5b143423615330e59ff45f64d13f25b1c143669ccfed2052097311f46a8aeb23

Sharing

Copy URL

Twitter E-mail

General

Target

5b143423615330e59ff45f64d13f25b1c143669ccfed2052097311f46a8aeb23
Size

816KB
MD5

144352988fd173b9091ca165839329b5
SHA1

8d4fe58093b510bb3529ac254d171f877dd00aea
SHA256

5b143423615330e59ff45f64d13f25b1c143669ccfed2052097311f46a8aeb23
SHA512

193839e3e80ca78eb6c28d812addcaf0e551e4bb1b20b00d745e16d2ebba40026870dec35d37a5128d4098b8fc25cef578ac855df8370f1cb4f027b56babad6c
SSDEEP

6144:EWgfeQeZJlhjzLeONSnbmeZOCZP2buONb4gCx6gLPg9z3k9kHKXVY2gWwv:EVfC/FLvSieN1LLI9z3k9WKXVH9wv

Score

1^/10

Malware Config

Signatures

Files

5b143423615330e59ff45f64d13f25b1c143669ccfed2052097311f46a8aeb23
.exe windows:4 windows x64

e2b35909d10fb71a9216caa29f1a4128

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:7b:8b:d9:11:0d:00:8c:d6:ed:14:5c:2b:d1:df:da
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/05/2021, 00:00

Not After

30/05/2024, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,O=Beijing Kingsoft Security software Co.\,Ltd,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:3b:80:11:78:b6:7e:64:dd:ee:4e:f9:7b:f4:cc:5c:e1:43:e1:49:4b:2a:81:2e:82:16:9e:92:1b:f9:65:0c
Signer

Actual PE Digest

29:3b:80:11:78:b6:7e:64:dd:ee:4e:f9:7b:f4:cc:5c:e1:43:e1:49:4b:2a:81:2e:82:16:9e:92:1b:f9:65:0c

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindResourceExW
OpenEventW
SetEvent
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
GetCurrentThreadId
InitializeCriticalSection
GetModuleFileNameW
FindFirstFileW
FindClose
LoadLibraryW
GetProcAddress
Sleep
CloseHandle
MultiByteToWideChar
GetLastError
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
LoadResource
VirtualFreeEx
CreateToolhelp32Snapshot
Process32FirstW
lstrcmpiW
Process32NextW
OpenProcess
SetEndOfFile
WriteFile
WideCharToMultiByte
ReadFile
CreateFileW
LockResource
SizeofResource
FindResourceW
DeleteFileW
WaitForSingleObject
CreateDirectoryW
CreateFileA
SetStdHandle
SetFilePointer
RaiseException
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetACP
GetLocaleInfoA
GetThreadLocale
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RtlLookupFunctionEntry
LCMapStringA
LCMapStringW
GetCPInfo
RtlVirtualUnwind
GetOEMCP
IsValidCodePage
GetModuleHandleA
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
ExitProcess
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shlwapi

PathAppendW
PathRemoveFileSpecW
PathAddBackslashW

user32

UnregisterClassA

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2b35909d10fb71a9216caa29f1a4128

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

07:7b:8b:d9:11:0d:00:8c:d6:ed:14:5c:2b:d1:df:daCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

29:3b:80:11:78:b6:7e:64:dd:ee:4e:f9:7b:f4:cc:5c:e1:43:e1:49:4b:2a:81:2e:82:16:9e:92:1b:f9:65:0cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

user32

Sections

.text Size: 117KB - Virtual size: 117KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 7KB - Virtual size: 16KB

.pdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

07:7b:8b:d9:11:0d:00:8c:d6:ed:14:5c:2b:d1:df:da
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

29:3b:80:11:78:b6:7e:64:dd:ee:4e:f9:7b:f4:cc:5c:e1:43:e1:49:4b:2a:81:2e:82:16:9e:92:1b:f9:65:0c
Signer

.text
Size: 117KB - Virtual size: 117KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 7KB - Virtual size: 16KB

.pdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB