6fff7595f65c798ba4ec92eed8482c02e6c39e42ded2e3582914dfaa69e32315

Sharing

Copy URL

Twitter E-mail

General

Target

6fff7595f65c798ba4ec92eed8482c02e6c39e42ded2e3582914dfaa69e32315
Size

1.2MB
MD5

2532e3d53c874521d5727c507fc069e9
SHA1

7c4385f1435428fcb56b928eb61883417deb1221
SHA256

6fff7595f65c798ba4ec92eed8482c02e6c39e42ded2e3582914dfaa69e32315
SHA512

d1941ba35e1d2d0f18b883b72b101b82e1fd353149d7f46b032c018c1f69a9a7db9c5805e10962d05a494509259bcfa38ee6c19b372dfde5375aab3ce27bbf49
SSDEEP

24576:MUGsm3KezBHSYeHQn4+JTworQTVfhFF9i:u3z1ewn4qMTjY

Score

1^/10

Malware Config

Signatures

Files

6fff7595f65c798ba4ec92eed8482c02e6c39e42ded2e3582914dfaa69e32315
.exe windows:5 windows x86

a4fb715cc4f6a8ac437c54d73b1072b0

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-11-2019 00:00

Not After

04-02-2023 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-11-2019 00:00

Not After

04-02-2023 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

28-01-2021 11:08

Not After

01-03-2032 11:08

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:1b:82:c3:6f:9b:8c:7b:8a:be:d6:cd:56:38:ab:fa:4b:0b:8b:26:59:66:80:6a:d0:45:84:11:54:e5:6a:4c
Signer

Actual PE Digest

72:1b:82:c3:6f:9b:8c:7b:8a:be:d6:cd:56:38:ab:fa:4b:0b:8b:26:59:66:80:6a:d0:45:84:11:54:e5:6a:4c

Digest Algorithm

sha256

PE Digest Matches

false

d2:e0:44:79:2d:1d:cd:3b:f6:d3:71:6e:ef:d1:91:b7:88:22:c1:ed
Signer

Actual PE Digest

d2:e0:44:79:2d:1d:cd:3b:f6:d3:71:6e:ef:d1:91:b7:88:22:c1:ed

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesExW
WriteFile
ReadFile
GetFileSize
GetPrivateProfileIntW
GetExitCodeProcess
WaitForSingleObject
GetCurrentProcessId
GetVersionExW
CreateProcessW
GetSystemInfo
GetModuleHandleA
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
Sleep
InterlockedCompareExchange
SetFilePointer
GetPrivateProfileStringW
GetCommandLineW
CreateMutexW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetLongPathNameW
CreateEventW
MoveFileW
RemoveDirectoryW
GetFullPathNameW
FindFirstFileW
lstrcpyW
FindNextFileW
FindClose
lstrcpynW
GetTempPathW
CreateDirectoryW
LockResource
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetFileSizeEx
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
QueryPerformanceCounter
SizeofResource
FreeEnvironmentStringsW
GetStartupInfoA
GetFileType
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
lstrlenW
SetConsoleCtrlHandler
GetModuleFileNameA
GetStdHandle
GetTimeZoneInformation
FatalAppExitA
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCurrentThread
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
ExitThread
VirtualQuery
VirtualProtect
ExitProcess
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsAlloc
ReleaseMutex
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
OutputDebugStringW
TlsGetValue
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateFileA
GetSystemDirectoryW
DeviceIoControl
InterlockedExchange
GetLocalTime
lstrcmpiA
CreateThread
WideCharToMultiByte
lstrlenA
OpenProcess
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
CloseHandle
MulDiv
DeleteFileW
lstrcmpiW
LoadLibraryExW
MultiByteToWideChar
InitializeCriticalSection
GetLocaleInfoA
GetLastError
InterlockedDecrement
InterlockedIncrement
FindResourceExW
FindResourceW
EnterCriticalSection
LeaveCriticalSection
SetCurrentDirectoryW
LoadLibraryW
SetLastError
FlushInstructionCache
DeleteCriticalSection
GetCurrentThreadId
RaiseException
GetModuleFileNameW
GetCurrentProcess
TerminateProcess
FreeLibrary
GetTickCount
GetModuleHandleW
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InitializeCriticalSectionAndSpinCount
LoadResource
GetProcAddress
GetEnvironmentStringsW

user32

DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
SetWindowPos
GetWindowRect
ShowWindow
IsWindowVisible
SetTimer
KillTimer
IsWindow
SetWindowLongW
CreateWindowExW
CallWindowProcW
MessageBoxW
GetActiveWindow
GetClassInfoExW
LoadCursorW
RegisterClassExW
CharNextW
LoadIconW
WindowFromPoint
BringWindowToTop
GetDesktopWindow
IsIconic
SetWindowTextW
IsChild
IsDialogMessageW
MapWindowPoints
DestroyWindow
DefWindowProcW
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
InvalidateRect
SendMessageW
PostMessageW
PostQuitMessage
SetForegroundWindow
GetCursorPos
UnregisterClassA
GetWindowLongW
BeginPaint
EndPaint
ScreenToClient
GetShellWindow
ExitWindowsEx
WaitForInputIdle
SendMessageTimeoutW
SetWindowRgn
FindWindowW
FindWindowExW
GetWindowThreadProcessId
GetClassNameW
ClientToScreen
IsRectEmpty
SystemParametersInfoW
UpdateLayeredWindow
GetDC
ReleaseDC
SetRect
DrawTextW
OffsetRect
InflateRect
CopyRect
RegisterWindowMessageW

gdi32

CreateDIBSection
GetObjectW
CreateRectRgnIndirect
GetDeviceCaps
SetTextColor
SetBkMode
DeleteObject
CreateCompatibleBitmap
SetViewportOrgEx
SelectObject
CreateCompatibleDC
DeleteDC
BitBlt
SetBkColor
ExtTextOutW
GetStockObject
CreatePolygonRgn

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegDeleteKeyW
RegNotifyChangeKeyValue
DuplicateTokenEx
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegQueryValueExA

shell32

SHCreateDirectoryExW
ExtractIconExW
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHAppBarMessage

ole32

CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
OleLockRunning
OleCreate
OleSetContainedObject
CoCreateInstance
CoTaskMemRealloc

oleaut32

CreateErrorInfo
VariantChangeType
GetErrorInfo
SetErrorInfo
VariantCopy
VarUI4FromStr
DispCallFunc
VariantInit
VariantClear
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SafeArrayCopy
SafeArrayGetVartype
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreate
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock

shlwapi

SHGetValueA
UrlGetPartW
StrStrIA
StrCmpNIA
StrCmpIW
PathIsDirectoryEmptyW
StrStrIW
PathAppendW
SHGetValueW
PathFileExistsW
StrCmpNIW
PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW
SHSetValueW
PathCombineW

comctl32

InitCommonControlsEx

gdiplus

GdipCloneBrush
GdipAlloc
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImageWidth
GdipDrawLineI
GdipDeleteFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipCreateFont
GdipDrawImageRectI
GdipDrawString
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePen
GdipCreatePen1
GdipFree

ws2_32

htonl
ntohs
ntohl
htons

version

VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

Sections

.text
Size: 958KB - Virtual size: 958KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4fb715cc4f6a8ac437c54d73b1072b0

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7eCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:deCertificate

Extended Key Usages

Key Usages

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

72:1b:82:c3:6f:9b:8c:7b:8a:be:d6:cd:56:38:ab:fa:4b:0b:8b:26:59:66:80:6a:d0:45:84:11:54:e5:6a:4cSigner

d2:e0:44:79:2d:1d:cd:3b:f6:d3:71:6e:ef:d1:91:b7:88:22:c1:edSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

ws2_32

version

psapi

wintrust

crypt32

Sections

.text Size: 958KB - Virtual size: 958KB

.rdata Size: 147KB - Virtual size: 147KB

.data Size: 36KB - Virtual size: 51KB

.rsrc Size: 15KB - Virtual size: 15KB

.reloc Size: 32KB - Virtual size: 31KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

72:1b:82:c3:6f:9b:8c:7b:8a:be:d6:cd:56:38:ab:fa:4b:0b:8b:26:59:66:80:6a:d0:45:84:11:54:e5:6a:4c
Signer

d2:e0:44:79:2d:1d:cd:3b:f6:d3:71:6e:ef:d1:91:b7:88:22:c1:ed
Signer

.text
Size: 958KB - Virtual size: 958KB

.rdata
Size: 147KB - Virtual size: 147KB

.data
Size: 36KB - Virtual size: 51KB

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 32KB - Virtual size: 31KB