c600ec986a2f3e0cb278270377c83fc16af59fdd380db6063805da93dc892f78

Sharing

Copy URL Twitter E-mail

General

Target

c600ec986a2f3e0cb278270377c83fc16af59fdd380db6063805da93dc892f78
Size

1.9MB
MD5

90eb7dcd99c3940d98cfcebd5ec5075a
SHA1

a421bf9822c94dc3ed4f88d731a180ff695016cc
SHA256

c600ec986a2f3e0cb278270377c83fc16af59fdd380db6063805da93dc892f78
SHA512

d30fb2a3dcaa69e2ae9d1adafe3bf7bf3a7619966519859d3872c064adfd79838b6ed361e19737fbec1d6273459dd33c5d78e13b8bc659d4aea984ad356214ee
SSDEEP

49152:24XVI/ttLGQ3LHg5Zm3pCsN/vFqNW3or7Stm7hQ6/twK:zXe/ttLGQ305Zm3pb/vFqNW3ofzQ6/tw

Score

1^/10

Malware Config

Signatures

Files

c600ec986a2f3e0cb278270377c83fc16af59fdd380db6063805da93dc892f78
.exe windows:6 windows x86

fef51c53ca02af0c1c54d1304902ff28

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:ee:cc:f7:3f:05:11:35:54:88:70:d3:38:6e:4a:9c
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2019, 00:00

Not After

04/01/2023, 12:00

Subject

CN=SHENZHEN THUNDER NETWORKING TECHNOLOGIES LTD.,O=SHENZHEN THUNDER NETWORKING TECHNOLOGIES LTD.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:8b:b5:c7:e9:a7:cb:34:5e:78:d0:20:04:20:24:00
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/12/2019, 00:00

Not After

04/01/2023, 12:00

Subject

SERIALNUMBER=91440300746612636Q,CN=SHENZHEN THUNDER NETWORKING TECHNOLOGIES LTD.,O=SHENZHEN THUNDER NETWORKING TECHNOLOGIES LTD.,L=Shenzhen,ST=Guangdong,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fd:b2:43:90:2d:ba:04:95:45:48:28:67:13:98:7c:d9:0d:b1:c1:55:ec:c3:ba:b4:1d:25:f3:22:3a:5a:67:6d
Signer

Actual PE Digest

fd:b2:43:90:2d:ba:04:95:45:48:28:67:13:98:7c:d9:0d:b1:c1:55:ec:c3:ba:b4:1d:25:f3:22:3a:5a:67:6d

Digest Algorithm

sha256

PE Digest Matches

false

1d:0f:58:24:35:64:9c:b7:c7:88:22:25:ac:70:ca:33:da:50:70:a2
Signer

Actual PE Digest

1d:0f:58:24:35:64:9c:b7:c7:88:22:25:ac:70:ca:33:da:50:70:a2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpSendRequestW
HttpOpenRequestW
HttpQueryInfoW
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW
HttpSendRequestA
InternetOpenA
InternetCrackUrlW
InternetSetOptionW
InternetOpenUrlA

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetDiskFreeSpaceExW
GetFileSizeEx
CreateMutexW
ExitProcess
Sleep
ReadProcessMemory
InitializeCriticalSection
CreateThread
WaitForMultipleObjects
lstrcpyW
lstrcatW
GetCPInfoExW
SetUnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
SetLastError
WideCharToMultiByte
K32GetModuleFileNameExW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LocalFree
OpenProcess
GetStartupInfoW
CreateProcessW
GetCurrentThread
TerminateProcess
GetCurrentProcessId
OpenMutexW
WaitForSingleObject
GetVersionExW
IsWow64Process
GetCurrentProcess
GetModuleHandleW
GetTempPathW
WritePrivateProfileStringW
GetPrivateProfileStringW
MoveFileExW
CopyFileW
CloseHandle
WriteFile
SetFilePointer
RemoveDirectoryW
GetFileSize
FindNextFileW
FindFirstFileW
GetLocalTime
GetFileType
FindClose
DeleteFileW
CreateFileW
LoadLibraryW
FindResourceW
SizeofResource
GetCurrentDirectoryW
LoadResource
GetProcAddress
GetModuleFileNameW
FindResourceExW
MultiByteToWideChar
SystemTimeToFileTime
GetWindowsDirectoryW
GetSystemTime
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
QueryPerformanceCounter
lstrcatA
GetFileAttributesA
SetEndOfFile
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetStdHandle
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
LockResource
SetCurrentDirectoryW
GetVersionExA
GetVolumeInformationA
DeviceIoControl
SetPriorityClass
GetPrivateProfileStringA
CreateDirectoryA
WritePrivateProfileStringA
GetSystemDirectoryW
GetTickCount
FreeLibrary
GetCurrentThreadId
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
GetACP
ReadFile
VerSetConditionMask
LoadLibraryExW
MulDiv
VerifyVersionInfoW
GlobalUnlock
GlobalLock
lstrlenW
FreeResource
CreateDirectoryW
GetSystemInfo
SetFileTime
DuplicateHandle
DosDateTimeToFileTime
FormatMessageW
GlobalAlloc
SetFileAttributesW
CreateFileA
lstrcpyA

user32

KillTimer
GetWindowLongW
SetWindowLongW
GetParent
SetWindowRgn
GetWindowRect
SetTimer
IsIconic
SetWindowPos
SetCursor
InflateRect
UnionRect
OffsetRect
CharNextW
GetDC
ReleaseDC
MonitorFromPoint
MonitorFromWindow
GetMessageW
TranslateMessage
DispatchMessageW
IsWindow
IsWindowVisible
IsZoomed
SetFocus
GetActiveWindow
GetFocus
GetKeyState
DestroyWindow
ReleaseCapture
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetCursorPos
CreateCaret
GetCaretBlinkTime
SetCaretPos
ScreenToClient
MapWindowPoints
GetSysColor
IntersectRect
IsRectEmpty
PtInRect
GetWindow
RegisterClassW
ShowWindow
EnableWindow
SetPropW
GetPropW
GetMonitorInfoW
UpdateLayeredWindow
MoveWindow
GetWindowRgn
LoadIconW
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
HideCaret
ShowCaret
GetCaretPos
ClientToScreen
SystemParametersInfoW
SetWindowTextW
GetWindowTextLengthW
IsWindowEnabled
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
SetForegroundWindow
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
UnregisterClassW
PostQuitMessage
SetCapture
wsprintfW
LoadStringW
GetWindowTextW
LoadImageW
GetSystemMetrics
SendMessageW
LoadCursorW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
FindWindowW
PostMessageW
GetWindowThreadProcessId
GetDesktopWindow
AllowSetForegroundWindow

gdi32

EnumFontFamiliesExW
TextOutW
CreateCompatibleDC
SetStretchBltMode
MoveToEx
GetObjectA
GetBitmapBits
GdiFlush
SetTextColor
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
SetBitmapBits
DeleteObject
CreateRoundRectRgn
CreateDIBitmap
CreateFontIndirectW
CreatePen
DeleteDC
GetStockObject
RestoreDC
SaveDC
SelectObject
CloseEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRectRgn
PtInRegion
CreateDIBSection
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt

advapi32

InitializeSid
LookupAccountNameW
GetUserNameW
ConvertSidToStringSidW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
CreateProcessAsUserW
OpenProcessToken
OpenThreadToken
DuplicateTokenEx
GetLengthSid
SetTokenInformation
RegQueryInfoKeyW
RegOpenKeyW
RegEnumValueW
ConvertStringSidToSidW
RevertToSelf

shell32

SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteExW
SHGetSpecialFolderPathW
SHChangeNotify
CommandLineToArgvW
DragQueryFileW
Shell_NotifyIconW
SHGetSpecialFolderPathA
ShellExecuteW

ole32

OleInitialize
OleUninitialize
RegisterDragDrop
CoCreateInstance
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
CoInitialize
CoUninitialize
CoTaskMemFree
DoDragDrop

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

shlwapi

PathIsSameRootW
SHDeleteKeyW
ord176
PathAppendW
PathRemoveFileSpecW
PathIsDirectoryW
PathFindFileNameW
StrCpyNW
StrCmpIW
StrCmpW
PathFileExistsW
PathCombineW
PathRemoveBackslashW
PathAddBackslashW

userenv

UnloadUserProfile

iphlpapi

GetAdaptersInfo

winmm

timeSetEvent
timeKillEvent

ws2_32

gethostbyname
gethostname
WSAStartup

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

comctl32

_TrackMouseEvent
ord17
InitCommonControlsEx

gdiplus

GdipDeleteGraphics
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetStringFormatTrimming
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetStringFormatLineAlign
GdipSetImageAttributesColorKeys
GdipSetImageAttributesWrapMode
GdipCreateFromHDC
GdipSetImageAttributesColorMatrix
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImageRectRect
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign

Sections

.text
Size: 1004KB - Virtual size: 1004KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 628KB - Virtual size: 627KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fef51c53ca02af0c1c54d1304902ff28

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0d:ee:cc:f7:3f:05:11:35:54:88:70:d3:38:6e:4a:9cCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

07:8b:b5:c7:e9:a7:cb:34:5e:78:d0:20:04:20:24:00Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

fd:b2:43:90:2d:ba:04:95:45:48:28:67:13:98:7c:d9:0d:b1:c1:55:ec:c3:ba:b4:1d:25:f3:22:3a:5a:67:6dSigner

1d:0f:58:24:35:64:9c:b7:c7:88:22:25:ac:70:ca:33:da:50:70:a2Signer

Headers

DLL Characteristics

File Characteristics

Imports

wininet

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

iphlpapi

winmm

ws2_32

imm32

comctl32

gdiplus

Sections

.text Size: 1004KB - Virtual size: 1004KB

.rdata Size: 198KB - Virtual size: 198KB

.data Size: 22KB - Virtual size: 40KB

.rsrc Size: 628KB - Virtual size: 627KB

.reloc Size: 52KB - Virtual size: 51KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0d:ee:cc:f7:3f:05:11:35:54:88:70:d3:38:6e:4a:9c
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

07:8b:b5:c7:e9:a7:cb:34:5e:78:d0:20:04:20:24:00
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

fd:b2:43:90:2d:ba:04:95:45:48:28:67:13:98:7c:d9:0d:b1:c1:55:ec:c3:ba:b4:1d:25:f3:22:3a:5a:67:6d
Signer

1d:0f:58:24:35:64:9c:b7:c7:88:22:25:ac:70:ca:33:da:50:70:a2
Signer

.text
Size: 1004KB - Virtual size: 1004KB

.rdata
Size: 198KB - Virtual size: 198KB

.data
Size: 22KB - Virtual size: 40KB

.rsrc
Size: 628KB - Virtual size: 627KB

.reloc
Size: 52KB - Virtual size: 51KB