e63d863eabe015ca54f9e861311d5da28da173b4a80380915f8e3cc6b18af9af

Sharing

Copy URL

Twitter E-mail

General

Target

e63d863eabe015ca54f9e861311d5da28da173b4a80380915f8e3cc6b18af9af
Size

1.5MB
MD5

2cc1a1c7b21796bc122818973528bb92
SHA1

2082c07cd63aba5497ae52e27c46a5a8ce46f206
SHA256

e63d863eabe015ca54f9e861311d5da28da173b4a80380915f8e3cc6b18af9af
SHA512

948fa5b1455814941d3dc0f22df3c54151f6f71e47e0f283702daf36c311fd2edf92e54905c17ec3bb5b7c551229ded135466b2c4e4e8949f7297f9794b7f627
SSDEEP

24576:Sx72lHcozyTe1YtamSHyLrio39zbnWYECFxr2euhc/0vlyz4Hnw0N9:87uZeLrio39GYEcr2euhw0vpHnw0

Score

1^/10

Malware Config

Signatures

Files

e63d863eabe015ca54f9e861311d5da28da173b4a80380915f8e3cc6b18af9af
.exe windows:5 windows x86 arch:x86

af05747aa42309e7608c8bd769875a8a

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

28/01/2021, 11:08

Not After

01/03/2032, 11:08

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fe:73:59:61:78:fa:94:c7:a8:37:ba:cf:0b:b8:17:6b:8d:2f:ac:ad:04:8b:c3:69:71:a4:a8:06:1c:51:aa:ee
Signer

Actual PE Digest

fe:73:59:61:78:fa:94:c7:a8:37:ba:cf:0b:b8:17:6b:8d:2f:ac:ad:04:8b:c3:69:71:a4:a8:06:1c:51:aa:ee

Digest Algorithm

sha256

PE Digest Matches

false

1f:14:04:ba:76:84:56:86:eb:f0:a5:32:41:d9:78:6c:fb:c0:51:3c
Signer

Actual PE Digest

1f:14:04:ba:76:84:56:86:eb:f0:a5:32:41:d9:78:6c:fb:c0:51:3c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileTime
GetUserDefaultLangID
GetFileSizeEx
FlushInstructionCache
GetThreadLocale
SetThreadLocale
GetShortPathNameW
GetLocalTime
GetCommandLineW
GetModuleHandleExW
ResetEvent
OpenMutexW
WaitForMultipleObjects
GetStartupInfoW
GlobalReAlloc
lstrcmpW
lstrcpyW
lstrcpynW
GetCurrentThread
GetProcessId
SetCurrentDirectoryW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
FindClose
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetFileAttributesW
WriteFile
DeviceIoControl
LocalAlloc
SuspendThread
SetThreadContext
GetThreadContext
ResumeThread
VirtualQuery
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
FlushFileBuffers
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
SetStdHandle
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
HeapCreate
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
CreateThread
ExitThread
ExitProcess
IsDebuggerPresent
UnhandledExceptionFilter
TlsFree
TlsAlloc
ReleaseMutex
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
OutputDebugStringW
TlsGetValue
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SetFilePointer
CreateDirectoryW
DeleteFileW
SetFileAttributesW
OpenProcess
GetTickCount
GetExitCodeProcess
CreateProcessW
GetSystemInfo
ReadFile
InterlockedExchange
GlobalUnlock
GlobalLock
SetEvent
CreateEventW
lstrlenA
WaitForSingleObject
SetLastError
CloseHandle
CreateFileW
GetCurrentProcessId
WideCharToMultiByte
GetPrivateProfileIntW
GetVersion
GetEnvironmentVariableW
GetSystemDirectoryW
GetSystemWindowsDirectoryW
SetErrorMode
VirtualProtect
GetModuleHandleA
SetUnhandledExceptionFilter
CreateMutexW
TerminateProcess
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
MultiByteToWideChar
GetLastError
lstrcmpiW
GetModuleHandleW
GetCurrentThreadId
GetCurrentProcess
FreeLibrary
SizeofResource
Sleep
InterlockedCompareExchange
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
GetVersionExW
lstrlenW
RaiseException
FreeResource
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsW
GetModuleFileNameW
GetProcAddress
GetWindowsDirectoryW
MulDiv
FindResourceExW
FindResourceW
LoadResource
LockResource
GetUserDefaultLCID

user32

GetClassNameW
GetDoubleClickTime
AttachThreadInput
ReleaseDC
UnregisterClassA
GetDC
LoadImageW
GetSystemMetrics
DefWindowProcW
CharNextW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DestroyWindow
FindWindowW
LoadCursorW
SetLayeredWindowAttributes
GetAsyncKeyState
DialogBoxIndirectParamW
DestroyAcceleratorTable
InvalidateRgn
ClientToScreen
CreateAcceleratorTableW
GetSysColor
SetFocus
GetFocus
IsChild
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
DestroyIcon
UpdateLayeredWindow
EnumChildWindows
LoadIconW
SetCursor
DrawIconEx
GetActiveWindow
MessageBoxW
FindWindowExW
CreateWindowExW
IsRectEmpty
GetDlgCtrlID
GetShellWindow
WaitForInputIdle
CopyRect
GetForegroundWindow
GetClassInfoExW
RegisterClassExW
EndDialog
TrackMouseEvent
EqualRect
RedrawWindow
wsprintfW
MoveWindow
MonitorFromWindow
GetMonitorInfoW
PrintWindow
RegisterWindowMessageW
SendMessageTimeoutW
GetWindowDC
IsWindowVisible
GetWindowThreadProcessId
GetWindow
GetDesktopWindow
SystemParametersInfoW
IsWindow
CallWindowProcW
GetDlgItem
BringWindowToTop
PostQuitMessage
SetActiveWindow
SetForegroundWindow
ShowWindow
SetTimer
ScreenToClient
BeginPaint
EndPaint
GetCursorPos
WindowFromPoint
KillTimer
GetWindowLongW
GetWindowRect
MapWindowPoints
SetWindowPos
SetWindowLongW
GetCapture
SetCapture
ReleaseCapture
PostMessageW
InvalidateRect
OffsetRect
GetParent
SendMessageW
UpdateWindow
GetClientRect
GetClassLongW
FillRect
IntersectRect
DrawTextW
PtInRect
SetRectEmpty

gdi32

CreateCompatibleBitmap
BitBlt
CreateDCW
GetDIBits
SetStretchBltMode
StretchBlt
SelectObject
DeleteEnhMetaFile
CreateCompatibleDC
DeleteObject
GetObjectW
GetStockObject
EnumFontFamiliesExW
CreateFontIndirectW
PlayEnhMetaFile
GetEnhMetaFileHeader
SetEnhMetaFileBits
GetDeviceCaps
SetTextColor
GetTextColor
SetBkMode
GetTextExtentPoint32W
GetClipBox
ExcludeClipRect
SetViewportOrgEx
OffsetViewportOrgEx
IntersectClipRect
SaveDC
RestoreDC
SetBkColor
ExtTextOutW
SetDIBits
SetDIBColorTable
CreateDIBSection
CreateSolidBrush
DeleteDC
DPtoLP
TextOutW

advapi32

RegQueryValueExA
RegCloseKey
FreeSid
EqualSid
IsValidSid
AllocateAndInitializeSid
GetTokenInformation
DuplicateTokenEx
SaferCloseLevel
CreateProcessAsUserW
SaferComputeTokenFromLevel
SaferCreateLevel
OpenProcessToken
RevertToSelf
ImpersonateLoggedOnUser
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW

shell32

Shell_NotifyIconW
ShellExecuteExW
SHFileOperationW
ShellExecuteW
SHAppBarMessage
SHCreateDirectoryExW
SHGetFolderPathW

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
OleUninitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
CoInitializeEx
CoInitializeSecurity

oleaut32

SafeArrayDestroy
VariantCopy
SafeArrayCopy
SafeArrayGetVartype
SafeArrayGetUBound
SafeArrayGetLBound
OleCreateFontIndirect
DispCallFunc
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
VariantInit
LoadTypeLi
LoadRegTypeLi
SysAllocStringLen
VarBstrCmp
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
VarUI4FromStr
SafeArrayUnlock
SafeArrayLock

shlwapi

PathRemoveFileSpecW
PathAppendW
PathFileExistsW
SHGetValueW
StrStrW
StrStrIW
PathCombineW
SHDeleteValueW
PathIsRelativeW
PathCanonicalizeW
StrCmpIW
PathIsDirectoryW
PathIsRootW
PathFindFileNameW
PathAddBackslashW
PathRemoveArgsW
PathUnquoteSpacesW
SHQueryValueExW
StrStrIA
SHSetValueW

comctl32

InitCommonControlsEx

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

imm32

ImmDisableIME

rpcrt4

NdrClientCall2
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingFree

Sections

.text
Size: 951KB - Virtual size: 950KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

af05747aa42309e7608c8bd769875a8a

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7eCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:deCertificate

Extended Key Usages

Key Usages

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

fe:73:59:61:78:fa:94:c7:a8:37:ba:cf:0b:b8:17:6b:8d:2f:ac:ad:04:8b:c3:69:71:a4:a8:06:1c:51:aa:eeSigner

1f:14:04:ba:76:84:56:86:eb:f0:a5:32:41:d9:78:6c:fb:c0:51:3cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

imm32

rpcrt4

Sections

.text Size: 951KB - Virtual size: 950KB

.rdata Size: 187KB - Virtual size: 187KB

.data Size: 29KB - Virtual size: 53KB

.rsrc Size: 192KB - Virtual size: 192KB

Size: 153KB - Virtual size: 153KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

fe:73:59:61:78:fa:94:c7:a8:37:ba:cf:0b:b8:17:6b:8d:2f:ac:ad:04:8b:c3:69:71:a4:a8:06:1c:51:aa:ee
Signer

1f:14:04:ba:76:84:56:86:eb:f0:a5:32:41:d9:78:6c:fb:c0:51:3c
Signer

.text
Size: 951KB - Virtual size: 950KB

.rdata
Size: 187KB - Virtual size: 187KB

.data
Size: 29KB - Virtual size: 53KB

.rsrc
Size: 192KB - Virtual size: 192KB