ee1e1a8547ae6c919e211598873c9f7805301dfb7f399acf6970fbfaca52fbdc

Sharing

Copy URL

Twitter E-mail

General

Target

ee1e1a8547ae6c919e211598873c9f7805301dfb7f399acf6970fbfaca52fbdc
Size

754KB
MD5

fae564509d0e3f6a22c29390fb52b223
SHA1

b2a5714158309cb3281d0291c1bc7f87581e9d10
SHA256

ee1e1a8547ae6c919e211598873c9f7805301dfb7f399acf6970fbfaca52fbdc
SHA512

d2d69b1387a5e36c912c2843b3a279fab680b41caa825da258d2fe80cd04e5cff6073b7e7a858bc8918da474504db93acab93732b5bc6af41801d12937c8f512
SSDEEP

12288:UNQSqwdtEX2if6JIVK6wniWV0yXJKOGHnNem0WTdd7ToiKwhG6DVpmD:RSqwwX2rhnBOyZJGH5Tdd7ToVt6DVpmD

Score

1^/10

Malware Config

Signatures

Files

ee1e1a8547ae6c919e211598873c9f7805301dfb7f399acf6970fbfaca52fbdc
.exe windows:6 windows x86 arch:x86

a9c419b356870f3759f1735b88bddbea

Code Sign

23:a0:8f:03:5a:44:d8:d9:88:ff:5b:df:62:fc:c9:fb:3f:73:72:ec
Certificate

Issuer

CN=北京志翔科技股份有限公司,OU=北京志翔科技股份有限公司,O=北京志翔科技股份有限公司,L=北京,ST=北京,C=CN

Not Before

19/09/2022, 08:50

Not After

18/06/2032, 08:50

Subject

CN=北京志翔科技股份有限公司,OU=北京志翔科技股份有限公司,O=北京志翔科技股份有限公司,L=北京,ST=北京,C=CN

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fb:1a:26:d8:c3:46:39:ce:75:7f:ba:c2:37:e4:e0:f1:e6:39:de:b0
Signer

Actual PE Digest

fb:1a:26:d8:c3:46:39:ce:75:7f:ba:c2:37:e4:e0:f1:e6:39:de:b0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileW
SetThreadPriority
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
GetPrivateProfileIntW
GetCurrentDirectoryW
MoveFileExW
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
ExitThread
GetCommandLineA
RtlUnwind
SetStdHandle
GetFileType
HeapQueryInformation
IsValidCodePage
GetOEMCP
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTimeZoneInformation
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetStdHandle
ReadConsoleW
QueryPerformanceCounter
GetEnvironmentStringsW
WriteConsoleW
GetDriveTypeW
SetCurrentDirectoryW
SetEnvironmentVariableA
DuplicateHandle
UnlockFile
GetDiskFreeSpaceW
GetTempFileNameW
GetTempPathW
SetVolumeLabelW
CreateTimerQueue
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
GetThreadPriority
SetFilePointer
LockFile
GetVolumeInformationW
GetFullPathNameW
SetFileTime
LocalFileTimeToFileTime
GetFileTime
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
SetEnvironmentVariableW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
GetThreadTimes
FreeLibraryAndExitThread
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
SystemTimeToFileTime
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
SetErrorMode
lstrcmpA
GetCurrentThread
GetVersionExW
FindNextFileW
FindFirstFileW
FindClose
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
GetSystemDirectoryW
EncodePointer
LoadLibraryExW
GlobalUnlock
GlobalLock
GetModuleHandleA
SetLastError
GetACP
DecodePointer
HeapSize
RaiseException
InitializeCriticalSectionEx
HeapReAlloc
GetCommandLineW
CreateProcessA
GetFileInformationByHandle
PeekNamedPipe
GetModuleFileNameA
GetPrivateProfileStringW
CreateDirectoryW
GetFileAttributesW
VirtualQuery
LocalAlloc
UnmapViewOfFile
OpenFileMappingW
MapViewOfFile
CreateFileMappingW
GetTickCount64
ResetEvent
OpenEventW
GetCurrentThreadId
GetCurrentProcess
CreateSemaphoreW
GetStartupInfoW
TerminateProcess
OpenProcess
HeapFree
GetProcessHeap
HeapAlloc
CreateThread
GetModuleFileNameW
LocalFree
FormatMessageW
GlobalFree
GlobalAlloc
GetWindowsDirectoryW
SetEvent
OutputDebugStringA
CreateEventW
GetCurrentProcessId
WaitForSingleObject
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileSize
FlushFileBuffers
SetFileAttributesW
GetFileAttributesExW
FreeLibrary
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
GetLastError
LoadLibraryW
GetModuleHandleW
ReadFile
FindResourceW
LoadResource
LockResource
SizeofResource
WritePrivateProfileStringW
Sleep
WriteFile
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
CreateFileW
DeleteFileW
CloseHandle
FreeEnvironmentStringsW
GetTickCount

user32

GetPropW
SetPropW
RedrawWindow
ValidateRect
SetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetKeyState
IsWindowVisible
RemovePropW
DestroyWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
GetTopWindow
GetLastActivePopup
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
LoadIconW
WinHelpW
MonitorFromWindow
AdjustWindowRectEx
ScreenToClient
MapWindowPoints
GetSysColor
CopyRect
CharToOemBuffA
PtInRect
SetWindowLongW
GetWindowLongW
SetWindowTextW
IsWindowEnabled
EnableWindow
GetFocus
GetDlgCtrlID
GetDlgItem
ShowWindow
IsWindow
GetMonitorInfoW
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetDC
ReleaseDC
ClientToScreen
GetCursorPos
PostQuitMessage
GetSysColorBrush
LoadCursorW
CharUpperW
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
DestroyMenu
GetMessageW
TranslateMessage
GetActiveWindow
RealChildWindowFromPoint
SetCursor
SetTimer
KillTimer
InvalidateRect
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetSystemMetrics
GetForegroundWindow
MessageBoxW
SetWindowPos
GetWindowTextW
GetClassNameW
GetClientRect
GetWindowRect
GetWindow
GetParent
GetClassLongW
GetWindowThreadProcessId
SendMessageW
OemToCharBuffA

gdi32

TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SetMapMode
SelectObject
SaveDC
RestoreDC
RectVisible
PtVisible
GetDeviceCaps
SetBkColor
SetTextColor
CreateBitmap
DeleteDC
DeleteObject
Escape
GetClipBox
GetStockObject

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupAccountSidW
CheckTokenMembership
CreateWellKnownSid
GetTokenInformation
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
RegOpenKeyExW
ChangeServiceConfig2W
ChangeServiceConfigW
QueryServiceConfigW
RegDeleteValueW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
DeleteService
QueryServiceStatus
ControlService
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW

shell32

ShellExecuteW
ord680
SHGetFolderPathW

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW

ole32

CoTaskMemFree
CoCreateGuid
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 545KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9c419b356870f3759f1735b88bddbea

Code Sign

23:a0:8f:03:5a:44:d8:d9:88:ff:5b:df:62:fc:c9:fb:3f:73:72:ecCertificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

fb:1a:26:d8:c3:46:39:ce:75:7f:ba:c2:37:e4:e0:f1:e6:39:de:b0Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

userenv

wtsapi32

oleacc

Sections

.text Size: 545KB - Virtual size: 544KB

.rdata Size: 144KB - Virtual size: 144KB

.data Size: 18KB - Virtual size: 45KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 32KB - Virtual size: 32KB

23:a0:8f:03:5a:44:d8:d9:88:ff:5b:df:62:fc:c9:fb:3f:73:72:ec
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

fb:1a:26:d8:c3:46:39:ce:75:7f:ba:c2:37:e4:e0:f1:e6:39:de:b0
Signer

.text
Size: 545KB - Virtual size: 544KB

.rdata
Size: 144KB - Virtual size: 144KB

.data
Size: 18KB - Virtual size: 45KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 32KB