86cfc561c741f9f04cebe7692ab34965d8d46270ff7977ac0b6afa2122b534fe

Sharing

Copy URL Twitter E-mail

General

Target

86cfc561c741f9f04cebe7692ab34965d8d46270ff7977ac0b6afa2122b534fe
Size

1.4MB
MD5

5e578ff6ecc2b9aa9317f38ebf16d7ae
SHA1

0075bfcd8a10e10685c624c753062986b1956c2f
SHA256

86cfc561c741f9f04cebe7692ab34965d8d46270ff7977ac0b6afa2122b534fe
SHA512

b3db88981fa4a5037af476cdd2ffb8596687a123fdf945e62f18e8be83185ca15c98daae0af1800740f74e223d7ddba1eba51cb9b7fa40e838ef11e7bdf89b7e
SSDEEP

24576:TifQ73QJ5oZhlYVowNCpGEnPu196PLWN2vYQYavqFe:TB8J5chlbG6m152vYQxqFe

Score

1^/10

Malware Config

Signatures

Files

86cfc561c741f9f04cebe7692ab34965d8d46270ff7977ac0b6afa2122b534fe
.exe windows:5 windows x86

ae150188e7fc7cea7fc14a4291769fbf

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:7b:8b:d9:11:0d:00:8c:d6:ed:14:5c:2b:d1:df:da
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/05/2021, 00:00

Not After

30/05/2024, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:ce:23:95:8b:13:a2:1b:94:74:b3:bd:6c:36:c9:cd:c4:b1:21:d1:51:3d:cc:b9:0f:96:16:ff:8c:1f:46:2c
Signer

Actual PE Digest

24:ce:23:95:8b:13:a2:1b:94:74:b3:bd:6c:36:c9:cd:c4:b1:21:d1:51:3d:cc:b9:0f:96:16:ff:8c:1f:46:2c

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsRootW
PathIsRelativeW
ord219
PathAppendW
PathAddBackslashW
PathFileExistsW

winmm

timeKillEvent
timeGetTime
timeSetEvent

comctl32

ord17
_TrackMouseEvent

gdiplus

GdipAddPathPieI
GdipAddPathArcI
GdipAddPathEllipseI
GdipAddPathRectangleI
GdipAddPathCurveI
GdipAddPathBezierI
GdipAddPathLine2I
GdipAddPathLineI
GdipClosePathFigure
GdipStartPathFigure
GdipGetPathFillMode
GdipSetPathFillMode
GdipResetPath
GdipClonePath
GdipCreatePath
GdipCreateTexture
GdipCreateBitmapFromHBITMAP
GdipCreateSolidFill
GdipGetPenDashStyle
GdipSetPenDashStyle
GdipGetPenLineJoin
GdipSetPenLineJoin
GdipGetPenDashCap197819
GdipGetPenEndCap
GdipGetPenStartCap
GdipSetPenDashCap197819
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenColor
GdipTransformPath
GdipDeletePath
GdipDrawLineI
GdipDrawBezierI
GdipDrawRectangleI
GdipDrawPath
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipCloneStringFormat
GdipAddPathPolygonI
GdipDeleteStringFormat
GdipScaleMatrix
GdipMeasureString
GdipFillPath
GdipFillEllipseI
GdipGetPathWorldBoundsI
GdipDrawEllipseI
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromFile
GdipFree
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipGetPenWidth
GdipSetPenWidth
GdipClonePen
GdipLoadImageFromFile
GdipImageRotateFlip
GdipDrawImageRect
GdipSetWorldTransform
GdipRotateMatrix
GdipTranslateMatrix
GdipCreatePen2
GdipSetLineBlend
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushFromRect
GdipDrawArc
GdipDeletePen
GdipCreatePen1
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipIsVisiblePathPointI
GdipDeleteMatrix
GdipCreateMatrix
GdipStringFormatGetGenericTypographic
GdipIsOutlineVisiblePathPointI
GdipDrawString
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFillRectangle

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow

msimg32

AlphaBlend

kernel32

IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
GetStartupInfoW
WaitForSingleObjectEx
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
GetLocaleInfoW
LCMapStringW
EncodePointer
GetStringTypeW
LoadLibraryExA
VirtualProtect
GetSystemInfo
InitializeSListHead
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetACP
GetFileType
WriteConsoleW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetConsoleMode
ReadConsoleW
FindFirstFileExW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
GetConsoleCP
UnhandledExceptionFilter
lstrcmpW
SetEnvironmentVariableW
SetDllDirectoryW
InterlockedExchangeAdd
SetFilePointerEx
LoadLibraryExW
LocalFree
FormatMessageW
GetEnvironmentVariableW
SetFilePointer
GetCurrentProcessId
OpenProcess
GetModuleHandleA
MulDiv
GlobalSize
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
DecodePointer
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
CloseHandle
CreateFileW
GetFileSize
ReadFile
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
WriteFile
CreateDirectoryW
SetEndOfFile
GetFileAttributesW
GetModuleHandleW
GetProcAddress
LoadLibraryW
GetModuleFileNameW
FreeLibrary
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetFullPathNameW
Sleep
GetSystemPowerStatus
GetShortPathNameW
GetCommandLineW
CreateMutexW
FindFirstFileW
GetPrivateProfileIntW
GetPrivateProfileStringW
FindNextFileW
FindClose
WritePrivateProfileStringW
VerifyVersionInfoW
VerSetConditionMask
GetCurrentThreadId
SetLastError
InterlockedCompareExchange
GetCurrentDirectoryW
LocalFileTimeToFileTime
QueryPerformanceFrequency
SystemTimeToFileTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetThreadPriority
WaitForSingleObject
TerminateThread
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
CreateEventW
SetEvent
ResetEvent
GetCurrentProcess
GetStdHandle
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort

user32

GetKeyState
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
GetSystemMetrics
FindWindowW
SendMessageTimeoutW
MessageBoxW
DestroyWindow
SetWindowTextW
IsIconic
GetWindowPlacement
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
IsRectEmpty
RegisterWindowMessageW
GetWindowLongW
DefWindowProcW
ScreenToClient
ShowWindow
PostMessageW
GetForegroundWindow
IsWindowVisible
GetWindowThreadProcessId
AttachThreadInput
BringWindowToTop
SetForegroundWindow
IsZoomed
SetWindowPos
GetPropW
CallWindowProcW
SetWindowLongW
SetPropW
RemovePropW
EnumChildWindows
SystemParametersInfoW
GetClientRect
GetDC
ReleaseDC
LoadCursorW
PostQuitMessage
KillTimer
TranslateMessage
GetQueueStatus
CallMsgFilterW
MsgWaitForMultipleObjectsEx
PeekMessageW
SetTimer
DispatchMessageW
RegisterClassExW
WaitMessage
CreateWindowExW
OffsetRect
RegisterClassW
GetClassInfoExW
IsWindow
GetWindow
EnableWindow
SetFocus
SendMessageW
InvalidateRect
GetFocus
SetCapture
ReleaseCapture
BeginPaint
EndPaint
MoveWindow
GetUpdateRect
UpdateLayeredWindow
UnionRect
CharNextW
MonitorFromPoint
SetWindowRgn
ClientToScreen
GetSysColor
GetAsyncKeyState
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
wsprintfW
GetDesktopWindow
MapWindowPoints
GetParent
GetAncestor
SetClassLongW
WindowFromPoint
SetParent
GetMessageW
UnregisterClassW
SetCursor
IntersectRect
PtInRect
GetCursorPos

gdi32

CreateFontIndirectW
GetDeviceCaps
CreateRoundRectRgn
CreateDIBSection
StretchBlt
PtInRegion
GetStockObject
GetWindowOrgEx
SetWindowOrgEx
SetStretchBltMode
GetObjectA
CreateRectRgnIndirect
ExtSelectClipRgn
BitBlt
CreateCompatibleBitmap
CombineRgn
CreateRectRgn
RestoreDC
DeleteObject
GetObjectW
SetRectRgn
DeleteDC
SelectObject
SaveDC
CreateCompatibleDC

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetPathFromIDListW
ShellExecuteW
SHGetSpecialFolderLocation
ord74
SHFileOperationW

ole32

CreateStreamOnHGlobal
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleInitialize
OleUninitialize
OleDuplicateData
ReleaseStgMedium
CoCreateInstance

oleaut32

SysFreeString
SysStringLen

Sections

.text
Size: 956KB - Virtual size: 956KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ae150188e7fc7cea7fc14a4291769fbf

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

07:7b:8b:d9:11:0d:00:8c:d6:ed:14:5c:2b:d1:df:daCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

24:ce:23:95:8b:13:a2:1b:94:74:b3:bd:6c:36:c9:cd:c4:b1:21:d1:51:3d:cc:b9:0f:96:16:ff:8c:1f:46:2cSigner

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

winmm

comctl32

gdiplus

imm32

msimg32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 956KB - Virtual size: 956KB

.rdata Size: 206KB - Virtual size: 205KB

.data Size: 38KB - Virtual size: 43KB

.gfids Size: 1024B - Virtual size: 660B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 127KB - Virtual size: 127KB

Size: 111KB - Virtual size: 111KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

07:7b:8b:d9:11:0d:00:8c:d6:ed:14:5c:2b:d1:df:da
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

24:ce:23:95:8b:13:a2:1b:94:74:b3:bd:6c:36:c9:cd:c4:b1:21:d1:51:3d:cc:b9:0f:96:16:ff:8c:1f:46:2c
Signer

.text
Size: 956KB - Virtual size: 956KB

.rdata
Size: 206KB - Virtual size: 205KB

.data
Size: 38KB - Virtual size: 43KB

.gfids
Size: 1024B - Virtual size: 660B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 127KB - Virtual size: 127KB