3823512a591cef87a55b4119722debec7ca929dee3234ceb570ec1f41e096d47

Sharing

Copy URL

Twitter E-mail

General

Target

3823512a591cef87a55b4119722debec7ca929dee3234ceb570ec1f41e096d47
Size

3.0MB
MD5

7d73219ecc93456047c4b00c1a7bc777
SHA1

233f6ea3f0258bdbae8e635acfd2e35bbd9cef31
SHA256

3823512a591cef87a55b4119722debec7ca929dee3234ceb570ec1f41e096d47
SHA512

cd4ce70a7b842ac17118c168f0a129d355dada6a09078ea2e96391c6c53105cd8ce582b22a20741223fe8748b3e04573bc31637e7a8c7173b488f96f4c7f7805
SSDEEP

49152:voJUOMMz1rVvAOBukPz70QWrx0HIsopbq0q:voeOX1BASPpWG8s

Score

1^/10

Malware Config

Signatures

Files

3823512a591cef87a55b4119722debec7ca929dee3234ceb570ec1f41e096d47
.exe windows:5 windows x86

a5ed1da3dda39cade185a7a27576a4ab

Code Sign

0f:f3:b8:93:70:db:e1:0a:97:73:6c:c5:66:24:ff:46
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

15-12-2020 00:00

Not After

05-01-2022 23:59

Subject

SERIALNUMBER=91310114MA1GW1DE8X,CN=Shanghai Shaji Network Technology Co.\, Ltd,O=Shanghai Shaji Network Technology Co.\, Ltd,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:f3:b8:93:70:db:e1:0a:97:73:6c:c5:66:24:ff:46
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

15-12-2020 00:00

Not After

05-01-2022 23:59

Subject

SERIALNUMBER=91310114MA1GW1DE8X,CN=Shanghai Shaji Network Technology Co.\, Ltd,O=Shanghai Shaji Network Technology Co.\, Ltd,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:b9:d8:83:16:fa:0e:9c:99:d7:fa:27:c8:6e:85:95:40:7f:fe:c6:63:27:76:1e:c8:3f:73:b5:35:f9:82:f5
Signer

Actual PE Digest

4d:b9:d8:83:16:fa:0e:9c:99:d7:fa:27:c8:6e:85:95:40:7f:fe:c6:63:27:76:1e:c8:3f:73:b5:35:f9:82:f5

Digest Algorithm

sha256

PE Digest Matches

false

fe:2b:4b:15:27:1b:c5:3a:5e:b0:a6:30:69:5a:2b:93:02:a2:db:3d
Signer

Actual PE Digest

fe:2b:4b:15:27:1b:c5:3a:5e:b0:a6:30:69:5a:2b:93:02:a2:db:3d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
LocalFileTimeToFileTime
GetCurrentDirectoryW
ReadFile
SetFilePointer
WideCharToMultiByte
MultiByteToWideChar
Sleep
FreeResource
LoadResource
SizeofResource
FindResourceW
SetCurrentDirectoryW
SystemTimeToFileTime
SetFileTime
FormatMessageW
GetACP
GlobalLock
GlobalUnlock
lstrlenW
LoadLibraryW
ExitProcess
LocalFree
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
VerSetConditionMask
GetCurrentProcessId
MulDiv
LockResource
GetFileSize
GetCurrentProcess
GetFileType
DuplicateHandle
DosDateTimeToFileTime
GlobalAlloc
InterlockedIncrement
InterlockedDecrement
lstrcpyW
CreateFileW
EnterCriticalSection
LeaveCriticalSection
SleepEx
FreeLibrary
WaitForMultipleObjects
GetStdHandle
PeekNamedPipe
ExpandEnvironmentStringsA
SetLastError
FormatMessageA
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
VerifyVersionInfoA
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
MoveFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
GetTimeZoneInformation
HeapReAlloc
GetFullPathNameW
SetStdHandle
FlushFileBuffers
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
GetFileAttributesExW
SetEndOfFile
HeapSize
GetLocalTime
WaitForSingleObject
SetFileAttributesW
GetComputerNameW
GetSystemDirectoryW
GetFileAttributesW
GetDiskFreeSpaceExW
GetModuleFileNameW
GetSystemInfo
FindClose
FindNextFileW
FindFirstFileW
GetModuleHandleW
GetProcAddress
Process32NextW
CloseHandle
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
WritePrivateProfileStringW
GetLastError
MoveFileW
GetTempPathW
DeleteFileW
GetTickCount
GetPrivateProfileStringW
InitializeCriticalSection
CreateDirectoryW

user32

MessageBoxW
MonitorFromWindow
GetMonitorInfoW
DefWindowProcW
PostQuitMessage
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
EnableWindow
GetSystemMetrics
SetPropW
GetPropW
UpdateLayeredWindow
MoveWindow
GetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
HideCaret
ShowCaret
GetCaretPos
ClientToScreen
IsWindowEnabled
GetWindowTextW
GetWindowTextLengthW
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
SetWindowRgn
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
SetWindowLongW
SetCaretPos
GetCaretBlinkTime
CreateCaret
GetCursorPos
GetWindowRect
GetClientRect
InvalidateRect
GetUpdateRect
EndPaint
ReleaseDC
GetDC
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
SetFocus
CharNextW
IsZoomed
IsWindowVisible
SetWindowPos
DestroyWindow
IsWindow
CreateWindowExW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadCursorW
OffsetRect
UnionRect
InflateRect
SetCursor
LoadImageW
GetWindow
SetForegroundWindow
GetParent
SetWindowTextW
FindWindowW
PostMessageW
FindWindowExW
GetWindowThreadProcessId
IsIconic
ShowWindow
wsprintfW
GetWindowLongW
PtInRect
IsRectEmpty
IntersectRect
GetSysColor
ScreenToClient
BeginPaint
MapWindowPoints

advapi32

CryptEncrypt
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
DuplicateTokenEx
OpenProcessToken
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CryptImportKey

shell32

DragQueryFileW
ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW

ole32

OleUninitialize
OleInitialize
CoCreateInstance
CoUninitialize
CoInitialize
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
DoDragDrop
RevokeDragDrop
CoCreateGuid
RegisterDragDrop

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

WSAStartup
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
gethostname
WSACleanup
gethostbyname

imagehlp

MakeSureDirectoryPathExists

shlwapi

PathIsDirectoryW
PathRemoveFileSpecW
PathFileExistsW

gdi32

RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
GetStockObject
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
CreateSolidBrush
MoveToEx
LineTo
GdiFlush
GetBitmapBits
SetBitmapBits
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
CreateDIBSection
PtInRegion
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
GetTextExtentPoint32W
GetClipBox
TextOutW
GetCharABCWidthsW
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
GetObjectA
BitBlt
CreateFontIndirectW
CreatePen
DeleteDC
DeleteObject
GetDeviceCaps

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

comctl32

ord17
InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipSetStringFormatTrimming
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillRectangleI
GdipDrawRectangleI
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipGetImageHeight
GdipCloneStringFormat
GdipGetImageWidth

wldap32

ord301
ord200
ord30
ord79
ord35
ord32
ord27
ord26
ord22
ord41
ord143
ord60
ord33
ord50
ord211
ord46

Sections

.text
Size: 854KB - Virtual size: 853KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 906KB - Virtual size: 906KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5ed1da3dda39cade185a7a27576a4ab

Code Sign

0f:f3:b8:93:70:db:e1:0a:97:73:6c:c5:66:24:ff:46Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

0f:f3:b8:93:70:db:e1:0a:97:73:6c:c5:66:24:ff:46Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

4d:b9:d8:83:16:fa:0e:9c:99:d7:fa:27:c8:6e:85:95:40:7f:fe:c6:63:27:76:1e:c8:3f:73:b5:35:f9:82:f5Signer

fe:2b:4b:15:27:1b:c5:3a:5e:b0:a6:30:69:5a:2b:93:02:a2:db:3dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

version

ws2_32

imagehlp

shlwapi

gdi32

oleaut32

imm32

comctl32

gdiplus

wldap32

Sections

.text Size: 854KB - Virtual size: 853KB

.rdata Size: 192KB - Virtual size: 191KB

.data Size: 9KB - Virtual size: 14KB

.gfids Size: 512B - Virtual size: 464B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 906KB - Virtual size: 906KB

.reloc Size: 46KB - Virtual size: 45KB

0f:f3:b8:93:70:db:e1:0a:97:73:6c:c5:66:24:ff:46
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

0f:f3:b8:93:70:db:e1:0a:97:73:6c:c5:66:24:ff:46
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

4d:b9:d8:83:16:fa:0e:9c:99:d7:fa:27:c8:6e:85:95:40:7f:fe:c6:63:27:76:1e:c8:3f:73:b5:35:f9:82:f5
Signer

fe:2b:4b:15:27:1b:c5:3a:5e:b0:a6:30:69:5a:2b:93:02:a2:db:3d
Signer

.text
Size: 854KB - Virtual size: 853KB

.rdata
Size: 192KB - Virtual size: 191KB

.data
Size: 9KB - Virtual size: 14KB

.gfids
Size: 512B - Virtual size: 464B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 906KB - Virtual size: 906KB

.reloc
Size: 46KB - Virtual size: 45KB