57ca1e1ca486d75da2092a9b662969a0b292a270eb0cf58a064df205aaeace61

Sharing

Copy URL Twitter E-mail

General

Target

57ca1e1ca486d75da2092a9b662969a0b292a270eb0cf58a064df205aaeace61
Size

4.4MB
MD5

c26407d2d3bd4aa148e7811c775a99e0
SHA1

6c7c1b772f5b2dd044ad5345c01da8ce534ecaba
SHA256

57ca1e1ca486d75da2092a9b662969a0b292a270eb0cf58a064df205aaeace61
SHA512

9e60e7a76bfb1d8450ae237d417a9d7e809b6138355932708e56dcecd0099d47db67140d4edd9cd77d0e8ba0f5ad5904721d21008656fc1ef94c5f30507d6be6
SSDEEP

98304:zbwZAg1+dbf0Oa02UbgCOSGBvt1YY7Nr3V7ESUEfHG:zbw9YVf0O+UcjD+SvG

Score

1^/10

Malware Config

Signatures

Files

57ca1e1ca486d75da2092a9b662969a0b292a270eb0cf58a064df205aaeace61
.exe windows:5 windows x86 arch:x86

ceafa1765a4895726aae85e71d8569f0

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:a2:18:36:cc:be:32:f5:e6:5e:a6:86:3e:12:7e:c7
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/06/2019, 00:00

Not After

17/06/2022, 12:00

Subject

CN=北京布丁跳跳科技有限公司,O=北京布丁跳跳科技有限公司,L=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

21:aa:e6:a7:bd:28:fa:9f:f2:f7:dd:be:85:7c:72:5e:3a:f9:37:14:6b:eb:19:99:22:83:2f:bb:3a:d6:d5:bd
Signer

Actual PE Digest

21:aa:e6:a7:bd:28:fa:9f:f2:f7:dd:be:85:7c:72:5e:3a:f9:37:14:6b:eb:19:99:22:83:2f:bb:3a:d6:d5:bd

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibraryAndExitThread
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
SystemTimeToFileTime
GlobalMemoryStatus
FlushConsoleInputBuffer
FormatMessageA
ReadConsoleInputA
SetConsoleMode
GetCurrentDirectoryW
DeleteCriticalSection
GetModuleFileNameW
MulDiv
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
GetPrivateProfileIntW
WritePrivateProfileStringW
GlobalFree
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
CreateProcessW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetFileSize
ReadFile
CreateFileW
CreateDirectoryW
WriteFile
lstrcpyW
SetFileAttributesW
GetFileAttributesExW
GetVolumeInformationW
GetLongPathNameW
GetTickCount
DeviceIoControl
SetPriorityClass
FlushInstructionCache
HeapCreate
InitializeCriticalSection
FreeResource
SetCurrentDirectoryW
SetLastError
LoadResource
SizeofResource
FindResourceW
GetFullPathNameW
GetLocalTime
GetVersionExA
GetSystemTime
LoadLibraryA
GetModuleHandleA
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetACP
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
WaitForSingleObjectEx
SetStdHandle
GetConsoleCP
GetTimeZoneInformation
FlushFileBuffers
WriteConsoleW
SetEndOfFile
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
VerifyVersionInfoA
QueryPerformanceFrequency
GetSystemDirectoryA
VerSetConditionMask
SleepEx
GetFileAttributesExA
ResetEvent
SetEvent
lstrlenA
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetFileSizeEx
GetFileInformationByHandle
InterlockedCompareExchange
CreateEventW
LockResource
RaiseException
DecodePointer
WideCharToMultiByte
OutputDebugStringA
InterlockedDecrement
InterlockedIncrement
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryDosDeviceW
GetModuleHandleW
GetLogicalDriveStringsW
GetLastError
GetCurrentProcessId
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
CopyFileW
GetPrivateProfileStringW
TerminateProcess
OpenProcess
lstrlenW
GetTempPathW
CreateThread
MoveFileExW
FindNextFileW
FindFirstFileW
DeleteFileW
RemoveDirectoryW
FindClose
GetSystemDirectoryW
CloseHandle
FreeLibrary
GetVersionExW
LoadLibraryW
Sleep
GetExitCodeProcess
GetProcAddress

user32

SetMenuContextHelpId
LoadBitmapW
GetClassNameW
ScreenToClient
GetCursorPos
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
ReleaseCapture
SetCapture
GetCapture
IsZoomed
IsIconic
SetLayeredWindowAttributes
AnimateWindow
PostQuitMessage
TrackMouseEvent
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
SetWindowLongW
GetWindowRect
GetClientRect
GetActiveWindow
GetDlgItem
SetWindowPos
RegisterClassExW
GetMenuItemInfoW
DefWindowProcW
GetWindowLongW
GetFocus
SetFocus
DestroyIcon
CharNextW
PtInRect
EqualRect
IsRectEmpty
UnionRect
IntersectRect
CopyRect
SetMenuInfo
GetMenuInfo
TrackPopupMenu
AppendMenuW
PostMessageW
ShowWindow
SetWindowTextW
SendMessageW
GetSystemMetrics
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetCursor
KillTimer
GetMenuItemCount
DestroyMenu
GetSysColor
EnableMenuItem
SetRect
ClientToScreen
PeekMessageW
DispatchMessageW
TranslateMessage
UnregisterClassW
CreatePopupMenu
IsWindowEnabled
IsMenu
UpdateLayeredWindow
MapVirtualKeyA
CharLowerBuffW
SystemParametersInfoA
DrawTextW
CallWindowProcW
IsWindowVisible
GetMessageW
LoadImageW
MapWindowPoints
CreateIconFromResource
CreateWindowExW
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
SystemParametersInfoW
GetDC
ReleaseDC
InflateRect
OffsetRect
DrawIconEx
GetIconInfo
LoadStringW
GetKeyState
wsprintfW
SetForegroundWindow
LoadCursorW
DestroyCursor
IsWindow
DestroyWindow
SetTimer

advapi32

CloseServiceHandle
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
RegEnumKeyW
RegCreateKeyExA
RegQueryValueExW
RegCreateKeyExW
OpenProcessToken
GetTokenInformation
ControlService
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountSidW
DuplicateTokenEx
RevertToSelf
ImpersonateLoggedOnUser
RegOpenKeyW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
RegDeleteKeyW
CryptSignHashA
CryptEnumProvidersA

shell32

SHGetFolderPathW
ShellExecuteW
SHChangeNotify
SHGetSpecialFolderPathW

ole32

CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoCreateGuid
CoCreateInstance
OleInitialize
OleUninitialize
CreateBindCtx

shlwapi

SHDeleteKeyW
SHDeleteValueW
SHGetValueW
SHSetValueW
PathFileExistsW
StrToIntExW

psapi

EnumProcessModules
GetModuleFileNameExW
GetProcessImageFileNameW

crypt32

CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CertOpenStore

gdiplus

GdiplusShutdown
GdipFree
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageWidth
GdipCloneImage
GdiplusStartup
GdipAlloc
GdipGetImageEncoders
GdipGetImageHeight
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipGetImageEncodersSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipGraphicsClear
GdipDrawImageRectI
GdipGetImageGraphicsContext

imm32

ImmDestroyContext
ImmReleaseContext
ImmAssociateContext
ImmGetContext
ImmCreateContext

gdi32

GetGlyphOutlineW
GetFontData
GetCharABCWidthsW
EnumFontFamiliesExW
DeleteDC
GetViewportOrgEx
GetCurrentObject
StretchBlt
SetBkMode
Rectangle
GetStockObject
CreateSolidBrush
CreateFontIndirectW
GetDeviceCaps
CreateBitmap
EnumFontsW
BitBlt
SetViewportOrgEx
GetObjectW
CreateDIBSection
GdiFlush
GetTextFaceW
ExtTextOutW
SetWorldTransform
SetGraphicsMode
SelectObject
SelectClipRgn
IntersectClipRect
ExtCreateRegion
DeleteObject
CreateCompatibleDC
GetTextMetricsW
SetTextAlign
SetTextColor
RemoveFontMemResourceEx
AddFontMemResourceEx
GetTextExtentPointI
GetGlyphIndicesW
GetFontUnicodeRanges
GetOutlineTextMetricsW

oleaut32

SysAllocString
SysFreeString

iphlpapi

GetAdaptersInfo

wldap32

ord211
ord46
ord26
ord60
ord301
ord22
ord50
ord41
ord143
ord27
ord32
ord33
ord30
ord79
ord217
ord200
ord35

ws2_32

htonl
shutdown
gethostbyname
getservbyname
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
socket
WSAGetLastError
getsockname
getsockopt
htons
ntohs
setsockopt
WSAIoctl
WSAStartup
accept
WSACleanup
getaddrinfo
freeaddrinfo
gethostname
ioctlsocket
sendto
recvfrom
listen

usp10

ScriptFreeCache
ScriptItemize
ScriptShape

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 781KB - Virtual size: 780KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ceafa1765a4895726aae85e71d8569f0

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0d:a2:18:36:cc:be:32:f5:e6:5e:a6:86:3e:12:7e:c7Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

21:aa:e6:a7:bd:28:fa:9f:f2:f7:dd:be:85:7c:72:5e:3a:f9:37:14:6b:eb:19:99:22:83:2f:bb:3a:d6:d5:bdSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

psapi

crypt32

gdiplus

imm32

gdi32

oleaut32

iphlpapi

wldap32

ws2_32

usp10

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 781KB - Virtual size: 780KB

.data Size: 100KB - Virtual size: 213KB

.gfids Size: 512B - Virtual size: 452B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 372KB - Virtual size: 371KB

.reloc Size: 177KB - Virtual size: 176KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0d:a2:18:36:cc:be:32:f5:e6:5e:a6:86:3e:12:7e:c7
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

21:aa:e6:a7:bd:28:fa:9f:f2:f7:dd:be:85:7c:72:5e:3a:f9:37:14:6b:eb:19:99:22:83:2f:bb:3a:d6:d5:bd
Signer

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 781KB - Virtual size: 780KB

.data
Size: 100KB - Virtual size: 213KB

.gfids
Size: 512B - Virtual size: 452B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 372KB - Virtual size: 371KB

.reloc
Size: 177KB - Virtual size: 176KB