4d20ddbb1ad524a56fac720020b7c4a4e4601351e813eb41c8511c033173d93a

Sharing

Copy URL Twitter E-mail

General

Target

4d20ddbb1ad524a56fac720020b7c4a4e4601351e813eb41c8511c033173d93a
Size

250KB
MD5

07c39cc37fc5a625d037e47c2de67140
SHA1

82ad9cd046cde4e18843fd6ba04a165f045265c7
SHA256

4d20ddbb1ad524a56fac720020b7c4a4e4601351e813eb41c8511c033173d93a
SHA512

e2aece98127ac8391d94133e92f85545d23305d84eca65d75ff86822a703953b72eac80a2f8f62230508bab72aa5db039eb2bb58ea982720f81766e44654b5e2
SSDEEP

3072:/RNJJlRfIeRLyBpgZWTRYmXmH3kyJvo85vebVr8ozdnaBhXhlYFH9mQHWXXSWqH+:pNJJLBtywWTRYmXmzJoNr8oNKhkF5g

Score

1^/10

Malware Config

Signatures

Files

4d20ddbb1ad524a56fac720020b7c4a4e4601351e813eb41c8511c033173d93a
.exe windows:5 windows x64 arch:x64

7022f8553a6b176845c1e46eb6e65139

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:6c:a4:cc:30:22:56:16:b9:17:ca:df
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

17/11/2020, 07:39

Not After

18/11/2023, 07:39

Subject

CN=iFLYTEK Co.\,Ltd.,OU=云计算研究院,O=iFLYTEK Co.\,Ltd.,L=Hefei,ST=Anhui,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

93:4f:ae:fe:d1:a3:91:ef:c3:68:e8:e3:4b:2c:70:55:7e:f2:0d:a6:0b:de:dc:78:48:21:30:f6:40:bb:4e:a3
Signer

Actual PE Digest

93:4f:ae:fe:d1:a3:91:ef:c3:68:e8:e3:4b:2c:70:55:7e:f2:0d:a6:0b:de:dc:78:48:21:30:f6:40:bb:4e:a3

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FreeLibrary
GetCurrentProcess
WaitForSingleObject
GetProcAddress
LoadLibraryA
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
GetCommandLineA
RaiseException
RtlPcToFileHeader
GetCPInfo
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
LCMapStringW
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
FlsAlloc
HeapSize
GetModuleHandleW
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
GetLocaleInfoW
FatalAppExitA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
CloseHandle
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
SetConsoleCtrlHandler
LoadLibraryW
WriteConsoleW
SetStdHandle
CreateFileW

Sections

.text
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7022f8553a6b176845c1e46eb6e65139

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

3e:6c:a4:cc:30:22:56:16:b9:17:ca:dfCertificate

Extended Key Usages

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

93:4f:ae:fe:d1:a3:91:ef:c3:68:e8:e3:4b:2c:70:55:7e:f2:0d:a6:0b:de:dc:78:48:21:30:f6:40:bb:4e:a3Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 174KB - Virtual size: 174KB

.rdata Size: 43KB - Virtual size: 42KB

.data Size: 8KB - Virtual size: 18KB

.pdata Size: 10KB - Virtual size: 10KB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 908B

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

3e:6c:a4:cc:30:22:56:16:b9:17:ca:df
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

93:4f:ae:fe:d1:a3:91:ef:c3:68:e8:e3:4b:2c:70:55:7e:f2:0d:a6:0b:de:dc:78:48:21:30:f6:40:bb:4e:a3
Signer

.text
Size: 174KB - Virtual size: 174KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 8KB - Virtual size: 18KB

.pdata
Size: 10KB - Virtual size: 10KB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 908B