d90cded9586314e198822730b51ca17def4f474e982b6d92b2da7151c9ce8392

Sharing

Copy URL Twitter E-mail

General

Target

d90cded9586314e198822730b51ca17def4f474e982b6d92b2da7151c9ce8392
Size

3.1MB
MD5

809c00111317787fc946a6fdfe5baee3
SHA1

e4034860540e29d7b2e4983b37e4d4ea8967c803
SHA256

d90cded9586314e198822730b51ca17def4f474e982b6d92b2da7151c9ce8392
SHA512

b1a6e389b6af32126ac5738a52d274a20f9dfc792a3b71a626a3c70588345a5857988ee74a859365534b9ed37cfe6cb529f225f2d02d9da46a52a45b8ac2024b
SSDEEP

98304:dp6VZP132+F0+ZTJ3kJHj6u+BLPOI00Eq6dfaIy3sYtbe:yVP2+/JoIRT6diIy3sYt

Score

1^/10

Malware Config

Signatures

Files

d90cded9586314e198822730b51ca17def4f474e982b6d92b2da7151c9ce8392
.exe windows:6 windows x86 arch:x86

35f9348d01688569fdbfa58d11412227

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:cc:0c:66:32:d0:ca:3e:68:f1:9d:80:28:50:8e:91
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

11/11/2021, 00:00

Not After

13/11/2024, 23:59

Subject

CN=NetEase Youdao Information Technology (Beijing) Co.\,Ltd.,O=NetEase Youdao Information Technology (Beijing) Co.\,Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:2d:8e:e0:0f:44:14:3f:03:3f:c9:8a:29:51:dd:7b:c3:b1:07:99:5a:56:7e:3c:26:75:3d:b5:cc:df:30:70
Signer

Actual PE Digest

65:2d:8e:e0:0f:44:14:3f:03:3f:c9:8a:29:51:dd:7b:c3:b1:07:99:5a:56:7e:3c:26:75:3d:b5:cc:df:30:70

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
lstrcatW
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetConsoleOutputCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
LCMapStringW
ExitProcess
GetStdHandle
VirtualAlloc
GetSystemInfo
HeapQueryInformation
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
GetFileAttributesA
CreateThread
GetCommandLineA
GetFileType
GetDriveTypeW
TerminateThread
GetCPInfo
GetStringTypeW
LCMapStringEx
FormatMessageA
AcquireSRWLockShared
ReleaseSRWLockShared
RaiseException
OutputDebugStringW
lstrcpynW
GetSystemTime
GetDiskFreeSpaceA
DeleteFileA
WinExec
RtlUnwind
GetFullPathNameA
LockFileEx
AreFileApisANSI
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetUserDefaultLCID
GetTempFileNameW
GetDiskFreeSpaceW
SearchPathW
GetProfileIntW
VerifyVersionInfoW
VerSetConditionMask
FindResourceExW
lstrcpyW
CreateFileA
GetWindowsDirectoryW
GetTickCount64
SetErrorMode
GetFileTime
GetFileSizeEx
GetFileAttributesExW
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetCurrentDirectoryW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GlobalGetAtomNameW
GetThreadLocale
lstrcmpiW
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindClose
FileTimeToLocalFileTime
CompareStringW
GlobalFindAtomW
LoadLibraryA
GetSystemDirectoryW
EncodePointer
GlobalAddAtomW
ResumeThread
SuspendThread
SetThreadPriority
CreateEventW
SetEvent
GetPrivateProfileIntW
lstrcmpW
lstrcmpA
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleA
GetVersionExW
GetCurrentThread
OutputDebugStringA
SetLastError
FormatMessageW
VirtualQuery
GlobalAlloc
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
FindFirstFileW
GetLocalTime
DeviceIoControl
InitializeCriticalSectionEx
WideCharToMultiByte
GetTickCount
MulDiv
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WritePrivateProfileStringW
GetPrivateProfileStringW
TerminateProcess
GetModuleFileNameW
OpenProcess
WriteFile
CreateFileW
GetTempPathW
QueryPerformanceFrequency
QueryPerformanceCounter
GetFileAttributesW
MultiByteToWideChar
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
OpenFileMappingW
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetCurrentProcessId
FreeLibrary
LoadLibraryW
CopyFileW
LocalAlloc
MoveFileW
GetCurrentProcess
IsWow64Process
CreateDirectoryW
Sleep
GetCurrentThreadId
RemoveDirectoryW
GetExitCodeProcess
WaitForSingleObject
GetLastError
CreateMutexW
GetCommandLineW
CloseHandle
LocalFree
DeleteFileW
GetModuleHandleW
GetProcAddress
FindResourceW
LoadResource
LockResource
SizeofResource
ExitThread
GetTempPathA

user32

IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
FillRect
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetTopWindow
GetClassLongW
SetWindowLongW
PtInRect
EqualRect
MapWindowPoints
AdjustWindowRectEx
CreateMenu
FindWindowW
SendMessageW
MessageBoxW
PostThreadMessageW
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
EndPaint
BeginPaint
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
CharUpperW
GetSysColorBrush
LoadCursorW
WaitMessage
SetCapture
ReleaseCapture
WindowFromPoint
CopyImage
DeleteMenu
RealChildWindowFromPoint
InvalidateRect
CharNextW
OffsetRect
CopyAcceleratorTableW
InvalidateRgn
SetRect
IntersectRect
IsRectEmpty
GetNextDlgGroupItem
MessageBeep
DestroyIcon
GetWindowRgn
SendDlgItemMessageA
SetRectEmpty
GetAsyncKeyState
LoadMenuW
BringWindowToTop
LoadAcceleratorsW
GetKeyNameTextW
MonitorFromWindow
LoadImageW
GetSystemMenu
AppendMenuW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
EnableWindow
GetWindowThreadProcessId
GetParent
TranslateAcceleratorW
UnregisterClassW
IsWindow
IsWindowVisible
GetDC
ReleaseDC
DrawTextW
GetWindow
GetForegroundWindow
ShowWindow
GetWindowLongW
SetWindowPos
SetForegroundWindow
MonitorFromPoint
GetMonitorInfoW
PostMessageW
GetWindowRect
ClientToScreen
ScreenToClient
GetCursorPos
MapVirtualKeyW
KillTimer
SetTimer
RegisterWindowMessageW
OpenClipboard
CloseClipboard
IsClipboardFormatAvailable
SetClipboardData
EmptyClipboard
GetClassNameW
GetWindowTextW
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
RemoveMenu
PostQuitMessage
SetWindowContextHelpId
MapDialogRect
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
GetActiveWindow
GetKeyState
ValidateRect
SetWindowsHookExW
CallNextHookEx
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
ShowOwnedPopups
SetCursor
IsWindowEnabled
GetLastActivePopup
DestroyWindow
CreateDialogIndirectParamW
EndDialog
GetDlgItem
GetNextDlgTabItem
CreatePopupMenu
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatW
GetMenuDefaultItem
TrackMouseEvent
UnionRect
SetParent
DrawFocusRect
DrawIconEx
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
SetLayeredWindowAttributes
EnumDisplayMonitors
DrawStateW
SetClassLongW
SetWindowRgn
DrawEdge
DrawFrameControl
IsZoomed
SetCursorPos
CopyIcon
FrameRect
LockWindowUpdate
UpdateLayeredWindow
GetComboBoxInfo
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
CharUpperBuffW
GetUpdateRect
SetActiveWindow
GetDesktopWindow
UnhookWindowsHookEx
DestroyMenu
GetMenuItemInfoW
GetSysColor
IsChild
IsMenu
CopyRect
InflateRect
SystemParametersInfoW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
SubtractRect
DestroyCursor

gdi32

RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
PatBlt
GetBkColor
GetTextColor
GetRgnBox
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
EnumFontFamiliesExW
GetClipBox
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
SelectObject
GetTextMetricsW
CreateFontIndirectW
DeleteObject
GetObjectW
GetTextExtentPoint32W
GetWindowExtEx
GetViewportExtEx
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
GetDeviceCaps
CopyMetaFileW
CreatePatternBrush
CreateBitmap
ExtTextOutW
SetBkColor
PtVisible
LineTo
IntersectClipRect
GetStockObject
GetPixel
GetObjectType
SetDIBColorTable
SetTextColor
CreateHatchBrush
CreatePen
SetBkMode

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegOpenKeyExW
RegDeleteKeyW
RegOpenKeyW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

shell32

CommandLineToArgvW
ShellExecuteExW
ShellExecuteW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHAppBarMessage
SHGetFileInfoW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW
DragFinish
DragQueryFileW

shlwapi

PathFileExistsW
PathIsDirectoryW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathRemoveFileSpecW
StrFormatKBSizeW
PathIsUNCW

uxtheme

OpenThemeData
GetThemeSysColor
GetWindowTheme
IsAppThemed
GetThemePartSize
GetCurrentThemeName
GetThemeColor
CloseThemeData
DrawThemeBackground
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeText

ole32

OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromString
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitialize
CLSIDFromProgID
StringFromGUID2
CoCreateGuid
CoInitializeEx
CoCreateInstance
IsAccelerator

oleaut32

SysStringLen
VariantClear
SysAllocString
SysFreeString
SysAllocStringLen
OleCreateFontIndirect
LoadTypeLi
VarBstrFromDate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantChangeType
VariantInit

oledlg

OleUIBusyW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

ws2_32

WSACancelAsyncRequest
WSAAsyncGetHostByName
WSAGetLastError

gdiplus

GdipCloneImage
GdipDisposeImage
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdiplusStartup
GdipFree
GdipAlloc
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdiplusShutdown

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

psapi

GetProcessImageFileNameW

rpcrt4

UuidToStringW
RpcStringFreeW

winhttp

WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpReadData
WinHttpSetOption
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpWriteData
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpCloseHandle

crypt32

CryptMsgClose
CryptDecodeObject
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CryptQueryObject
CryptMsgGetParam

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 436KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

35f9348d01688569fdbfa58d11412227

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

01:cc:0c:66:32:d0:ca:3e:68:f1:9d:80:28:50:8e:91Certificate

Extended Key Usages

Key Usages

65:2d:8e:e0:0f:44:14:3f:03:3f:c9:8a:29:51:dd:7b:c3:b1:07:99:5a:56:7e:3c:26:75:3d:b5:cc:df:30:70Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

oledlg

version

iphlpapi

ws2_32

gdiplus

oleacc

imm32

winmm

psapi

rpcrt4

winhttp

crypt32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 436KB - Virtual size: 436KB

.data Size: 29KB - Virtual size: 49KB

.rsrc Size: 159KB - Virtual size: 158KB

.reloc Size: 189KB - Virtual size: 189KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

01:cc:0c:66:32:d0:ca:3e:68:f1:9d:80:28:50:8e:91
Certificate

65:2d:8e:e0:0f:44:14:3f:03:3f:c9:8a:29:51:dd:7b:c3:b1:07:99:5a:56:7e:3c:26:75:3d:b5:cc:df:30:70
Signer

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 436KB - Virtual size: 436KB

.data
Size: 29KB - Virtual size: 49KB

.rsrc
Size: 159KB - Virtual size: 158KB

.reloc
Size: 189KB - Virtual size: 189KB