General

Malware Config

Signatures

Files

• dbea63a5288ad81e108db81ab75b9b78f60469facb9fe7ef768c6a3f7710d5eb.exe

  .exe windows:5 windows x86 arch:x86

  b7dba4f93f0e91e2e7524d2d9ca27a55

  
  

  Code Sign

  07:f2:66:4c:6e:02:1c:52:80:aa:c1:46:a0:f8:8a:ba

  Certificate

  Issuer

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Not Before

  30-12-2021 00:00

  Not After

  04-01-2023 23:59

  Subject

  CN=成都光焰互娱科技有限责任公司,O=成都光焰互娱科技有限责任公司,L=成都市,ST=四川省,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-01-2021 00:00

  Not After

  06-01-2031 00:00

  Subject

  CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  07-01-2016 12:00

  Not After

  07-01-2031 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  da:0f:8e:56:e3:a6:c7:73:60:c1:4a:c2:7f:8e:90:b6:bc:e1:4e:7f:80:b3:22:a0:38:ec:a6:14:14:55:34:cb

  Signer

  Actual PE Digest

  da:0f:8e:56:e3:a6:c7:73:60:c1:4a:c2:7f:8e:90:b6:bc:e1:4e:7f:80:b3:22:a0:38:ec:a6:14:14:55:34:cb

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  d:\code\weiduan\trunk\WD_NEW\bin\build\Release\MiniClient.pdb

  Imports

  kernel32

  CreateThread

  SetCurrentDirectoryW

  VirtualFreeEx

  ReadProcessMemory

  VirtualAllocEx

  DuplicateHandle

  GetCurrentProcessId

  WriteProcessMemory

  OutputDebugStringW

  GlobalAlloc

  MulDiv

  lstrcmpW

  GlobalFree

  ExitProcess

  HeapAlloc

  MoveFileExW

  HeapFree

  GetProcessHeap

  GetSystemTimeAsFileTime

  GetModuleHandleA

  CreateFileA

  CreateProcessA

  LoadLibraryA

  CreateFileMappingA

  ReleaseMutex

  SetFilePointer

  GetFileType

  MoveFileW

  ResumeThread

  SuspendThread

  CreateEventW

  DeleteAtom

  FindAtomW

  AddAtomW

  GetAtomNameW

  SetEndOfFile

  GetLocaleInfoW

  WriteConsoleW

  SetThreadAffinityMask

  WriteConsoleA

  GetStringTypeW

  GetStringTypeA

  IsValidLocale

  EnumSystemLocalesA

  GetLocaleInfoA

  GetUserDefaultLCID

  GetCommandLineW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  FlushFileBuffers

  InitializeCriticalSectionAndSpinCount

  GetConsoleMode

  GetConsoleCP

  GetStartupInfoA

  SetHandleCount

  SetStdHandle

  GetStdHandle

  HeapCreate

  TlsFree

  TlsSetValue

  TlsAlloc

  TlsGetValue

  IsValidCodePage

  GetOEMCP

  GetACP

  GetCPInfo

  LCMapStringW

  LCMapStringA

  RtlUnwind

  GetStartupInfoW

  GetFileAttributesW

  ExitThread

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  InterlockedExchange

  VirtualAlloc

  VirtualFree

  IsProcessorFeaturePresent

  InterlockedCompareExchange

  HeapSize

  HeapReAlloc

  HeapDestroy

  OpenFileMappingW

  CreateFileMappingW

  SetLastError

  FlushInstructionCache

  Sleep

  GetCurrentThread

  QueryPerformanceCounter

  UnmapViewOfFile

  MapViewOfFile

  GetPrivateProfileIntW

  SetThreadPriority

  TerminateThread

  SetEvent

  WaitForSingleObject

  CreateMutexW

  CloseHandle

  OpenProcess

  GetCurrentProcess

  CreateProcessW

  GetCurrentThreadId

  DeleteCriticalSection

  lstrcmpiW

  EnterCriticalSection

  RaiseException

  LeaveCriticalSection

  InitializeCriticalSection

  InterlockedDecrement

  InterlockedIncrement

  LoadLibraryExW

  FreeLibrary

  LockResource

  GetProcAddress

  GetLastError

  FindResourceExW

  lstrlenW

  MultiByteToWideChar

  GetModuleFileNameW

  SizeofResource

  LoadLibraryW

  WideCharToMultiByte

  GetModuleHandleW

  CreateDirectoryW

  LoadResource

  FindResourceW

  WritePrivateProfileStringW

  GetTickCount

  GetModuleFileNameA

  SetFileAttributesW

  LocalFree

  DeleteFileW

  RemoveDirectoryW

  GetTempPathW

  GlobalUnlock

  CreateFileW

  ReadFile

  TerminateProcess

  GetVersionExW

  CopyFileW

  WriteFile

  GetPrivateProfileStringW

  GlobalLock

  GlobalSize

  lstrlenA

  FreeResource

  GetConsoleOutputCP

  GetTempFileNameW

  user32

  GetKeyboardLayout

  RegisterHotKey

  UnregisterHotKey

  LoadIconW

  ShowWindowAsync

  UnhookWindowsHookEx

  MapVirtualKeyExW

  GetKeyNameTextW

  SetActiveWindow

  SetWindowLongW

  IsWindow

  CreateWindowExW

  SendMessageW

  SetWindowsHookExW

  ClientToScreen

  MonitorFromPoint

  MessageBoxW

  GetSystemMetrics

  GetMonitorInfoW

  CopyRect

  MsgWaitForMultipleObjects

  TranslateMessage

  PeekMessageW

  DispatchMessageW

  GetWindowThreadProcessId

  UnregisterClassA

  DestroyWindow

  CharNextW

  DefWindowProcW

  EndPaint

  AnimateWindow

  SetForegroundWindow

  DrawIconEx

  IsZoomed

  KillTimer

  DrawTextW

  SetCapture

  LoadImageW

  FillRect

  GetWindowLongW

  RegisterClassExW

  PostMessageW

  GetMessageW

  CallWindowProcW

  SetPropW

  GetClassInfoExW

  LoadCursorW

  RegisterWindowMessageW

  PostQuitMessage

  SetParent

  GetParent

  GetFocus

  GetKeyState

  IsWindowVisible

  ShowWindow

  GetClientRect

  IsRectEmpty

  MoveWindow

  GetWindow

  GetMessagePos

  EnumDisplaySettingsW

  SetWindowTextW

  GetCaretBlinkTime

  EnableWindow

  UpdateWindow

  MapWindowPoints

  SwitchToThisWindow

  RegisterClipboardFormatW

  SetCaretPos

  ReleaseCapture

  CreateCaret

  GetCursorPos

  SetWindowPos

  GetSysColor

  RedrawWindow

  MonitorFromWindow

  ReleaseDC

  SetClassLongW

  SystemParametersInfoW

  GetWindowTextW

  BringWindowToTop

  InvalidateRect

  UnionRect

  IntersectRect

  SetRect

  GetAsyncKeyState

  OffsetRect

  GetWindowRect

  ScreenToClient

  HideCaret

  SetTimer

  SetWindowRgn

  UpdateLayeredWindow

  TrackMouseEvent

  AttachThreadInput

  SubtractRect

  DrawIcon

  SetFocus

  BeginPaint

  PtInRect

  GetIconInfo

  GetDC

  GetForegroundWindow

  GetClassNameW

  CallNextHookEx

  IsChild

  GetWindowTextLengthW

  RemovePropW

  SetCursor

  gdi32

  GetObjectW

  SetStretchBltMode

  CreateRoundRectRgn

  CreateRectRgn

  CreatePen

  RoundRect

  GetObjectA

  GetStockObject

  CreateSolidBrush

  DeleteDC

  CreateDCW

  SelectObject

  CreateCompatibleDC

  CreateCompatibleBitmap

  GetTextExtentPoint32W

  SetBitmapBits

  MoveToEx

  GetBitmapBits

  CreateFontW

  Rectangle

  CombineRgn

  DeleteObject

  SetBkMode

  GetDIBits

  StretchBlt

  GetDeviceCaps

  CreateFontIndirectW

  CreateDIBSection

  SetTextColor

  BitBlt

  SetViewportOrgEx

  LineTo

  advapi32

  RegEnumKeyExW

  RegQueryValueExW

  RegOpenKeyW

  RegEnumValueW

  RegOpenKeyExW

  RegCloseKey

  RegSetValueExW

  RegCreateKeyExW

  RegQueryInfoKeyW

  RegDeleteKeyW

  RegDeleteValueW

  OpenProcessToken

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  shell32

  SHGetFolderPathA

  SHGetFolderPathW

  ShellExecuteA

  ShellExecuteW

  SHGetSpecialFolderPathW

  SHGetSpecialFolderLocation

  SHGetMalloc

  SHGetPathFromIDListW

  CommandLineToArgvW

  ole32

  OleCreate

  OleUninitialize

  OleInitialize

  OleSetContainedObject

  CoMarshalInterface

  GetHGlobalFromStream

  CreateStreamOnHGlobal

  CoTaskMemAlloc

  CoTaskMemFree

  CoInitialize

  CoTaskMemRealloc

  CoUninitialize

  CoCreateInstance

  oleaut32

  VariantCopy

  SysAllocStringLen

  VariantInit

  VariantClear

  SysAllocString

  VarUI4FromStr

  SysFreeString

  shlwapi

  PathMatchSpecW

  StrTrimW

  SHDeleteKeyW

  PathFindExtensionW

  StrDupW

  SHRegGetPathW

  SHDeleteValueW

  StrCpyNW

  SHSetValueW

  PathCombineW

  PathIsRootW

  PathAddBackslashW

  PathIsDirectoryW

  PathAppendW

  SHGetValueW

  PathFileExistsW

  PathRemoveFileSpecW

  PathFindFileNameW

  gdiplus

  GdipCreateTexture2I

  GdiplusStartup

  GdipDeleteStringFormat

  GdipCreatePen1

  GdipDrawRectangleI

  GdipCreateFontFromDC

  GdipReleaseDC

  GdipGetImageWidth

  GdipCreatePath

  GdipSetStringFormatTrimming

  GdipCreateStringFormat

  GdipDrawLineI

  GdipCloneImage

  GdipFillRectangleI

  GdipBitmapLockBits

  GdipFillPath

  GdipSaveImageToFile

  GdipCreateFromHDC

  GdipCreateHBITMAPFromBitmap

  GdipDrawString

  GdipGetImageEncoders

  GdipCreateImageAttributes

  GdipClonePath

  GdipCreateBitmapFromHBITMAP

  GdipCreateBitmapFromFile

  GdipDisposeImage

  GdipSetImageAttributesColorKeys

  GdipGetImageEncodersSize

  GdipAlloc

  GdipDisposeImageAttributes

  GdipCreateSolidFill

  GdipAddPathArcI

  GdipBitmapUnlockBits

  GdipAddPathLineI

  GdipSetStringFormatAlign

  GdipDrawImageRectI

  GdipDeleteGraphics

  GdipCreateBitmapFromScan0

  GdipDeleteFont

  GdipDrawPath

  GdipSetTextRenderingHint

  GdipCreateBitmapFromStream

  GdipSetStringFormatLineAlign

  GdipMeasureString

  GdipTranslateTextureTransform

  GdipDrawImageRectRectI

  GdipGetImageHeight

  GdipCreateFontFromLogfontA

  GdipCloneBrush

  GdipDeletePen

  GdipFree

  GdipDeleteBrush

  GdipSetStringFormatFlags

  GdiplusShutdown

  GdipDeletePath

  comctl32

  ImageList_ReplaceIcon

  ImageList_Remove

  ImageList_GetImageCount

  ImageList_GetIcon

  ImageList_Create

  ImageList_Draw

  ImageList_Destroy

  InitCommonControlsEx

  msimg32

  TransparentBlt

  AlphaBlend

  version

  VerQueryValueW

  GetFileVersionInfoSizeW

  GetFileVersionInfoW

  riched20

  ord4

  winmm

  timeGetTime

  psapi

  GetModuleFileNameExW

  EnumProcessModules

  EnumProcesses

  wininet

  InternetGetCookieExW

  GetUrlCacheEntryInfoA

  GetUrlCacheEntryInfoW

  InternetSetOptionA

  InternetSetOptionExW

  InternetSetOptionExA

  InternetCloseHandle

  InternetOpenA

  HttpQueryInfoW

  InternetSetOptionW

  InternetReadFile

  InternetOpenUrlW

  Sections

  .text

  Size: 492KB - Virtual size: 491KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 159KB - Virtual size: 159KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 25KB - Virtual size: 45KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 21.9MB - Virtual size: 21.9MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 112KB - Virtual size: 111KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ