17206cf4aff5864b9f1c49e7c1bd289ed3c7f25debd4ee99d2cbe2380e05bcd0

Sharing

Copy URL Twitter E-mail

General

Target

17206cf4aff5864b9f1c49e7c1bd289ed3c7f25debd4ee99d2cbe2380e05bcd0
Size

179KB
MD5

f039db23bb9875d406eb222bdf880325
SHA1

503a8f2e5f9d7e18e4a551ab6b2a02be0893adf7
SHA256

17206cf4aff5864b9f1c49e7c1bd289ed3c7f25debd4ee99d2cbe2380e05bcd0
SHA512

75faf97444f01218523d4876a092457909253a646fbc79e877ddbe3b6893ccd5e46edcdd6a91b38d597ad31673074aac86087912ac2456e6180a551a7be4434b
SSDEEP

3072:v4F4y6/gQs9T73t+9JTBfDUhWFYeOOfPnakxIaQ2lQBV+UdE+rECWp7hK2U:gF4yigQs9t+9JTBRyeOOfPaTaeBV+Ud9

Score

1^/10

Malware Config

Signatures

Files

17206cf4aff5864b9f1c49e7c1bd289ed3c7f25debd4ee99d2cbe2380e05bcd0
.dll windows:5 windows x86

61ac8dd3b370462a85e267349a52566e

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:62:2a:dd:81:47:77:b2:1b:1a:1d:31
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

06/01/2023, 06:40

Not After

06/01/2026, 06:40

Subject

CN=Shenzhen Aidapu Network Technology Co.\,Ltd.,O=Shenzhen Aidapu Network Technology Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

96:67:42:97:61:cd:c5:3d:60:41:b7:90:3b:9a:3b:45:d0:6a:19:76
Signer

Actual PE Digest

96:67:42:97:61:cd:c5:3d:60:41:b7:90:3b:9a:3b:45:d0:6a:19:76

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
MultiByteToWideChar
GetLastError
FindClose
GetLocalTime
FindNextFileW
CreateToolhelp32Snapshot
CloseHandle
WideCharToMultiByte
InitializeCriticalSection
CreateDirectoryW
Process32First
FindFirstFileW
DeleteFileW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Process32Next
DecodePointer
InterlockedExchange
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
EncodePointer

advapi32

CryptGenRandom
OpenSCManagerA
QueryServiceStatus
ChangeServiceConfigA
StartServiceA
CloseServiceHandle
OpenServiceA
CryptAcquireContextA
CryptReleaseContext

shell32

SHGetSpecialFolderPathW

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

ws2_32

send
socket
recv
setsockopt
htons
select
inet_addr
connect
closesocket

shlwapi

PathFileExistsW

libzip

zip_get_num_entries
zip_fclose
zip_open_w
zip_close
zip_fread
zip_stat_index
zip_fopen_index

libplist2

plist_get_node_type
plist_get_string_val
plist_dict_set_item
plist_dict_get_item
plist_free
plist_copy
plist_new_bool
plist_new_dict
plist_new_real
plist_get_data_val
plist_get_string_ptr
plist_new_data
plist_get_uint_val
plist_get_bool_val
plist_to_bin
plist_from_xml
plist_to_xml
plist_from_bin
plist_new_uint
plist_new_string
plist_new_array
plist_array_append_item
plist_array_new_iter
plist_array_next_item
plist_get_real_val

libcurl

curl_easy_perform
curl_easy_cleanup
curl_easy_init
curl_slist_append
curl_free
curl_easy_escape
curl_formadd
curl_formfree
curl_slist_free_all
curl_easy_setopt

libcrypto-1_1

X509_new
X509_set_pubkey
ASN1_TIME_free
BN_new
X509_sign
BIO_ctrl
X509_set_version
ASN1_TIME_new
RSA_new
EVP_PKEY_free
BIO_s_mem
X509_set_serialNumber
ASN1_INTEGER_free
ASN1_INTEGER_new
PEM_read_bio_RSAPublicKey
X509_set1_notAfter
X509_set1_notBefore
BIO_push
BIO_free_all
BIO_write
MD5
BIO_f_base64
ASN1_TIME_set
PEM_write_bio_X509
X509_add_ext
X509_EXTENSION_free
ASN1_INTEGER_set
BN_set_word
PEM_write_bio_PrivateKey
X509V3_EXT_cleanup
X509V3_set_ctx
EVP_PKEY_assign
RSA_generate_key_ex
X509V3_EXT_conf_nid
EVP_sha1
BN_free
X509_free
BIO_new
BIO_new_mem_buf
BIO_int_ctrl
PEM_read_bio_X509
RSA_free
BIO_free
BIO_s_socket
EVP_PKEY_new
PEM_read_bio_RSAPrivateKey

libssl-1_1

SSL_set_connect_state
TLS_method
SSL_get_error
SSL_do_handshake
SSL_CIPHER_get_name
SSL_new
SSL_shutdown
SSL_get_current_cipher
SSL_CTX_new
SSL_write
SSL_free
SSL_CTX_free
SSL_read
SSL_CTX_set_options
SSL_CTX_use_certificate
SSL_set_bio
SSL_get_version
SSL_set_verify
SSL_CTX_use_RSAPrivateKey

idm_lang

set_lang
translation
translation_w

msvcr100

_CxxThrowException
memcpy
memset
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
_vsnprintf
_wcsdup
fseek
ftell
fwrite
strtol
wcsncpy
strstr
rewind
calloc
_snwprintf
_mbsicmp
_stricmp
??2@YAPAXI@Z
??3@YAXPAX@Z
memmove
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
__iob_func
_time64
_strdup
_errno
strerror
fclose
realloc
fread
strncpy
_snprintf
_wfopen
malloc
free
strncmp
__CxxFrameHandler3

Exports

Exports

cancel_proxy_aia
init_dll_aia
ios_actiavte
ios_actiavte_ex
ios_install_appsync
ios_setup_done
ios_skip_setup
set_proxy_aia

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61ac8dd3b370462a85e267349a52566e

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

55:62:2a:dd:81:47:77:b2:1b:1a:1d:31Certificate

Extended Key Usages

Key Usages

96:67:42:97:61:cd:c5:3d:60:41:b7:90:3b:9a:3b:45:d0:6a:19:76Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

msvcp100

ws2_32

shlwapi

libzip

libplist2

libcurl

libcrypto-1_1

libssl-1_1

idm_lang

msvcr100

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

55:62:2a:dd:81:47:77:b2:1b:1a:1d:31
Certificate

96:67:42:97:61:cd:c5:3d:60:41:b7:90:3b:9a:3b:45:d0:6a:19:76
Signer

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB