0b22ef7c15049e6f36cf046c1e81db0b753db39255a01063a43a6c65c8516270

Sharing

Copy URL Twitter E-mail

General

Target

0b22ef7c15049e6f36cf046c1e81db0b753db39255a01063a43a6c65c8516270
Size

2.9MB
MD5

187756ce2774d1f4b8b2f8ed5ed0014a
SHA1

961d7e28804418ae1fd6290925fcc8bc6a2a4e22
SHA256

0b22ef7c15049e6f36cf046c1e81db0b753db39255a01063a43a6c65c8516270
SHA512

21f3a96257386cb20378932b78afd38470c0677c319d601165f664e94b523ab41dcfa145021573923cf77abe256bb9f156a220f76a0b5c9dad9f78f42129e32e
SSDEEP

49152:XLk9PlpGbcm+8p6SSpYPjohPI8rm4sJVkkEtLsPoKDmdPBUNZ4p9yiUMBRALa3CU:bk9PlpGJ+lNpYroRI8rDkSsPoNHUNEyD

Score

1^/10

Malware Config

Signatures

Files

0b22ef7c15049e6f36cf046c1e81db0b753db39255a01063a43a6c65c8516270
.exe windows:5 windows x86

38a7fe83a514039bb6726083d28354da

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:7b:8b:d9:11:0d:00:8c:d6:ed:14:5c:2b:d1:df:da
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/05/2021, 00:00

Not After

30/05/2024, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

da:4f:7f:f7:b9:fa:37:6d:af:e8:1b:54:ef:77:a7:57:95:9e:51:b7:d2:5c:80:86:01:0d:5c:c3:1f:92:9a:35
Signer

Actual PE Digest

da:4f:7f:f7:b9:fa:37:6d:af:e8:1b:54:ef:77:a7:57:95:9e:51:b7:d2:5c:80:86:01:0d:5c:c3:1f:92:9a:35

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatW
GetSystemTime
OutputDebugStringW
GetExitCodeThread
GetFullPathNameW
VirtualProtect
InterlockedCompareExchange
GetLocalTime
GetCurrentProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
ProcessIdToSessionId
GetWindowsDirectoryW
GetTickCount
MultiByteToWideChar
LoadLibraryW
FreeLibrary
WriteFile
InterlockedExchange
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
SystemTimeToFileTime
GetTimeZoneInformation
SetConsoleCtrlHandler
SetFilePointerEx
GetDriveTypeW
GetACP
ExitProcess
FreeLibraryAndExitThread
ExitThread
GetFileAttributesExW
RtlUnwind
FlushFileBuffers
GetVolumeInformationW
ConvertFiberToThread
ConvertThreadToFiber
GetModuleHandleExW
SwitchToFiber
DeleteFiber
CreateFiber
lstrcpyW
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
GetEnvironmentVariableW
PeekNamedPipe
GetStdHandle
GetFileType
WaitForMultipleObjects
SleepEx
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
GetCPInfo
GetStringTypeW
GetLocaleInfoW
QueryDosDeviceW
GetLogicalDriveStringsW
MoveFileW
SetFileAttributesW
ResetEvent
SetEvent
CreateThread
SetLastError
MoveFileExW
GlobalUnlock
GlobalFree
FreeResource
GlobalAlloc
GlobalLock
QueryPerformanceFrequency
CreateEventW
TerminateThread
InitializeCriticalSection
GetPrivateProfileStringW
GetPrivateProfileIntW
GetCurrentThreadId
InterlockedIncrement
LoadLibraryExW
lstrcmpiW
MapViewOfFileEx
GetTempPathW
WaitForSingleObject
CreateProcessW
LeaveCriticalSection
EnterCriticalSection
SetUnhandledExceptionFilter
Sleep
SetEndOfFile
InterlockedDecrement
LoadLibraryA
CreateFileA
DeviceIoControl
GlobalMemoryStatusEx
ExpandEnvironmentStringsW
GetCurrentProcessId
OpenSemaphoreW
OpenEventW
OpenMutexW
CreateFileMappingW
DeleteFileW
GetFileAttributesW
FindClose
GetModuleFileNameW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
CreateDirectoryW
WideCharToMultiByte
GetModuleHandleW
GetProcAddress
GetSystemDirectoryW
GetVersionExW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
RaiseException
HeapReAlloc
LockResource
FileTimeToSystemTime
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
SizeofResource
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
VirtualQuery
FormatMessageW
TerminateProcess
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
WaitForSingleObjectEx
GetFileSize
CloseHandle
UnmapViewOfFile
GetCurrentDirectoryW
GetDiskFreeSpaceExW
GetComputerNameA
lstrlenW
LocalFree
LocalAlloc
GetUserDefaultLangID
SystemTimeToTzSpecificLocalTime
InterlockedExchangeAdd
GetSystemInfo
CreateFileW
SetFilePointer
GetDateFormatW
ReadFile

user32

SetWindowPos
InvalidateRect
SetWindowLongW
GetWindowLongW
CallWindowProcW
KillTimer
MoveWindow
LoadBitmapW
GetClientRect
GetActiveWindow
IsWindowEnabled
EnableWindow
GetWindowThreadProcessId
GetForegroundWindow
SystemParametersInfoW
AttachThreadInput
SetForegroundWindow
SetActiveWindow
RegisterClassExW
GetClassInfoExW
GetWindow
GetWindowRect
MapWindowPoints
CreateWindowExW
SetTimer
DestroyWindow
GetDlgCtrlID
DrawTextW
SetRect
PtInRect
SetCursor
DrawIconEx
DestroyIcon
SetRectEmpty
LoadImageW
DrawFrameControl
LoadIconW
IsWindowVisible
EqualRect
IntersectRect
IsRectEmpty
ClientToScreen
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
GetFocus
IsChild
IsDialogMessageW
ScreenToClient
UpdateLayeredWindow
SetFocus
GetNextDlgTabItem
GetParent
CopyRect
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
GetSystemMetrics
EnumDisplaySettingsW
EnumDisplayDevicesW
ReleaseCapture
GetCursorPos
SetCapture
MonitorFromWindow
GetMonitorInfoW
BeginPaint
EndPaint
ShowWindow
GetDlgItem
IsWindow
LoadCursorW
GetDC
DefWindowProcW
CharNextW
PostMessageW
EnumDisplayDevicesA
GetDesktopWindow
InflateRect
ReleaseDC
SendMessageW
UnregisterClassW
OffsetRect
RegisterWindowMessageW
UnionRect

gdi32

SetWorldTransform
DeleteObject
GetStockObject
GetObjectW
SetGraphicsMode
CreateRoundRectRgn
GetRgnBox
SetViewportOrgEx
SetWindowOrgEx
GetDIBits
CreateDCW
GetWindowOrgEx
OffsetRgn
ExtSelectClipRgn
CombineRgn
GetViewportOrgEx
RoundRect
GetClipRgn
MoveToEx
LineTo
CreateRectRgnIndirect
GetTextExtentPoint32W
TextOutW
RectInRegion
GetWorldTransform
SelectObject
GetCurrentObject
GetTextColor
SetBkMode
CreateFontIndirectW
SetStretchBltMode
CreateCompatibleBitmap
CreateBitmap
StretchBlt
BitBlt
CreateRectRgn
CreatePen
SaveDC
SelectClipRgn
RestoreDC
CreateDIBSection
ExtTextOutW
Rectangle
SetTextColor
SetBkColor
DeleteDC
CreateCompatibleDC

advapi32

CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
CreateProcessAsUserW
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
SetTokenInformation
DuplicateTokenEx
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
CryptEnumProvidersW
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyW
RegQueryValueExW
CryptExportKey
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHGetFolderPathW
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoCreateGuid
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

SysAllocString
VarUI4FromStr
SysFreeString
SafeArrayUnlock
SafeArrayLock
VariantInit
VariantClear
SysStringLen

shlwapi

PathAppendW
StrToIntW
PathRemoveFileSpecW
PathAddBackslashW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
StrToIntA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

_TrackMouseEvent
InitCommonControlsEx
DrawShadowText

msimg32

AlphaBlend

gdiplus

GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdiplusStartup
GdipDeleteFontFamily
GdipAlloc
GdipFree
GdipDrawImageRectRectI
GdipFillRectangle
GdipDrawLinesI
GdipSetCompositingQuality
GdipSetPixelOffsetMode
GdipGetFamily
GdipAddPathStringI
GdipGetFontSize
GdipDrawImageI
GdipFillPath
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipSetPenDashStyle
GdipDrawPath
GdipAddPathArcI
GdipDrawRectangleI
GdipDrawLine
GdipSetPenMode
GdipSetPenStartCap
GdipSetPenEndCap
GdipDeletePen
GdipCreatePen1
GdipCreatePath
GdipDeletePath
GdipAddPathPieI
GdipAddPathRectangleI
GdipClosePathFigure
GdipSetSmoothingMode
GdipSetClipPath
GdipCreateLineBrushFromRectWithAngleI
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipResetWorldTransform
GdipFillRectangleI
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipSetStringFormatFlags
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetTextRenderingHint
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipNewPrivateFontCollection
GdipDeletePrivateFontCollection
GdipPrivateAddFontFile
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipCreateFont
GdipCreateFontFromLogfontW
GdipDeleteFont
GdipSetStringFormatAlign
GdipMeasureString
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipDrawImagePointsRectI
GdipGetImagePixelFormat
GdipCloneBitmapArea
GdipLoadImageFromStream
GdiplusShutdown
GdipGetImageGraphicsContext
GdipSetInterpolationMode
GdipGraphicsClear
GdipDrawImageRectI
GdipCreateBitmapFromScan0
GdipDrawImageRectRect
GdipLoadImageFromFile
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipImageRotateFlip
GdipCreateImageAttributes

crypt32

CertOpenStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertCloseStore

wldap32

ord301
ord167
ord127
ord145
ord147
ord133
ord79
ord219
ord46
ord14
ord216
ord208
ord41
ord142
ord117
ord26
ord27

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

rasapi32

RasEnumConnectionsW

iphlpapi

IcmpSendEcho
IcmpCloseHandle
GetAdaptersInfo
IcmpCreateFile

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 614KB - Virtual size: 614KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

38a7fe83a514039bb6726083d28354da

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

07:7b:8b:d9:11:0d:00:8c:d6:ed:14:5c:2b:d1:df:daCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

da:4f:7f:f7:b9:fa:37:6d:af:e8:1b:54:ef:77:a7:57:95:9e:51:b7:d2:5c:80:86:01:0d:5c:c3:1f:92:9a:35Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

comctl32

msimg32

gdiplus

crypt32

wldap32

wtsapi32

rasapi32

iphlpapi

psapi

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 614KB - Virtual size: 614KB

.data Size: 32KB - Virtual size: 55KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 1024B - Virtual size: 912B

.rsrc Size: 241KB - Virtual size: 241KB

Size: 153KB - Virtual size: 153KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

07:7b:8b:d9:11:0d:00:8c:d6:ed:14:5c:2b:d1:df:da
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

da:4f:7f:f7:b9:fa:37:6d:af:e8:1b:54:ef:77:a7:57:95:9e:51:b7:d2:5c:80:86:01:0d:5c:c3:1f:92:9a:35
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 614KB - Virtual size: 614KB

.data
Size: 32KB - Virtual size: 55KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 1024B - Virtual size: 912B

.rsrc
Size: 241KB - Virtual size: 241KB