3ba422c7f03cd7ab7f0bae41a42017301830312acdc0b92a4eab6bf40bc24b13

Sharing

Copy URL Twitter E-mail

General

Target

3ba422c7f03cd7ab7f0bae41a42017301830312acdc0b92a4eab6bf40bc24b13
Size

4.5MB
MD5

e41e889ebee4e42c756a2594f48fdbd8
SHA1

0d848cae899851b91417340d19b33c6116ea369e
SHA256

3ba422c7f03cd7ab7f0bae41a42017301830312acdc0b92a4eab6bf40bc24b13
SHA512

cb07c4ef79fc6e551b55d8159163e94401e871c30ace7148a8ce565eb3cb1f8fa5011241eb708798b0d33ad449f70ea0b91ac15b83fd84748cc0e7b951b4afc7
SSDEEP

98304:92YJo8jGOohDsBqU3G4NIXHvHFC41sDP0JLmr:XIDs24sHvFCpD81Q

Score

1^/10

Malware Config

Signatures

Files

3ba422c7f03cd7ab7f0bae41a42017301830312acdc0b92a4eab6bf40bc24b13
.dll windows:5 windows x86 arch:x86

c54927fa513faa7f2c38beaea3b1dc63

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:f9:72:12:dc:76:2a:1d:bf:5f:ca:c2:37:37:d1:f2
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

20/07/2022, 00:00

Not After

18/07/2025, 23:59

Subject

CN=北京布丁跳跳科技有限公司,O=北京布丁跳跳科技有限公司,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:44:60:76:95:22:96:a7:58:ae:37:b0:9c:a3:91:8d:16:e0:0b:69:0c:de:33:97:77:a0:06:53:a3:02:0d:88
Signer

Actual PE Digest

2c:44:60:76:95:22:96:a7:58:ae:37:b0:9c:a3:91:8d:16:e0:0b:69:0c:de:33:97:77:a0:06:53:a3:02:0d:88

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryA
VerifyVersionInfoA
GetSystemTime
SystemTimeToFileTime
InterlockedCompareExchange
GetFileInformationByHandle
GetFileSizeEx
lstrlenA
ExitThread
VerSetConditionMask
FreeLibrary
GetProcAddress
SetCurrentDirectoryW
LoadLibraryW
GetModuleFileNameW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
OpenFileMappingW
ReleaseMutex
CreateMutexW
ExpandEnvironmentStringsA
WaitForMultipleObjects
SleepEx
FormatMessageA
FreeLibraryAndExitThread
GetStdHandle
GetFileType
WriteFile
GetLastError
GetModuleHandleW
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GetCurrentProcess
TerminateProcess
LoadLibraryA
GlobalUnlock
FindFirstFileW
FindNextFileW
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
MulDiv
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
DecodePointer
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
ReadFile
CreateFileW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetSystemDirectoryW
GetVolumeInformationW
GetLongPathNameW
lstrcpyW
LocalFree
GetSystemInfo
GetTickCount
GetVersionExW
DeleteFileA
GetTempPathW
CreateDirectoryW
DeleteFileW
MoveFileExW
FileTimeToSystemTime
GlobalFree
OpenProcess
GetWindowsDirectoryW
LocalAlloc
GetExitCodeProcess
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DeviceIoControl
SetPriorityClass
FlushInstructionCache
HeapCreate
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
GetFullPathNameW
GetLocalTime
GetVersionExA
GetModuleHandleA
EncodePointer
RtlUnwind
LoadLibraryExW
InterlockedFlushSList
GetModuleFileNameA
WriteConsoleW
ExitProcess
SetConsoleCtrlHandler
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetACP
OutputDebugStringW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
SetFilePointerEx
SetStdHandle
GetCurrentDirectoryW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetTimeZoneInformation
SetEndOfFile
GlobalLock
GlobalAlloc
WideCharToMultiByte
OutputDebugStringA
InterlockedIncrement
DeleteCriticalSection
CreateThread
CloseHandle
VirtualQuery
TerminateThread
SetEvent
Sleep
GetExitCodeThread
CreateEventW
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
InterlockedDecrement
FindClose
EnterCriticalSection

user32

CopyRect
UnionRect
IsRectEmpty
EqualRect
PtInRect
PostQuitMessage
EnableWindow
IsWindowEnabled
SetActiveWindow
GetDesktopWindow
TrackMouseEvent
AnimateWindow
SetLayeredWindowAttributes
IsIconic
IsZoomed
GetCapture
SetCapture
ReleaseCapture
UpdateWindow
BeginPaint
EndPaint
InvalidateRect
SetWindowTextW
GetCursorPos
CreateCaret
GetCaretBlinkTime
HideCaret
SetCaretPos
ScreenToClient
DestroyIcon
CharNextW
LoadBitmapW
CreateIconFromResource
LoadImageW
GetMessageW
ClientToScreen
EnableMenuItem
GetSysColor
GetSystemMetrics
IsWindowVisible
DrawTextW
SystemParametersInfoA
CharLowerBuffW
UpdateLayeredWindow
IsMenu
CreatePopupMenu
GetMonitorInfoW
SetRect
GetMenuItemCount
AppendMenuW
TrackPopupMenu
GetMenuInfo
SetMenuInfo
GetMenuItemInfoW
SetMenuContextHelpId
MsgWaitForMultipleObjects
CloseClipboard
OpenClipboard
SetWindowLongW
GetWindowLongW
SetForegroundWindow
GetForegroundWindow
LoadStringW
GetIconInfo
DrawIconEx
InflateRect
ReleaseDC
GetDC
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
MonitorFromWindow
LoadCursorW
GetWindow
PeekMessageW
DispatchMessageW
TranslateMessage
IsWindow
PostMessageW
ShowWindow
SendMessageW
SetWindowPos
IntersectRect
OffsetRect
GetWindowRect
EmptyClipboard
UnregisterClassW
KillTimer
SetTimer
SystemParametersInfoW
SetCursor
GetFocus
SetFocus
DestroyWindow
DestroyCursor
GetParent
MapWindowPoints
GetClientRect
GetActiveWindow
GetDlgItem
CreateWindowExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
GetKeyState
wsprintfW
GetClassNameW
DestroyMenu
MapVirtualKeyA
SetClipboardData

gdi32

RemoveFontMemResourceEx
AddFontMemResourceEx
BitBlt
GetCurrentObject
StretchBlt
GetTextExtentPointI
GetGlyphIndicesW
GetFontUnicodeRanges
GetOutlineTextMetricsW
GetGlyphOutlineW
GetFontData
GetCharABCWidthsW
EnumFontFamiliesExW
SetTextColor
SetBkMode
Rectangle
GetStockObject
DeleteDC
CreateSolidBrush
CreateFontIndirectW
SetGraphicsMode
GetDeviceCaps
CreateBitmap
CreateRoundRectRgn
EnumFontsW
SetViewportOrgEx
GetObjectW
CreateDIBSection
SelectObject
SetTextAlign
GetTextMetricsW
SetWorldTransform
ExtTextOutW
GetTextFaceW
GdiFlush
GetViewportOrgEx
SelectClipRgn
IntersectClipRect
GetRegionData
ExtCreateRegion
DeleteObject
CreateCompatibleDC

advapi32

RegOpenKeyExW
RegDeleteKeyW
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
RegOpenKeyW
RegEnumKeyW
ImpersonateLoggedOnUser
RevertToSelf
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
CryptGenRandom
CryptReleaseContext
RegSetValueExW
DuplicateTokenEx
CryptAcquireContextW
DeregisterEventSource
RegisterEventSourceW
ReportEventW

ole32

CreateStreamOnHGlobal
OleUninitialize
OleInitialize
CoCreateGuid
CLSIDFromString
CLSIDFromProgID
CreateBindCtx
CoUninitialize
OleLockRunning
CoInitialize
CoCreateInstance

msimg32

AlphaBlend

shlwapi

StrToIntExW
PathFileExistsW

ws2_32

ntohs
WSAStartup
WSACleanup
bind
accept
WSASetLastError
send
recv
gethostname
freeaddrinfo
getaddrinfo
WSAGetLastError
closesocket
connect
listen
setsockopt
socket
__WSAFDIsSet
select
getpeername
htons
WSAIoctl
recvfrom
sendto
getsockopt
getsockname
ioctlsocket

wke_x86

jsBindFunction
jsUndefined
jsStringW
jsArg
jsToStringW
jsToString

gdiplus

GdipGetImageWidth
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipDrawImageI
GdipGetPropertyItemSize
GdipDeleteGraphics
GdipSaveImageToFile
GdipGraphicsClear
GdipDrawImageRectI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipGetImageGraphicsContext
GdiplusStartup
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipCreateBitmapFromFileICM
GdipImageGetFrameDimensionsList
GdipBitmapLockBits
GdipFree
GdipDisposeImage
GdiplusShutdown
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipCloneImage
GdipCreateBitmapFromStreamICM
GdipAlloc
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipBitmapUnlockBits

imm32

ImmSetCandidateWindow
ImmAssociateContext
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

shell32

SHGetFolderPathW
ShellExecuteW
SHGetSpecialFolderPathW

oleaut32

SysAllocString
SysFreeString

wldap32

ord50
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord22
ord41
ord26
ord60
ord211
ord46
ord143

usp10

ScriptFreeCache
ScriptItemize
ScriptShape

Exports

Exports

InitUserCenter
RunUserCenter

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c54927fa513faa7f2c38beaea3b1dc63

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:f9:72:12:dc:76:2a:1d:bf:5f:ca:c2:37:37:d1:f2Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

2c:44:60:76:95:22:96:a7:58:ae:37:b0:9c:a3:91:8d:16:e0:0b:69:0c:de:33:97:77:a0:06:53:a3:02:0d:88Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

msimg32

shlwapi

ws2_32

wke_x86

gdiplus

imm32

shell32

oleaut32

wldap32

usp10

Exports

Exports

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 72KB - Virtual size: 174KB

.gfids Size: 512B - Virtual size: 456B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 73KB - Virtual size: 73KB

.reloc Size: 174KB - Virtual size: 173KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:f9:72:12:dc:76:2a:1d:bf:5f:ca:c2:37:37:d1:f2
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

2c:44:60:76:95:22:96:a7:58:ae:37:b0:9c:a3:91:8d:16:e0:0b:69:0c:de:33:97:77:a0:06:53:a3:02:0d:88
Signer

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 72KB - Virtual size: 174KB

.gfids
Size: 512B - Virtual size: 456B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 73KB - Virtual size: 73KB

.reloc
Size: 174KB - Virtual size: 173KB