92b992fad57b2a77b0f77a1b7563e5ed1f5c708d61521b52c4a2adfb7d95a929

Sharing

Copy URL Twitter E-mail

General

Target

92b992fad57b2a77b0f77a1b7563e5ed1f5c708d61521b52c4a2adfb7d95a929
Size

3.1MB
MD5

1e0d8218ee6ca4cae26e89134ca6aaed
SHA1

1cdb0152055746be38eb3075dc2330a3eec2253e
SHA256

92b992fad57b2a77b0f77a1b7563e5ed1f5c708d61521b52c4a2adfb7d95a929
SHA512

85d56263ef4805bb43166297c94e54568643efa33ff6f6ed10d2df622250bb062c0faa249be57b2f67d35bda4038564a88668200cc737abbdc3b84c45bdd3ca4
SSDEEP

98304:hGZ5H2Dwgk9rsSNCsmpQHqshOMXkrOZDALc69DMRf:ApshDOd+c69DMRf

Score

1^/10

Malware Config

Signatures

Files

92b992fad57b2a77b0f77a1b7563e5ed1f5c708d61521b52c4a2adfb7d95a929
.exe windows:6 windows x86 arch:x86

da3a0518ac1ff1e69521339f8cd32c8e

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:78:c8:e2:85:9c:24:18:0e:aa:16:a2:ef:5d:de:1c
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/09/2020, 00:00

Not After

23/10/2023, 12:00

Subject

CN=NetEase Youdao Information Technology (Beijing) Co.\, Ltd.,O=NetEase Youdao Information Technology (Beijing) Co.\, Ltd.,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

32:fc:f0:ca:68:73:a3:36:3a:e4:a7:d6:d4:fb:52:0e:ae:ae:9c:fb:3d:83:32:45:da:d6:9a:4a:b1:af:b8:29
Signer

Actual PE Digest

32:fc:f0:ca:68:73:a3:36:3a:e4:a7:d6:d4:fb:52:0e:ae:ae:9c:fb:3d:83:32:45:da:d6:9a:4a:b1:af:b8:29

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcessModules
GetProcessImageFileNameW
GetModuleFileNameExW

kernel32

lstrcatW
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetConsoleOutputCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
ExitProcess
GetStdHandle
VirtualAlloc
GetSystemInfo
HeapQueryInformation
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineA
GetFileAttributesA
GetFileType
GetDriveTypeW
RtlUnwind
GetCPInfo
WinExec
GetStringTypeW
LCMapStringEx
FormatMessageA
AcquireSRWLockShared
ReleaseSRWLockShared
RaiseException
OutputDebugStringW
TerminateThread
lstrcpynW
GetDiskFreeSpaceA
DeleteFileA
lstrlenW
GetFullPathNameA
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetUserDefaultLCID
GetTempFileNameW
GetDiskFreeSpaceW
SearchPathW
GetProfileIntW
VerifyVersionInfoW
VerSetConditionMask
FindResourceExW
lstrcpyW
GetWindowsDirectoryW
GetTickCount64
SetErrorMode
CreateFileA
GetFileTime
GetFileSizeEx
GetFileAttributesExW
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetCurrentDirectoryW
GlobalGetAtomNameW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadLocale
lstrcmpiW
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindClose
FileTimeToLocalFileTime
CompareStringW
GlobalFindAtomW
LoadLibraryA
GetSystemDirectoryW
EncodePointer
GlobalAddAtomW
ResumeThread
SuspendThread
SetThreadPriority
CreateEventW
SetEvent
GetPrivateProfileIntW
lstrcmpW
lstrcmpA
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleA
GetVersionExW
GetCurrentThread
OutputDebugStringA
SetLastError
FormatMessageW
VirtualQuery
GlobalAlloc
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GetSystemTime
FindFirstFileW
GetLocalTime
DeviceIoControl
InitializeCriticalSectionEx
WideCharToMultiByte
GetTickCount
MulDiv
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WritePrivateProfileStringW
GetPrivateProfileStringW
TerminateProcess
WriteFile
CreateFileW
GetTempPathA
GetTempPathW
QueryPerformanceFrequency
QueryPerformanceCounter
GetFileAttributesW
MultiByteToWideChar
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
OpenFileMappingW
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetCurrentProcessId
FreeLibrary
LoadLibraryW
CopyFileW
MoveFileW
GetCurrentProcess
IsWow64Process
CreateDirectoryW
GetCurrentThreadId
RemoveDirectoryW
Sleep
GetExitCodeProcess
WaitForSingleObject
GetLastError
CreateMutexW
GetCommandLineW
LocalFree
LocalAlloc
DeleteFileW
GetModuleHandleW
GetProcAddress
CloseHandle
OpenProcess
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
SizeofResource
LockFileEx
AreFileApisANSI

user32

SetWindowTextW
CheckDlgButton
MoveWindow
FillRect
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetTopWindow
GetClassLongW
SetWindowLongW
PtInRect
EqualRect
MapWindowPoints
UnpackDDElParam
ReuseDDElParam
RegisterClipboardFormatW
GetMenuDefaultItem
GetKeyNameTextW
TrackMouseEvent
FindWindowW
SendMessageW
AdjustWindowRectEx
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
EndPaint
BeginPaint
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
CharUpperW
GetSysColorBrush
LoadCursorW
WaitMessage
SetCapture
ReleaseCapture
WindowFromPoint
CopyImage
DeleteMenu
RealChildWindowFromPoint
InvalidateRect
CharNextW
OffsetRect
CopyAcceleratorTableW
InvalidateRgn
SetRect
IntersectRect
IsRectEmpty
GetNextDlgGroupItem
MessageBeep
DestroyIcon
SendDlgItemMessageA
SetRectEmpty
UnionRect
GetAsyncKeyState
LoadMenuW
BringWindowToTop
LoadAcceleratorsW
IsDialogMessageW
GetWindowThreadProcessId
MessageBoxW
PostThreadMessageW
MonitorFromWindow
LoadImageW
GetSystemMenu
AppendMenuW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SetParent
EnableWindow
GetParent
UnregisterClassW
IsWindow
TranslateAcceleratorW
GetDC
ReleaseDC
DrawTextW
GetWindow
GetForegroundWindow
ShowWindow
GetWindowLongW
SetWindowPos
SetForegroundWindow
MonitorFromPoint
GetMonitorInfoW
PostMessageW
GetWindowRect
ClientToScreen
ScreenToClient
GetCursorPos
GetDesktopWindow
MapVirtualKeyW
KillTimer
SetTimer
RegisterWindowMessageW
OpenClipboard
CloseClipboard
IsClipboardFormatAvailable
SetClipboardData
EmptyClipboard
GetClassNameW
GetWindowTextW
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
RemoveMenu
PostQuitMessage
SetWindowContextHelpId
MapDialogRect
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
GetActiveWindow
GetKeyState
ValidateRect
SetWindowsHookExW
CallNextHookEx
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
ShowOwnedPopups
SetCursor
IsWindowEnabled
GetLastActivePopup
DestroyWindow
CreateDialogIndirectParamW
DrawFocusRect
DrawIconEx
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
SetLayeredWindowAttributes
EnumDisplayMonitors
DrawStateW
SetClassLongW
SetWindowRgn
DrawEdge
DrawFrameControl
IsZoomed
SetCursorPos
CopyIcon
FrameRect
LockWindowUpdate
UpdateLayeredWindow
GetComboBoxInfo
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
CharUpperBuffW
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
EndDialog
GetDlgItem
GetNextDlgTabItem
SetActiveWindow
UnhookWindowsHookEx
DestroyMenu
GetWindowPlacement
IsChild
GetMenuItemInfoW
GetSysColor
CopyRect
InflateRect
SystemParametersInfoW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
CreatePopupMenu
InsertMenuItemW
IsWindowVisible
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsMenu
GetWindowRgn
DestroyCursor

gdi32

RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
PatBlt
GetBkColor
GetTextColor
GetRgnBox
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
EnumFontFamiliesExW
GetClipBox
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
ExcludeClipRect
Escape
CreateSolidBrush
SelectObject
GetTextMetricsW
CreateFontIndirectW
DeleteObject
GetObjectW
GetTextExtentPoint32W
GetWindowExtEx
GetViewportExtEx
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
GetDeviceCaps
CopyMetaFileW
CreateBitmap
CreateRectRgn
ExtTextOutW
SetBkColor
SetTextColor
PtVisible
LineTo
IntersectClipRect
GetStockObject
GetPixel
GetObjectType
SetDIBColorTable
CreateHatchBrush
CreatePen
CreatePatternBrush
SetBkMode

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

shell32

ShellExecuteW
CommandLineToArgvW
ShellExecuteExW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHAppBarMessage
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragFinish
DragQueryFileW

shlwapi

PathFileExistsW
PathIsDirectoryW
PathFindExtensionW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
StrFormatKBSizeW
PathFindFileNameW

uxtheme

OpenThemeData
GetThemeSysColor
GetWindowTheme
IsAppThemed
GetThemePartSize
GetCurrentThemeName
GetThemeColor
CloseThemeData
DrawThemeBackground
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeText

ole32

IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromString
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitialize
CLSIDFromProgID
StringFromGUID2
CoCreateGuid
CoInitializeEx
CoCreateInstance

oleaut32

VarBstrFromDate
VariantCopy
SafeArrayDestroy
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
LoadTypeLi
VariantChangeType
VariantInit
SysAllocStringLen
SysFreeString
SysAllocString
VariantClear

oledlg

OleUIBusyW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

ws2_32

WSAAsyncGetHostByName
WSACancelAsyncRequest
WSAGetLastError

gdiplus

GdipGetImageWidth
GdiplusShutdown
GdipAlloc
GdipFree
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipGetImageHeight
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdiplusStartup

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

rpcrt4

RpcStringFreeW
UuidToStringW

winhttp

WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpReadData
WinHttpSetOption
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpWriteData
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpSendRequest

crypt32

CryptMsgClose
CryptDecodeObject
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CryptQueryObject
CryptMsgGetParam

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 459KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

da3a0518ac1ff1e69521339f8cd32c8e

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

07:78:c8:e2:85:9c:24:18:0e:aa:16:a2:ef:5d:de:1cCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

32:fc:f0:ca:68:73:a3:36:3a:e4:a7:d6:d4:fb:52:0e:ae:ae:9c:fb:3d:83:32:45:da:d6:9a:4a:b1:af:b8:29Signer

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

oledlg

version

iphlpapi

ws2_32

gdiplus

oleacc

imm32

winmm

rpcrt4

winhttp

crypt32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 459KB - Virtual size: 458KB

.data Size: 29KB - Virtual size: 50KB

.rsrc Size: 159KB - Virtual size: 158KB

.reloc Size: 190KB - Virtual size: 190KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

07:78:c8:e2:85:9c:24:18:0e:aa:16:a2:ef:5d:de:1c
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

32:fc:f0:ca:68:73:a3:36:3a:e4:a7:d6:d4:fb:52:0e:ae:ae:9c:fb:3d:83:32:45:da:d6:9a:4a:b1:af:b8:29
Signer

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 459KB - Virtual size: 458KB

.data
Size: 29KB - Virtual size: 50KB

.rsrc
Size: 159KB - Virtual size: 158KB

.reloc
Size: 190KB - Virtual size: 190KB