c249a0f95000619cae9f4d4383c5aa57e24a0fa4f9d38a55f2cd8b7d21fe1407

Sharing

Copy URL Twitter E-mail

General

Target

c249a0f95000619cae9f4d4383c5aa57e24a0fa4f9d38a55f2cd8b7d21fe1407
Size

1.3MB
MD5

c814584ff01ef0ad34e38cbde32656b0
SHA1

f12525f3214756faa239f78af8aeedf768d07727
SHA256

c249a0f95000619cae9f4d4383c5aa57e24a0fa4f9d38a55f2cd8b7d21fe1407
SHA512

85c5dda31dd33836e621b08a1d653ee2d2e118ff545462d76f2b93079b5e6a2b27bc2167df2777d4d65e10053d35ba5ae13f3692352d0b031a5d127d0572dd1a
SSDEEP

24576:FFLF3NLLH0ENpWm0EYvbRD1eMmPrp9NcOccjzIvwc1BMJ5OTp8Q:lNrpV0EOb51eMmPrpDQcjzcXKiZ

Score

1^/10

Malware Config

Signatures

Files

c249a0f95000619cae9f4d4383c5aa57e24a0fa4f9d38a55f2cd8b7d21fe1407
.exe windows:6 windows x86

886560aee2b6686a585790d104e2f6d2

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:90:b9:34:84:e6:f1:8e:fe:9f:43:68:3a:5f:49:d8
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/05/2021, 00:00

Not After

21/08/2024, 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,O=Beijing Sogou Technology Development Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:f7:41:e4:f4:b0:94:71:05:1f:2f:c9:61:60:78:2a:21:96:a2:c1:38:6b:96:6c:76:37:29:2b:e3:8d:da:1f
Signer

Actual PE Digest

0a:f7:41:e4:f4:b0:94:71:05:1f:2f:c9:61:60:78:2a:21:96:a2:c1:38:6b:96:6c:76:37:29:2b:e3:8d:da:1f

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

CreateMutexA
OutputDebugStringA
FreeLibrary
MultiByteToWideChar
GetSystemDirectoryA
Sleep
ReadFile
GetFileSize
CreateFileA
GlobalMemoryStatusEx
Process32Next
IsBadWritePtr
GetCurrentProcess
lstrlenW
WriteFile
TerminateProcess
GetModuleFileNameW
SetFilePointer
CreateFileW
GetCurrentThreadId
FormatMessageW
lstrcatW
LoadLibraryW
GetLocalTime
GetCurrentProcessId
CreateProcessW
GetModuleHandleW
lstrcpyW
GetTickCount
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
EncodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
OutputDebugStringW
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
OpenMutexA
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
LoadLibraryExW
InterlockedPushEntrySList
Process32First
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetModuleHandleExW
GetStdHandle
GetACP
GetCurrentThread
HeapSize
GetFileType
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
SetStdHandle
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
WriteConsoleW
GetProcessHeap
SetConsoleCtrlHandler
GetTimeZoneInformation
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
TerminateThread
CreateThread
SetEndOfFile
CreateToolhelp32Snapshot
WideCharToMultiByte
CopyFileA
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
ReadProcessMemory
OpenProcess
DeleteCriticalSection
GetStartupInfoW
GetTempPathW
GetSystemDirectoryW
Process32NextW
Process32FirstW
OpenMutexW
CreateDirectoryW
SetFileTime
GetProcessId
WaitForSingleObject
GetFileAttributesW
SetFileAttributesW
GetFileAttributesExW
FileTimeToSystemTime
GlobalAlloc
DeleteFileW
GlobalFree
MoveFileExW
SystemTimeToFileTime
CopyFileW
GetTempFileNameW
GetFileTime
GetExitCodeProcess
DuplicateHandle
ExitThread
LocalFree
QueryDosDeviceW
FindFirstFileW
RemoveDirectoryW
GetLogicalDriveStringsW
LocalAlloc
CreateMutexW
ReleaseMutex
GetVersionExW
GetWindowsDirectoryW
VirtualAlloc
QueryPerformanceFrequency
InitializeCriticalSection
OpenFileMappingW
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingW
MapViewOfFile
ResumeThread
FreeLibraryAndExitThread
InitializeCriticalSectionEx
GetLastError
RaiseException
CloseHandle
DecodePointer
CreateDirectoryA
InterlockedFlushSList
SetEnvironmentVariableW

user32

FindWindowExW
MonitorFromPoint
GetWindowLongW
UnregisterClassW
WindowFromPoint
TranslateMessage
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW
SendMessageTimeoutW
IsIconic
ReleaseDC
GetWindowThreadProcessId
GetFocus
GetForegroundWindow
GetSystemMetrics
SetRectEmpty
MessageBoxW
GetDC
IsWindowVisible
SetWindowPos
UnregisterClassA
MonitorFromRect
MonitorFromWindow
ShowWindow
wvsprintfW
GetMonitorInfoW
AttachThreadInput
EnumWindows
GetClassNameW
GetDesktopWindow
GetWindowRect
SystemParametersInfoW
GetParent
wsprintfW
SetForegroundWindow

advapi32

RegEnumValueW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
RegOpenKeyExA
RegCloseKey
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
SetSecurityDescriptorSacl
GetTokenInformation
LookupAccountSidW
OpenProcessToken
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyW
RegQueryValueExW
RegQueryValueExA
InitializeSecurityDescriptor
RegDeleteValueW
RegCreateKeyExW
RegFlushKey
RegQueryInfoKeyW
RegEnumKeyW
GetLengthSid
AddAccessAllowedAceEx
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
InitializeAcl

imm32

ImmDisableIME

wininet

InternetCloseHandle
InternetConnectA
InternetOpenUrlA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpEndRequestA
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
HttpQueryInfoA

psapi

GetModuleInformation
GetProcessMemoryInfo
GetModuleFileNameExW

gdi32

SelectObject
CreateDIBSection
CreateCompatibleDC
StretchBlt
GetDeviceCaps
BitBlt
DeleteDC
DeleteObject

shell32

SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderPathW
SHFileOperationW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

886560aee2b6686a585790d104e2f6d2

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

08:90:b9:34:84:e6:f1:8e:fe:9f:43:68:3a:5f:49:d8Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0a:f7:41:e4:f4:b0:94:71:05:1f:2f:c9:61:60:78:2a:21:96:a2:c1:38:6b:96:6c:76:37:29:2b:e3:8d:da:1fSigner

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

advapi32

imm32

wininet

psapi

gdi32

shell32

ole32

oleaut32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 181KB - Virtual size: 180KB

.data Size: 14KB - Virtual size: 150KB

.rsrc Size: 57KB - Virtual size: 57KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

08:90:b9:34:84:e6:f1:8e:fe:9f:43:68:3a:5f:49:d8
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0a:f7:41:e4:f4:b0:94:71:05:1f:2f:c9:61:60:78:2a:21:96:a2:c1:38:6b:96:6c:76:37:29:2b:e3:8d:da:1f
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 181KB - Virtual size: 180KB

.data
Size: 14KB - Virtual size: 150KB

.rsrc
Size: 57KB - Virtual size: 57KB