67fa227c5c81f66f2c1d0649f7d1dafd1626627dd3c61fa89e2efeafccb85422

Sharing

Copy URL

Twitter E-mail

General

Target

67fa227c5c81f66f2c1d0649f7d1dafd1626627dd3c61fa89e2efeafccb85422
Size

1.4MB
MD5

52591023092a69fe2d163f59ef1001c6
SHA1

2bc91a964ffac73c6278b10ff2b822a0fde74e23
SHA256

67fa227c5c81f66f2c1d0649f7d1dafd1626627dd3c61fa89e2efeafccb85422
SHA512

9e7875d6aa4e5c333e8b4f59c942c88a9d5e327fc456c413fb3af21fdc4e89cd5d7442336b2cea6c4f9b6c17194500e84233dc38e8fc05c88967de68dcc7ce21
SSDEEP

24576:wy83gAdkuC8+ExIt9lPcIha7yaVWn7gdPLE+a98Yf4jA0jZ:wD3suC8+ExW9lPcZ7/WEdw3f0lN

Score

1^/10

Malware Config

Signatures

Files

67fa227c5c81f66f2c1d0649f7d1dafd1626627dd3c61fa89e2efeafccb85422
.exe windows:5 windows x86

a726184da50465af5c2b4377e699acf1

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:45

Not After

15-04-2021 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:88:92:ab:55:15:82:07:72:f6:57:e9:fd:54:7d:3f
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

17-08-2020 00:00

Not After

16-08-2023 12:00

Subject

SERIALNUMBER=91110105306401296U,CN=北京奇元科技有限公司,OU=IT,O=北京奇元科技有限公司,ST=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:19:4b:7b:21:2d:73:ac:e1:c9:31:b8:74:5a:f4:ef:7c:5c:6e:a7:b1:cd:84:d3:a9:5c:2f:a8:e5:88:e4:e0
Signer

Actual PE Digest

a1:19:4b:7b:21:2d:73:ac:e1:c9:31:b8:74:5a:f4:ef:7c:5c:6e:a7:b1:cd:84:d3:a9:5c:2f:a8:e5:88:e4:e0

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileW
Thread32Next
SuspendThread
OpenThread
Thread32First
ResumeThread
GetExitCodeProcess
WaitForSingleObject
GetTempPathW
ReadProcessMemory
GlobalMemoryStatus
RemoveDirectoryW
SetFileAttributesW
TlsSetValue
TlsGetValue
Sleep
InterlockedCompareExchange
TlsFree
GetFileAttributesExW
SystemTimeToFileTime
FileTimeToSystemTime
GetTimeZoneInformation
GetFileAttributesW
TerminateProcess
MoveFileW
MoveFileExW
SetEnvironmentVariableW
CreateMutexA
ReleaseMutex
GetDriveTypeW
Module32NextW
Module32FirstW
ExpandEnvironmentStringsW
GetCommandLineW
GetDiskFreeSpaceExW
GetLocalTime
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
DeviceIoControl
InterlockedExchange
OpenSemaphoreW
LocalFree
ReleaseSemaphore
CompareFileTime
GetPrivateProfileSectionNamesW
GetPrivateProfileStringA
MulDiv
GetCurrentThread
GetModuleHandleExW
SetCurrentDirectoryW
SetEvent
CreateEventW
ResetEvent
OpenMutexW
TerminateThread
DisconnectNamedPipe
WaitNamedPipeW
ConnectNamedPipe
CreateNamedPipeW
CreateThread
HeapFree
HeapAlloc
GetProcessHeap
InterlockedDecrement
FindFirstFileW
ProcessIdToSessionId
HeapWalk
HeapLock
HeapUnlock
AreFileApisANSI
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
lstrcmpiA
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
GetModuleFileNameA
GetStdHandle
FatalAppExitA
HeapCreate
TlsAlloc
IsValidCodePage
GetOEMCP
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
GetStartupInfoW
ExitProcess
VirtualQuery
GetSystemInfo
VirtualProtect
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetSystemTimeAsFileTime
lstrcmpA
FreeResource
GetSystemWindowsDirectoryW
lstrlenA
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedIncrement
FindClose
WideCharToMultiByte
LoadLibraryA
InitializeCriticalSection
GetACP
GetLogicalDriveStringsW
QueryDosDeviceW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
SetLastError
GetCurrentProcess
FlushInstructionCache
RaiseException
lstrcmpW
GetModuleHandleA
OutputDebugStringW
CopyFileW
GetModuleFileNameW
GetPrivateProfileStringW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
CreateProcessW
WriteFile
SetFilePointer
GetVersion
GetSystemDirectoryW
lstrcmpiW
LoadLibraryExW
MultiByteToWideChar
FreeLibrary
GetFileSizeEx
DeleteCriticalSection
GetCurrentThreadId
LoadLibraryW
GetProcAddress
GetModuleHandleW
CreateMutexW
GetLastError
GetPrivateProfileIntW
GetCurrentProcessId
WritePrivateProfileSectionW
GetWindowsDirectoryW
CreateDirectoryW
WritePrivateProfileStringW
DeleteFileW
CreateFileW
GetFileSize
ReadFile
CloseHandle
GetPrivateProfileSectionW
GetTickCount
GetVersionExW
GetLongPathNameW
LeaveCriticalSection
EnterCriticalSection
lstrlenW

user32

GetWindowRgn
EqualRect
IsIconic
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ChildWindowFromPoint
GetDC
PrintWindow
SendMessageTimeoutW
FindWindowW
SendMessageW
UnregisterClassA
SetParent
MonitorFromPoint
PostMessageW
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DestroyWindow
ShowWindow
SetWindowLongW
CreateWindowExW
GetClassInfoExW
LoadCursorW
RegisterClassExW
CharNextW
CharLowerBuffW
WaitForInputIdle
SetForegroundWindow
GetWindowThreadProcessId
WindowFromPoint
GetSystemMetrics
SystemParametersInfoW
EnumThreadWindows
SetWindowPos
SwitchToThisWindow
BringWindowToTop
GetWindowRect
EnumDisplaySettingsW
MessageBoxW
GetParent
GetWindowLongW
CallNextHookEx
ReleaseCapture
SetCapture
UnhookWindowsHookEx
PostQuitMessage
SetCursor
mouse_event
SetWindowsHookExW
InflateRect
ClientToScreen
DrawIconEx
GetActiveWindow
LoadIconW
OffsetRect
GetDesktopWindow
GetWindowDC
ReleaseDC
InvalidateRect
IsWindowVisible
GetClassNameW
GetWindowTextW
SetLayeredWindowAttributes
IsWindow
CallWindowProcW
MoveWindow
SetWindowTextW
PtInRect
SetFocus
KillTimer
SetTimer
GetCursorPos
ScreenToClient
CopyRect
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
GetClientRect
EndDialog
DialogBoxParamW
SetWindowRgn

gdi32

GetDeviceCaps
SetDIBColorTable
StretchBlt
SetBrushOrgEx
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateRectRgn
BitBlt
GetObjectW
GetDIBits
DeleteObject
CreateRoundRectRgn
SetStretchBltMode
StretchDIBits
GetRgnBox
GetTextExtentPoint32W
SelectObject
DeleteDC

advapi32

RegOpenKeyExA
IsValidSid
EqualSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AdjustTokenPrivileges
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
DuplicateTokenEx
AllocateAndInitializeSid
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
FreeSid
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetUserNameW
OpenThreadToken
ControlService
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
SetEntriesInAclW
RegQueryValueExA
RegEnumKeyExA
LookupPrivilegeValueW

shell32

SHGetFolderPathW
ExtractIconExW
ShellExecuteExW
CommandLineToArgvW
SHChangeNotify
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CoCreateGuid

oleaut32

VariantClear
SysStringLen
VarBstrCat
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VariantInit
DispCallFunc
SysFreeString
SysAllocString
VarUI4FromStr
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

shlwapi

StrToIntExW
StrTrimA
SHDeleteValueW
SHDeleteKeyW
PathGetArgsW
SHSetValueA
PathFindExtensionW
PathRemoveExtensionW
wnsprintfW
PathUnquoteSpacesW
SHGetValueA
StrStrIA
StrStrIW
PathFileExistsW
PathAddBackslashW
PathRemoveFileSpecW
PathFindFileNameW
PathRemoveBackslashW
SHGetValueW
SHSetValueW
PathCombineW
PathAppendW
StrCmpIW
StrCmpNIW
StrCmpNW

comctl32

InitCommonControlsEx

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

imm32

ImmDisableIME

gdiplus

GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipAlloc
GdipSaveImageToFile
GdipDisposeImage
GdipFree
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCloneImage

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertGetNameStringW

ws2_32

select

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a726184da50465af5c2b4377e699acf1

Code Sign

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

08:88:92:ab:55:15:82:07:72:f6:57:e9:fd:54:7d:3fCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

a1:19:4b:7b:21:2d:73:ac:e1:c9:31:b8:74:5a:f4:ef:7c:5c:6e:a7:b1:cd:84:d3:a9:5c:2f:a8:e5:88:e4:e0Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

imm32

gdiplus

wintrust

crypt32

ws2_32

iphlpapi

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 134KB - Virtual size: 133KB

.data Size: 26KB - Virtual size: 47KB

.rsrc Size: 64KB - Virtual size: 64KB

.reloc Size: 35KB - Virtual size: 34KB

61:20:4d:b4:00:00:00:00:00:27
Certificate

08:88:92:ab:55:15:82:07:72:f6:57:e9:fd:54:7d:3f
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a1:19:4b:7b:21:2d:73:ac:e1:c9:31:b8:74:5a:f4:ef:7c:5c:6e:a7:b1:cd:84:d3:a9:5c:2f:a8:e5:88:e4:e0
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 134KB - Virtual size: 133KB

.data
Size: 26KB - Virtual size: 47KB

.rsrc
Size: 64KB - Virtual size: 64KB

.reloc
Size: 35KB - Virtual size: 34KB