32092dd1a014f7ee7bcfbf39033e0652ac5ca670e2bd1e62da5392ab390a2c4c

Sharing

Copy URL Twitter E-mail

General

Target

32092dd1a014f7ee7bcfbf39033e0652ac5ca670e2bd1e62da5392ab390a2c4c
Size

428KB
MD5

6af4b0316c0a192157dc4fa58ce68a5d
SHA1

207fd3832cb47989a2e050766f34cd449555e5df
SHA256

32092dd1a014f7ee7bcfbf39033e0652ac5ca670e2bd1e62da5392ab390a2c4c
SHA512

d13de6e26ab421dc42ca4cb0232eaf919219a06835d942d1314f49e34a5aeafb7e37d93db5c52f595b75d43cdaf1b4953c0a5e3a06e93e36b09d6423699bccf0
SSDEEP

12288:nrykY5eHIZ2b4FqzkpquNUHutYbW5oHhWW81rlGpF7cFEQpvodpTZwOAsy7FBjv1:55FSvkpTZHABXrEH7o

Score

1^/10

Malware Config

Signatures

Files

32092dd1a014f7ee7bcfbf39033e0652ac5ca670e2bd1e62da5392ab390a2c4c
.dll windows:5 windows x86

23b6aaf7d3e47c61b7906a0aa0f5ce6c

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:62:2a:dd:81:47:77:b2:1b:1a:1d:31
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

06/01/2023, 06:40

Not After

06/01/2026, 06:40

Subject

CN=Shenzhen Aidapu Network Technology Co.\,Ltd.,O=Shenzhen Aidapu Network Technology Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6f:1b:46:0a:5d:36:fb:5e:be:fe:76:84:28:8c:fe:1c:5e:7f:ab:46
Signer

Actual PE Digest

6f:1b:46:0a:5d:36:fb:5e:be:fe:76:84:28:8c:fe:1c:5e:7f:ab:46

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFullPathNameW
GetFullPathNameA
CreateFileW
GetFileSizeEx
CloseHandle
WaitForSingleObject
InitializeCriticalSection
Sleep
LeaveCriticalSection
CreateSemaphoreA
InterlockedExchange
EnterCriticalSection
DeleteCriticalSection
CreateThread
FindFirstFileW
FindClose
FindNextFileW
CreateFileA
CreateEventA
GetOverlappedResult
ResetEvent
LocalAlloc
DeviceIoControl
CancelIo
LocalFree
CreateProcessW
GetCurrentProcess
CreateDirectoryW
GetModuleFileNameW
CreateDirectoryA
GetLastError
GetProcAddress
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetCurrentThreadId
GetDiskFreeSpaceExW
GetCurrentProcessId
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
CreateMutexW
OpenMutexW
CopyFileW
Process32First
Process32Next
CreateToolhelp32Snapshot
ExitProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
DecodePointer
EncodePointer
IsProcessorFeaturePresent

shell32

SHGetSpecialFolderPathA

msvcr100

fprintf
strftime
fwrite
_localtime64
fclose
_time64
_snprintf
strncpy
wcstombs_s
_set_errno
strrchr
mbstowcs_s
realloc
sprintf
rewind
fread
rand
srand
toupper
ftell
fseek
strncmp
strerror
sscanf
_stricmp
_ftelli64
_vsnprintf_s
strstr
strchr
_fseeki64
strtol
strtoul
getenv
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove
??3@YAXPAX@Z
??2@YAPAXI@Z
_wfopen
_errno
sprintf_s
_strtoui64
fopen
wcsncpy
vsprintf_s
vfprintf
strcspn
_vsnwprintf_s
_wremove
calloc
_snwprintf
_wstat64i32
_wtempnam
wcsrchr
wcsstr
_waccess
_wunlink
_wrename
_stat64i32
feof
_fstat64i32
atoi
_wcsdup
tolower
perror
_vsnprintf
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
printf
fflush
__iob_func
wcscpy_s
strcpy_s
_strdup
_fileno
memset
memcpy
malloc
_CxxThrowException
__CxxFrameHandler3
free

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

ws2_32

WSAGetLastError
shutdown
recv
socket
gethostbyname
send
setsockopt
connect
WSAStartup
htons
closesocket
select

setupapi

SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInterfaceDetailA

shlwapi

PathRemoveFileSpecW
PathGetDriveNumberW
PathFileExistsW
PathRemoveFileSpecA
PathIsDirectoryW

libplist2

plist_dict_new_iter
plist_get_node_type
plist_get_string_val
plist_dict_set_item
plist_dict_get_item
plist_from_bin
plist_new_string
plist_from_xml
plist_to_bin
plist_get_data_val
plist_to_xml
plist_compare_node_value
plist_is_binary
plist_dict_next_item
plist_set_uint_val
plist_array_insert_item
plist_get_data_ptr
plist_dict_get_size
plist_get_string_ptr
plist_dict_remove_item
plist_access_path
plist_new_bool
plist_new_dict
plist_new_uint
plist_new_array
plist_free
plist_array_append_item
plist_copy
plist_get_bool_val
plist_get_uint_val
plist_array_get_item
plist_array_get_size
plist_dict_merge
plist_new_data

libssl-1_1

SSL_CTX_use_certificate
TLS_method
SSL_get_error
SSL_do_handshake
SSL_CIPHER_get_name
SSL_new
SSL_shutdown
SSL_get_current_cipher
SSL_CTX_new
SSL_write
SSL_free
SSL_CTX_free
SSL_read
SSL_set_connect_state
SSL_set_verify
SSL_CTX_use_RSAPrivateKey
SSL_set_bio

libcrypto-1_1

EVP_PKEY_free
SHA384
SHA1_Init
SHA1
PEM_read_bio_RSAPrivateKey
BIO_int_ctrl
PEM_read_bio_X509
RSA_free
BIO_s_socket
X509_set1_notBefore
X509_set1_notAfter
PEM_read_bio_RSAPublicKey
ASN1_INTEGER_new
ASN1_INTEGER_free
X509_set_serialNumber
BIO_s_mem
RSA_new
ASN1_TIME_new
X509_set_version
X509_free
BIO_ctrl
EVP_PKEY_new
BIO_new
BN_new
ASN1_TIME_free
X509_set_pubkey
X509_new
X509_sign
ASN1_TIME_set
BIO_new_mem_buf
PEM_write_bio_X509
X509_add_ext
X509_EXTENSION_free
ASN1_INTEGER_set
BN_set_word
PEM_write_bio_PrivateKey
X509V3_EXT_cleanup
BN_free
BIO_free
EVP_sha1
X509V3_EXT_conf_nid
RSA_generate_key_ex
EVP_PKEY_assign
X509V3_set_ctx

libcurl

curl_slist_free_all
curl_easy_init
curl_easy_cleanup
curl_easy_perform
curl_easy_setopt
curl_slist_append

libzip

zip_get_name
zip_delete
zip_get_num_files
zip_replace
zip_add
zip_strerror
zip_dir_add
zip_source_buffer
zip_discard
zip_stat_index
zip_file_add
zip_get_num_entries
zip_fclose
zip_open_w
zip_stat_init
zip_close
zip_name_locate
zip_file_get_external_attributes
zip_unchange_all
zip_fread
zip_fopen_index
zip_source_free

Exports

Exports

ios_exit_recovery_mode
ios_get_normal_mode_descriptor
ios_get_product_type
ios_is_libusb_standalone_driver
ios_is_open_quicktime_driver
ios_restore
ios_rqshsh
ios_setup_more_device
ios_show_preflash_text
setup_curl_agent_name

Sections

.text
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23b6aaf7d3e47c61b7906a0aa0f5ce6c

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

55:62:2a:dd:81:47:77:b2:1b:1a:1d:31Certificate

Extended Key Usages

Key Usages

6f:1b:46:0a:5d:36:fb:5e:be:fe:76:84:28:8c:fe:1c:5e:7f:ab:46Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

msvcr100

msvcp100

ws2_32

setupapi

shlwapi

libplist2

libssl-1_1

libcrypto-1_1

libcurl

libzip

Exports

Exports

Sections

.text Size: 199KB - Virtual size: 199KB

.rdata Size: 105KB - Virtual size: 104KB

.data Size: 9KB - Virtual size: 19KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 24KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

55:62:2a:dd:81:47:77:b2:1b:1a:1d:31
Certificate

6f:1b:46:0a:5d:36:fb:5e:be:fe:76:84:28:8c:fe:1c:5e:7f:ab:46
Signer

.text
Size: 199KB - Virtual size: 199KB

.rdata
Size: 105KB - Virtual size: 104KB

.data
Size: 9KB - Virtual size: 19KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 24KB