bb4a491a8ff3f3dba64ec5cdbf2311807f738f86ac1b3c184b5f0cca01b72dd6

Sharing

Copy URL Twitter E-mail

General

Target

bb4a491a8ff3f3dba64ec5cdbf2311807f738f86ac1b3c184b5f0cca01b72dd6
Size

946KB
MD5

9f5b056358db82073a89a90c5dff1ec8
SHA1

f8e16e4c1a972088e6498863824820c6ad46fd37
SHA256

bb4a491a8ff3f3dba64ec5cdbf2311807f738f86ac1b3c184b5f0cca01b72dd6
SHA512

13b0fc5c587db40a52b72bec59ed380282aaacb6333be656f35d9ad60ebe7b85d16ab7ba5b4bd3124b10e28e4b27fc65d49d8e4dbf158bdca837ab4402a25c37
SSDEEP

24576:Bn/oB4YEd8XbTBjzpD/qdU0pHa6ozFnNyr9UvFh:BogSfvqL7GFMUFh

Score

1^/10

Malware Config

Signatures

Files

bb4a491a8ff3f3dba64ec5cdbf2311807f738f86ac1b3c184b5f0cca01b72dd6
.exe windows:4 windows x86

b3703acb92d75280712b3964db55e159

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:5b:f8:6e:85:26:53:40:33:13:83:7b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

26/04/2023, 03:04

Not After

26/04/2026, 03:04

Subject

SERIALNUMBER=911101026662879416,CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,STREET=朝阳区酒仙桥路6号院2号楼1至19层104号内8层801,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:aa:6c:42:49:6f:1b:9e:2d:b2:0b:3c:b4:76:90:f7:95:ab:cb:c1:be:3a:62:b8:f0:5a:f3:74:01:8e:ba:2d
Signer

Actual PE Digest

11:aa:6c:42:49:6f:1b:9e:2d:b2:0b:3c:b4:76:90:f7:95:ab:cb:c1:be:3a:62:b8:f0:5a:f3:74:01:8e:ba:2d

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateEventA
CreateThread
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetModuleHandleW
GetNativeSystemInfo
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetSystemTimeAsFileTime
GetThreadContext
GetThreadLocale
GetTickCount
HeapAlloc
HeapFree
InitializeCriticalSection
IsBadReadPtr
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
QueryPerformanceCounter
ResumeThread
SetLastError
SetThreadPriority
SetUnhandledExceptionFilter
SignalObjectAndWait
Sleep
SuspendThread
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
lstrlenA

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_errno
_close
_fmode
_initterm
_iob
_lock
_onexit
_open
_unlock
_wcsnicmp
_write
abort
atoi
bsearch
calloc
exit
fprintf
fputc
free
fwrite
getenv
localeconv
malloc
mbstowcs
memcpy
memset
perror
qsort
realloc
setlocale
signal
strchr
strcmp
strerror
strlen
strncmp
strstr
strtol
strtoul
vfprintf
wcslen
wcstombs

ws2_32

WSACleanup
WSAStartup
closesocket
connect
gethostbyname
htons
recv
send
socket

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 821KB - Virtual size: 824KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3703acb92d75280712b3964db55e159

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

29:5b:f8:6e:85:26:53:40:33:13:83:7bCertificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

11:aa:6c:42:49:6f:1b:9e:2d:b2:0b:3c:b4:76:90:f7:95:ab:cb:c1:be:3a:62:b8:f0:5a:f3:74:01:8e:ba:2dSigner

Headers

File Characteristics

Imports

kernel32

msvcrt

ws2_32

Sections

.text Size: 37KB - Virtual size: 37KB

.data Size: 512B - Virtual size: 268B

.rdata Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 3KB

.idata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 32B

/4 Size: 512B - Virtual size: 120B

/19 Size: 18KB - Virtual size: 18KB

/31 Size: 1KB - Virtual size: 1KB

/45 Size: 2KB - Virtual size: 1KB

/57 Size: 512B - Virtual size: 356B

/70 Size: 3KB - Virtual size: 2KB

/81 Size: 512B - Virtual size: 208B

.rsrc Size: 821KB - Virtual size: 824KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

29:5b:f8:6e:85:26:53:40:33:13:83:7b
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

11:aa:6c:42:49:6f:1b:9e:2d:b2:0b:3c:b4:76:90:f7:95:ab:cb:c1:be:3a:62:b8:f0:5a:f3:74:01:8e:ba:2d
Signer

.text
Size: 37KB - Virtual size: 37KB

.data
Size: 512B - Virtual size: 268B

.rdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

/4
Size: 512B - Virtual size: 120B

/19
Size: 18KB - Virtual size: 18KB

/31
Size: 1KB - Virtual size: 1KB

/45
Size: 2KB - Virtual size: 1KB

/57
Size: 512B - Virtual size: 356B

/70
Size: 3KB - Virtual size: 2KB

/81
Size: 512B - Virtual size: 208B

.rsrc
Size: 821KB - Virtual size: 824KB