9b718c8da68ce1ceeca24536509e4fad6c26d1cb41cea492bc0363653d214fdd

Sharing

Copy URL Twitter E-mail

General

Target

9b718c8da68ce1ceeca24536509e4fad6c26d1cb41cea492bc0363653d214fdd
Size

8.1MB
MD5

11a050abc8942f797913b5ae68b0fcae
SHA1

e4e648f8b34ffc117b1ebc7891678ce67c80d988
SHA256

9b718c8da68ce1ceeca24536509e4fad6c26d1cb41cea492bc0363653d214fdd
SHA512

2f461d0259ae0d22f26a4434a4c30d062420827193d2df2632131761d2ba1dd33e1a1e8cd88ddf899a971c69d67e48740216d00c15b622a60c8f8ca850d2fb8a
SSDEEP

196608:WKFbSp4EWzIbytsEZKNZdvhGTtmiYgtVIe3cvvuYSc6XarpgV6B3X0Nn0WYhs:RSbytsEZKNiCgke3cvh3lgV6lXu09hs

Score

1^/10

Malware Config

Signatures

Files

9b718c8da68ce1ceeca24536509e4fad6c26d1cb41cea492bc0363653d214fdd
.dll windows x86

6ce1ef71f9d752a59ddd6c848bd63d7f

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:5b:f8:6e:85:26:53:40:33:13:83:7b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

26/04/2023, 03:04

Not After

26/04/2026, 03:04

Subject

SERIALNUMBER=911101026662879416,CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,STREET=朝阳区酒仙桥路6号院2号楼1至19层104号内8层801,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:fa:71:78:5b:10:9d:d1:60:03:86:29:27:a0:e8:62:b6:33:3f:b7:eb:20:08:c1:d1:77:eb:46:0b:20:b2:63
Signer

Actual PE Digest

14:fa:71:78:5b:10:9d:d1:60:03:86:29:27:a0:e8:62:b6:33:3f:b7:eb:20:08:c1:d1:77:eb:46:0b:20:b2:63

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileMappingW
CreateFileMappingA
QueryPerformanceCounter
lstrlenA
lstrcpyA
GetPrivateProfileSectionNamesW
MoveFileExW
CreateEventW
SetEvent
GetSystemTime
SystemTimeToFileTime
IsDBCSLeadByte
GetDiskFreeSpaceExW
DuplicateHandle
GetFileType
GetCurrentDirectoryW
DosDateTimeToFileTime
SetFileTime
FileTimeToSystemTime
VirtualProtect
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
DecodePointer
DisableThreadLibraryCalls
GetTempPathA
GetPrivateProfileStringA
DeleteFileA
GetPrivateProfileSectionW
GetLogicalDriveStringsW
GetDriveTypeW
OpenProcess
GetSystemInfo
GlobalMemoryStatusEx
TerminateProcess
SetProcessWorkingSetSize
GetWindowsDirectoryW
CreateMutexW
ReleaseMutex
InterlockedDecrement
CreateFileA
LocalAlloc
GetFileTime
FileTimeToLocalFileTime
GetExitCodeThread
InterlockedIncrement
InterlockedCompareExchange
ResumeThread
GetPrivateProfileStringW
LoadLibraryExW
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
OutputDebugStringW
HeapWalk
HeapLock
OpenThread
HeapUnlock
FormatMessageW
GetFileSizeEx
LocalFileTimeToFileTime
SetEnvironmentVariableA
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
FlushFileBuffers
GetTimeZoneInformation
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetStdHandle
SetFilePointerEx
SetStdHandle
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
GetCommandLineA
ExitThread
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetFileAttributesExW
EncodePointer
GetSystemTimeAsFileTime
GetStringTypeW
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
Sleep
TerminateThread
SuspendThread
WaitForSingleObject
CreateThread
InterlockedExchange
GetVersionExW
LocalFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpW
lstrcatW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetVolumeInformationW
SetEndOfFile
SetFilePointer
GetLocalTime
VirtualQuery
lstrcmpiA
ReadFile
GetFileSize
FreeResource
WriteFile
MultiByteToWideChar
WideCharToMultiByte
Process32NextW
lstrcmpiW
lstrlenW
lstrcpyW
Process32FirstW
CreateToolhelp32Snapshot
CreateDirectoryW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
SetFileAttributesW
DeleteFileW
CopyFileW
GetProcessHeap
HeapAlloc
HeapFree
CreateFileW
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetTempFileNameW
GetTempPathW
GetTickCount
SetLastError
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
RaiseException
InitializeCriticalSectionAndSpinCount
GetLastError
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
CreateProcessW
LoadLibraryW
GetModuleFileNameW
GetModuleHandleW
GetCurrentProcessId
CloseHandle
DeviceIoControl
ResetEvent

user32

SetWindowLongW
GetWindowLongW
DefWindowProcW
PostThreadMessageW
CreateDialogParamW
GetDlgItem
MonitorFromPoint
FindWindowW
PostMessageA
CharLowerBuffW
UnregisterClassW
MessageBoxW
BringWindowToTop
AttachThreadInput
GetForegroundWindow
FindWindowExW
GetWindowThreadProcessId
GetDesktopWindow
DestroyIcon
SetCursor
SwitchToThisWindow
IntersectRect
GetCursorPos
SetRect
CharNextW
WindowFromDC
InflateRect
LoadIconW
ReleaseCapture
SetPropW
GetPropW
MapVirtualKeyW
GetKeyNameTextW
EqualRect
RegisterClassW
MoveWindow
TrackMouseEvent
SetClassLongW
SetWindowRgn
GetMessagePos
SystemParametersInfoW
IsZoomed
ScreenToClient
SendMessageTimeoutW
wsprintfW
GetClassNameW
CallWindowProcW
IsWindow
DestroyWindow
BeginPaint
EndPaint
GetDC
FillRect
UpdateLayeredWindow
ReleaseDC
GetClientRect
SetWindowPos
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
IsWindowVisible
IsIconic
OffsetRect
SendMessageW
PostMessageW
CharLowerW
SetTimer
IsRectEmpty
CopyRect
LoadImageW
ClientToScreen
SetFocus
ShowWindow
GetWindowTextW
GetWindowTextLengthW
SetForegroundWindow
InvalidateRect
DrawIcon
DrawIconEx
GetIconInfo
DrawTextW
GetFocus
GetKeyState
KillTimer
GetSystemMetrics
GetMessageW
TranslateMessage
DispatchMessageW
PtInRect
UpdateWindow
GetWindowRect
SetCapture
GetWindow
EnableWindow
PostQuitMessage
MapWindowPoints
GetParent
GetMonitorInfoW
EnumThreadWindows
UnregisterHotKey
RegisterHotKey
GetShellWindow
GetTopWindow
MonitorFromWindow
SetWindowTextW

gdi32

CreateFontW
SetViewportOrgEx
CreateRoundRectRgn
CreateRectRgn
CombineRgn
GetDIBColorTable
CreatePatternBrush
GdiAlphaBlend
CreateRectRgnIndirect
ExtSelectClipRgn
SelectClipRgn
SaveDC
GetTextMetricsW
RoundRect
GetObjectType
SetLayout
OffsetRgn
GetRandomRgn
GetLayout
LPtoDP
SetBkColor
GetPixel
SetDIBColorTable
CreatePolygonRgn
CreateDCW
Rectangle
GetObjectA
SetTextColor
LineTo
MoveToEx
SetBkMode
DeleteObject
DeleteDC
CreateCompatibleDC
CreateDIBSection
SelectObject
GetStockObject
SetStretchBltMode
SetBrushOrgEx
GetObjectW
StretchBlt
BitBlt
GetClipBox
CreateCompatibleBitmap
CreatePen
CreateSolidBrush
GetCurrentObject
CreateFontIndirectW
RestoreDC
GetDeviceCaps
GetTextExtentPoint32W

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW

shell32

SHAppBarMessage
SHGetFileInfoW
SHChangeNotify
SHFileOperationW
SHGetFolderPathW
SHGetFolderPathA
SHGetSpecialFolderPathW
ShellExecuteW
ord165
ShellExecuteExW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoCreateGuid
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

GetErrorInfo
SysAllocString
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysFreeString

shlwapi

StrCmpW
PathMatchSpecW
StrToIntW
StrCmpIW
StrDupW
StrStrW
StrCmpNIW
PathFindFileNameW
PathAppendA
SHGetValueA
PathAddBackslashW
PathBuildRootW
PathGetDriveNumberW
StrDupA
UrlUnescapeA
StrToIntA
UrlEscapeW
PathIsRootW
SHSetValueW
PathCombineW
SHGetValueW
PathRemoveFileSpecW
PathIsDirectoryW
PathAppendW
PathFileExistsW

comctl32

ImageList_Draw
ImageList_Destroy
ImageList_Create
ImageList_GetImageCount
ImageList_GetIcon
ImageList_Remove
_TrackMouseEvent

msimg32

AlphaBlend
TransparentBlt

gdiplus

GdipDrawImageI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipImageSelectActiveFrame
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipGetImageRawFormat
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDrawImageRectI
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipAddPathLineI
GdipAddPathArcI
GdipClonePath
GdipCreatePath
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDeletePath
GdipDrawPath
GdipFillPath
GdipDrawRectangleI
GdipMeasureString
GdipDrawString
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipCreateSolidFill
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipReleaseDC
GdipFillRectangleI
GdipTranslateTextureTransform
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateTexture2I
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRectI
GdipSetImageAttributesColorKeys
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipSetTextRenderingHint

winmm

timeBeginPeriod
timeGetTime
timeSetEvent
timeKillEvent

setupapi

SetupIterateCabinetW

wininet

DeleteUrlCacheEntryW
InternetOpenUrlA
InternetErrorDlg
InternetQueryOptionW
HttpAddRequestHeadersA
HttpQueryInfoA
InternetCrackUrlW
InternetReadFile
HttpAddRequestHeadersW
InternetSetOptionW
InternetSetOptionA
InternetSetOptionExW
InternetSetOptionExA
InternetConnectW
InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetGetCookieW
InternetOpenA
InternetConnectA
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW

version

VerQueryValueA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

Exports

Exports

?_lpExtItem@@3PAXA
AppInit
AppUnInit
AppUnInstall
ExtSidebar_Open360Game
Ext_DecryptString
Ext_EncryptString
Ext_GetAppDataPath
Ext_Install360Game
Ext_IsSe9
Ext_Open360Game

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 458KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hc_360s
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ce1ef71f9d752a59ddd6c848bd63d7f

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

29:5b:f8:6e:85:26:53:40:33:13:83:7bCertificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

14:fa:71:78:5b:10:9d:d1:60:03:86:29:27:a0:e8:62:b6:33:3f:b7:eb:20:08:c1:d1:77:eb:46:0b:20:b2:63Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

winmm

setupapi

wininet

version

psapi

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 458KB - Virtual size: 458KB

.data Size: 32KB - Virtual size: 83KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.hc_360s Size: 512B - Virtual size: 4B

.rsrc Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 95KB - Virtual size: 94KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

29:5b:f8:6e:85:26:53:40:33:13:83:7b
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

14:fa:71:78:5b:10:9d:d1:60:03:86:29:27:a0:e8:62:b6:33:3f:b7:eb:20:08:c1:d1:77:eb:46:0b:20:b2:63
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 458KB - Virtual size: 458KB

.data
Size: 32KB - Virtual size: 83KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.hc_360s
Size: 512B - Virtual size: 4B

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 95KB - Virtual size: 94KB