f99ad122bdb3e14238f76a8aba52cd3f378e20aeb102f3a83efaae28c127ee51

Sharing

Copy URL Twitter E-mail

General

Target

f99ad122bdb3e14238f76a8aba52cd3f378e20aeb102f3a83efaae28c127ee51
Size

4.7MB
MD5

644dd94205f160dff0d5859a048b2052
SHA1

1811af75177aedd213e6508b43a7d79a1719540a
SHA256

f99ad122bdb3e14238f76a8aba52cd3f378e20aeb102f3a83efaae28c127ee51
SHA512

13a6df0109e451933770997dcf41aed1753d054e579e8e924db3bc44638d685e6977e24e4f7fe6bb8e16ec6fd4b54d817295df92a45d98b8583c9e390b36bf03
SSDEEP

98304:t8h8j7gXl0tuOzGfmx6bSbjq6YyWRBPBM0eJL:aX+JSfljyG5a

Score

1^/10

Malware Config

Signatures

Files

f99ad122bdb3e14238f76a8aba52cd3f378e20aeb102f3a83efaae28c127ee51
.exe windows:5 windows x64 arch:x64

e7ff281458ba3d5a1a9dfb79dcb92353

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:df:60:1f:14:34:fc:b5:01:11:10:6e:84:f1:93:99:5d:31:90:08:5b:24:6a:0d:9c:93:b6:b4:51:bd:af:6b
Signer

Actual PE Digest

2f:df:60:1f:14:34:fc:b5:01:11:10:6e:84:f1:93:99:5d:31:90:08:5b:24:6a:0d:9c:93:b6:b4:51:bd:af:6b

Digest Algorithm

sha256

PE Digest Matches

false

fe:3d:c6:4b:68:47:f1:42:b0:ed:58:41:2d:ba:e9:fc:07:f8:0f:ff
Signer

Actual PE Digest

fe:3d:c6:4b:68:47:f1:42:b0:ed:58:41:2d:ba:e9:fc:07:f8:0f:ff

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetAdaptersInfo

shlwapi

PathFindFileNameW
PathAppendW
PathFileExistsW
PathFindFileNameA
PathRemoveFileSpecW

ws2_32

accept
WSAIoctl
setsockopt
ntohs
listen
getsockname
getpeername
bind
WSASetLastError
select
__WSAFDIsSet
closesocket
send
socket
connect
recvfrom
recv
sendto
ioctlsocket
WSAGetLastError
WSACleanup
getaddrinfo
WSAStartup
htonl
htons
freeaddrinfo
gethostname
shutdown
gethostbyname
getservbyname
getsockopt

wldap32

ord32
ord27
ord26
ord22
ord79
ord33
ord60
ord211
ord46
ord30
ord143
ord50
ord35
ord200
ord301
ord41
ord217

crypt32

CertDuplicateCertificateContext
CertFreeCertificateContext
CertCloseStore
CertFindCertificateInStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertOpenStore

kernel32

TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
GetStringTypeW
InitializeSListHead
TlsFree
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
HeapFree
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
HeapSize
GetLastError
HeapReAlloc
RaiseException
LoadLibraryW
HeapAlloc
SwitchToThread
DecodePointer
HeapDestroy
GetProcAddress
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
WaitForSingleObject
CreateEventW
MultiByteToWideChar
SetEvent
CloseHandle
WideCharToMultiByte
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
GetTickCount
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32NextW
Process32FirstW
GetExitCodeProcess
GetFileAttributesW
GetCommandLineA
GetCommandLineW
CreateMutexW
ReleaseMutex
SetCurrentDirectoryW
CopyFileW
MoveFileW
CreateFileW
GetFileSize
GetModuleHandleExW
ExpandEnvironmentStringsW
RemoveDirectoryW
LocalAlloc
OpenEventW
GetNativeSystemInfo
LocalFree
VerSetConditionMask
VerifyVersionInfoW
SystemTimeToTzSpecificLocalTime
GetFileSizeEx
UnmapViewOfFile
SystemTimeToFileTime
CreateFileMappingW
MapViewOfFile
GetCurrentProcess
GetModuleFileNameA
Module32FirstW
Module32NextW
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
ReadFile
WriteFile
SetFilePointerEx
GetSystemTime
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
GetCurrentThreadId
HeapValidate
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
GetSystemInfo
HeapCompact
UnlockFile
CreateFileMappingA
LockFileEx
FreeLibrary
GetSystemTimeAsFileTime
FormatMessageA
QueryPerformanceCounter
FlushFileBuffers
CreateMutexA
SleepEx
GetModuleHandleA
GetSystemDirectoryA
QueryPerformanceFrequency
VerifyVersionInfoA
ExpandEnvironmentStringsA
WaitForMultipleObjects
GetFileType
GetStdHandle
PeekNamedPipe
SetLastError
FlushConsoleInputBuffer
GlobalMemoryStatus
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
ResetEvent
FileTimeToSystemTime
SetConsoleCtrlHandler
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
ExitProcess
GetACP
ReadConsoleW
GetConsoleCP
GetCurrentThread
GetTimeZoneInformation
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentDirectoryW
SetStdHandle
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
GetThreadTimes

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
wsprintfW

advapi32

CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventA
RegisterEventSourceA
DeregisterEventSource
CreateServiceW
QueryServiceStatus
ChangeServiceConfig2W
DeleteService
SetServiceObjectSecurity
ControlService
StartServiceW
QueryServiceConfigW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
OpenProcessToken
FreeSid
InitializeSecurityDescriptor
GetTokenInformation
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CloseServiceHandle
OpenSCManagerW
QueryServiceConfigA
OpenServiceW
QueryServiceStatusEx
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey

shell32

ShellExecuteExW

ntdll

RtlUnwindEx
RtlPcToFileHeader
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 537KB - Virtual size: 536KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 370KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7ff281458ba3d5a1a9dfb79dcb92353

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

2f:df:60:1f:14:34:fc:b5:01:11:10:6e:84:f1:93:99:5d:31:90:08:5b:24:6a:0d:9c:93:b6:b4:51:bd:af:6bSigner

fe:3d:c6:4b:68:47:f1:42:b0:ed:58:41:2d:ba:e9:fc:07:f8:0f:ffSigner

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

shlwapi

ws2_32

wldap32

crypt32

kernel32

user32

advapi32

shell32

ntdll

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 537KB - Virtual size: 536KB

.data Size: 370KB - Virtual size: 393KB

.pdata Size: 132KB - Virtual size: 132KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 1024B - Virtual size: 692B

.vmp0 Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 2KB - Virtual size: 1KB

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

2f:df:60:1f:14:34:fc:b5:01:11:10:6e:84:f1:93:99:5d:31:90:08:5b:24:6a:0d:9c:93:b6:b4:51:bd:af:6b
Signer

fe:3d:c6:4b:68:47:f1:42:b0:ed:58:41:2d:ba:e9:fc:07:f8:0f:ff
Signer

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 537KB - Virtual size: 536KB

.data
Size: 370KB - Virtual size: 393KB

.pdata
Size: 132KB - Virtual size: 132KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 1024B - Virtual size: 692B

.vmp0
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 2KB - Virtual size: 1KB