64f3803ddd3ad30932b53fa34e25ad052610fd3e108b225905bc2aff7f872b39

Sharing

Copy URL Twitter E-mail

General

Target

64f3803ddd3ad30932b53fa34e25ad052610fd3e108b225905bc2aff7f872b39
Size

3.8MB
MD5

0cd9685357af6733d5fb6d84028fab45
SHA1

96f1ba58dfbd018ddcb9f4f4b455a4e9d16b1218
SHA256

64f3803ddd3ad30932b53fa34e25ad052610fd3e108b225905bc2aff7f872b39
SHA512

31912f3ac9641d691e7df6d3b40212ea42635ef957cb377b3fef9177d3261babb53d40227d2511bc599dfac2e769aec6b564fa8e87e6c0dca31e88a80e6d7804
SSDEEP

49152:xbctL0RnRxar+nsPL5MgAD88xK4iuNTvFbrsdto5/j4vXccaPnTsDnxDfsDlJyjD:xwtkRx/sPLFY9svXHz

Score

1^/10

Malware Config

Signatures

Files

64f3803ddd3ad30932b53fa34e25ad052610fd3e108b225905bc2aff7f872b39
.exe windows:5 windows x86

d58fac7d322caaa847dbb840707d8192

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:7c:62:85:72:a5:07:ec:5f:41:0d:97:a4:ed:16:67
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2020, 00:00

Not After

12/11/2023, 23:59

Subject

CN=Beijing Duyou Science and Technology Co.\,Ltd.,O=Beijing Duyou Science and Technology Co.\,Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:06:83:4e:a5:ef:2b:3a:66:9e:31:99:70:ab:e6:40
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/11/2020, 00:00

Not After

12/11/2023, 23:59

Subject

CN=Beijing Duyou Science and Technology Co.\,Ltd.,O=Beijing Duyou Science and Technology Co.\,Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:7c:79:b1:86:c4:89:32:59:cd:66:22:17:27:46:e9:bd:97:96:4e:d1:26:6c:a7:78:eb:c8:fe:55:d8:52:62
Signer

Actual PE Digest

cd:7c:79:b1:86:c4:89:32:59:cd:66:22:17:27:46:e9:bd:97:96:4e:d1:26:6c:a7:78:eb:c8:fe:55:d8:52:62

Digest Algorithm

sha256

PE Digest Matches

false

c5:f5:e5:71:84:2d:9d:dc:ce:de:43:aa:7f:3d:40:c3:df:fc:a1:61
Signer

Actual PE Digest

c5:f5:e5:71:84:2d:9d:dc:ce:de:43:aa:7f:3d:40:c3:df:fc:a1:61

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

DeleteCriticalSection
WideCharToMultiByte
InterlockedIncrement
TlsFree
FormatMessageA
CreateEventA
OpenEventA
GetFileSizeEx
FindFirstFileA
FindNextFileA
SetEndOfFile
FindClose
CreateMutexA
UnmapViewOfFile
SwitchToThread
SetFilePointerEx
CreateFileMappingA
RemoveDirectoryA
CreateDirectoryA
GetTickCount
MapViewOfFileEx
GetProcessTimes
SetLastError
GetCurrentProcess
ReleaseSemaphore
WriteFile
DuplicateHandle
GetModuleHandleA
Sleep
CreateFileA
WaitForSingleObjectEx
GetSystemInfo
ResetEvent
GetProcAddress
GetCurrentProcessId
TlsGetValue
GetSystemTimeAsFileTime
CreateSemaphoreA
LocalFree
TlsSetValue
HeapFree
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
GetCurrentThreadId
CreateEventW
HeapAlloc
VerSetConditionMask
GetProcessHeap
SleepEx
VerifyVersionInfoW
CreateIoCompletionPort
GetModuleFileNameA
GetModuleFileNameW
GetFileAttributesW
GetVersionExW
GetLocalTime
GetDriveTypeW
MultiByteToWideChar
LoadLibraryW
FreeLibrary
CreateWaitableTimerW
CancelIo
GetStdHandle
GetFileType
GetSystemTime
SystemTimeToFileTime
QueryPerformanceCounter
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
HeapSize
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
QueueUserAPC
CloseHandle
InterlockedExchangeAdd
TlsAlloc
TerminateThread
SetEvent
GetLastError
FormatMessageW
PostQueuedCompletionStatus
ReleaseMutex
WaitForSingleObject
CreateMutexW
LeaveCriticalSection
WaitForMultipleObjects
InterlockedDecrement
EnterCriticalSection
InterlockedExchange
SetWaitableTimer
IsValidCodePage
FindFirstFileExA
SetStdHandle
ReadConsoleW
GetTimeZoneInformation
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetCommandLineW
GetCommandLineA
HeapReAlloc
WriteConsoleW
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
ReadFile
ExitProcess
GetModuleHandleExW
ExitThread
SetConsoleCtrlHandler
RtlUnwind
RaiseException
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualProtect
TryEnterCriticalSection
EncodePointer
DecodePointer
QueryPerformanceFrequency
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
WaitForMultipleObjectsEx
ResumeThread
GetLogicalProcessorInformation
CreateWaitableTimerA
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
GetFullPathNameW
RemoveDirectoryW
DeviceIoControl
MoveFileExW
FindFirstFileW
FindNextFileW
AreFileApisANSI
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
VirtualAlloc
VirtualFree

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegOpenKeyExA
InitializeSecurityDescriptor
OpenEventLogA
CloseEventLog
ReportEventA
RegisterEventSourceA
DeregisterEventSource
SetSecurityDescriptorDacl
RegCloseKey
ReadEventLogA
RegQueryValueExA

shell32

SHGetFolderPathW

ws2_32

connect
WSARecv
getsockopt
ioctlsocket
setsockopt
WSASetLastError
getsockname
WSAAddressToStringW
freeaddrinfo
inet_addr
WSAAddressToStringA
ntohs
inet_ntoa
htonl
ntohl
WSACleanup
WSAStartup
getpeername
WSASocketW
listen
shutdown
select
WSASend
closesocket
WSAIoctl
bind
accept
__WSAFDIsSet
recv
send
getaddrinfo
WSAGetLastError

shlwapi

PathRemoveFileSpecW

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 472KB - Virtual size: 471KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d58fac7d322caaa847dbb840707d8192

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0b:7c:62:85:72:a5:07:ec:5f:41:0d:97:a4:ed:16:67Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0d:06:83:4e:a5:ef:2b:3a:66:9e:31:99:70:ab:e6:40Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

cd:7c:79:b1:86:c4:89:32:59:cd:66:22:17:27:46:e9:bd:97:96:4e:d1:26:6c:a7:78:eb:c8:fe:55:d8:52:62Signer

c5:f5:e5:71:84:2d:9d:dc:ce:de:43:aa:7f:3d:40:c3:df:fc:a1:61Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

advapi32

shell32

ws2_32

shlwapi

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 472KB - Virtual size: 471KB

.data Size: 62KB - Virtual size: 82KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

Size: 1.5MB - Virtual size: 1.5MB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0b:7c:62:85:72:a5:07:ec:5f:41:0d:97:a4:ed:16:67
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0d:06:83:4e:a5:ef:2b:3a:66:9e:31:99:70:ab:e6:40
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

cd:7c:79:b1:86:c4:89:32:59:cd:66:22:17:27:46:e9:bd:97:96:4e:d1:26:6c:a7:78:eb:c8:fe:55:d8:52:62
Signer

c5:f5:e5:71:84:2d:9d:dc:ce:de:43:aa:7f:3d:40:c3:df:fc:a1:61
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 472KB - Virtual size: 471KB

.data
Size: 62KB - Virtual size: 82KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB