8bf5227b9fce730e71e7a29a88ca537f4801331ed64a77f495f48ceffe81ef4c

Sharing

Copy URL Twitter E-mail

General

Target

8bf5227b9fce730e71e7a29a88ca537f4801331ed64a77f495f48ceffe81ef4c
Size

1.0MB
MD5

0a932f8d4107acf4ae86df4d70eeea07
SHA1

93a64ef0d0ac7fb02fec1e739ac61d530e8b5397
SHA256

8bf5227b9fce730e71e7a29a88ca537f4801331ed64a77f495f48ceffe81ef4c
SHA512

fd1647ebfbd8cfaf0f25d7c598f1933a547c7e4189466e7ecb45951fb05a23da29e6570d666b3be15a273cf44db653b41d9becb4e15030a8e8f62c5fd4bf710c
SSDEEP

24576:Isg+ajsh9ccfJ26eIz4iuNg9+enMpUT/3teXKjt8lezx3cN0b:dg+Ushg6eriUXeM2FhgezNcN0

Score

1^/10

Malware Config

Signatures

Files

8bf5227b9fce730e71e7a29a88ca537f4801331ed64a77f495f48ceffe81ef4c
.dll regsvr32 windows:6 windows x86 arch:x86

59c7d1c021b4694c9f51e9a458b36734

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:7d:83:2e:82:ed:54:68:7a:b4:5c:3d:9c:22:9a:e4
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

28/11/2023, 23:59

Subject

CN=上海睦欣网络科技有限公司,O=上海睦欣网络科技有限公司,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:32:68:45:4d:c4:ec:56:1d:cb:f9:62:31:b2:3e:09
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/11/2020, 00:00

Not After

28/11/2023, 23:59

Subject

CN=上海睦欣网络科技有限公司,O=上海睦欣网络科技有限公司,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:fd:33:e9:80:c1:e9:80:fb:85:58:9c:ed:2a:d5:5f:39:55:6b:be:ff:f6:98:70:7a:b7:55:73:73:fb:e0:1b
Signer

Actual PE Digest

47:fd:33:e9:80:c1:e9:80:fb:85:58:9c:ed:2a:d5:5f:39:55:6b:be:ff:f6:98:70:7a:b7:55:73:73:fb:e0:1b

Digest Algorithm

sha256

PE Digest Matches

false

55:82:f2:af:aa:7e:5a:d2:a8:0c:05:92:29:c4:bc:90:ea:38:e0:5f
Signer

Actual PE Digest

55:82:f2:af:aa:7e:5a:d2:a8:0c:05:92:29:c4:bc:90:ea:38:e0:5f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
recvfrom
sendto
recv
WSASetLastError
accept
listen
select
WSAGetLastError
WSACleanup
WSAStartup
ioctlsocket
gethostname
__WSAFDIsSet

kernel32

SetThreadLocale
GlobalLock
GlobalUnlock
WideCharToMultiByte
GetTickCount
GetModuleHandleExW
LoadLibraryW
GetModuleFileNameA
DeleteFileW
GetTempPathW
GetFileAttributesW
CloseHandle
WaitForSingleObject
CreateFileW
GetFullPathNameW
ExpandEnvironmentStringsA
TryEnterCriticalSection
WriteFile
GetCurrentProcessId
FormatMessageA
GetCurrentProcess
SetThreadPriority
GetCurrentThreadId
DuplicateHandle
GetCurrentThread
GetThreadPriority
CreateThread
IsDebuggerPresent
ReadFile
GetVolumeInformationW
GetCurrentDirectoryW
GetCommandLineW
LocalFree
GetVersionExW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
GetThreadLocale
FindClose
ExpandEnvironmentStringsW
GetModuleHandleA
CreateEventW
RegisterWaitForSingleObject
UnregisterWaitEx
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
WaitForMultipleObjects
SetEvent
GetSystemInfo
VerSetConditionMask
PeekNamedPipe
MultiByteToWideChar
FindResourceW
lstrcpyW
lstrcmpiW
SizeofResource
LoadResource
GetModuleHandleW
Sleep
LeaveCriticalSection
EnterCriticalSection
EncodePointer
lstrlenW
GetModuleFileNameW
GetWindowsDirectoryW
DeleteCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
GetACP
EnumSystemLocalesW
GetUserDefaultLCID
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
LoadLibraryExW
GetProcAddress
FreeLibrary
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
GetSystemDirectoryW
VerifyVersionInfoW
OutputDebugStringW
IsValidLocale
GetStdHandle
ReadConsoleW
GetDriveTypeW
ExitThread
SetStdHandle
GetFileType
SleepEx
InitializeCriticalSection
LoadLibraryExA
WaitForSingleObjectEx
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
WriteConsoleW
ExitProcess
GetConsoleMode
GetConsoleCP
RtlUnwind
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateMutexW
ReleaseMutex
GetComputerNameW
CreateFileA
DeviceIoControl
SetThreadAffinityMask

user32

PostMessageW
FindWindowW
RegisterWindowMessageW
FindWindowExW
EnumWindows
GetWindowThreadProcessId
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CharNextW
InsertMenuW
SetMenuItemBitmaps
LoadBitmapW
GetSystemMetrics
wsprintfW

gdi32

DeleteObject

advapi32

EnumServicesStatusW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupAccountNameW
RegOpenCurrentUser
OpenSCManagerW
RegQueryInfoKeyW
RegSaveKeyW
ConvertSidToStringSidA
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptGetHashParam
CryptImportKey
CryptEncrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegRestoreKeyW

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoSetProxyBlanket
ReleaseStgMedium
CoCreateGuid
CoInitializeEx
CoTaskMemFree
CoInitializeSecurity
CoTaskMemAlloc

oleaut32

LoadTypeLi
UnRegisterTypeLi
VarUI4FromStr
VariantClear
SysFreeString
SysAllocString
SysStringLen
RegisterTypeLi

shlwapi

StrStrIW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
StrIsIntlEqualW
StrStrIA

wldap32

ord133
ord147
ord301
ord26
ord118
ord27
ord79
ord142
ord167
ord145
ord46
ord14
ord41
ord216
ord208
ord127

iphlpapi

GetAdaptersInfo

wininet

InternetCrackUrlW
InternetCheckConnectionW
HttpQueryInfoW
HttpOpenRequestW
InternetReadFile
InternetOpenA
InternetCloseHandle
InternetConnectW
HttpSendRequestA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 809KB - Virtual size: 809KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59c7d1c021b4694c9f51e9a458b36734

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0c:7d:83:2e:82:ed:54:68:7a:b4:5c:3d:9c:22:9a:e4Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0b:32:68:45:4d:c4:ec:56:1d:cb:f9:62:31:b2:3e:09Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

47:fd:33:e9:80:c1:e9:80:fb:85:58:9c:ed:2a:d5:5f:39:55:6b:be:ff:f6:98:70:7a:b7:55:73:73:fb:e0:1bSigner

55:82:f2:af:aa:7e:5a:d2:a8:0c:05:92:29:c4:bc:90:ea:38:e0:5fSigner

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

wldap32

iphlpapi

wininet

Exports

Exports

Sections

.text Size: 809KB - Virtual size: 809KB

.rdata Size: 158KB - Virtual size: 157KB

.data Size: 16KB - Virtual size: 30KB

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 34KB - Virtual size: 33KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0c:7d:83:2e:82:ed:54:68:7a:b4:5c:3d:9c:22:9a:e4
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0b:32:68:45:4d:c4:ec:56:1d:cb:f9:62:31:b2:3e:09
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

47:fd:33:e9:80:c1:e9:80:fb:85:58:9c:ed:2a:d5:5f:39:55:6b:be:ff:f6:98:70:7a:b7:55:73:73:fb:e0:1b
Signer

55:82:f2:af:aa:7e:5a:d2:a8:0c:05:92:29:c4:bc:90:ea:38:e0:5f
Signer

.text
Size: 809KB - Virtual size: 809KB

.rdata
Size: 158KB - Virtual size: 157KB

.data
Size: 16KB - Virtual size: 30KB

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 34KB - Virtual size: 33KB