48ec93029779f2543fe1fb450abb05a01fbf796fde11a0bca009654c97d29913

Sharing

Copy URL Twitter E-mail

General

Target

48ec93029779f2543fe1fb450abb05a01fbf796fde11a0bca009654c97d29913
Size

7.1MB
MD5

d5c2428fd3800c2dd7db3102ea7f7e6e
SHA1

7631bf7d6c819157b79cc91fc6f4cc578bda98c4
SHA256

48ec93029779f2543fe1fb450abb05a01fbf796fde11a0bca009654c97d29913
SHA512

f08ae67cc34a08532a5b5d0c94f31d707dd12f76dce38c3eef259a248a92a33e42a58b62f724e3260320753bfab7615f2447aff97be623e88f3a385d66c2739a
SSDEEP

196608:merVMZgX6D55wElJvhsJLCIf0nS9ED6dbe:1rVMZgX6D557Jvhee

Score

1^/10

Malware Config

Signatures

Files

48ec93029779f2543fe1fb450abb05a01fbf796fde11a0bca009654c97d29913
.dll windows:5 windows x86 arch:x86

925fc22ca390f70b3a445d721b1c9531

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

46:08:be:df:48:41:fa:d5:d3:89:11:a6:25:28:d9:96:26:ee:23:41:c7:a4:d3:e5:40:35:a6:87:6d:4e:f6:4d
Signer

Actual PE Digest

46:08:be:df:48:41:fa:d5:d3:89:11:a6:25:28:d9:96:26:ee:23:41:c7:a4:d3:e5:40:35:a6:87:6d:4e:f6:4d

Digest Algorithm

sha256

PE Digest Matches

false

dd:b1:97:2c:f9:21:6b:03:69:13:60:a2:fb:67:71:21:ae:42:b0:85
Signer

Actual PE Digest

dd:b1:97:2c:f9:21:6b:03:69:13:60:a2:fb:67:71:21:ae:42:b0:85

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\vs2022\dabao_tool\CloundInstall\QQGameMicroProtal\Bin\Release\Work\biz_ui.pdb

Imports

kernel32

EnumSystemLocalesW
OutputDebugStringA
DeleteCriticalSection
DeleteFileW
GetCurrentProcess
GlobalAlloc
GlobalLock
GlobalUnlock
CreateProcessW
GetCommandLineW
GetCurrentProcessId
HeapSize
GetFullPathNameW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
SetProcessWorkingSetSize
Process32NextW
GetProcessHeap
OpenMutexW
SetEnvironmentVariableW
GetDiskFreeSpaceExW
GetSystemDefaultLCID
VerSetConditionMask
VerifyVersionInfoW
ReadFile
SetFileAttributesW
MoveFileExW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
CreateDirectoryW
CopyFileW
GetLogicalDrives
GetDriveTypeW
GetExitCodeProcess
GetFileSizeEx
VirtualLock
VirtualUnlock
GetModuleHandleW
GetEnvironmentVariableW
GetComputerNameExW
ExpandEnvironmentStringsW
GetFileAttributesW
GetLongPathNameW
GetUserDefaultLCID
GetModuleHandleExW
AreFileApisANSI
CloseHandle
RaiseException
GetLastError
SetLastError
HeapAlloc
HeapReAlloc
HeapFree
EnterCriticalSection
GetLocaleInfoW
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
MulDiv
LocalFree
LoadLibraryW
GetProcAddress
GetModuleFileNameW
FreeLibrary
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
WriteConsoleW
FreeEnvironmentStringsW
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
GlobalMemoryStatusEx
GetCurrentThreadId
TerminateProcess
CreateSemaphoreW
Sleep
CreateEventW
CreateMutexW
WaitForSingleObjectEx
WaitForSingleObject
ReleaseSemaphore
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetCurrentDirectoryW
FlushFileBuffers
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
IsValidLocale
GetStdHandle
SetStdHandle
GetFileType
FindFirstFileExW
VirtualQuery
GetFileAttributesExW
FreeLibraryAndExitThread
LeaveCriticalSection
ExitThread
CreateThread
GetCommandLineA
TlsFree
InterlockedFlushSList
RtlUnwind
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
GetFileInformationByHandle
InitializeCriticalSection
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
QueryPerformanceFrequency
QueryPerformanceCounter
GetStringTypeW
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
GetPrivateProfileStringA
GetPrivateProfileIntA
CreateDirectoryA
SwitchToThread
CreateFileA
SetEndOfFile
SetFilePointer
GetFileSize
GlobalSize
DeviceIoControl
GetSystemPowerStatus
WinExec
lstrcatW
lstrcpynW
GetFileTime
WriteFile
GetPrivateProfileStringW
GetPrivateProfileIntW
LoadLibraryA
GetVersion
GlobalFree
SizeofResource
lstrcmpiW
LoadResource
FindResourceW
lstrcmpW
lstrlenW
lstrlenA
OutputDebugStringW
CreateFileW

user32

SetWindowPos
GetForegroundWindow
ClientToScreen
FlashWindowEx
PostQuitMessage
FindWindowExW
GetWindowThreadProcessId
MessageBoxW
SendMessageW
EnumWindows
AllowSetForegroundWindow
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetCursorPos
GetMonitorInfoW
SetWindowPlacement
GetWindowPlacement
ExitWindowsEx
UnregisterClassW
MonitorFromWindow
SystemParametersInfoW
ReleaseDC
EnumDisplaySettingsW
EnumDisplayDevicesW
RegisterClassW
WindowFromPoint
GetDC
GetSystemMetrics
UnionRect
SendMessageA
UpdateLayeredWindow
SetCaretPos
GetKeyState
SetWindowLongW
GetWindowLongW
CreateWindowExW
DestroyWindow
PostMessageW
IsIconic
GetWindow
GetWindowRect
GetWindowDC
IsWindowVisible
SetTimer
KillTimer
GetClassInfoExW
RegisterClassExW
DefWindowProcW
MonitorFromPoint
PrintWindow
IsWindow
RegisterHotKey
UnregisterHotKey
SetWindowTextW
ShowWindow
LoadImageW
SetForegroundWindow
CreateCaret
RegisterWindowMessageW
MoveWindow
SetFocus
OffsetRect
EnableWindow
FindWindowW
GetParent
wsprintfW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
ScreenToClient
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
GetKeyboardLayout
IsChild
GetDlgItem
GetClassNameW
LoadCursorW
CharNextW
GetSysColor
DestroyAcceleratorTable
GetFocus
FillRect
GetDesktopWindow
CreateAcceleratorTableW
ReleaseCapture
CallWindowProcW
IsClipboardFormatAvailable
GetClipboardData
DestroyCaret
IsWindowEnabled
UpdateWindow
SetCursor
DestroyCursor
GetCapture
GetUpdateRect
TrackMouseEvent
PtInRect
IsZoomed
EqualRect
DestroyIcon

gdi32

AddFontMemResourceEx
GetFontUnicodeRanges
EnumFontFamiliesExW
SetGraphicsMode
CreateDIBSection
DeleteDC
BitBlt
CreateCompatibleDC
DeleteObject
SelectObject
GetDeviceCaps
CreateSolidBrush
CreateCompatibleBitmap
GetStockObject
GetObjectW
CreateFontIndirectW
SetTextColor
GetTextMetricsW
SetBkColor
SetDIBitsToDevice
SetDIBColorTable
SetWorldTransform
ExtTextOutW
SetTextAlign
GetOutlineTextMetricsW
RemoveFontMemResourceEx
GetGlyphOutlineW
GetCharABCWidthsW
GetGlyphIndicesW
GetTextExtentPointI
GetTextFaceW
GetFontData
GdiFlush
SetBkMode

advapi32

AccessCheck
GetFileSecurityW
DuplicateToken
MapGenericMask
RegQueryValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExA
RegOpenKeyExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegCloseKey

shell32

SHGetPathFromIDListW
Shell_NotifyIconW
SHBrowseForFolderW
SHCreateDirectoryExW
ord165
ShellExecuteExW
CommandLineToArgvW
ShellExecuteW
SHGetSpecialFolderPathW
SHChangeNotify

ole32

CLSIDFromString
CLSIDFromProgID
CoTaskMemRealloc
CreateStreamOnHGlobal
StringFromGUID2
OleLockRunning
OleInitialize
OleUninitialize
CoSetProxyBlanket
CoInitializeSecurity
PropVariantClear
GetHGlobalFromStream
CoUninitialize
CoInitialize
CoCreateGuid
CoGetClassObject
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

SysFreeString
VariantInit
VariantClear
LoadTypeLi
SysStringLen
SysAllocString
SysAllocStringLen
OleCreateFontIndirect
VarUI4FromStr
SafeArrayCreateVector
SafeArrayPutElement
SysAllocStringByteLen
SafeArrayGetLBound
SafeArrayGetUBound
LoadRegTypeLi

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

PathFileExistsW
PathGetArgsW
PathQuoteSpacesW
PathRemoveFileSpecW
PathRemoveArgsW
PathIsRelativeW
SHRegGetPathW
PathIsDirectoryW
PathCombineW
PathIsDirectoryEmptyW
PathRemoveBackslashW
PathCanonicalizeW
PathFindFileNameW
PathAppendW
PathAddBackslashW
PathUnquoteSpacesW
PathGetDriveNumberW
SHGetValueW

ws2_32

htonl
ntohs
ntohl
WSACleanup
WSAStartup
gethostname
inet_ntoa
gethostbyname

shfolder

SHGetFolderPathA

winhttp

WinHttpCrackUrl

iphlpapi

GetNetworkParams

imm32

ImmSetConversionStatus
ImmSetOpenStatus
ImmGetConversionStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetIMEFileNameW
ImmGetContext
ImmAssociateContextEx
ImmReleaseContext
ImmAssociateContext

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

netapi32

Netbios

wininet

InternetCrackUrlW

sentry

sentry_value_new_stacktrace
sentry_value_new_event
sentry_event_add_exception
sentry_value_new_exception
sentry_value_set_by_key
sentry_capture_event
sentry_remove_tag
sentry_set_tag

gdiplus

GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown
GdipGetImageHeight
GdipGetImageEncoders
GdipGetImagePaletteSize
GdipCloneImage
GdipGetImageEncodersSize
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipSaveImageToStream
GdipCreateBitmapFromScan0
GdipDrawImageI
GdipBitmapUnlockBits
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipGetImagePixelFormat
GdipFree
GdipBitmapLockBits
GdipGetImageGraphicsContext
GdipGetImagePalette

msimg32

AlphaBlend

usp10

ScriptShape
ScriptItemize
ScriptFreeCache

Exports

Exports

GetApi

Sections

.text
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 215KB - Virtual size: 14.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMGuid
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 322KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

925fc22ca390f70b3a445d721b1c9531

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

46:08:be:df:48:41:fa:d5:d3:89:11:a6:25:28:d9:96:26:ee:23:41:c7:a4:d3:e5:40:35:a6:87:6d:4e:f6:4dSigner

dd:b1:97:2c:f9:21:6b:03:69:13:60:a2:fb:67:71:21:ae:42:b0:85Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

shlwapi

ws2_32

shfolder

winhttp

iphlpapi

imm32

crypt32

netapi32

wininet

sentry

gdiplus

msimg32

usp10

Exports

Exports

Sections

.text Size: 5.5MB - Virtual size: 5.5MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 215KB - Virtual size: 14.8MB

.QMGuid Size: 512B - Virtual size: 20B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 322KB - Virtual size: 321KB

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

46:08:be:df:48:41:fa:d5:d3:89:11:a6:25:28:d9:96:26:ee:23:41:c7:a4:d3:e5:40:35:a6:87:6d:4e:f6:4d
Signer

dd:b1:97:2c:f9:21:6b:03:69:13:60:a2:fb:67:71:21:ae:42:b0:85
Signer

.text
Size: 5.5MB - Virtual size: 5.5MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 215KB - Virtual size: 14.8MB

.QMGuid
Size: 512B - Virtual size: 20B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 322KB - Virtual size: 321KB