99186d7f6d7d2c525c19a5bccdd648d19fe18ac18acfc70616f20ec3e548554b

Sharing

Copy URL

Twitter E-mail

General

Target

99186d7f6d7d2c525c19a5bccdd648d19fe18ac18acfc70616f20ec3e548554b
Size

983KB
MD5

3232dd456a65a442ec4ac99e913a274b
SHA1

6213d69417cd10e429cee89054c90ef203ae4059
SHA256

99186d7f6d7d2c525c19a5bccdd648d19fe18ac18acfc70616f20ec3e548554b
SHA512

4025947c3765e84684a690464eb7c48c1d5bbe8a3b13a004127905b4a33fa3cbf1b957a1666be64945218556695fcab3a0665262d60885af4d68f964ace7213e
SSDEEP

24576:YgqkTj6EyRdrznilCdymfeKdkMBFKZFvp/z9Ht:YgHj6dd6Cdymd0lt

Score

1^/10

Malware Config

Signatures

Files

99186d7f6d7d2c525c19a5bccdd648d19fe18ac18acfc70616f20ec3e548554b
.exe windows:5 windows x86

aeed0fc9d9d4ea38315a34df4c8c1429

Code Sign

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-11-2019 00:00

Not After

04-02-2023 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-11-2019 00:00

Not After

04-02-2023 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:45

Not After

08-05-2033 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c7:5d:2a:11:61:80:df:f9:25:c7:a8:24:c5:65:7b:50:21:8c:30:18:c8:87:02:29:fa:0a:ef:7b:35:16:2c:1d
Signer

Actual PE Digest

c7:5d:2a:11:61:80:df:f9:25:c7:a8:24:c5:65:7b:50:21:8c:30:18:c8:87:02:29:fa:0a:ef:7b:35:16:2c:1d

Digest Algorithm

sha256

PE Digest Matches

false

3b:7b:ab:92:66:71:a6:7e:19:b4:ea:bb:58:0d:2d:1d:6e:e2:b9:6c
Signer

Actual PE Digest

3b:7b:ab:92:66:71:a6:7e:19:b4:ea:bb:58:0d:2d:1d:6e:e2:b9:6c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
WaitForSingleObject
CreateThread
GetVersion
ReadFile
GetWindowsDirectoryW
GetStartupInfoW
GetEnvironmentVariableW
GlobalFree
GlobalAlloc
GetUserDefaultLangID
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
Module32NextW
Module32FirstW
lstrcmpW
GlobalUnlock
GlobalLock
GlobalHandle
lstrcpynW
GetTickCount
DeviceIoControl
InitializeCriticalSection
GlobalMemoryStatus
TerminateThread
SuspendThread
SetEvent
SetCurrentDirectoryW
CreateEventW
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesW
GetCurrentDirectoryW
SetFileTime
FileTimeToSystemTime
GetFileSize
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
lstrcmpA
lstrcmpiA
SetProcessWorkingSetSize
CreateProcessW
GetVersionExW
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
MulDiv
GetLocaleInfoW
GetSystemInfo
FatalAppExitA
HeapSize
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetCurrentThread
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetCPInfo
LCMapStringW
HeapReAlloc
ExitProcess
RtlUnwind
HeapSetInformation
TlsFree
TlsAlloc
ReleaseMutex
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
TlsGetValue
GetSystemTime
FormatMessageW
OutputDebugStringW
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
GetSystemTimeAsFileTime
CreateFileA
DecodePointer
EncodePointer
InterlockedExchange
Sleep
LocalFree
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
GetLocalTime
SetFilePointer
GetCurrentProcessId
SetConsoleCtrlHandler
OpenProcess
WideCharToMultiByte
lstrcpyW
GetCommandLineW
CopyFileW
GetTempPathW
GetTempFileNameW
DeleteFileW
LoadLibraryExW
MultiByteToWideChar
FindNextFileW
FindFirstFileW
FindClose
lstrlenA
SetLastError
lstrcmpiW
GetModuleHandleW
CreateDirectoryW
FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
CreateFileW
WriteFile
CloseHandle
GetCurrentThreadId
CreateMutexW
GetProcAddress
FreeLibrary
GetModuleFileNameW
LoadLibraryW
lstrlenW
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
RaiseException
EnterCriticalSection
GetConsoleCP
VirtualQuery

user32

PeekMessageW
CharNextW
GetMessageW
TranslateMessage
DispatchMessageW
FindWindowW
IsIconic
SetForegroundWindow
GetClassInfoW
RegisterClassW
LoadStringW
UnregisterClassA
ShowWindow
PostMessageW
SetWindowLongW
GetCursorPos
LoadCursorW
RegisterClassExW
CreateAcceleratorTableW
GetWindowTextLengthW
RegisterWindowMessageW
DialogBoxIndirectParamW
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
HideCaret
DestroyMenu
LoadMenuW
GetSubMenu
EnableMenuItem
GetKeyState
IsDialogMessageW
PostQuitMessage
LoadImageW
UpdateWindow
SetRect
IsRectEmpty
CreateCaret
GetClassInfoExW
DestroyAcceleratorTable
GetDesktopWindow
FillRect
ReleaseCapture
GetClassNameW
DestroyWindow
MessageBoxW
GetActiveWindow
CreateDialogParamW
DefWindowProcW
SendMessageW
CreateWindowExW
GetClientRect
RedrawWindow
GetParent
OffsetRect
DrawTextW
IsWindow
PtInRect
ReleaseDC
GetDC
BeginPaint
EndPaint
DialogBoxParamW
GetWindowLongW
CallWindowProcW
EnumDisplayDevicesW
GetSystemMetrics
SetLayeredWindowAttributes
SetTimer
KillTimer
SetWindowRgn
SetWindowPos
GetWindowRect
IsChild
SetCapture
ShowCaret
SetCaretPos
wsprintfW
SetCursor
InvalidateRgn
ClientToScreen
GetSysColor
MapDialogRect
SetWindowContextHelpId
SendDlgItemMessageW
SetWindowTextW
GetWindow
MonitorFromWindow
GetMonitorInfoW
EndDialog
GetFocus
EnableWindow
GetWindowTextW
FindWindowExW
SetDlgItemTextW
SetFocus
MoveWindow
CharLowerW
IsWindowEnabled
SendMessageTimeoutW
ExitWindowsEx
ScreenToClient
MapWindowPoints
GetDlgItem
IsWindowVisible
InvalidateRect

gdi32

EnumFontFamiliesW
GetStockObject
GetObjectW
CreateSolidBrush
CreateRectRgn
CreatePolygonRgn
CombineRgn
SetTextColor
CreateFontIndirectW
BitBlt
CreatePen
SelectObject
Rectangle
ExtTextOutW
SetBkColor
CreateCompatibleDC
SetViewportOrgEx
CreateCompatibleBitmap
GetDeviceCaps
CreateFontW
DeleteObject
DeleteDC
SetBkMode

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ExtractIconExW
ShellExecuteW
SHCreateDirectoryExW

ole32

CoTaskMemAlloc
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoInitialize
OleInitialize
CoUninitialize
OleUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

oleaut32

SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
VariantChangeType
SysAllocStringLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SysAllocString

shlwapi

PathIsRelativeW
PathFileExistsW
SHGetValueW
PathAppendW
PathRemoveFileSpecW
SHSetValueW
StrCmpNA
PathRemoveBackslashW
StrCmpNIW
StrCmpNW
PathIsDirectoryW
PathCanonicalizeW
PathFindExtensionW
PathRemoveExtensionW
PathRenameExtensionW
PathFindFileNameW
StrCmpW
StrToIntExW
SHSetValueA
SHGetValueA
StrRChrA
PathCombineW

comctl32

_TrackMouseEvent
InitCommonControlsEx

iphlpapi

GetAdaptersInfo
GetNetworkParams

version

VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

HttpQueryInfoW
HttpQueryInfoA
InternetErrorDlg
InternetOpenUrlW
InternetCrackUrlW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpAddRequestHeadersA
InternetQueryOptionW
InternetSetOptionW
HttpSendRequestW
InternetConnectW
InternetReadFile
InternetOpenW
InternetCloseHandle

urlmon

URLDownloadToCacheFileW

ws2_32

gethostname
gethostbyname
inet_ntoa

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

riched20

ord4

netapi32

Netbios

Sections

.text
Size: 612KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aeed0fc9d9d4ea38315a34df4c8c1429

Code Sign

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7eCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:deCertificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

c7:5d:2a:11:61:80:df:f9:25:c7:a8:24:c5:65:7b:50:21:8c:30:18:c8:87:02:29:fa:0a:ef:7b:35:16:2c:1dSigner

3b:7b:ab:92:66:71:a6:7e:19:b4:ea:bb:58:0d:2d:1d:6e:e2:b9:6cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

iphlpapi

version

wininet

urlmon

ws2_32

wintrust

crypt32

riched20

netapi32

Sections

.text Size: 612KB - Virtual size: 612KB

.rdata Size: 133KB - Virtual size: 132KB

.data Size: 43KB - Virtual size: 64KB

.rsrc Size: 174KB - Virtual size: 174KB

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

c7:5d:2a:11:61:80:df:f9:25:c7:a8:24:c5:65:7b:50:21:8c:30:18:c8:87:02:29:fa:0a:ef:7b:35:16:2c:1d
Signer

3b:7b:ab:92:66:71:a6:7e:19:b4:ea:bb:58:0d:2d:1d:6e:e2:b9:6c
Signer

.text
Size: 612KB - Virtual size: 612KB

.rdata
Size: 133KB - Virtual size: 132KB

.data
Size: 43KB - Virtual size: 64KB

.rsrc
Size: 174KB - Virtual size: 174KB