2811f39ef6663195903f71d8ee928fb4e1278b4cd634b5a169ed315f6531c686

Sharing

Copy URL Twitter E-mail

General

Target

2811f39ef6663195903f71d8ee928fb4e1278b4cd634b5a169ed315f6531c686
Size

447KB
MD5

c1d016a4212c05e9c840be87ef2ff0d0
SHA1

921074f1258722136badff7f5b3c1eeee3c512ec
SHA256

2811f39ef6663195903f71d8ee928fb4e1278b4cd634b5a169ed315f6531c686
SHA512

b211aff265ac7a4d2cf11a1db87c80fd117f1542ca56e39a7bd479d4c97de1e3fcabace51400299adfeaae328d6830ee4ce0b72d3186980e235c3b3ec2ad357f
SSDEEP

12288:PrrLiBeLyMToGoq/JsPj1ekxBjvrEH7uxl6:fLF9/JujM4rEH7uxc

Score

1^/10

Malware Config

Signatures

Files

2811f39ef6663195903f71d8ee928fb4e1278b4cd634b5a169ed315f6531c686
.dll windows:5 windows x86

7503155644d51eb1d9709f5f34f21b61

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:80:60:fa:e4:3d:97:c2:81:30:15:36
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/04/2022, 01:32

Not After

04/04/2025, 01:32

Subject

SERIALNUMBER=91350105705119984B,CN=Fujian NetDragon Computer Network Information Technology Co.\,Ltd,O=Fujian NetDragon Computer Network Information Technology Co.\,Ltd,STREET=开发区君竹路83号科技发展中心大楼第四层Q475室（自贸试验区内）,L=Fuzhou,ST=Fujian,C=CN,1.3.6.1.4.1.311.60.2.1.1=#130646555a484f55,1.3.6.1.4.1.311.60.2.1.2=#130646554a49414e,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:80:60:fa:e4:3d:97:c2:81:30:15:36
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/04/2022, 01:32

Not After

04/04/2025, 01:32

Subject

SERIALNUMBER=91350105705119984B,CN=Fujian NetDragon Computer Network Information Technology Co.\,Ltd,O=Fujian NetDragon Computer Network Information Technology Co.\,Ltd,STREET=开发区君竹路83号科技发展中心大楼第四层Q475室（自贸试验区内）,L=Fuzhou,ST=Fujian,C=CN,1.3.6.1.4.1.311.60.2.1.1=#130646555a484f55,1.3.6.1.4.1.311.60.2.1.2=#130646554a49414e,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8e:f0:72:f1:9c:49:52:d5:59:f8:63:18:ec:3a:56:e9:f8:97:44:57:c8:83:0b:2f:c4:05:16:cc:c3:07:7a:3b
Signer

Actual PE Digest

8e:f0:72:f1:9c:49:52:d5:59:f8:63:18:ec:3a:56:e9:f8:97:44:57:c8:83:0b:2f:c4:05:16:cc:c3:07:7a:3b

Digest Algorithm

sha256

PE Digest Matches

false

f8:44:87:c7:2e:fc:60:5c:22:60:e5:e7:a9:a1:a8:55:ac:88:17:fa
Signer

Actual PE Digest

f8:44:87:c7:2e:fc:60:5c:22:60:e5:e7:a9:a1:a8:55:ac:88:17:fa

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

libcurl

curl_easy_perform
curl_easy_init
curl_slist_free_all
curl_easy_cleanup
curl_easy_setopt
curl_slist_append
curl_global_init

zlibwapi

ord6
ord4
ord7

kernel32

lstrcmpA
lstrlenA
GetVersionExA
lstrcmpW
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GlobalFlags
GetModuleHandleA
InterlockedExchange
CompareStringA
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitThread
CreateThread
HeapAlloc
GetCommandLineA
RtlUnwind
RaiseException
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
ExitProcess
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetStdHandle
GetModuleFileNameA
LCMapStringA
LCMapStringW
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetModuleFileNameW
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceW
CreateDirectoryW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenW
WideCharToMultiByte
GetLastError
Sleep
CloseHandle
OutputDebugStringA
GlobalAlloc
GlobalFree
GetComputerNameW
GetCurrentProcessId
CompareStringW
InterlockedIncrement
SetErrorMode
GetCurrentThreadId
TlsFree
DeleteCriticalSection
GetVolumeInformationW
LoadLibraryW
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetFullPathNameW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileW
MoveFileW
GetProcAddress
GetFileTime
GetFileSizeEx
GetFileAttributesW
SetFileAttributesW
CreateFileW
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesExW
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
FreeLibrary
InterlockedDecrement
SetLastError
GetModuleHandleW
GetLocaleInfoW

user32

GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ClientToScreen
SetWindowTextW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowTextW
GetWindowThreadProcessId
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
LoadCursorW
GetSysColor
GetSysColorBrush
UnregisterClassW
SetWindowsHookExW
CallNextHookEx
PostQuitMessage
DestroyMenu
GetTopWindow
DispatchMessageW
SendMessageW
GetKeyState
PeekMessageW
ValidateRect
CharUpperW
GetSystemMetrics
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
UnhookWindowsHookEx
wsprintfW
EnumDisplaySettingsW
ReleaseDC
GetDC

gdi32

SetMapMode
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
RestoreDC
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
SaveDC
DeleteObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetFolderPathW

shlwapi

PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathStripToRootW

oleaut32

VariantChangeType
VariantClear
VariantInit

iphlpapi

GetAdaptersInfo

Exports

Exports

??0CTQNDPCAnalyApp@@QAE@ABV0@@Z
??0CTQNDPCAnalyApp@@QAE@XZ
??0TQNDAnalyticInitModel@@QAE@XZ
??1TQNDAnalyticInitModel@@QAE@XZ
??4CTQNDPCAnalyApp@@QAEAAV0@ABV0@@Z
??4TQNDAnalyticInitModel@@QAEAAV0@ABV0@@Z
??4analyInitParam@@QAEAAU0@ABU0@@Z
??_7CTQNDPCAnalyApp@@6B@
?InitInstance@CTQNDPCAnalyApp@@UAEHXZ
?clearUserInfo@CTQNDPCAnalyApp@@QAEXXZ
?consumeFunction@CTQNDPCAnalyApp@@QAEXPBD0000@Z
?customFunction@CTQNDPCAnalyApp@@QAEXPBD00_NH0@Z
?errorFunction@CTQNDPCAnalyApp@@QAEXPBD0000@Z
?firstOpenFunction@CTQNDPCAnalyApp@@QAEXXZ
?initFunction@CTQNDPCAnalyApp@@QAEXPBD0PAVTQNDAnalyticInitModel@@_N0@Z
?loginFunction@CTQNDPCAnalyApp@@QAEXPBD0@Z
?registerFunction@CTQNDPCAnalyApp@@QAEXPBD00@Z
?sessionEndFunction@CTQNDPCAnalyApp@@AAEXXZ
?sessionStartFunction@CTQNDPCAnalyApp@@QAEXXZ
?setAnalyInitCallback@CTQNDPCAnalyApp@@QAEXQ6AX_N@Z@Z
?setUserInfo@CTQNDPCAnalyApp@@QAEXPBD0@Z
?shareInstanced@CTQNDPCAnalyApp@@SAPAV1@XZ
?showDebugLog@CTQNDPCAnalyApp@@QAEX_N@Z
?startHeartFunction@CTQNDPCAnalyApp@@QAEXXZ
?stopHeartFunction@CTQNDPCAnalyApp@@QAEXXZ
?unload@CTQNDPCAnalyApp@@QAEXXZ
?uploadBatchEvents@CTQNDPCAnalyApp@@QAEXH@Z
?writeIntoFile@CTQNDPCAnalyApp@@AAEXPBDH@Z
analyClearUserInfoFunction
analyConsumeFunction
analyCustomFunction
analyErrorFunction
analyInitCallbackSetFunction
analyInitFunction
analyLoginFunction
analyRegisterFunction
analySetUserInfoFunction
analyStartHeartFunction
analyStopHeartFunction
analyUnloadFunction

Sections

.text
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TQNDAnal
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7503155644d51eb1d9709f5f34f21b61

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

04:80:60:fa:e4:3d:97:c2:81:30:15:36Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

04:80:60:fa:e4:3d:97:c2:81:30:15:36Certificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

8e:f0:72:f1:9c:49:52:d5:59:f8:63:18:ec:3a:56:e9:f8:97:44:57:c8:83:0b:2f:c4:05:16:cc:c3:07:7a:3bSigner

f8:44:87:c7:2e:fc:60:5c:22:60:e5:e7:a9:a1:a8:55:ac:88:17:faSigner

Headers

DLL Characteristics

File Characteristics

Imports

libcurl

zlibwapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

iphlpapi

Exports

Exports

Sections

.text Size: 240KB - Virtual size: 240KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 9KB - Virtual size: 23KB

TQNDAnal Size: 512B - Virtual size: 4B

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 32KB - Virtual size: 31KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

04:80:60:fa:e4:3d:97:c2:81:30:15:36
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

04:80:60:fa:e4:3d:97:c2:81:30:15:36
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

8e:f0:72:f1:9c:49:52:d5:59:f8:63:18:ec:3a:56:e9:f8:97:44:57:c8:83:0b:2f:c4:05:16:cc:c3:07:7a:3b
Signer

f8:44:87:c7:2e:fc:60:5c:22:60:e5:e7:a9:a1:a8:55:ac:88:17:fa
Signer

.text
Size: 240KB - Virtual size: 240KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 9KB - Virtual size: 23KB

TQNDAnal
Size: 512B - Virtual size: 4B

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 32KB - Virtual size: 31KB