6b73b57cd59c9d87f34a6a155743ce51ae8a5b17e85984cff0ba0c1b510fcece

Sharing

Copy URL Twitter E-mail

General

Target

6b73b57cd59c9d87f34a6a155743ce51ae8a5b17e85984cff0ba0c1b510fcece
Size

623KB
MD5

8aa3e933f3bb5276f9d13095b686c2fd
SHA1

d9b5440c5d46e186e505580533780cae8ba5a8f8
SHA256

6b73b57cd59c9d87f34a6a155743ce51ae8a5b17e85984cff0ba0c1b510fcece
SHA512

2595736556ca00cd7835bec29c322893102cffda0ead418426229c193ada834243b19cb51fba946e6e75b4cf683ec0c1fae42104137067cec1a5f84d2a180dae
SSDEEP

6144:rLSI2666c9oWFPiypga5z03/DIcPJ1pemR3ILsmsuoQyVuozqdtJsTSyWjA+CE9e:rW6mR//5z+/DICvemR4rsuTtieMGtCR

Score

1^/10

Malware Config

Signatures

Files

6b73b57cd59c9d87f34a6a155743ce51ae8a5b17e85984cff0ba0c1b510fcece
.exe windows:5 windows x86

455dd049cf1607f79c32ae50953f70c9

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

05/01/2022, 09:58

Not After

06/01/2024, 09:58

Subject

SERIALNUMBER=911101026662879416,CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,STREET=朝阳区酒仙桥路6号院2号楼1至19层104号内8层801,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074245494a494e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:43:53:48:26:e0:33:df:58:8f:90:1d:4f:a8:4c:81:86:c3:7b:33:a3:94:10:0e:10:5b:1b:cd:84:e6:20:e5
Signer

Actual PE Digest

17:43:53:48:26:e0:33:df:58:8f:90:1d:4f:a8:4c:81:86:c3:7b:33:a3:94:10:0e:10:5b:1b:cd:84:e6:20:e5

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
lstrlenA
FindFirstFileW
FindNextFileW
FindClose
Process32FirstW
Process32NextW
LocalFree
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
DeviceIoControl
CreateFileW
CreateThread
SetUnhandledExceptionFilter
TerminateProcess
Thread32First
OpenThread
SuspendThread
Thread32Next
GetCurrentProcessId
GetTempPathW
ProcessIdToSessionId
OpenProcess
GetPrivateProfileStringW
CreateProcessW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
WideCharToMultiByte
GetSystemWindowsDirectoryW
CreateDirectoryW
LockFile
UnlockFile
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
GetFileAttributesExW
GetExitCodeThread
GetProcessHeap
HeapFree
SetProcessWorkingSetSize
OpenMutexW
GlobalUnlock
GlobalLock
GlobalSize
SystemTimeToFileTime
GetSystemTime
GlobalFree
GlobalAlloc
GetPrivateProfileIntW
GetPrivateProfileSectionW
SetEvent
GetNativeSystemInfo
GetSystemPowerStatus
GetProcessTimes
CompareFileTime
GetLocalTime
ReleaseMutex
LockFileEx
UnlockFileEx
MoveFileExW
WaitForMultipleObjects
ResetEvent
GetModuleHandleExW
OpenEventW
HeapWalk
HeapLock
HeapUnlock
OutputDebugStringW
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
RemoveDirectoryW
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
LCMapStringA
GetModuleHandleA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetModuleFileNameA
GetStdHandle
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
CreateMutexW
WaitForSingleObject
CreateEventW
InterlockedExchange
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
RaiseException
lstrcmpiW
lstrlenW
SetEnvironmentVariableW
GetWindowsDirectoryW
GetSystemDirectoryW
GetModuleFileNameW
GetCommandLineW
ExpandEnvironmentStringsW
Sleep
InterlockedCompareExchange
GetModuleHandleW
GetCurrentThreadId
LoadLibraryW
FlushInstructionCache
GetCurrentProcess
CloseHandle
GetLastError
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetStartupInfoW
ExitProcess
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
ExitThread
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetTickCount
FindResourceExW
SetLastError
LockResource
SetProcessShutdownParameters
DeleteFileW
SetStdHandle
VirtualProtect
FreeLibrary

user32

RegisterClassExW
LoadImageW
GetClassInfoExW
wvsprintfW
LoadCursorW
CreateWindowExW
DestroyIcon
wsprintfW
GetActiveWindow
MessageBoxW
AppendMenuW
DestroyWindow
PeekMessageW
KillTimer
GetMessageW
SendMessageW
FindWindowW
GetWindowThreadProcessId
GetSystemMetrics
PostMessageW
SendMessageTimeoutW
RegisterWindowMessageW
TranslateMessage
DispatchMessageW
SetRect
CharNextW
SetTimer
CallWindowProcW
GetWindowLongW
SystemParametersInfoW
GetLastInputInfo
DefWindowProcW
UnregisterClassA
SetWindowLongW
PostQuitMessage
GetShellWindow
GetMenuItemID
ModifyMenuW
GetMonitorInfoW
MonitorFromPoint
DestroyMenu
SetMenuDefaultItem
TrackPopupMenu
GetSubMenu
LoadMenuW
GetClassNameW
SetForegroundWindow
GetCursorPos
GetDoubleClickTime
EnumWindows

advapi32

CloseServiceHandle
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
RevertToSelf
ImpersonateLoggedOnUser
DuplicateTokenEx
StartServiceW
QueryServiceConfig2W
QueryServiceStatus
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
DuplicateToken
RegEnumKeyW
CloseEventLog
ReadEventLogW
OpenEventLogW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
GetTokenInformation
OpenProcessToken
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA

shell32

SHFileOperationW
Shell_NotifyIconW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ord680
SHGetFileInfoW
ShellExecuteW
CommandLineToArgvW
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CoInitialize
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree
CoInitializeSecurity
CreateStreamOnHGlobal
GetHGlobalFromStream
CoTaskMemRealloc

oleaut32

VarUI4FromStr
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear
VariantInit
VariantCopy
SysStringByteLen

shlwapi

SHGetValueW
PathFileExistsW
StrRStrIW
PathRemoveBackslashW
StrCmpNIW
PathAddBackslashW
UrlGetPartW
PathRemoveExtensionW
StrChrW
PathFindFileNameW
PathIsPrefixW
PathUnquoteSpacesW
PathCombineA
PathAppendA
PathFileExistsA
SHGetValueA
PathRemoveFileSpecW
StrStrW
PathCombineW
StrCmpIW
PathIsDirectoryW
SHSetValueW
StrStrIW
SHDeleteValueW
PathAppendW

comctl32

InitCommonControlsEx

imm32

ImmDisableIME

ws2_32

ntohl

setupapi

SetupIterateCabinetW

rpcrt4

RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcAsyncInitializeHandle
RpcAsyncCompleteCall
RpcStringFreeW
RpcBindingFree
NdrClientCall2
NdrAsyncClientCall

userenv

ExpandEnvironmentStringsForUserW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ntdll

RtlUnwind
RtlCreateHeap
ZwAllocateVirtualMemory
ZwProtectVirtualMemory
NtDelayExecution
RtlAllocateHeap
ZwFreeVirtualMemory
ZwQueryVirtualMemory
ZwQuerySystemInformation
RtlReAllocateHeap

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

powrprof

GetPwrCapabilities

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo
GetIpForwardTable

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

455dd049cf1607f79c32ae50953f70c9

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0bCertificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

17:43:53:48:26:e0:33:df:58:8f:90:1d:4f:a8:4c:81:86:c3:7b:33:a3:94:10:0e:10:5b:1b:cd:84:e6:20:e5Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

imm32

ws2_32

setupapi

rpcrt4

userenv

version

ntdll

wtsapi32

powrprof

iphlpapi

Sections

.text Size: 292KB - Virtual size: 291KB

.rdata Size: 63KB - Virtual size: 62KB

.data Size: 15KB - Virtual size: 34KB

.rsrc Size: 218KB - Virtual size: 218KB

.reloc Size: 22KB - Virtual size: 22KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

44:8a:bf:29:b0:45:82:3e:5d:6d:cc:0b
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

17:43:53:48:26:e0:33:df:58:8f:90:1d:4f:a8:4c:81:86:c3:7b:33:a3:94:10:0e:10:5b:1b:cd:84:e6:20:e5
Signer

.text
Size: 292KB - Virtual size: 291KB

.rdata
Size: 63KB - Virtual size: 62KB

.data
Size: 15KB - Virtual size: 34KB

.rsrc
Size: 218KB - Virtual size: 218KB

.reloc
Size: 22KB - Virtual size: 22KB