824dfc03a323fa1624fb1296829feab6827c304d37d5a
SHA512

816517dc18d496678221251bb20378880fdebdad5384e515c2bb77be85460990cd1bd07ddeaed0f5c354ca865d0eb6a8fe6991e0cca9e8d6e6d6ae3c8ea03968
SSDEEP

24576:zWRzfGwD8Sag7s/8EnXyTsiXxQ5Z35qg5uCldqjWTLQW187kVp3YqTeFVMOnCIXX:40SN7sUE8siXolIQqjWIW187kVp3YqTA

Score

1^/10

Malware Config

Signatures

Files

dcfbfb66d5f5e1965fc824dfc03a323fa1624fb1296829feab6827c304d37d5a
.exe windows x86

ceb83b3a8d84b83ec59e78e79b879f31

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:36:5a:85:7e:6b:77:8e:7e:13:ca:38:6b:2e:79:72
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

22/12/2021, 00:00

Not After

21/12/2024, 23:59

Subject

SERIALNUMBER=52310105MJ5027850H,CN=上海长宁区世纪学小思线上教育培训学校,O=上海长宁区世纪学小思线上教育培训学校,ST=上海市,C=CN,1.3.6.1.4.1.311.60.2.1.1=#0c09e995bfe5ae81e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e4b88ae6b5b7e5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

96:7e:a7:76:73:5b:c0:d7:78:6e:24:c3:16:53:f0:41:11:f0:dc:32:bd:1c:b7:a2:32:bc:e0:9a:4c:ed:92:75
Signer

Actual PE Digest

96:7e:a7:76:73:5b:c0:d7:78:6e:24:c3:16:53:f0:41:11:f0:dc:32:bd:1c:b7:a2:32:bc:e0:9a:4c:ed:92:75

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleFileNameExA

kernel32

DecodePointer
EncodePointer
GetStringTypeW
TryEnterCriticalSection
QueryPerformanceFrequency
GetCurrentThread
DuplicateHandle
FormatMessageW
SwitchToThread
CreateEventW
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LoadLibraryW
FreeLibrary
IsProcessorFeaturePresent
QueueUserWorkItem
GetModuleHandleExW
SetLastError
GetCPInfo
CompareStringW
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GlobalMemoryStatusEx
GetSystemInfo
LoadLibraryA
GetExitCodeProcess
QueryPerformanceCounter
lstrcpyW
CreateProcessW
GetLocalTime
WaitForSingleObject
GetStartupInfoW
GetModuleHandleW
GetCurrentProcessId
GetFileAttributesA
GetCurrentThreadId
GetDynamicTimeZoneInformation
WriteConsoleA
GetStdHandle
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetDiskFreeSpaceExA
MoveFileExW
SetFileAttributesA
WritePrivateProfileStringA
DeleteFileW
CreateFileMappingA
CreateEventA
GetProcessHeap
HeapAlloc
HeapFree
GetTickCount
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetLogicalDriveStringsA
GetSystemDirectoryA
GetDriveTypeA
WideCharToMultiByte
LocalFree
GetProcAddress
CloseHandle
Sleep
IsDBCSLeadByteEx
MultiByteToWideChar
GetCommandLineA
OpenProcess
GetModuleHandleA
GetVersionExW
LocalAlloc
CreateMutexA
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
GetLastError
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetSystemDirectoryW
WriteFile
ReadFile
IsDebuggerPresent
IsValidCodePage
WriteConsoleW
HeapSize
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
GetACP
FindFirstFileExW
HeapReAlloc
SetStdHandle
GetTimeZoneInformation
ReadConsoleW
FlushFileBuffers
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileSizeEx
ExitProcess
GetFileType
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
GetEnvironmentVariableW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
RemoveDirectoryW
SetEndOfFile
SetFilePointerEx
DeviceIoControl
GetWindowsDirectoryW
CopyFileW
LCMapStringW
AreFileApisANSI
FormatMessageA
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObjectEx
WaitForMultipleObjectsEx
OpenEventA
SetWaitableTimer
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetLogicalProcessorInformation
CreateWaitableTimerA
SystemTimeToFileTime

advapi32

CryptAcquireContextW
RegQueryValueExA
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumValueA

shell32

ShellExecuteA
ShellExecuteW
CommandLineToArgvW
SHGetSpecialFolderPathA

ole32

CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx
CoCreateGuid

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantInit
SysAllocStringByteLen
SysStringByteLen

user32

PostQuitMessage
GetSystemMetrics
SendMessageW
IsWindowVisible
SetWindowPos
SetActiveWindow
ShowWindow
FindWindowW
SetForegroundWindow
DestroyWindow
PostMessageW
FlashWindowEx

duilib_u

?ShowWindow@CWindowWnd@DuiLib@@QAEX_N0@Z
?CenterWindow@CWindowWnd@DuiLib@@QAEXXZ
?GetSuperClassName@CWindowWnd@DuiLib@@MBEPB_WXZ
?OnFinalMessage@WindowImplBase@DuiLib@@UAEXPAUHWND__@@@Z
?GetMessageMap@WindowImplBase@DuiLib@@MBEPBUDUI_MSGMAP@2@XZ
?OnClick@WindowImplBase@DuiLib@@MAEXAAUtagTNotifyUI@2@@Z
?ResponseDefaultKeyEvent@WindowImplBase@DuiLib@@MAEJI@Z
?GetClassStyle@WindowImplBase@DuiLib@@UBEIXZ
?GetResourceType@WindowImplBase@DuiLib@@UBE?AW4UILIB_RESOURCETYPE@2@XZ
?GetZIPFileName@WindowImplBase@DuiLib@@UBE?AVCDuiString@2@XZ
?GetResourceID@WindowImplBase@DuiLib@@UBEPB_WXZ
?CreateControl@WindowImplBase@DuiLib@@UAEPAVCControlUI@2@PB_W@Z
?MessageHandler@WindowImplBase@DuiLib@@UAEJIIJAA_N@Z
?OnClose@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnDestroy@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcActivate@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcCalcSize@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcPaint@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnNcHitTest@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnGetMinMaxInfo@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseWheel@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?Create@CWindowWnd@DuiLib@@QAEPAUHWND__@@PAU3@PB_WKKHHHHPAUHMENU__@@@Z
?OnSize@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnChar@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSysCommand@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnCreate@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnKeyDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnKillFocus@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnSetFocus@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnLButtonDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnLButtonUp@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?OnMouseMove@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?HandleMessage@WindowImplBase@DuiLib@@UAEJIIJ@Z
?HandleCustomMessage@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?GetStyle@WindowImplBase@DuiLib@@UAEJXZ
??0STRINGorID@DuiLib@@QAE@PB_W@Z
?SetParaFormat@CRichEditUI@DuiLib@@QAE_NAAUPARAFORMAT2@@@Z
??0CDialogBuilder@DuiLib@@QAE@XZ
?Create@CDialogBuilder@DuiLib@@QAEPAVCControlUI@2@VSTRINGorID@2@PB_WPAVIDialogBuilderCallback@2@PAVCPaintManagerUI@2@PAV32@@Z
?Init@CPaintManagerUI@DuiLib@@QAEXPAUHWND__@@PB_W@Z
?Invalidate@CPaintManagerUI@DuiLib@@QAEXXZ
?GetInstancePath@CPaintManagerUI@DuiLib@@SA?AVCDuiString@2@XZ
?SetInstance@CPaintManagerUI@DuiLib@@SAXPAUHINSTANCE__@@@Z
?SetResourcePath@CPaintManagerUI@DuiLib@@SAXPB_W@Z
?SetResourceZip@CPaintManagerUI@DuiLib@@SAXPB_W_N@Z
?SetValue@CProgressUI@DuiLib@@QAEXH@Z
??HCDuiString@DuiLib@@QBE?AV01@PB_W@Z
??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z
??BCDuiString@DuiLib@@QBEPB_WXZ
?GetData@CDuiString@DuiLib@@QBEPB_WXZ
?IsEmpty@CDuiString@DuiLib@@QBE_NXZ
??1CDuiString@DuiLib@@QAE@XZ
??0CDuiString@DuiLib@@QAE@ABV01@@Z
??0CDuiString@DuiLib@@QAE@PB_WH@Z
??1CDialogBuilder@DuiLib@@QAE@XZ
?InitWindow@WindowImplBase@DuiLib@@UAEXXZ
??1WindowImplBase@DuiLib@@UAE@XZ
??0WindowImplBase@DuiLib@@QAE@XZ
?ShowModal@CWindowWnd@DuiLib@@QAEIXZ
?OnMouseHover@WindowImplBase@DuiLib@@UAEJIIJAAH@Z
?AttachDialog@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@@Z
?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z
?MessageLoop@CPaintManagerUI@DuiLib@@SAHXZ
??0CWndShadow@@QAE@XZ
??1CWndShadow@@UAE@XZ
?Initialize@CWndShadow@@SA_NPAUHINSTANCE__@@@Z
??8CDuiString@DuiLib@@QBE_NPB_W@Z

shlwapi

SHSetValueA

libcurl

curl_easy_setopt
curl_easy_cleanup
curl_slist_free_all
curl_easy_strerror
curl_easy_init
curl_global_cleanup
curl_global_init
curl_easy_getinfo
curl_easy_perform
curl_slist_append

libcrypto-1_1

EVP_CIPHER_CTX_new
BIO_new
BIO_ctrl
EVP_DecryptUpdate
BIO_push
BIO_f_base64
EVP_DecryptFinal_ex
BIO_set_flags
EVP_EncryptInit_ex
BIO_s_mem
BIO_free_all
EVP_aes_128_cbc
BIO_write
EVP_EncryptFinal_ex
EVP_CIPHER_CTX_set_key_length
EVP_EncryptUpdate
EVP_CIPHER_CTX_reset
EVP_CIPHER_CTX_set_padding
EVP_CIPHER_CTX_block_size

winhttp

WinHttpCrackUrl
WinHttpConnect
WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetTimeouts

netapi32

Netbios

Exports

Exports

??0IHttpDNSHelper@network@xbase@@QAE@$$QAV012@@Z
??0IHttpDNSHelper@network@xbase@@QAE@ABV012@@Z
??0IHttpDNSHelper@network@xbase@@QAE@XZ
??4IHttpDNSHelper@network@xbase@@QAEAAV012@$$QAV012@@Z
??4IHttpDNSHelper@network@xbase@@QAEAAV012@ABV012@@Z
??_7IHttpDNSHelper@network@xbase@@6B@
HttpDNSHelperInstance
create_log_producer
create_log_producer_config
destroy_log_producer
destroy_log_producer_config
get_log_producer_client
is_log_producer_result_ok
log_producer_client_add_log
log_producer_client_add_log_with_len
log_producer_client_add_log_with_len_time
log_producer_client_add_raw_log_buffer
log_producer_client_network_recover
log_producer_config_add_tag
log_producer_config_get_security
log_producer_config_is_valid
log_producer_config_reset_security_token
log_producer_config_set_access_id
log_producer_config_set_access_key
log_producer_config_set_compress_type
log_producer_config_set_connect_timeout_sec
log_producer_config_set_destroy_flusher_wait_sec
log_producer_config_set_destroy_sender_wait_sec
log_producer_config_set_endpoint
log_producer_config_set_log_queue_size
log_producer_config_set_logstore
log_producer_config_set_max_buffer_limit
log_producer_config_set_net_interface
log_producer_config_set_ntp_time_offset
log_producer_config_set_packet_log_bytes
log_producer_config_set_packet_log_count
log_producer_config_set_packet_timeout
log_producer_config_set_project
log_producer_config_set_send_thread_count
log_producer_config_set_send_timeout_sec
log_producer_config_set_source
log_producer_config_set_topic
log_producer_env_destroy
log_producer_env_init
log_set_get_time_function

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ceb83b3a8d84b83ec59e78e79b879f31

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

0a:36:5a:85:7e:6b:77:8e:7e:13:ca:38:6b:2e:79:72Certificate

Extended Key Usages

Key Usages

96:7e:a7:76:73:5b:c0:d7:78:6e:24:c3:16:53:f0:41:11:f0:dc:32:bd:1c:b7:a2:32:bc:e0:9a:4c:ed:92:75Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

psapi

kernel32

advapi32

shell32

ole32

oleaut32

user32

duilib_u

shlwapi

libcurl

libcrypto-1_1

winhttp

netapi32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 280KB - Virtual size: 279KB

.data Size: 57KB - Virtual size: 63KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 73KB - Virtual size: 73KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

0a:36:5a:85:7e:6b:77:8e:7e:13:ca:38:6b:2e:79:72
Certificate

96:7e:a7:76:73:5b:c0:d7:78:6e:24:c3:16:53:f0:41:11:f0:dc:32:bd:1c:b7:a2:32:bc:e0:9a:4c:ed:92:75
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 280KB - Virtual size: 279KB

.data
Size: 57KB - Virtual size: 63KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 73KB - Virtual size: 73KB