20a8f0473726c2af00d59d3dc417b10b2f4b3ef45ad3982d69694c9df950d445

Sharing

Copy URL

Twitter E-mail

General

Target

20a8f0473726c2af00d59d3dc417b10b2f4b3ef45ad3982d69694c9df950d445
Size

2.1MB
MD5

ab3dc54804bc1fc6bd9ec48df1dc606f
SHA1

a8f9e5d028045b869819b7099550ed4fc428b479
SHA256

20a8f0473726c2af00d59d3dc417b10b2f4b3ef45ad3982d69694c9df950d445
SHA512

26db16fcaebc4962d3852a3be3eea28f34b74e551a89783ffddfdb13021a6e3a6580c835333f2f08615b825c587da8f82e9831d14218f5e4bf66cdd99a89a079
SSDEEP

24576:ErezQPejMZY4oRyYszCdM7jss6VnpbSLzjHxU50d4ecWfOkx2LFpM7:+wQPejtyYKss6VlSLzjRUs4vWvQzK

Score

1^/10

Malware Config

Signatures

Files

20a8f0473726c2af00d59d3dc417b10b2f4b3ef45ad3982d69694c9df950d445
.exe windows:6 windows x86

e62f0c2729662232104193fa1105a951

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

58:02:43:6a:97:d7:b3:27:47:c8:21:32:9b:c6:98:c5
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13-04-2023 00:00

Not After

12-04-2024 23:59

Subject

CN=成都普商汇业科技有限公司,O=成都普商汇业科技有限公司,ST=四川省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetFileInformationByHandle
GetCurrentDirectoryW
SetFileTime
SystemTimeToFileTime
DeleteFileA
FileTimeToSystemTime
GetModuleHandleExA
SetFilePointer
FindNextFileA
OutputDebugStringA
FindFirstFileA
SetUnhandledExceptionFilter
lstrcatW
GetFileAttributesW
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetComputerNameExA
FreeLibrary
CreateProcessW
GetProcessHeap
GetCurrentProcessId
GetFileSize
MoveFileExW
LocalFree
GetProcAddress
SetFileAttributesA
HeapAlloc
LoadLibraryW
CloseHandle
HeapReAlloc
Process32FirstW
CreateFileA
Process32NextW
GetFileAttributesA
CreateToolhelp32Snapshot
SetFileAttributesW
GlobalMemoryStatusEx
GetCurrentThreadId
CreateFileW
FindClose
SetEndOfFile
GetModuleFileNameW
TerminateProcess
WriteFile
GetCurrentProcess
FindNextFileW
HeapFree
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
SetStdHandle
GetFileAttributesExW
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetModuleHandleW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapSize
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
GetFileSizeEx
FindFirstFileW
GetModuleFileNameA
ReadFile
GetStartupInfoW
CreateDirectoryW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteFileW
FormatMessageW
SetLastError
Sleep
WideCharToMultiByte
GetLocalTime
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GetEnvironmentVariableW
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
VerifyVersionInfoW
VerSetConditionMask
WaitForMultipleObjects
PeekNamedPipe
GetStdHandle
GetEnvironmentVariableA
WaitForSingleObject
MoveFileExA
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
SleepEx
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
GlobalUnlock
GlobalLock
GlobalAlloc
DosDateTimeToFileTime
DuplicateHandle
GetFileType
MulDiv
GetACP
ExitProcess
FindResourceW
SizeofResource
LoadResource
CreateMutexW
GetUserDefaultLCID
CreateDirectoryA
MultiByteToWideChar
DeleteCriticalSection
LockResource
FreeResource
RaiseException
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
DecodePointer
GetLastError
InitializeCriticalSectionEx
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
GetExitCodeThread
GetStringTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
EncodePointer
LCMapStringEx
GetSystemTimeAsFileTime

user32

GetMonitorInfoW
IsWindow
GetDC
MonitorFromPoint
wsprintfW
MessageBoxA
ShowWindow
MessageBoxW
IsIconic
ChangeWindowMessageFilter
KillTimer
MonitorFromWindow
SetWindowPos
IsWindowVisible
GetWindowRect
SetCapture
SetFocus
GetWindowLongW
GetSystemMetrics
InvalidateRgn
CreateAcceleratorTableW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
MapWindowPoints
GetSysColor
ClientToScreen
GetCaretPos
ShowCaret
HideCaret
SetRect
FillRect
DrawTextW
CharPrevW
FindWindowW
SetWindowLongW
SetForegroundWindow
ReleaseDC
GetCursorPos
PostMessageW
SendMessageW
ReleaseCapture
LoadIconW
SetTimer
MoveWindow
SystemParametersInfoW
GetMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
DestroyWindow
UpdateLayeredWindow
GetFocus
GetKeyState
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
CreateCaret
GetCaretBlinkTime
SetCaretPos
ScreenToClient
IntersectRect
UnionRect
IsRectEmpty
PtInRect
GetParent
GetWindow
IsZoomed
SetWindowRgn
DefWindowProcW
PostQuitMessage
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
EnableWindow
SetPropW
GetPropW
LoadCursorW
LoadImageW
SetCursor
OffsetRect
CharNextW
GetWindowRgn

gdi32

SaveDC
SelectObject
GetTextMetricsW
GetObjectW
CreateRoundRectRgn
CreateRectRgn
RestoreDC
CreateDIBSection
CombineRgn
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
GetObjectA
TextOutW
GetStockObject
DeleteObject
DeleteDC
GetDeviceCaps
CreateFontIndirectW
CreateCompatibleDC
BitBlt
PtInRegion
CreateCompatibleBitmap
CreatePen

advapi32

CryptEncrypt
RegCloseKey
RegCreateKeyExW
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegSetValueExW

shell32

SHGetFolderPathW
SHFileOperationW
ShellExecuteW
Shell_NotifyIconW
ord165
SHCreateDirectoryExW

ole32

CLSIDFromString
CreateStreamOnHGlobal
OleLockRunning
CLSIDFromProgID
CoCreateInstance
CoInitialize

shlwapi

PathCombineW
PathFindFileNameW
PathFileExistsA
PathRemoveFileSpecA
PathRemoveFileSpecW
PathFileExistsW
PathIsDirectoryW
PathAppendW
PathCombineA

wldap32

ord41
ord22
ord26
ord27
ord50
ord33
ord35
ord79
ord30
ord200
ord32
ord45
ord60
ord301
ord217
ord46
ord143
ord211

crypt32

CryptDecodeObjectEx
CertCreateCertificateChainEngine
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptQueryObject
CertAddCertificateContextToStore
CertFindExtension
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertGetCertificateChain
CertGetNameStringA

ws2_32

connect
socket
inet_addr
WSAAsyncSelect
closesocket
ioctlsocket
gethostname
inet_ntoa
ntohs
WSAStartup
select
gethostbyname
__WSAFDIsSet
WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
bind
getpeername
getsockname
getsockopt
setsockopt
WSASetLastError
WSAIoctl
accept
htonl
listen
getaddrinfo
freeaddrinfo
htons
send
WSAGetLastError
sendto
recv
recvfrom

dbghelp

MiniDumpWriteDump

iphlpapi

GetAdaptersAddresses

dxgi

CreateDXGIFactory

comctl32

_TrackMouseEvent
ord17

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

gdiplus

GdiplusStartup
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawLineI
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

Sections

.text
Size: 911KB - Virtual size: 910KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e62f0c2729662232104193fa1105a951

Code Sign

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

58:02:43:6a:97:d7:b3:27:47:c8:21:32:9b:c6:98:c5Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

wldap32

crypt32

ws2_32

dbghelp

iphlpapi

dxgi

comctl32

oleaut32

gdiplus

imm32

Sections

.text Size: 911KB - Virtual size: 910KB

.rdata Size: 204KB - Virtual size: 203KB

.data Size: 13KB - Virtual size: 22KB

.rsrc Size: 40KB - Virtual size: 40KB

.reloc Size: 48KB - Virtual size: 47KB

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

58:02:43:6a:97:d7:b3:27:47:c8:21:32:9b:c6:98:c5
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

.text
Size: 911KB - Virtual size: 910KB

.rdata
Size: 204KB - Virtual size: 203KB

.data
Size: 13KB - Virtual size: 22KB

.rsrc
Size: 40KB - Virtual size: 40KB

.reloc
Size: 48KB - Virtual size: 47KB