2459113e6afc503ac2ae5f5a8f81086209f2abf2d46cdb4869303945b01a8482

Sharing

Copy URL Twitter E-mail

General

Target

2459113e6afc503ac2ae5f5a8f81086209f2abf2d46cdb4869303945b01a8482
Size

2.4MB
MD5

1d6b818f354633a6e1e6565e6ec72ec4
SHA1

c52c874ed135ea1d49a6b09d16c9550608ad6036
SHA256

2459113e6afc503ac2ae5f5a8f81086209f2abf2d46cdb4869303945b01a8482
SHA512

e0203df1d5f07075b6025555b574c2c85fa854ac0c1eda812c7d3762c6c89d2364ba17e47053abbbd93eed326328b955b4f3767a761bd03c8f3cfffab0f255ed
SSDEEP

49152:vkSdoc3X5HSHfO5Zs/cUyi5TwUDOPg7NrV5VftCHO4QMk:vd13XhS/WsEUyYp7NrVfn

Score

1^/10

Malware Config

Signatures

Files

2459113e6afc503ac2ae5f5a8f81086209f2abf2d46cdb4869303945b01a8482
.exe windows:5 windows x86 arch:x86

61d78c4e7b1c5979cd91496be75b3181

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:39:9c:34:6d:0e:05:29:52:41:b6:66:f3:8b:c5:0d
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/06/2019, 00:00

Not After

17/06/2022, 12:00

Subject

CN=北京布丁跳跳科技有限公司,O=北京布丁跳跳科技有限公司,L=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:64:7d:1f:6a:f9:25:3b:71:4e:83:29:4e:e2:bc:44:5d:45:bf:c3
Signer

Actual PE Digest

22:64:7d:1f:6a:f9:25:3b:71:4e:83:29:4e:e2:bc:44:5d:45:bf:c3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFileExistsW

kernel32

MoveFileExW
GetFileInformationByHandle
SetFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
CreateFileA
SetFileAttributesA
GetFileAttributesA
GetFileSize
WriteFile
ReadFile
SetFilePointer
GetDriveTypeW
SetConsoleCtrlHandler
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
LCMapStringW
WriteConsoleW
SetStdHandle
GetStringTypeW
FindFirstFileExW
ExitProcess
GetStdHandle
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
HeapQueryInformation
GetFileType
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
RtlUnwind
VerSetConditionMask
SetPriorityClass
DeviceIoControl
CreateMutexW
ReleaseMutex
lstrcpyW
GetLongPathNameW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateProcessW
GetExitCodeProcess
OpenProcess
CreateDirectoryW
OutputDebugStringW
CreateFileW
GetTempPathW
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
DeleteFileW
GetLastError
FindClose
SystemTimeToFileTime
FileTimeToSystemTime
GetTickCount
FindFirstFileW
MoveFileW
GetSystemDirectoryW
GetCurrentProcessId
GetLocalTime
QueryPerformanceFrequency
GetFileAttributesExA
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
FormatMessageA
GetSystemTime
FlushConsoleInputBuffer
GlobalMemoryStatus
ReadConsoleInputA
SetConsoleMode
CreateEventW
CloseHandle
Sleep
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateThread
lstrlenW
CopyFileW
GetProcAddress
LocalAlloc
LocalFree
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
GetModuleHandleW
FindNextFileW
LockResource
LoadResource
SizeofResource
FindResourceW
RemoveDirectoryW
WideCharToMultiByte
DecodePointer
HeapReAlloc
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GetACP
OutputDebugStringA
SetLastError
GetModuleFileNameW
GetModuleHandleA
LoadLibraryW
FlushFileBuffers
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
UnlockFile
DuplicateHandle
LoadLibraryExW
LoadLibraryA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FormatMessageW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetUserDefaultLCID
GetCurrentDirectoryW
GetLocaleInfoW
CompareStringW
GetVersionExW
GlobalFlags
lstrcmpA
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetErrorMode
SystemTimeToTzSpecificLocalTime
SetFileAttributesW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
FreeLibrary
GetCurrentThreadId
EncodePointer

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
PostQuitMessage
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
DestroyMenu
RealChildWindowFromPoint
DispatchMessageW
RegisterWindowMessageW
GetWindow
ClientToScreen
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
LoadCursorW
GetSysColorBrush
ReleaseDC
GetDC
GetWindowThreadProcessId
SetWindowTextW
IsWindowEnabled
GetWindowLongW
GetWindowTextW
GetScrollPos
SendMessageW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetSystemMetrics
CharUpperW
GetParent
GetMonitorInfoW
MonitorFromWindow
WinHelpW
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxW
AdjustWindowRectEx
GetWindowRect
RemovePropW
GetPropW
SetPropW
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetMenu
GetMenu
EnableWindow
GetCapture
GetKeyState
GetFocus
GetDlgCtrlID
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
wsprintfW
SetWindowPos
DestroyWindow
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
GetMessageTime
GetMessagePos
OffsetRect
SetRectEmpty
GetClientRect
PeekMessageW
IsWindow

gdi32

ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
SetMapMode
SelectObject
SaveDC
RestoreDC
RectVisible
PtVisible
GetStockObject
GetClipBox
Escape
DeleteObject
DeleteDC
CreateBitmap
SetTextColor
SetBkColor
GetDeviceCaps

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

CryptEnumProvidersA
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RevertToSelf
OpenProcessToken
RegOpenKeyW
DuplicateTokenEx
LookupAccountSidW
GetTokenInformation
ImpersonateLoggedOnUser
EqualSid
RegCloseKey
GetLengthSid
InitializeAcl
GetAclInformation
AddAce
GetAce
RegEnumKeyW
LookupAccountNameW
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
InitializeSecurityDescriptor
AddAccessAllowedAce

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantInit
VariantClear
VariantChangeType

urlmon

URLDownloadToFileW

cabinet

ord23
ord10
ord22
ord20
ord14
ord13
ord11
ord21

wininet

InternetOpenUrlW
InternetReadFile
InternetSetFilePointer
InternetOpenW
InternetCloseHandle
HttpQueryInfoW

oleacc

LresultFromObject
CreateStdAccessibleObject

iphlpapi

GetAdaptersInfo

crypt32

CertCloseStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore

wldap32

ord22
ord26
ord27
ord32
ord33
ord35
ord41
ord30
ord200
ord301
ord143
ord50
ord217
ord60
ord79
ord211
ord46

ws2_32

bind
closesocket
connect
getpeername
recv
getsockopt
htons
ntohs
setsockopt
WSAIoctl
WSAStartup
WSACleanup
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
ioctlsocket
gethostname
shutdown
htonl
gethostbyname
getservbyname
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
getsockname
send
socket

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61d78c4e7b1c5979cd91496be75b3181

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

01:39:9c:34:6d:0e:05:29:52:41:b6:66:f3:8b:c5:0dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

22:64:7d:1f:6a:f9:25:3b:71:4e:83:29:4e:e2:bc:44:5d:45:bf:c3Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

urlmon

cabinet

wininet

oleacc

iphlpapi

crypt32

wldap32

ws2_32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 444KB - Virtual size: 443KB

.data Size: 48KB - Virtual size: 77KB

.gfids Size: 2KB - Virtual size: 2KB

.giats Size: 512B - Virtual size: 4B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 312KB - Virtual size: 311KB

.reloc Size: 78KB - Virtual size: 78KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

01:39:9c:34:6d:0e:05:29:52:41:b6:66:f3:8b:c5:0d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

22:64:7d:1f:6a:f9:25:3b:71:4e:83:29:4e:e2:bc:44:5d:45:bf:c3
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 444KB - Virtual size: 443KB

.data
Size: 48KB - Virtual size: 77KB

.gfids
Size: 2KB - Virtual size: 2KB

.giats
Size: 512B - Virtual size: 4B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 312KB - Virtual size: 311KB

.reloc
Size: 78KB - Virtual size: 78KB