877997f04ce30e66c3b2def2318f733a62cecd9357ab5b52d3da775eb072cef9

Sharing

Copy URL Twitter E-mail

General

Target

877997f04ce30e66c3b2def2318f733a62cecd9357ab5b52d3da775eb072cef9
Size

726KB
MD5

853bfb908d885db5ab8ef55be63269b2
SHA1

c70bc14492c7e932e75d6db3b312d1a5d37f1446
SHA256

877997f04ce30e66c3b2def2318f733a62cecd9357ab5b52d3da775eb072cef9
SHA512

af4939877d0ed78e4afcd0545d94c36438ecdfcab9aaac0172189fbcc42e8c17546a821ec6eb10c90c72c99703a8729d08e755e777df4deecf87a4d78f978cb0
SSDEEP

12288:ZwqJQNcOznllLHQ9mcPQW3K8EF9hrh4DAVU486rPVO25gK6SSGul8H0Mof9a:zoHQ7PQH8Khrh4DAVZ86r9O2OK6MNofc

Score

1^/10

Malware Config

Signatures

Files

877997f04ce30e66c3b2def2318f733a62cecd9357ab5b52d3da775eb072cef9
.exe windows:6 windows x86

d284caec44d98feaa1407822b044f413

Code Sign

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

91:bb:99:e1:fb:ba:09:93:d9:4b:bb:f1:92:23:ec:88:c4:f3:5c:bd:62:ca:15:81:19:f1:06:8d:36:56:63:48
Signer

Actual PE Digest

91:bb:99:e1:fb:ba:09:93:d9:4b:bb:f1:92:23:ec:88:c4:f3:5c:bd:62:ca:15:81:19:f1:06:8d:36:56:63:48

Digest Algorithm

sha256

PE Digest Matches

false

51:c6:3b:83:3b:b5:2a:66:51:c4:4c:55:09:1e:44:5a:bc:4c:b9:b0
Signer

Actual PE Digest

51:c6:3b:83:3b:b5:2a:66:51:c4:4c:55:09:1e:44:5a:bc:4c:b9:b0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

normaliz

IdnToUnicode
IdnToAscii

kernel32

GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetCurrentProcessId
SleepEx
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
GetProcessHeap
CloseHandle
MoveFileExA
WideCharToMultiByte
MultiByteToWideChar
Sleep
LoadLibraryA
GetProcAddress
GetModuleHandleA
FreeLibrary
GetSystemDirectoryA
VirtualAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetLastError
HeapFree
HeapAlloc
RaiseException
GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
QueryPerformanceFrequency
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetTickCount
QueryPerformanceCounter
FormatMessageW
SetLastError
VirtualQuery

advapi32

CryptGetHashParam
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptAcquireContextA

msvcp140

?_Xinvalid_argument@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

bcrypt

BCryptGenRandom

vcruntime140

__vcrt_GetModuleFileNameW
__vcrt_LoadLibraryExW
__CxxFrameHandler3
__std_exception_destroy
_except_handler4_common
__std_exception_copy
__std_terminate
memset
strchr
strrchr
memcpy
memchr
memmove
memcmp
strstr
__current_exception_context
__current_exception
_CxxThrowException

api-ms-win-crt-string-l1-1-0

strpbrk
wcslen
strspn
strncpy
strlen
strcpy
strcpy_s
strtok
_strdup
strcat_s
strncmp
strcspn
strcmp

api-ms-win-crt-stdio-l1-1-0

fwrite
putchar
__stdio_common_vfprintf
fread
__acrt_iob_func
fseek
fclose
__p__commode
_read
_write
_fileno
_close
feof
ftell
__stdio_common_vsscanf
_fseeki64
_lseeki64
fputs
fputc
fgets
_open
fopen
fflush
__stdio_common_vsprintf
_set_fmode

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
realloc
_set_new_mode
free
malloc

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_set_app_type
_beginthreadex
_configure_narrow_argv
__sys_nerr
_invalid_parameter_noinfo_noreturn
_get_initial_narrow_environment
_initterm
__sys_errlist
exit
_exit
terminate
_controlfp_s
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initterm_e
_errno
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_initialize_narrow_environment

api-ms-win-crt-convert-l1-1-0

strtoul
wcstombs
strtol
atoi
strtoll

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

_time64
strftime
_gmtime64

api-ms-win-crt-filesystem-l1-1-0

_stat64
_unlink
_access
_fstat64

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

ws2_32

getsockopt
WSACreateEvent
send
WSACloseEvent
closesocket
WSASetEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
gethostname
ioctlsocket
getpeername
WSACleanup
setsockopt
sendto
recvfrom
freeaddrinfo
getaddrinfo
recv
listen
htonl
getsockname
connect
bind
accept
select
__WSAFDIsSet
socket
WSAIoctl
htons

crypt32

CryptQueryObject
CertCreateCertificateChainEngine
CertAddCertificateContextToStore
CertGetCertificateChain
CertFreeCertificateChain
CertGetNameStringA
CertFindExtension
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore
CertCloseStore
CertFreeCertificateChainEngine

wldap32

ord79
ord35
ord33
ord32
ord30
ord301
ord26
ord22
ord200
ord41
ord143
ord217
ord50
ord45
ord27
ord60
ord211
ord46

Sections

.text
Size: 684KB - Virtual size: 684KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d284caec44d98feaa1407822b044f413

Code Sign

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7eCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:deCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

91:bb:99:e1:fb:ba:09:93:d9:4b:bb:f1:92:23:ec:88:c4:f3:5c:bd:62:ca:15:81:19:f1:06:8d:36:56:63:48Signer

51:c6:3b:83:3b:b5:2a:66:51:c4:4c:55:09:1e:44:5a:bc:4c:b9:b0Signer

Headers

DLL Characteristics

File Characteristics

Imports

normaliz

kernel32

advapi32

msvcp140

bcrypt

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

ws2_32

crypt32

wldap32

Sections

.text Size: 684KB - Virtual size: 684KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 20KB - Virtual size: 19KB

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

91:bb:99:e1:fb:ba:09:93:d9:4b:bb:f1:92:23:ec:88:c4:f3:5c:bd:62:ca:15:81:19:f1:06:8d:36:56:63:48
Signer

51:c6:3b:83:3b:b5:2a:66:51:c4:4c:55:09:1e:44:5a:bc:4c:b9:b0
Signer

.text
Size: 684KB - Virtual size: 684KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 20KB - Virtual size: 19KB