bef29d62739ed4d056fbc375d85979eb0bfef9e517b06e77a17dd1c09db0bfca

Sharing

Copy URL

Twitter E-mail

General

Target

bef29d62739ed4d056fbc375d85979eb0bfef9e517b06e77a17dd1c09db0bfca
Size

1.9MB
MD5

2664966c8179e716b5fa23c8c58ef8f5
SHA1

a02c8b2f5484a45ef46990daf4990b54497fb58f
SHA256

bef29d62739ed4d056fbc375d85979eb0bfef9e517b06e77a17dd1c09db0bfca
SHA512

1ab6e2502dc51f26aed2445df8f7838677df404c9909a39ac0a80215442b301e3f5fd8d11f3dd987cb1adfaa8df7a50e4701df1641a668daa51449c791ae84a9
SSDEEP

49152:rne72/YkMeFtN6XzaTC686mw7lirefb7hAaaiUzjmofo0:q72pftN6XzIOwpjnFK

Score

1^/10

Malware Config

Signatures

Files

bef29d62739ed4d056fbc375d85979eb0bfef9e517b06e77a17dd1c09db0bfca
.exe windows:5 windows x86

3e6fd232d3a1f38e11f5a94239752eec

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

05-01-2022 09:58

Not After

06-01-2024 09:58

Subject

SERIALNUMBER=911101026662879416,CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,STREET=朝阳区酒仙桥路6号院2号楼1至19层104号内8层801,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074245494a494e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:44

Not After

08-05-2033 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20-02-2019 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

66:94:44:36:75:34:54:be:d7:f5:66:40:bb:9f:cb:1d:46:d9:00:6a:31:e8:dc:8b:12:8e:bc:d2:87:fd:20:c4
Signer

Actual PE Digest

66:94:44:36:75:34:54:be:d7:f5:66:40:bb:9f:cb:1d:46:d9:00:6a:31:e8:dc:8b:12:8e:bc:d2:87:fd:20:c4

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetExitCodeProcess
lstrcmpW
CreateEventA
FlushInstructionCache
RaiseException
GetSystemTimeAsFileTime
InterlockedIncrement
GetTempPathW
GetTempFileNameW
FileTimeToSystemTime
CompareFileTime
CreateRemoteThread
CopyFileW
lstrlenA
lstrcmpiA
CreateFileA
GetDriveTypeA
GetCommandLineW
FileTimeToLocalFileTime
GetSystemTimes
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetLongPathNameW
GetFileAttributesExA
SetFileAttributesA
DeleteFileA
FreeConsole
CreateDirectoryW
GlobalFree
ReleaseSemaphore
GetTimeZoneInformation
MulDiv
GetCurrentDirectoryW
SetCurrentDirectoryW
GetLocalTime
LocalFileTimeToFileTime
GlobalAlloc
GlobalLock
GlobalUnlock
IsBadReadPtr
OpenEventW
DisconnectNamedPipe
GetFileTime
IsWow64Process
CreateSemaphoreW
GetLogicalDrives
GetNativeSystemInfo
GetFileSizeEx
ReadProcessMemory
GetStartupInfoW
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
ExitProcess
SetEnvironmentVariableW
CreateMutexA
GlobalMemoryStatusEx
HeapFree
WritePrivateProfileStringW
HeapAlloc
WideCharToMultiByte
GetCurrentProcess
lstrcmpA
CreateWaitableTimerA
SetWaitableTimer
OpenEventA
GetExitCodeThread
HeapLock
OpenThread
HeapUnlock
OutputDebugStringW
SetFilePointerEx
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
HeapCreate
GetDateFormatA
GetTimeFormatA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeW
LCMapStringW
LCMapStringA
RtlUnwind
GetCPInfo
MoveFileW
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetVolumeInformationW
DuplicateHandle
CreateSemaphoreA
CancelIo
CreateNamedPipeW
ConnectNamedPipe
SetNamedPipeHandleState
PeekNamedPipe
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
HeapDestroy
GetProcessHeap
GetBinaryTypeW
CreateProcessW
LocalAlloc
GetWindowsDirectoryW
WTSGetActiveConsoleSessionId
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetSystemWindowsDirectoryW
lstrlenW
SetLastError
ProcessIdToSessionId
LoadLibraryA
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetSystemDirectoryW
LoadLibraryExW
MultiByteToWideChar
ReleaseMutex
SizeofResource
CreateMutexW
GetCurrentProcessId
OpenMutexW
GetDiskFreeSpaceExW
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
GetFileSize
SetEndOfFile
FlushFileBuffers
SetFilePointer
ReadFile
GetCurrentThreadId
FreeResource
GetPrivateProfileIntW
GetModuleFileNameW
GetFileAttributesExW
lstrcmpiW
GetSystemInfo
GetSystemPowerStatus
HeapWalk
DeviceIoControl
GetFileAttributesW
GetPrivateProfileStringW
ExpandEnvironmentStringsW
SystemTimeToFileTime
GetSystemTime
TerminateThread
CreateThread
ResetEvent
GetOverlappedResult
ReadDirectoryChangesW
GetShortPathNameW
OpenProcess
InterlockedDecrement
FindNextFileW
FindFirstFileW
ResumeThread
SetEvent
InterlockedCompareExchange
Sleep
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetTickCount
LocalFree
GetLastError
WaitForMultipleObjects
WaitForSingleObject
UnlockFile
LockFile
GetModuleHandleW
GetVersionExW
CreateEventW
InterlockedExchange
FindClose
FreeLibrary
GetProcAddress
LoadLibraryW
WriteFile
CreateFileW
DeleteFileW
GetVersion
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
GlobalMemoryStatus

user32

UnregisterClassA
GetSystemMetrics
GetCursorPos
IsWindowVisible
ExitWindowsEx
GetWindowThreadProcessId
EnumWindows
SetWindowLongW
GetWindowLongW
DefWindowProcW
CallWindowProcW
KillTimer
DestroyWindow
SetTimer
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
FindWindowW
SendMessageTimeoutW
GetWindowPlacement
ShowWindow
EnableWindow
GetParent
SendMessageW
SetWindowPos
SetFocus
IsWindowEnabled
SetRectEmpty
RegisterWindowMessageW
MessageBoxW
GetLastInputInfo
MonitorFromPoint
GetMonitorInfoW
EnumDisplaySettingsW
AllowSetForegroundWindow
GetForegroundWindow
AttachThreadInput
SetForegroundWindow
SetActiveWindow
GetKeyboardState
keybd_event
GetWindowRect
GetDesktopWindow
WindowFromPoint
MonitorFromRect
InvalidateRect
UpdateWindow
GetActiveWindow
WaitForInputIdle
GetClientRect
GetDC
ReleaseDC
IsDialogMessageW
CopyRect
MapWindowPoints
MonitorFromWindow
GetWindow
GetMessageW
TranslateMessage
DispatchMessageW
GetDlgItem
DestroyIcon
DrawIconEx
IsRectEmpty
OffsetRect
SetWindowTextW
DrawTextW
PtInRect
GetMessagePos
ScreenToClient
SetRect
SetCursor
GetClassLongW
SetClassLongW
SystemParametersInfoW
LoadStringW
PostMessageW
IsWindow
GetWindowInfo
GetShellWindow
PostQuitMessage
LoadImageW
SwitchToThisWindow
OpenInputDesktop
CloseDesktop
CharNextW
wsprintfW
PeekMessageW
ClientToScreen
FindWindowExW
UpdateLayeredWindow
InflateRect
GetAncestor

gdi32

CreateFontW
GetTextExtentPoint32W
DeleteObject
GetPixel
DeleteDC
GetObjectW
GetObjectA
GetDeviceCaps
GetStockObject
SetViewportOrgEx
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
CreateDIBSection
CreateRectRgnIndirect
GetTextMetricsW

advapi32

StartServiceW
CloseServiceHandle
SetNamedSecurityInfoW
SetEntriesInAclW
GetNamedSecurityInfoW
CheckTokenMembership
CreateWellKnownSid
DuplicateToken
RegCreateKeyA
GetUserNameW
LookupAccountNameW
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
RegCreateKeyW
GetSidSubAuthority
DuplicateTokenEx
RegOpenKeyW
CloseEventLog
ReadEventLogW
OpenEventLogW
AdjustTokenPrivileges
LookupPrivilegeValueW
ConvertSidToStringSidW
EqualSid
AllocateAndInitializeSid
GetTokenInformation
FreeSid
LookupAccountSidW
ConvertStringSidToSidW
OpenProcessToken
CryptAcquireContextW
CryptReleaseContext
RegEnumKeyExW
RegEnumValueW
RegNotifyChangeKeyValue
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
OpenServiceW
QueryServiceStatus
QueryServiceConfig2W
ImpersonateLoggedOnUser
RevertToSelf
RegQueryInfoKeyW
CryptGenRandom
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
OpenSCManagerW

shell32

SHGetDataFromIDListW
SHBindToParent
SHParseDisplayName
SHGetSpecialFolderPathW
ord165
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW
SHGetFileInfoW
ExtractIconExW
Shell_NotifyIconW
SHCreateDirectoryExW
ord680
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeSecurity
CoInitializeEx
GetHGlobalFromStream
StringFromGUID2
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree

oleaut32

VarUI4FromStr
VarBstrCmp
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
SafeArrayCopy
SafeArrayGetVartype
DispCallFunc
SysAllocStringByteLen
SysAllocString
SysFreeString
VariantClear
VariantInit

shlwapi

PathFileExistsW
SHGetValueW
PathFindExtensionW
PathFindFileNameW
StrCmpIW
PathCombineW
StrStrIW
PathRemoveFileSpecW
PathIsDirectoryW
wnsprintfW
SHSetValueW
SHDeleteValueW
StrStrIA
PathAppendW
PathRemoveExtensionW
AssocQueryStringW
PathUnquoteSpacesW
SHDeleteKeyW
SHGetValueA
SHDeleteValueA
SHSetValueA
PathRemoveBackslashW
PathFileExistsA
PathCombineA
PathStripToRootW
ord437
PathStripPathW
PathCompactPathW
PathFindFileNameA
ColorRGBToHLS
ColorHLSToRGB
PathIsPrefixW
StrRStrIW
StrStrW

comctl32

InitCommonControlsEx

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW

secur32

LsaGetLogonSessionData
LsaEnumerateLogonSessions
LsaFreeReturnBuffer

gdiplus

GdipSaveImageToFile
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSetInterpolationMode
GdipCreateBitmapFromStream
GdipResetWorldTransform
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipPrivateAddMemoryFont
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipDrawImageRectRectI
GdipDrawLine
GdipAddPathEllipseI
GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipCreateFromHWND
GdipGetFontHeight
GdipSetClipRectI
GdipSetTextRenderingHint
GdipCreateFont
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipDeleteFontFamily
GdipSetLinePresetBlend
GdipCreatePen2
GdipDrawRectangleI
GdipCreateLineBrushFromRect
GdipAddPathRectangleI
GdipGetPixelOffsetMode
GdipSetPenWidth
GdipDrawEllipseI
GdipSetPenDashOffset
GdipAddPathLineI
GdipSetPixelOffsetMode
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipDrawPath
GdipFillPath
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipDeletePath
GdipCreatePath
GdipFillRectangleI
GdipCreateLineBrushFromRectI
GdipClosePathFigure
GdipAddPathArcI
GdipResetPath
GdipDrawString
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipFillRectangle
GdipMeasureString
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawRectangle
GdipDrawLineI
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipDeleteGraphics
GdipCreateFromHDC
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipGetImageHeight
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdipResetClip

winmm

timeGetTime

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

InternetSetOptionW
InternetOpenW
InternetCloseHandle
DeleteUrlCacheEntryW
InternetReadFile
InternetGetConnectedState
InternetCrackUrlA
HttpQueryInfoW
InternetOpenUrlW

powrprof

GetPwrCapabilities

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification
WTSFreeMemory
WTSQuerySessionInformationW

userenv

GetUserProfileDirectoryW

dnsapi

DnsQuery_A
DnsFree

ws2_32

inet_ntoa
ntohs
htons
ntohl
htonl

rpcrt4

RpcStringFreeW
RpcAsyncInitializeHandle
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcAsyncCompleteCall
RpcBindingFree
NdrAsyncClientCall
NdrClientCall2

crypt32

CryptProtectData
CryptUnprotectData

imm32

ImmDisableIME

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 305KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e6fd232d3a1f38e11f5a94239752eec

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0bCertificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

66:94:44:36:75:34:54:be:d7:f5:66:40:bb:9f:cb:1d:46:d9:00:6a:31:e8:dc:8b:12:8e:bc:d2:87:fd:20:c4Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

psapi

secur32

gdiplus

winmm

version

wininet

powrprof

wtsapi32

userenv

dnsapi

ws2_32

rpcrt4

crypt32

imm32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 305KB - Virtual size: 304KB

.data Size: 47KB - Virtual size: 70KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 230KB - Virtual size: 230KB

.reloc Size: 100KB - Virtual size: 100KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0b
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

66:94:44:36:75:34:54:be:d7:f5:66:40:bb:9f:cb:1d:46:d9:00:6a:31:e8:dc:8b:12:8e:bc:d2:87:fd:20:c4
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 305KB - Virtual size: 304KB

.data
Size: 47KB - Virtual size: 70KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 230KB - Virtual size: 230KB

.reloc
Size: 100KB - Virtual size: 100KB