5bcce8049c7ce2ff5e3eadc70c52b4f9085049da89584a4fa732efbfd1fb00f0

Sharing

Copy URL Twitter E-mail

General

Target

5bcce8049c7ce2ff5e3eadc70c52b4f9085049da89584a4fa732efbfd1fb00f0
Size

1.6MB
MD5

56ba7323262da90d1c974ab284e1b547
SHA1

21f371dd85dda5a831342f5553a3b5c3f19918b1
SHA256

5bcce8049c7ce2ff5e3eadc70c52b4f9085049da89584a4fa732efbfd1fb00f0
SHA512

491a44218ff96a7c5b00a355853e7433a6ce51eca408a4ad10a920cdf00bbf51b1ed3a4f7ce4c2dba6493c403291f6a5d2bfe698330d0fe5c9e0ad6fa645bf72
SSDEEP

24576:w1yvJmzVVsjoTr7vN9g4yaPhikrrQ4edtyI/:qGmzVVsMTr7vN9/yaPh9cd

Score

1^/10

Malware Config

Signatures

Files

5bcce8049c7ce2ff5e3eadc70c52b4f9085049da89584a4fa732efbfd1fb00f0
.exe windows:5 windows x86

77f568a84718e9a07b9d44ce7eec626f

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

05/01/2022, 09:58

Not After

06/01/2024, 09:58

Subject

SERIALNUMBER=911101026662879416,CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,STREET=朝阳区酒仙桥路6号院2号楼1至19层104号内8层801,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074245494a494e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

96:10:c4:17:7e:a9:ad:73:2c:93:d1:80:90:a5:31:c2:3d:16:be:61:df:87:0f:46:1f:10:c5:c3:3c:7f:3b:23
Signer

Actual PE Digest

96:10:c4:17:7e:a9:ad:73:2c:93:d1:80:90:a5:31:c2:3d:16:be:61:df:87:0f:46:1f:10:c5:c3:3c:7f:3b:23

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetVersionExW
FlushInstructionCache
SetLastError
SetEvent
CreateEventW
GetLogicalDriveStringsW
MapViewOfFileEx
CreateFileMappingW
GetFileSize
UnmapViewOfFile
WideCharToMultiByte
SetCurrentDirectoryW
lstrcpyW
GetFullPathNameW
FormatMessageW
GetVolumeInformationW
CompareFileTime
GetFileTime
SystemTimeToFileTime
CreateProcessW
GetCurrentThread
GetSystemInfo
GlobalMemoryStatusEx
CreateThread
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
MulDiv
CreateMutexW
GetCommandLineW
OpenEventW
FindAtomW
GlobalAddAtomW
GetSystemWindowsDirectoryW
FreeResource
GetDiskFreeSpaceExW
GetVolumePathNameW
GlobalUnlock
GlobalLock
ExpandEnvironmentStringsW
QueryPerformanceCounter
QueryPerformanceFrequency
CreateFileA
GetTempPathA
lstrcatW
ProcessIdToSessionId
GetFileSizeEx
GetExitCodeProcess
GetStartupInfoW
LocalFree
CopyFileW
GetTempFileNameW
lstrcmpiA
lstrcmpA
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetLocaleInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
MoveFileW
SetHandleCount
GetLocalTime
SetStdHandle
GetDriveTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
GetModuleHandleA
HeapCreate
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
ExitThread
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
TlsFree
TlsAlloc
ReleaseMutex
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
TlsGetValue
SetFilePointerEx
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetStdHandle
SetEndOfFile
SetFileTime
GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus
ResetEvent
ReadProcessMemory
GetLongPathNameW
GetFileAttributesExW
MapViewOfFile
UnlockFile
LockFile
GetEnvironmentVariableW
OutputDebugStringW
GlobalAlloc
GlobalFree
GetCurrentProcess
GetProcessId
FindFirstVolumeW
GetStringTypeW
TerminateProcess
MoveFileExW
GetPrivateProfileStringW
QueryDosDeviceW
FindNextVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
OpenProcess
InterlockedCompareExchange
lstrlenA
GetWindowsDirectoryW
LoadLibraryExW
MultiByteToWideChar
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetModuleHandleW
GetFileType
LocalAlloc
GetFileAttributesW
GetTempPathW
GlobalFindAtomW
FreeLibrary
GetTickCount
Sleep
WriteFile
GetLastError
CreateDirectoryW
WritePrivateProfileStringW
SetFileAttributesW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetModuleFileNameW
DeleteFileW
GetProcAddress
ReadFile
SetFilePointer
GetCurrentProcessId
CreateFileW
DeviceIoControl
LoadLibraryW
GetSystemWow64DirectoryW
GetSystemDirectoryW
WaitForSingleObject
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
GetStartupInfoA

user32

WaitForInputIdle
SetRectEmpty
wvsprintfW
PostMessageW
MessageBoxW
UnregisterClassA
ExitWindowsEx
GetDlgItemTextW
UpdateLayeredWindow
GetMessageW
GetCursorPos
wsprintfW
GetActiveWindow
SendMessageW
FindWindowW
CharNextW
IsWindow
SetTimer
DestroyWindow
DefWindowProcW
RegisterWindowMessageW
SetWindowLongW
GetWindowLongW
CallWindowProcW
EnableWindow
GetDlgItem
IsWindowEnabled
ShowWindow
SetDlgItemTextW
IsWindowVisible
IsRectEmpty
GetAsyncKeyState
ReplyMessage
OffsetRect
SetParent
DrawIconEx
DrawTextW
LoadIconW
DialogBoxParamW
SendMessageTimeoutW
SystemParametersInfoW
PostQuitMessage
InflateRect
EnableMenuItem
GetSystemMenu
CopyRect
RedrawWindow
GetDC
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
RegisterClassExW
GetCapture
PtInRect
LoadCursorW
GetClassInfoExW
SetCapture
CreateWindowExW
BringWindowToTop
GetSystemMetrics
LoadImageW
CreateDialogParamW
IsDialogMessageW
IsDlgButtonChecked
CheckDlgButton
UpdateWindow
IsIconic
EndPaint
BeginPaint
SetLayeredWindowAttributes
InvalidateRect
FillRect
EnumWindows
GetClassNameW
KillTimer
GetWindowTextLengthW
MessageBeep
SetFocus
SetWindowTextW
GetWindowTextW
ReleaseDC
GetParent
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScreenToClient
GetClientRect
SetWindowPos
MoveWindow
EndDialog
GetWindowThreadProcessId
SetWindowRgn

gdi32

CreatePolygonRgn
CombineRgn
SetViewportOrgEx
SetBkColor
ExtTextOutW
DeleteObject
CreateSolidBrush
CreateRectRgn
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
SetTextColor
SetBkMode
CreateFontW
GetTextExtentPoint32W

advapi32

LookupAccountNameW
GetTokenInformation
ConvertSidToStringSidW
OpenProcessToken
OpenSCManagerW
OpenServiceW
ControlService
QueryServiceStatusEx
CloseServiceHandle
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenThreadToken
ImpersonateSelf
InitiateSystemShutdownW
GetUserNameW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
GetExplicitEntriesFromAclW
GetTrusteeNameW
EqualSid
DeleteAce
LookupAccountSidW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteW
SHGetFolderPathW
ord680
ShellExecuteExW
ExtractIconExW
SHBrowseForFolderW
SHGetSpecialFolderPathA
CommandLineToArgvW
ord165
SHCreateDirectoryExW
SHGetMalloc
SHGetSpecialFolderLocation
SHChangeNotify
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHFileOperationW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoCreateGuid
OleRun
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysAllocString
SysAllocStringByteLen
DispCallFunc
VariantInit
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
VarUI4FromStr
VariantClear
SysStringByteLen

shlwapi

SHDeleteKeyW
PathRemoveFileSpecW
PathCombineW
PathAppendW
PathIsRelativeW
PathCombineA
StrCmpIW
PathUnquoteSpacesW
PathAppendA
StrStrW
PathFindFileNameW
PathRemoveExtensionW
StrRetToStrW
PathIsDirectoryW
PathFindExtensionW
PathAddBackslashW
StrCmpNIW
SHSetValueA
PathIsPrefixW
wnsprintfW
SHGetValueA
StrTrimA
PathFileExistsA
PathFileExistsW
StrStrIA
SHSetValueW
StrStrIW
SHGetValueW
SHDeleteValueW

comctl32

_TrackMouseEvent
InitCommonControlsEx

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

psapi

GetModuleFileNameExW
EnumProcesses
GetProcessImageFileNameW

crypt32

CryptBinaryToStringW
CertGetNameStringW
CryptStringToBinaryA

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

wininet

InternetGetConnectedState
InternetOpenUrlW
InternetReadFile
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
InternetCloseHandle

setupapi

SetupIterateCabinetW

Sections

.text
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 246KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 390KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

77f568a84718e9a07b9d44ce7eec626f

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0bCertificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

96:10:c4:17:7e:a9:ad:73:2c:93:d1:80:90:a5:31:c2:3d:16:be:61:df:87:0f:46:1f:10:c5:c3:3c:7f:3b:23Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

iphlpapi

urlmon

psapi

crypt32

wintrust

wtsapi32

wininet

setupapi

Sections

.text Size: 718KB - Virtual size: 718KB

.rdata Size: 189KB - Virtual size: 189KB

.data Size: 66KB - Virtual size: 97KB

.rsrc Size: 246KB - Virtual size: 246KB

Size: 390KB - Virtual size: 390KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0b
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

96:10:c4:17:7e:a9:ad:73:2c:93:d1:80:90:a5:31:c2:3d:16:be:61:df:87:0f:46:1f:10:c5:c3:3c:7f:3b:23
Signer

.text
Size: 718KB - Virtual size: 718KB

.rdata
Size: 189KB - Virtual size: 189KB

.data
Size: 66KB - Virtual size: 97KB

.rsrc
Size: 246KB - Virtual size: 246KB