“游蛇”专项排查工具v0[.]10[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

“游蛇”专项排查工具v0.10.exe
Size

1.7MB
MD5

4ba3b861f1775122886e7615a3a8f92c
SHA1

3d8016515ea839da775b70dc1025f8a33076feca
SHA256

79c3e7ef96a5965773f9b013c832d479c818449e0cb96ab0534042e21d3c70fd
SHA512

96647a8bc0315210cf9fb760ec87160b0fcbef9185c087c63977ae78946b33e56df0a85f79c235b112f5f3bb6c81ea02fa56502a7f30a104f731bd883173d451
SSDEEP

49152:uFPIlPPPPPPPPPPPPPPAhgTi7Zu05OPtkKg+2GzTmiS:jTi7Zu05Olk82ITnS

Score

1^/10

Malware Config

Signatures

Files

“游蛇”专项排查工具v0.10.exe
.exe windows:5 windows x86

caecf503c3380b4401755b51ac110458

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:92:a4:e4:9a:6a:10:68:32:a5:3b:ef:18:ad:a9:29
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/04/2023, 00:00

Not After

06/04/2026, 23:59

Subject

CN=Antiy Labs,O=Antiy Labs,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:68:c4:35:0e:b9:1c:a3:af:00:a4:03:a2:2e:8a:83:1a:da:8b:c0:a9:b6:cb:9a:e7:26:e3:a7:bd:c8:cd:6a
Signer

Actual PE Digest

04:68:c4:35:0e:b9:1c:a3:af:00:a4:03:a2:2e:8a:83:1a:da:8b:c0:a9:b6:cb:9a:e7:26:e3:a7:bd:c8:cd:6a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
GetCommandLineA
GetComputerNameA
GetLastError
LeaveCriticalSection
LoadResource
LockResource
SizeofResource
lstrcatA
lstrcpyA
ResumeThread
SuspendThread
EnterCriticalSection
WaitForMultipleObjects
CreateFileA
CreateFileMappingA
GetFileSize
GetModuleFileNameA
MapViewOfFile
UnmapViewOfFile
GetProcAddress
FreeLibrary
InterlockedCompareExchange
InterlockedExchange
CreateThread
CreateEventA
VirtualFree
CloseHandle
VirtualAlloc
lstrcmpA
InitializeCriticalSection
GetModuleHandleA
ExitProcess
TerminateThread
LoadLibraryExA
DeleteCriticalSection

user32

SendDlgItemMessageA
SendMessageA
SetDlgItemTextA
SetFocus
SetTimer
SetWindowTextA
ShowWindow
TrackPopupMenu
TranslateMessage
wsprintfA
DestroyIcon
GetSystemMetrics
GetWindowLongA
ScreenToClient
SetWindowLongA
SetWindowPos
LoadIconA
IsWindowVisible
IsDialogMessageA
GetWindowRect
GetSubMenu
GetMessageA
GetDlgItemTextA
GetDlgItem
GetDesktopWindow
GetCursorPos
EndDialog
PostQuitMessage
PostMessageA
MessageBoxA
LoadMenuA
MoveWindow
LoadImageA
EnableWindow
DispatchMessageA
DialogBoxParamA
CreateDialogParamA
KillTimer

comctl32

ImageList_AddIcon
InitCommonControls
ImageList_GetIcon
ImageList_GetImageCount
ImageList_Remove
ImageList_Create

gdi32

CreateSolidBrush
SetTextColor
SetBkMode

shell32

ShellExecuteExA
ShellExecuteA
ExtractIconA

urlmon

URLDownloadToFileA

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

caecf503c3380b4401755b51ac110458

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:92:a4:e4:9a:6a:10:68:32:a5:3b:ef:18:ad:a9:29Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

04:68:c4:35:0e:b9:1c:a3:af:00:a4:03:a2:2e:8a:83:1a:da:8b:c0:a9:b6:cb:9a:e7:26:e3:a7:bd:c8:cd:6aSigner

Headers

File Characteristics

Imports

kernel32

user32

comctl32

gdi32

shell32

urlmon

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:92:a4:e4:9a:6a:10:68:32:a5:3b:ef:18:ad:a9:29
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

04:68:c4:35:0e:b9:1c:a3:af:00:a4:03:a2:2e:8a:83:1a:da:8b:c0:a9:b6:cb:9a:e7:26:e3:a7:bd:c8:cd:6a
Signer

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB