760a8e57ffd7b9f1a1e95f4edf3c12681a1cbc8371d42f992ac84d1234cdc2d4

Sharing

Copy URL Twitter E-mail

General

Target

760a8e57ffd7b9f1a1e95f4edf3c12681a1cbc8371d42f992ac84d1234cdc2d4
Size

819KB
MD5

66d9fedb7e693ef8735b60248b4a93b1
SHA1

ef82f7644b7f9186b9973d0546558c56de7b7fd0
SHA256

760a8e57ffd7b9f1a1e95f4edf3c12681a1cbc8371d42f992ac84d1234cdc2d4
SHA512

ee6e89413289b2c93c5315af6390f0a2451cf566d49dcefeeb7d8e7e4335918782f53065cad4f8ccaa81bdcbc3f1dd28ab7c7a5f26068e4ef5854f21cd75a131
SSDEEP

12288:Yr/RhYVcDJ3EPzT9XrAT0VblsVUY9qoL3raUB9ouad9mofwKHo+qn6JOXbw9:YnCPE01lsVUY9q8d69mobf+64XU9

Score

1^/10

Malware Config

Signatures

Files

760a8e57ffd7b9f1a1e95f4edf3c12681a1cbc8371d42f992ac84d1234cdc2d4
.exe windows:5 windows x86

c0828ec4ffb5c48bad718912b605eb8f

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

28/01/2021, 11:08

Not After

01/03/2032, 11:08

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:78:f1:df:2e:5a:d4:00:4a:d5:28:cd:c6:e8:6f:14:69:0b:07:96:e2:fa:87:5a:d1:21:df:70:43:e2:53:44
Signer

Actual PE Digest

4d:78:f1:df:2e:5a:d4:00:4a:d5:28:cd:c6:e8:6f:14:69:0b:07:96:e2:fa:87:5a:d1:21:df:70:43:e2:53:44

Digest Algorithm

sha256

PE Digest Matches

false

6a:c7:65:d4:2a:98:d4:56:e6:12:ea:fe:10:57:88:14:8e:3f:1f:b3
Signer

Actual PE Digest

6a:c7:65:d4:2a:98:d4:56:e6:12:ea:fe:10:57:88:14:8e:3f:1f:b3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
CreateMutexW
OutputDebugStringW
CreateFileW
SetFileAttributesW
DeleteFileW
MoveFileExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DecodePointer
InterlockedIncrement
FreeLibrary
GetProcAddress
ExitProcess
RaiseException
CreateThread
GetCurrentThreadId
SetErrorMode
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObject
LoadResource
SizeofResource
lstrcmpiW
OpenMutexW
LoadLibraryW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
FindResourceW
GetSystemDirectoryW
MultiByteToWideChar
SetLastError
SetEvent
CreateEventW
GetDiskFreeSpaceExW
GetCurrentThread
GetFileSize
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
WideCharToMultiByte
TerminateProcess
WaitForMultipleObjects
CreateProcessW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempPathW
CopyFileW
VirtualAlloc
VirtualFree
GetSystemTime
GetTempFileNameW
SystemTimeToFileTime
InitializeCriticalSection
GetExitCodeProcess
ReadFile
FindClose
GetModuleFileNameA
FindFirstFileW
FindNextFileW
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
VirtualQuery
GetCurrentProcess
GetCurrentProcessId
SetUnhandledExceptionFilter
GetCommandLineW
WritePrivateProfileStructW
CreateDirectoryW
GetVersionExW
ExpandEnvironmentStringsW
DeviceIoControl
GetTickCount
SetEndOfFile
SetFilePointer
SetFileTime
TlsAlloc
TlsSetValue
TlsFree
CreateWaitableTimerW
SetWaitableTimer
CancelWaitableTimer
IsBadReadPtr
IsBadWritePtr
LocalFree
TerminateThread
SuspendThread
lstrcmpA
lstrcmpiA
GetSystemTimeAsFileTime
GetSystemInfo
GetThreadLocale
SetThreadLocale
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetStdHandle
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetACP
GetStdHandle
QueryPerformanceFrequency
GetFileAttributesExW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
WriteConsoleW
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
UnhandledExceptionFilter
WaitForSingleObjectEx
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsGetValue
SwitchToThread
FormatMessageW
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
LoadLibraryExA
VirtualProtect
CloseHandle
WriteFile
Sleep
DebugBreak
GetLastError
lstrlenA
ResetEvent
InterlockedDecrement

user32

wvsprintfA
GetMessageW
CharLowerW
CopyRect
OffsetRect
EnumDisplayMonitors
CharNextA
wvsprintfW
CharNextW
GetForegroundWindow
GetWindowTextW
GetWindowLongW
GetDesktopWindow
PostMessageW
DestroyWindow
GetDC
ReleaseDC
MessageBoxW
wsprintfW
SendMessageTimeoutW
AttachThreadInput
LoadStringA
MsgWaitForMultipleObjects
CloseWindow
PeekMessageW
DispatchMessageW
TranslateMessage
GetClassNameW
FindWindowExW
WindowFromPoint
GetLastInputInfo
BringWindowToTop
PostThreadMessageW
EnumDisplayDevicesW
EnumDisplaySettingsW
SendMessageW
GetMonitorInfoW
MonitorFromWindow
GetKeyState
SystemParametersInfoW
LoadCursorW
GetWindowThreadProcessId
FindWindowW
SetWindowLongW
GetWindowRect
GetClientRect
SetWindowTextW
SetForegroundWindow
SetActiveWindow
GetSystemMetrics
KillTimer
SetTimer
SetFocus
IsWindowVisible
SetWindowPos
ShowWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW

gdi32

GetDeviceCaps

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
ord165
ShellExecuteW

shlwapi

SHSetValueW
SHGetValueA
PathIsRootW
PathGetDriveNumberW
StrStrIW
StrDupW
PathFindFileNameA
StrStrIA
SHGetValueW
PathCombineW
StrCmpIW
PathFindFileNameW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

Netbios
NetUserChangePassword

setupapi

SetupIterateCabinetW

Exports

Exports

??0ShellResourceRequestDetails@@QAE@XZ
??1ShellResourceRequestDetails@@QAE@XZ
??4ShellResourceRequestDetails@@QAEAAU0@ABU0@@Z

Sections

.text
Size: 511KB - Virtual size: 511KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c0828ec4ffb5c48bad718912b605eb8f

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7eCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:deCertificate

Extended Key Usages

Key Usages

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

4d:78:f1:df:2e:5a:d4:00:4a:d5:28:cd:c6:e8:6f:14:69:0b:07:96:e2:fa:87:5a:d1:21:df:70:43:e2:53:44Signer

6a:c7:65:d4:2a:98:d4:56:e6:12:ea:fe:10:57:88:14:8e:3f:1f:b3Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

shlwapi

version

netapi32

setupapi

Exports

Exports

Sections

.text Size: 511KB - Virtual size: 511KB

.rdata Size: 169KB - Virtual size: 169KB

.data Size: 18KB - Virtual size: 109KB

.rsrc Size: 119KB - Virtual size: 119KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

4d:78:f1:df:2e:5a:d4:00:4a:d5:28:cd:c6:e8:6f:14:69:0b:07:96:e2:fa:87:5a:d1:21:df:70:43:e2:53:44
Signer

6a:c7:65:d4:2a:98:d4:56:e6:12:ea:fe:10:57:88:14:8e:3f:1f:b3
Signer

.text
Size: 511KB - Virtual size: 511KB

.rdata
Size: 169KB - Virtual size: 169KB

.data
Size: 18KB - Virtual size: 109KB

.rsrc
Size: 119KB - Virtual size: 119KB