d4e3b64947e986354bd3b2cc61cc3ba240f3bb4aac00ab6f9f4f09f264441f8b

Sharing

Copy URL Twitter E-mail

General

Target

d4e3b64947e986354bd3b2cc61cc3ba240f3bb4aac00ab6f9f4f09f264441f8b
Size

4.1MB
MD5

2369ac37195d9cf1e9595895da6b1222
SHA1

2659c03557b565a5c18fe08af6adffa19114031f
SHA256

d4e3b64947e986354bd3b2cc61cc3ba240f3bb4aac00ab6f9f4f09f264441f8b
SHA512

a7c2cbc9ddd535a385c2761071cf15737a1a2dadd629fcd45f2a18831fb7b714b837acdddaa7ecd9212577879c7eab597e28a31913e934fa28b6480a99a9b9e2
SSDEEP

49152:08ETwpA22N8PQ8Sv8X/RL7Y4LQdRraTBlPPWeZ/2hi68QSW5gVX:00AxN8Pw8XJ9LEZk2eZu

Score

1^/10

Malware Config

Signatures

Files

d4e3b64947e986354bd3b2cc61cc3ba240f3bb4aac00ab6f9f4f09f264441f8b
.exe windows:5 windows x86

19da905cccf32423f2613b7ae6d123b9

Code Sign

0b:7c:62:85:72:a5:07:ec:5f:41:0d:97:a4:ed:16:67
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2020, 00:00

Not After

12/11/2023, 23:59

Subject

CN=Beijing Duyou Science and Technology Co.\,Ltd.,O=Beijing Duyou Science and Technology Co.\,Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:06:83:4e:a5:ef:2b:3a:66:9e:31:99:70:ab:e6:40
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/11/2020, 00:00

Not After

12/11/2023, 23:59

Subject

CN=Beijing Duyou Science and Technology Co.\,Ltd.,O=Beijing Duyou Science and Technology Co.\,Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:d6:ad:c0:2c:df:92:5e:9a:6a:f3:70:4c:11:c4:26:d1:b1:a6:a9:75:9b:93:4a:26:83:b4:bc:d3:2e:4d:fe
Signer

Actual PE Digest

e4:d6:ad:c0:2c:df:92:5e:9a:6a:f3:70:4c:11:c4:26:d1:b1:a6:a9:75:9b:93:4a:26:83:b4:bc:d3:2e:4d:fe

Digest Algorithm

sha256

PE Digest Matches

false

56:b7:62:59:5c:3a:00:6b:16:e0:2c:29:d2:8d:a2:08:ff:91:69:5e
Signer

Actual PE Digest

56:b7:62:59:5c:3a:00:6b:16:e0:2c:29:d2:8d:a2:08:ff:91:69:5e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadDirectoryChangesW
Module32FirstW
Module32NextW
FileTimeToSystemTime
FlushFileBuffers
GetFileInformationByHandle
GetLogicalDrives
GetVolumeInformationW
DuplicateHandle
GetExitCodeThread
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
RemoveDirectoryW
GetTempFileNameW
SetFilePointerEx
SetFileTime
lstrlenW
FreeResource
MulDiv
SetConsoleCtrlHandler
SetFilePointer
SetEndOfFile
EncodePointer
OutputDebugStringW
AllocConsole
GetStdHandle
GetConsoleScreenBufferInfo
FreeConsole
SetConsoleTextAttribute
WriteConsoleW
InitializeCriticalSection
GetPrivateProfileIntW
GetCurrentProcessId
CreateMutexW
ReleaseMutex
VerSetConditionMask
VerifyVersionInfoW
GetTempPathW
SetThreadPriority
TerminateThread
WaitForMultipleObjects
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LoadLibraryA
GetCurrentProcess
FindClose
FindNextFileW
FindFirstFileW
OpenEventW
ResetEvent
ExitProcess
GetCommandLineW
OpenProcess
HeapDestroy
DecodePointer
LoadLibraryExW
lstrcmpiW
GetPrivateProfileSectionW
GetSystemTime
SystemTimeToFileTime
WritePrivateProfileStringW
MoveFileW
SetEvent
CreateEventW
GetVersionExW
CopyFileW
MoveFileExW
FormatMessageW
LocalFree
Sleep
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetPrivateProfileStringW
GetModuleHandleW
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryW
WriteFile
CreateDirectoryW
ReadFile
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
GetEnvironmentVariableW
ConvertFiberToThread
DeleteFiber
GetFileType
GetModuleHandleExW
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetCPInfo
GetStringTypeW
GetLocaleInfoW
GetFileSize
CreateFileW
WideCharToMultiByte
WaitForSingleObject
DeleteFileW
CloseHandle
MultiByteToWideChar
SetLastError
RaiseException
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindNextFileA
FindFirstFileExA
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
SetStdHandle
HeapReAlloc
HeapSize
HeapCreate
GetFullPathNameW
GetCurrentDirectoryW
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetModuleFileNameA
GetACP
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetFileAttributesExW
LCMapStringW
RtlUnwind
GetModuleHandleA
GlobalUnlock
GlobalLock
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
IsDebuggerPresent
GetSystemTimeAsFileTime
CompareStringW
GlobalAlloc

user32

CharLowerBuffW
PostThreadMessageW
MessageBoxW
PostMessageW
PostQuitMessage
GetMessageW
CharNextW
DispatchMessageW
TranslateMessage
PeekMessageW
SetForegroundWindow
ShowWindow
SendMessageW
LoadIconW
SetWindowTextW
CallWindowProcW
GetProcessWindowStation
GetUserObjectInformationW
GetDlgItem
GetParent
TrackMouseEvent
AnimateWindow
UpdateLayeredWindow
PrintWindow
SetLayeredWindowAttributes
MoveWindow
SetWindowPos
IsWindowVisible
IsIconic
IsZoomed
SetFocus
GetActiveWindow
SetCapture
ReleaseCapture
EnableWindow
IsWindowEnabled
GetSystemMetrics
EndMenu
UpdateWindow
SetActiveWindow
GetDC
GetWindowLongW
BeginPaint
EndPaint
InvalidateRect
GetClientRect
GetWindowRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
SetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
CopyRect
InflateRect
IntersectRect
IsRectEmpty
GetDesktopWindow
EnumChildWindows
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetKeyState
SetCursor
PtInRect
EqualRect
LoadBitmapW
LoadImageW
DrawTextW
OffsetRect
DestroyIcon
DrawIconEx
FillRect
SetRect
MapVirtualKeyA
EnableMenuItem
GetSysColor
FindWindowExW
UnionRect
SetRectEmpty
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
MessageBeep
SetWindowLongW
DestroyMenu
AppendMenuW
TrackPopupMenu
GetMenuItemInfoW
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
DestroyWindow
IsWindow
KillTimer
SetTimer
DefWindowProcW
ReleaseDC
CreatePopupMenu

gdi32

GetClipBox
GetTextColor
GetTextMetricsW
CreateBitmap
TextOutW
MoveToEx
ExtCreatePen
CreateDIBSection
RoundRect
LineTo
GetViewportOrgEx
CreateSolidBrush
GetObjectA
CreateFontIndirectW
GetDeviceCaps
GetTextExtentPoint32W
GetTextExtentPointW
OffsetViewportOrgEx
ExtSelectClipRgn
SaveDC
RestoreDC
Rectangle
RectInRegion
GetStockObject
DeleteObject
DeleteDC
GetObjectType
GetClipRgn
ExcludeClipRect
CreateRectRgn
CreatePen
SetViewportOrgEx
ExtTextOutW
GetObjectW
SetTextColor
StretchBlt
SetBkMode
SetBkColor
SelectObject
SelectClipRgn
GetRgnBox
GetCurrentObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
CombineRgn
CreateDIBitmap

advapi32

GetTokenInformation
CreateProcessAsUserW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExA
RegOpenKeyExA
CheckTokenMembership
CreateWellKnownSid
RegQueryValueExW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
OpenProcessToken
DuplicateTokenEx

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW
ord680
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal
OleLockRunning
CLSIDFromProgID
CoCreateInstance
CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CLSIDFromString
CoLoadLibrary
StringFromGUID2
StgCreateStorageEx
StgOpenStorageEx
CreateBindCtx

oleaut32

SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreate
VariantCopy
VarUI4FromStr
LoadTypeLi
SafeArrayUnlock
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VarBstrCmp
SysStringLen
VariantClear
SysAllocString
SysFreeString
VarCmp
LoadRegTypeLi
GetErrorInfo

shlwapi

StrToIntExA
StrToIntW

wininet

InternetQueryDataAvailable
HttpQueryInfoA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetSetOptionA
InternetOpenA
InternetReadFile
InternetCloseHandle
InternetConnectW
InternetReadFileExA
InternetQueryOptionA
InternetSetOptionW
InternetSetStatusCallbackW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpEndRequestW
HttpQueryInfoW

setupapi

SetupIterateCabinetW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

bcrypt

BCryptGenRandom

imm32

ImmReleaseContext
ImmGetContext

dwmapi

DwmGetWindowAttribute

gdiplus

GdipLoadImageFromFileICM
GdipLoadImageFromStreamICM
GdipLoadImageFromFile
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipFillRectangleI
GdipCloneImage
GdipLoadImageFromStream
GdipCreateTexture2I
GdipDeleteBrush
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRectI
GdipDisposeImage
GdipCloneBrush
GdipSetImageAttributesWrapMode

msimg32

GradientFill
AlphaBlend

ws2_32

WSASetLastError
send
recv
WSAGetLastError
WSACleanup
closesocket

crypt32

CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertCloseStore
CertOpenStore

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 763KB - Virtual size: 763KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

19da905cccf32423f2613b7ae6d123b9

Code Sign

0b:7c:62:85:72:a5:07:ec:5f:41:0d:97:a4:ed:16:67Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0d:06:83:4e:a5:ef:2b:3a:66:9e:31:99:70:ab:e6:40Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

e4:d6:ad:c0:2c:df:92:5e:9a:6a:f3:70:4c:11:c4:26:d1:b1:a6:a9:75:9b:93:4a:26:83:b4:bc:d3:2e:4d:feSigner

56:b7:62:59:5c:3a:00:6b:16:e0:2c:29:d2:8d:a2:08:ff:91:69:5eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

setupapi

bcrypt

imm32

dwmapi

gdiplus

msimg32

ws2_32

crypt32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 763KB - Virtual size: 763KB

.data Size: 46KB - Virtual size: 127KB

.gfids Size: 1024B - Virtual size: 560B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 69KB - Virtual size: 69KB

Size: 1.5MB - Virtual size: 1.5MB

0b:7c:62:85:72:a5:07:ec:5f:41:0d:97:a4:ed:16:67
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0d:06:83:4e:a5:ef:2b:3a:66:9e:31:99:70:ab:e6:40
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

e4:d6:ad:c0:2c:df:92:5e:9a:6a:f3:70:4c:11:c4:26:d1:b1:a6:a9:75:9b:93:4a:26:83:b4:bc:d3:2e:4d:fe
Signer

56:b7:62:59:5c:3a:00:6b:16:e0:2c:29:d2:8d:a2:08:ff:91:69:5e
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 763KB - Virtual size: 763KB

.data
Size: 46KB - Virtual size: 127KB

.gfids
Size: 1024B - Virtual size: 560B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 69KB - Virtual size: 69KB