176e7f40600f0f59799c83641530a6ec1e405abd5205458e474fa91bc0e08243

Sharing

Copy URL Twitter E-mail

General

Target

176e7f40600f0f59799c83641530a6ec1e405abd5205458e474fa91bc0e08243
Size

1.6MB
MD5

f457ae97ad0540ce4683caf25f85bd12
SHA1

7f2d86c871e18fb1f91e9101d9238b665fbf9eb6
SHA256

176e7f40600f0f59799c83641530a6ec1e405abd5205458e474fa91bc0e08243
SHA512

41cd72ff7086c2550aca389661f3a1ad90913bd282ea5a314b2a8aa91649a1efe18178ac22dd3507274730f487815095c68ff7043006a0e8407ed70cca10fa98
SSDEEP

24576:LDrkK6xHZxfsAY8vBKvWu/AAu1e/y8uZp5gvr+:qZKAYaKvww/y8M5gvr+

Score

1^/10

Malware Config

Signatures

Files

176e7f40600f0f59799c83641530a6ec1e405abd5205458e474fa91bc0e08243
.exe windows:6 windows x86

ba3baf213289ffa39d090f9634ebf1cd

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:90:b9:34:84:e6:f1:8e:fe:9f:43:68:3a:5f:49:d8
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/05/2021, 00:00

Not After

21/08/2024, 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,O=Beijing Sogou Technology Development Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:3e:53:93:57:22:e8:28:89:11:18:eb:d0:97:b4:3d:e6:19:60:06:82:fb:8a:02:9a:1d:a8:74:0e:6c:fc:7b
Signer

Actual PE Digest

5a:3e:53:93:57:22:e8:28:89:11:18:eb:d0:97:b4:3d:e6:19:60:06:82:fb:8a:02:9a:1d:a8:74:0e:6c:fc:7b

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpAddRequestHeadersA
InternetReadFile
InternetConnectA
InternetCloseHandle
HttpSendRequestExW
HttpEndRequestW
InternetOpenW
InternetCrackUrlA
InternetWriteFile
HttpOpenRequestA
InternetGetConnectedState
InternetOpenA
HttpEndRequestA
InternetOpenUrlA
HttpQueryInfoA
HttpSendRequestExA
HttpAddRequestHeadersW

ws2_32

shutdown
send
socket
gethostbyname
inet_addr
gethostbyaddr
closesocket
ntohs
inet_ntoa
getservbyname
htonl
htons
WSAGetLastError
getservbyport
connect
WSAStartup
WSACleanup
WSASetLastError
recv
setsockopt

kernel32

GetOEMCP
IsValidCodePage
SetStdHandle
GetConsoleCP
WideCharToMultiByte
GetConsoleMode
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetStdHandle
FreeLibrary
GetCurrentProcessId
GlobalLock
ResetEvent
LoadLibraryA
GetSystemDirectoryA
GlobalSize
Sleep
GetModuleFileNameW
GetProcAddress
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetACP
DecodePointer
RaiseException
GetVersion
GetTimeZoneInformation
FindFirstFileExW
InitializeCriticalSectionEx
lstrlenW
ExitProcess
GetModuleHandleW
GetModuleHandleExW
FreeLibraryAndExitThread
RtlUnwind
DeleteCriticalSection
SetEvent
GetLastError
CreateEventW
OpenEventW
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTickCount
GetPrivateProfileIntW
CloseHandle
OutputDebugStringW
WritePrivateProfileStringW
WriteConsoleW
SetEndOfFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
LoadLibraryW
GetCurrentThreadId
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetSystemDirectoryW
GetFileType
GlobalUnlock
ReadConsoleW
MultiByteToWideChar
FindFirstFileW
FindNextFileW
InterlockedCompareExchange
FindClose
GetFileAttributesW
DeleteFileW
ReadFile
WriteFile
SetFilePointer
GetTempPathW
CreateFileW
SetFileAttributesW
GetDiskFreeSpaceExW
MoveFileExW
GetFileSize
CopyFileW
GetTempFileNameW
GetSystemTime
FlushFileBuffers
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
LocalAlloc
LocalFree
CreateMutexW
ReleaseMutex
OpenMutexW
GetCommandLineW
GetCurrentProcess
CreateToolhelp32Snapshot
CreateDirectoryW
FileTimeToSystemTime
GlobalAlloc
GlobalFree
CreateProcessW
GetFileTime
SetLastError
ExitThread
FormatMessageW
CreateThread
Thread32Next
Thread32First
GetThreadTimes
OpenThread
RemoveDirectoryW
OpenProcess
LoadLibraryExW
GetModuleFileNameA
OutputDebugStringA
GetEnvironmentVariableW
GetEnvironmentVariableA
SuspendThread
GetCurrentDirectoryA
ResumeThread
GetVersionExA
WaitForSingleObjectEx
GetThreadId
ReadProcessMemory
VirtualQuery
GetSystemInfo
GetSystemTimeAsFileTime
GetProcessTimes
GetVersionExW
QueryPerformanceFrequency
QueryPerformanceCounter
VirtualAlloc
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
GetProcessHeap
TerminateProcess
lstrcatW
GetLocalTime
lstrcpyW
IsDebuggerPresent
SetUnhandledExceptionFilter
ExpandEnvironmentStringsW
IsBadReadPtr
lstrcmpiW
VirtualProtect
VirtualFree
DeviceIoControl
lstrlenA
lstrcatA
CopyFileA
CreateFileA
lstrcpyA
SetWaitableTimer
CreateNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe
GetOverlappedResult
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
GetThreadContext

user32

CreateWindowExW
DispatchMessageW
SetTimer
TranslateMessage
PostThreadMessageW
KillTimer
DefWindowProcW
GetMessageW
IsClipboardFormatAvailable
SetRectEmpty
GetClipboardData
PeekMessageW
SystemParametersInfoW
LoadStringW
wsprintfW
wvsprintfW
DestroyIcon
UnloadKeyboardLayout
LoadKeyboardLayoutW
GetKeyboardLayoutList
wsprintfA
IsCharAlphaNumericW
CloseClipboard
ChangeClipboardChain
IsDialogMessageW
OpenClipboard
IsWindow
RegisterClassExW
SendMessageW
SetClipboardViewer
PostMessageW
GetSystemMetrics

advapi32

AddAccessAllowedAceEx
SetSecurityInfo
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
GetNamedSecurityInfoW
GetLengthSid
RegQueryValueExW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetTokenInformation
LookupAccountSidW
OpenProcessToken
RegEnumValueW
RegSetValueExW
RegFlushKey
RegDeleteKeyW
CryptGetKeyParam
RegQueryInfoKeyW
RegEnumKeyW
RegOpenKeyW
GetUserNameA
RegCreateKeyExA
RegEnumValueA
RegDeleteValueA
AllocateAndInitializeSid
RegCreateKeyW
CryptAcquireContextW
CryptImportKey
CryptSetKeyParam
CryptEncrypt
CryptDestroyKey
CryptReleaseContext
CryptDecrypt
RegNotifyChangeKeyValue
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW

ole32

CoInitialize
CoUninitialize
CoCreateGuid
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

imm32

ImmDisableIME

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeA

psapi

GetProcessMemoryInfo

shlwapi

wnsprintfW
wnsprintfA
SHDeleteKeyW
SHDeleteKeyA
PathAppendW
SHGetValueW

winhttp

WinHttpSetOption
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpWriteData
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpQueryOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpReceiveResponse

shell32

SHGetFolderPathW
SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteW

Sections

.text
Size: 982KB - Virtual size: 982KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 478KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ba3baf213289ffa39d090f9634ebf1cd

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

08:90:b9:34:84:e6:f1:8e:fe:9f:43:68:3a:5f:49:d8Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

5a:3e:53:93:57:22:e8:28:89:11:18:eb:d0:97:b4:3d:e6:19:60:06:82:fb:8a:02:9a:1d:a8:74:0e:6c:fc:7bSigner

Headers

DLL Characteristics

File Characteristics

Imports

wininet

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

imm32

version

psapi

shlwapi

winhttp

shell32

Sections

.text Size: 982KB - Virtual size: 982KB

.rdata Size: 478KB - Virtual size: 478KB

.data Size: 28KB - Virtual size: 129KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 80KB - Virtual size: 80KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

08:90:b9:34:84:e6:f1:8e:fe:9f:43:68:3a:5f:49:d8
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

5a:3e:53:93:57:22:e8:28:89:11:18:eb:d0:97:b4:3d:e6:19:60:06:82:fb:8a:02:9a:1d:a8:74:0e:6c:fc:7b
Signer

.text
Size: 982KB - Virtual size: 982KB

.rdata
Size: 478KB - Virtual size: 478KB

.data
Size: 28KB - Virtual size: 129KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 80KB - Virtual size: 80KB