00e735730c09dec1b54c772b49d98677

Sharing

Copy URL

Twitter E-mail

General

Target

00e735730c09dec1b54c772b49d98677
Size

2.2MB
MD5

00e735730c09dec1b54c772b49d98677
SHA1

ce6507472805cac924ec57c8741c6edb34087519
SHA256

30a2ff8e469ba8fda106a76e49fe9a0b3f7c4a35ad50c2e8e961ee0a0d754f4f
SHA512

5d118f5411f9d9b1901c29128f723bd9eb62d96a763fc090bcd86d9670e12d9c65197affed14f43e7a8f64cf068ce9ca24fa93ab999c5307ec3d365fdb22976d
SSDEEP

49152:YXAu7VrwpLS88Hkj+JibPU2ttX6l94tcRTZpYplFxh/:YQarKLS8zSJQtx6l94tcGx

Score

1^/10

Malware Config

Signatures

Files

00e735730c09dec1b54c772b49d98677
.dll regsvr32 windows:5 windows x86 arch:x86

703cdb7afabfbdc7abe8e9a49b7be39a

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:35:01:ea:17:c5:39:29:8d:be:59:1e:52:8b:f6:60
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/02/2021, 15:35

Not After

06/03/2032, 15:35

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:a4:17:92:04:7f:09:4b:b4:04:da:5a:ea:6f:18:0e:e4:cf:ed:46:ea:34:10:69:fd:04:22:7a:70:d7:ad:b4
Signer

Actual PE Digest

5a:a4:17:92:04:7f:09:4b:b4:04:da:5a:ea:6f:18:0e:e4:cf:ed:46:ea:34:10:69:fd:04:22:7a:70:d7:ad:b4

Digest Algorithm

sha256

PE Digest Matches

true

57:62:9c:67:56:53:55:21:53:93:82:de:18:a2:ba:05:5d:4a:2c:56
Signer

Actual PE Digest

57:62:9c:67:56:53:55:21:53:93:82:de:18:a2:ba:05:5d:4a:2c:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThread
ExpandEnvironmentStringsW
GetTempPathW
CopyFileW
MoveFileExW
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
CreateFileA
CreateFileMappingA
MapViewOfFileEx
UnmapViewOfFile
VirtualAllocEx
VirtualFreeEx
CreateThread
GetComputerNameW
WriteFile
GetVersionExA
CreateDirectoryA
SetEndOfFile
SetUnhandledExceptionFilter
IsDebuggerPresent
CreateMutexW
WaitForSingleObject
ReleaseMutex
CreateEventW
VirtualProtect
IsBadStringPtrW
VirtualAlloc
RemoveVectoredExceptionHandler
VirtualFree
lstrcpyA
GlobalAlloc
CreateMutexA
MapViewOfFile
QueryDosDeviceW
DuplicateHandle
GetFileSizeEx
SetEvent
GetPrivateProfileIntA
GetPrivateProfileStringA
GetPrivateProfileSectionW
CreateRemoteThread
WaitForMultipleObjects
DeleteFileW
HeapFree
GetProcessHeap
HeapAlloc
GlobalSize
GlobalLock
GlobalUnlock
GetModuleHandleA
lstrcpynW
lstrcmpA
OpenFileMappingW
CreateFileMappingW
GetLocalTime
OpenMutexW
MulDiv
lstrcmpW
SetErrorMode
IsBadCodePtr
GetSystemTime
SystemTimeToFileTime
LoadLibraryA
IsBadWritePtr
GetExitCodeThread
OpenEventW
CreateProcessW
GetSystemDirectoryA
WriteProcessMemory
GetEnvironmentVariableW
CancelIo
GetOverlappedResult
ResetEvent
WaitNamedPipeW
ConnectNamedPipe
TlsSetValue
FlushFileBuffers
VirtualQueryEx
FindFirstFileW
FindNextFileW
FindClose
LockFileEx
UnlockFileEx
GetStartupInfoW
IsBadStringPtrA
FreeResource
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCommandLineW
Sleep
GetShortPathNameW
OpenFileMappingA
GetModuleHandleExW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
GetStdHandle
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
ExitThread
UnhandledExceptionFilter
SuspendThread
SetThreadContext
GetThreadContext
ResumeThread
HeapWalk
HeapLock
OpenThread
HeapUnlock
SetFilePointerEx
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
DeviceIoControl
HeapSize
HeapReAlloc
HeapDestroy
IsProcessorFeaturePresent
OutputDebugStringW
lstrcmpiA
DisconnectNamedPipe
GetPrivateProfileIntW
GetModuleFileNameA
OpenProcess
GetSystemInfo
GetVersionExW
SetFilePointer
LocalAlloc
GetFileAttributesW
FreeLibrary
LoadLibraryW
GetSystemDirectoryW
LocalFree
SearchPathW
GetTickCount
VirtualQuery
IsBadReadPtr
GetLongPathNameW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetFileSize
ReadFile
CreateFileW
CloseHandle
GetFileAttributesExW
GetCurrentProcessId
GetPrivateProfileStringW
InterlockedCompareExchange
lstrcpynA
TerminateProcess
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetModuleFileNameW
GetLastError
lstrlenW
TlsGetValue
SetLastError
RaiseException
GetProcAddress
lstrcmpiW
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
GetModuleHandleW
TlsAlloc
TlsFree
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
CreateNamedPipeW

user32

CopyRect
UnhookWindowsHookEx
EnumThreadWindows
RegisterWindowMessageW
GetWindowTextLengthW
GetParent
SetWindowLongW
GetWindowLongW
DefWindowProcW
CallWindowProcW
SetParent
SetWindowPos
IsWindow
ShowWindow
GetClientRect
UnregisterClassA
MoveWindow
GetSystemMetrics
RedrawWindow
IsChild
SetWindowRgn
IsRectEmpty
GetWindow
SetWindowTextW
SetForegroundWindow
GetWindowRect
ScreenToClient
InvalidateRect
EnumChildWindows
IsWindowVisible
DestroyWindow
GetClassNameW
FindWindowExW
LoadCursorW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
EnableWindow
DestroyAcceleratorTable
GetDesktopWindow
InvalidateRgn
FillRect
ReleaseCapture
SetCapture
ClientToScreen
CreateAcceleratorTableW
GetSysColor
GetDlgItem
SetFocus
GetFocus
EndDialog
DialogBoxParamW
CharNextW
GetWindowTextA
GetClassNameA
UnregisterClassW
PostThreadMessageW
SetWindowsHookExW
CallNextHookEx
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
RegisterClassW
PostQuitMessage
DrawTextW
InflateRect
OffsetRect
SetRectEmpty
SetRect
SetCursor
DestroyMenu
TrackPopupMenu
AppendMenuW
CreatePopupMenu
PtInRect
GetCursorPos
GetWindowThreadProcessId
GetWindowTextW
FindWindowW
PostMessageW
wsprintfW
EndPaint
SetTimer
KillTimer
IsWindowEnabled
BeginPaint
SendMessageW
wsprintfA
ReleaseDC
GetDC
SendMessageTimeoutW
UnhookWinEvent
SetWinEventHook

gdi32

SelectObject
DeleteDC
SetViewportOrgEx
BitBlt
GetObjectW
GetStockObject
CreateCompatibleDC
SetBkMode
SetTextColor
StretchBlt
SetBkColor
ExtTextOutW
CreatePen
MoveToEx
CreateCompatibleBitmap
CreateFontIndirectW
LineTo
CreateRectRgn
CreatePolygonRgn
CombineRgn
CreateSolidBrush
CreateBitmap
PatBlt
SetPixel
GetDeviceCaps
DeleteObject

advapi32

RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
IsValidSid
RegQueryValueExA
RegOpenKeyExA
ConvertSidToStringSidA
LookupAccountNameW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityInfo
RegCreateKeyExW
RegDeleteValueW

shell32

SHGetFolderPathA
SHGetFolderPathW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW
SHGetSpecialFolderPathA
ord51

ole32

CoCreateInstance
StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal
GetHGlobalFromStream
OleUninitialize
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
StringFromCLSID
OleRun
CoCreateGuid

oleaut32

SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
OleCreateFontIndirect
SysAllocStringLen
LoadRegTypeLi
VarUI4FromStr
GetErrorInfo
SysStringLen
SysFreeString
SysAllocString
VariantClear
DispCallFunc
VariantInit
LoadTypeLi

shlwapi

PathFileExistsA
PathCombineA
StrStrW
PathRemoveFileSpecA
UrlUnescapeA
PathRemoveExtensionW
PathRemoveBackslashW
PathIsRootW
PathIsPrefixW
StrCpyW
StrChrA
wnsprintfW
StrDupA
StrTrimA
SHGetValueA
StrCmpIW
StrCmpNIW
StrStrIW
SHGetValueW
SHSetValueW
SHDeleteKeyW
StrCpyNW
StrStrIA
PathCombineW
PathAppendW
PathFileExistsW
PathFindFileNameW
StrCmpW
StrChrW
StrDupW
PathIsDirectoryW
StrCmpNIA
PathRemoveFileSpecW
StrCmpNW
UrlGetPartW
UrlGetPartA
PathGetArgsW
PathFindExtensionW
PathMatchSpecW
AssocQueryStringW
UrlUnescapeW

psapi

GetProcessMemoryInfo
GetProcessImageFileNameW
EnumProcessModules
GetModuleInformation
GetModuleFileNameExW
GetModuleBaseNameW

oleacc

AccessibleObjectFromPoint
AccessibleObjectFromEvent

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

WSASetLastError
getpeername
WSAGetLastError
htonl
ntohl
inet_ntoa
inet_addr

netapi32

NetWkstaUserGetInfo
NetApiBufferFree

rpcrt4

RpcStringBindingComposeW
RpcStringFreeW
NdrClientCall2
NdrAsyncClientCall
RpcAsyncInitializeHandle
RpcAsyncCancelCall
RpcBindingFree
RpcBindingFromStringBindingW
RpcAsyncCompleteCall

iphlpapi

GetAdaptersInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetSafeVedioVersion
GetUrlSiteType
Initialize
IsInExplorer
IsTraystupidRealRunning
LogIEProtectInfo
SendCollectConfigInfo
SetMailGuardCallback
SetNetpayGuardState
SetSafeVedioVersion
SetWDPayProPopWndState
Start
StartF
Stop
Update
pcre_callout
pcre_compile
pcre_compile2
pcre_exec
pcre_free
pcre_malloc
pcre_stack_free
pcre_stack_malloc
safemon_100
safemon_101
safemon_102
safemon_103
safemon_104
safemon_105
safemon_106
safemon_107
safemon_108
safemon_109
safemon_110
safemon_111
safemon_112
safemon_113
safemon_114
safemon_115
safemon_116
safemon_117
safemoninit
updatesva

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.share
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARE
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

703cdb7afabfbdc7abe8e9a49b7be39a

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7eCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:deCertificate

Extended Key Usages

Key Usages

01:35:01:ea:17:c5:39:29:8d:be:59:1e:52:8b:f6:60Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

5a:a4:17:92:04:7f:09:4b:b4:04:da:5a:ea:6f:18:0e:e4:cf:ed:46:ea:34:10:69:fd:04:22:7a:70:d7:ad:b4Signer

57:62:9c:67:56:53:55:21:53:93:82:de:18:a2:ba:05:5d:4a:2c:56Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

oleacc

version

ws2_32

netapi32

rpcrt4

iphlpapi

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 304KB - Virtual size: 303KB

.data Size: 61KB - Virtual size: 192KB

.share Size: 2KB - Virtual size: 2KB

.SHARE Size: 512B - Virtual size: 4B

.rsrc Size: 37KB - Virtual size: 37KB

.reloc Size: 111KB - Virtual size: 111KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

01:35:01:ea:17:c5:39:29:8d:be:59:1e:52:8b:f6:60
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

5a:a4:17:92:04:7f:09:4b:b4:04:da:5a:ea:6f:18:0e:e4:cf:ed:46:ea:34:10:69:fd:04:22:7a:70:d7:ad:b4
Signer

57:62:9c:67:56:53:55:21:53:93:82:de:18:a2:ba:05:5d:4a:2c:56
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 304KB - Virtual size: 303KB

.data
Size: 61KB - Virtual size: 192KB

.share
Size: 2KB - Virtual size: 2KB

.SHARE
Size: 512B - Virtual size: 4B

.rsrc
Size: 37KB - Virtual size: 37KB

.reloc
Size: 111KB - Virtual size: 111KB