4ded87d82d694200e25e95c4c855e76f

Sharing

Copy URL Twitter E-mail

General

Target

4ded87d82d694200e25e95c4c855e76f
Size

1.2MB
MD5

4ded87d82d694200e25e95c4c855e76f
SHA1

1d00da5868b69f24b8816d35f76371efad576a76
SHA256

ecc0307b790bb952c38c6c5960344e8040a478755e0b028edf61c952d75c8907
SHA512

617a8372cbf86d26029ad6fc5470877d7cc957718111122742f04904e29c5e9d074ff0d5bfa31fa74937a243ee646442be9264d3ec52ff1ee1f00c407a789d24
SSDEEP

24576:69bTUhoyeYfSEgr9lfZYt+CGz+TcZa1ZUeKuJI:6oeYqEgHfZYor+TAa1ZU4JI

Score

1^/10

Malware Config

Signatures

Files

4ded87d82d694200e25e95c4c855e76f
.exe windows:5 windows x86 arch:x86

59fb259a54ae13dff8320aad50129a05

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:68:0a:95:da:e6:bd:ce:10:a2:27:ca:5c:a8:5c:86
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/07/2020, 00:00

Not After

28/07/2021, 12:00

Subject

CN=重庆趣探科技有限公司,OU=技术研发部,O=重庆趣探科技有限公司,ST=重庆市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:68:0a:95:da:e6:bd:ce:10:a2:27:ca:5c:a8:5c:86
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/07/2020, 00:00

Not After

28/07/2021, 12:00

Subject

CN=重庆趣探科技有限公司,OU=技术研发部,O=重庆趣探科技有限公司,ST=重庆市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

82:be:84:db:a2:ff:b3:86:1a:c3:b6:ba:49:5a:14:82:63:88:77:5f:ad:26:db:b3:06:8b:24:67:eb:00:c1:e4
Signer

Actual PE Digest

82:be:84:db:a2:ff:b3:86:1a:c3:b6:ba:49:5a:14:82:63:88:77:5f:ad:26:db:b3:06:8b:24:67:eb:00:c1:e4

Digest Algorithm

sha256

PE Digest Matches

true

cd:22:0b:10:70:83:54:ff:7a:c2:63:56:8f:b3:5f:87:e2:83:94:43
Signer

Actual PE Digest

cd:22:0b:10:70:83:54:ff:7a:c2:63:56:8f:b3:5f:87:e2:83:94:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetVersionExA
FreeLibrary
LoadLibraryW
MulDiv
GetTickCount
GetFullPathNameW
FreeResource
SetLastError
FindResourceW
SizeofResource
LoadResource
LockResource
InitializeCriticalSection
HeapCreate
HeapAlloc
HeapFree
HeapDestroy
DeleteCriticalSection
FlushInstructionCache
Process32Next
Process32First
GlobalAlloc
GlobalLock
GlobalUnlock
LocalFree
SetEnvironmentVariableA
LeaveCriticalSection
CreateFileW
GetProcessHeap
SetEndOfFile
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetStdHandle
GetStringTypeW
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
CreateFileA
IsValidCodePage
GetOEMCP
GetACP
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
SetFilePointer
ReadFile
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RaiseException
RtlUnwind
HeapReAlloc
GetStartupInfoW
HeapSetInformation
GetCommandLineW
CreateThread
ResumeThread
EnterCriticalSection
SetCurrentDirectoryW
GetPrivateProfileStringA
CreateMutexW
OutputDebugStringA
DeleteFileW
GetModuleFileNameA
GetSystemInfo
MoveFileA
MoveFileW
GetProcAddress
GetPrivateProfileIntW
WritePrivateProfileStringW
GetModuleFileNameW
GetVersionExW
GetPrivateProfileStringW
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
GetTempFileNameA
DeleteFileA
GetTempPathA
CloseHandle
CreateToolhelp32Snapshot
FindNextFileW
WTSGetActiveConsoleSessionId
Process32NextW
Process32FirstW
GetLocalTime
FindClose
MultiByteToWideChar
TerminateProcess
Sleep
WideCharToMultiByte
OpenProcess
ExitThread
GetSystemTimeAsFileTime
ExitProcess
InterlockedExchange
DecodePointer
EncodePointer
GetCurrentProcess
FindFirstFileW
GetLastError
CompareStringW
lstrlenA

user32

IsWindowEnabled
SetActiveWindow
DestroyWindow
PostQuitMessage
DestroyCursor
LoadCursorW
GetWindowLongW
CopyRect
IsRectEmpty
InflateRect
IntersectRect
UpdateWindow
UnionRect
SetWindowLongW
InvalidateRect
GetWindowRect
GetClientRect
SystemParametersInfoW
SetTimer
KillTimer
GetDC
ReleaseDC
SetCapture
SetFocus
SetWindowTextW
IsIconic
GetCursorPos
ReleaseCapture
GetDesktopWindow
SetWindowPos
ShowWindow
GetCapture
InvertRect
FillRect
DrawIconEx
GetActiveWindow
SendMessageW
EnableWindow
PostMessageW
IsWindow
ScreenToClient
DestroyIcon
GetForegroundWindow
MsgWaitForMultipleObjects
AppendMenuW
CreatePopupMenu
SetMenuContextHelpId
IsMenu
DestroyMenu
SetForegroundWindow
TrackPopupMenu
SetMenuInfo
GetMenuInfo
GetMenuItemCount
GetMenuItemInfoW
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
DrawTextW
IsWindowVisible
SystemParametersInfoA
GetSystemMetrics
EnableMenuItem
GetSysColor
ClientToScreen
GetMessageW
PeekMessageW
TranslateMessage
DispatchMessageW
CreateIconFromResource
LoadImageW
LoadBitmapW
EqualRect
SetRect
CharNextW
GetIconInfo
OffsetRect
PtInRect
RegisterClassExW
CreateWindowExW
GetWindow
MapWindowPoints
UnregisterClassW
CallWindowProcW
DefWindowProcW
GetDlgItem
SetCursor
GetKeyState
GetFocus
SetLayeredWindowAttributes
BeginPaint
EndPaint
GetClassNameW
TrackMouseEvent
AnimateWindow
IsZoomed
MonitorFromWindow
GetMonitorInfoW
GetParent
SetCaretPos
GetCaretBlinkTime
CreateCaret
HideCaret

gdi32

SetBkMode
GetStockObject
CreateFontIndirectW
GetClipBox
CreateRoundRectRgn
GetDeviceCaps
SetGraphicsMode
CreateBitmap
CreateCompatibleDC
SelectObject
Rectangle
StretchBlt
DeleteDC
EnumFontsW
DeleteObject
BitBlt
ExtCreatePen
CreateDIBSection
CombineRgn
PtInRegion
RectInRegion
GetRgnBox
OffsetRgn
SetRectRgn
CreateEllipticRgnIndirect
SetTextColor
GetTextColor
ExtSelectClipRgn
SaveDC
CreateRectRgnIndirect
RestoreDC
ExcludeClipRect
IntersectClipRect
CreateRectRgn
GetTextExtentPoint32W
RoundRect
Ellipse
SetWorldTransform
GetWorldTransform
SetROP2
CreateSolidBrush
SetViewportOrgEx
CreateCompatibleBitmap
CreatePen
Pie
Arc
GetObjectW
GetCurrentObject
GetViewportOrgEx
GetClipRgn
CreatePatternBrush
Polyline

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AdjustTokenPrivileges
RevertToSelf
ImpersonateLoggedOnUser
LookupPrivilegeValueW
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetSpecialFolderPathA
ShellExecuteW
ShellExecuteA
ShellExecuteExA
SHGetPathFromIDListA
SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
OleLockRunning
CoCreateInstance
OleInitialize
OleUninitialize
CreateBindCtx

oleaut32

SysFreeString
SysAllocString

wininet

HttpQueryInfoA
InternetConnectA
InternetReadFileExA
InternetCrackUrlA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetSetOptionW

netapi32

Netbios

imagehlp

MakeSureDirectoryPathExists

wtsapi32

WTSQueryUserToken

shlwapi

PathFileExistsA
PathFileExistsW
PathFindFileNameA
StrToIntExW
PathFindFileNameW
PathFindExtensionA

imm32

ImmAssociateContext
ImmReleaseContext
ImmGetContext

gdiplus

GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGraphicsClear
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipGetImageEncoders
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectI
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusShutdown
GdipCloneImage
GdiplusStartup
GdipImageGetFrameCount
GdipGetImageGraphicsContext
GdipCreateBitmapFromFile
GdipSaveImageToFile

msimg32

GradientFill
AlphaBlend

Sections

.text
Size: 775KB - Virtual size: 774KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59fb259a54ae13dff8320aad50129a05

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:68:0a:95:da:e6:bd:ce:10:a2:27:ca:5c:a8:5c:86Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:68:0a:95:da:e6:bd:ce:10:a2:27:ca:5c:a8:5c:86Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

82:be:84:db:a2:ff:b3:86:1a:c3:b6:ba:49:5a:14:82:63:88:77:5f:ad:26:db:b3:06:8b:24:67:eb:00:c1:e4Signer

cd:22:0b:10:70:83:54:ff:7a:c2:63:56:8f:b3:5f:87:e2:83:94:43Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

netapi32

imagehlp

wtsapi32

shlwapi

imm32

gdiplus

msimg32

Sections

.text Size: 775KB - Virtual size: 774KB

.rdata Size: 234KB - Virtual size: 234KB

.data Size: 29KB - Virtual size: 102KB

.rsrc Size: 135KB - Virtual size: 135KB

.reloc Size: 76KB - Virtual size: 75KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:68:0a:95:da:e6:bd:ce:10:a2:27:ca:5c:a8:5c:86
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:68:0a:95:da:e6:bd:ce:10:a2:27:ca:5c:a8:5c:86
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

82:be:84:db:a2:ff:b3:86:1a:c3:b6:ba:49:5a:14:82:63:88:77:5f:ad:26:db:b3:06:8b:24:67:eb:00:c1:e4
Signer

cd:22:0b:10:70:83:54:ff:7a:c2:63:56:8f:b3:5f:87:e2:83:94:43
Signer

.text
Size: 775KB - Virtual size: 774KB

.rdata
Size: 234KB - Virtual size: 234KB

.data
Size: 29KB - Virtual size: 102KB

.rsrc
Size: 135KB - Virtual size: 135KB

.reloc
Size: 76KB - Virtual size: 75KB