d4bb8603b3d6217f5b902e8282fc5238146849d535504de2c886a170c9a6bf52

Sharing

Copy URL Twitter E-mail

General

Target

d4bb8603b3d6217f5b902e8282fc5238146849d535504de2c886a170c9a6bf52
Size

4.0MB
MD5

5d76076073188ff352042a5e70dce84a
SHA1

db49302c3cd277ce463162a01d2321d2fc96b27e
SHA256

d4bb8603b3d6217f5b902e8282fc5238146849d535504de2c886a170c9a6bf52
SHA512

39089f97278a191ae13abc74ea44a30a60d7ae201a866d6cad715253604b383d5915446979869889b4f8ee75ec6afdf6817d04ac1788fb38b9adb49ee4037b78
SSDEEP

98304:tyaPBisa2J4oXgWxI6Wh4K59sePl9oGoNoswfVL0q:txPBisa2J4oXlGPQLNmfN0q

Score

1^/10

Malware Config

Signatures

Files

d4bb8603b3d6217f5b902e8282fc5238146849d535504de2c886a170c9a6bf52
.exe windows:5 windows x86

98fd2211ffacc7ab81bf640e1bac58dc

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:cd:a9:22:b9:60:01:a5:d8:68:dc:b1:d2:06:ce:00
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

02/08/2022, 00:00

Not After

02/08/2023, 23:59

Subject

SERIALNUMBER=91510107MAACGC6JXL,CN=Chengdu Duojiayu Network Technology Co.\, Ltd.,O=Chengdu Duojiayu Network Technology Co.\, Ltd.,ST=四川省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:81:6a:c2:8d:c1:8d:a6:06:eb:9c:5e:53:db:38:cd:1f:59:2c:9e:c3:59:63:3a:13:d6:bd:bc:9b:bb:49:9f
Signer

Actual PE Digest

af:81:6a:c2:8d:c1:8d:a6:06:eb:9c:5e:53:db:38:cd:1f:59:2c:9e:c3:59:63:3a:13:d6:bd:bc:9b:bb:49:9f

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SleepEx
FormatMessageA
FreeLibrary
WaitForMultipleObjects
GetFileType
GetStdHandle
PeekNamedPipe
ExpandEnvironmentStringsA
VerSetConditionMask
LoadLibraryA
GetModuleHandleA
VerifyVersionInfoA
SetEndOfFile
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
SetStdHandle
GetTimeZoneInformation
GetFileAttributesW
lstrcpyW
ReadConsoleW
GetConsoleMode
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
LoadLibraryExW
RtlUnwind
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
GetCPInfo
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
SetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedDecrement
InterlockedIncrement
lstrcpynW
MulDiv
LocalFileTimeToFileTime
SetFileTime
SetFilePointer
GetCurrentDirectoryW
SetLastError
ExitProcess
GetConsoleCP
CreateMutexW
IsBadCodePtr
CopyFileW
SetCurrentDirectoryW
CreateEventW
FreeResource
lstrlenW
LocalFree
FormatMessageW
DeleteFileW
FindClose
FindNextFileW
OutputDebugStringW
DeleteFileA
GetTickCount
SystemTimeToFileTime
GetCurrentProcessId
GetLocalTime
GetExitCodeProcess
GlobalUnlock
lstrcmpiW
CreateDirectoryA
GetACP
GetModuleHandleW
GetProcessHeap
MultiByteToWideChar
DeleteCriticalSection
GetFileSize
GlobalLock
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
CreateThread
LoadLibraryW
GetSystemInfo
RaiseException
CloseHandle
HeapReAlloc
Process32FirstW
GlobalAlloc
LockResource
GetSystemDirectoryA
Process32NextW
GetLastError
GetDiskFreeSpaceA
Sleep
CreateToolhelp32Snapshot
HeapSize
OpenProcess
CreateFileW
WaitForSingleObject
GetTempPathW
InitializeCriticalSectionAndSpinCount
GetProcessId
GetModuleFileNameW
TerminateProcess
WriteFile
GetCurrentProcess
HeapFree
SizeofResource
ReadFile
CreateDirectoryW
WideCharToMultiByte
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

DrawTextW
CharPrevW
GetWindowRgn
UpdateLayeredWindow
SetWindowRgn
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
wsprintfW
CharLowerA
SendMessageW
PostMessageW
GetGUIThreadInfo
SetForegroundWindow
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
GetCaretPos
ClientToScreen
IsWindowEnabled
UpdateWindow
EqualRect
PostQuitMessage
SetTimer
MessageBoxW
IsZoomed
MoveWindow
ShowWindow
GetWindowRect
FindWindowA
LoadIconW
GetMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
IsWindow
DestroyWindow
SetWindowPos
IsWindowVisible
IsIconic
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
KillTimer
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetCursorPos
ScreenToClient
MapWindowPoints
GetSysColor
IntersectRect
UnionRect
OffsetRect
IsRectEmpty
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
GetWindow
LoadImageW
MonitorFromWindow
GetMonitorInfoW
SetCursor
InflateRect
LoadCursorW
DefWindowProcW
CallWindowProcW
GetPropW
SetPropW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
EnableWindow
GetClassInfoExW
RegisterClassW
RegisterClassExW
MessageBoxW
CharUpperBuffW

gdi32

AddFontMemResourceEx
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreatePen
RemoveFontMemResourceEx
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetBitmapBits
SetBitmapBits
Rectangle
SaveDC
RestoreDC
SelectObject
CloseEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
CreateRectRgn
PtInRegion
CreateDIBSection
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
GetObjectA
MoveToEx
TextOutW
GdiFlush
CreateFontIndirectW
GetTextExtentPointA
CreatePatternBrush

advapi32

CryptHashData
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptAcquireContextA
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegQueryInfoKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
ord155
ord190
ShellExecuteW
DragQueryFileW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathA
SHGetFolderPathW

ole32

OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
CoInitialize
CoUninitialize
CoCreateInstance
CoCreateGuid
DoDragDrop

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

shlwapi

PathFileExistsA
PathFileExistsW
PathRemoveExtensionW

wldap32

ord33
ord35
ord27
ord30
ord200
ord301
ord79
ord32
ord143
ord46
ord211
ord60
ord50
ord41
ord26
ord22

ws2_32

WSAStartup
WSACreateEvent
WSAEventSelect
WSACleanup
gethostbyname
gethostname
socket
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
setsockopt
WSAIoctl
getaddrinfo
freeaddrinfo
accept
ioctlsocket
ntohs
WSAWaitForMultipleEvents
recvfrom
WSAEnumNetworkEvents
htons
sendto
inet_addr
WSAGetLastError
ntohl
listen

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

psapi

GetDeviceDriverBaseNameA
EnumDeviceDrivers

comctl32

ord17
_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdiplusStartup
GdiplusShutdown
GdipFree
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
ord1
GdipAddPathLine
GdipDeletePath
GdipCreatePath
GdipAlloc

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dem0
Size: 598KB - Virtual size: 598KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dem1
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

98fd2211ffacc7ab81bf640e1bac58dc

Code Sign

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

56:cd:a9:22:b9:60:01:a5:d8:68:dc:b1:d2:06:ce:00Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

af:81:6a:c2:8d:c1:8d:a6:06:eb:9c:5e:53:db:38:cd:1f:59:2c:9e:c3:59:63:3a:13:d6:bd:bc:9b:bb:49:9fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wldap32

ws2_32

iphlpapi

psapi

comctl32

gdiplus

imm32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 271KB - Virtual size: 271KB

.data Size: 9KB - Virtual size: 15KB

.dem0 Size: 598KB - Virtual size: 598KB

.dem1 Size: 57KB - Virtual size: 56KB

.reloc Size: 57KB - Virtual size: 56KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

56:cd:a9:22:b9:60:01:a5:d8:68:dc:b1:d2:06:ce:00
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

af:81:6a:c2:8d:c1:8d:a6:06:eb:9c:5e:53:db:38:cd:1f:59:2c:9e:c3:59:63:3a:13:d6:bd:bc:9b:bb:49:9f
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 271KB - Virtual size: 271KB

.data
Size: 9KB - Virtual size: 15KB

.dem0
Size: 598KB - Virtual size: 598KB

.dem1
Size: 57KB - Virtual size: 56KB

.reloc
Size: 57KB - Virtual size: 56KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB