eacec0265aa8fe169e792e26b44f1cb2ab092eee06720d07538ca0dd58b8d7f9

Sharing

Copy URL Twitter E-mail

General

Target

eacec0265aa8fe169e792e26b44f1cb2ab092eee06720d07538ca0dd58b8d7f9
Size

1.2MB
MD5

e60dade197e892af2bc51176a79f9f49
SHA1

6a19a608d09a0945b4ea84155abf36ca8ecdb057
SHA256

eacec0265aa8fe169e792e26b44f1cb2ab092eee06720d07538ca0dd58b8d7f9
SHA512

66009ae61e54961aef43cb369b95b6486991e83a031d3252445124b66a9bce72834a6f30982873c7450db92702eb4a0a55d8f57a2dd5ad80c8bd29fff5ecbc60
SSDEEP

12288:iZdPOKcwk1EkEtjnwAxJBbQLKDrW5sTz9OoxskBGehLWchkv:iZdPOKcwz9tzwAdULKDisTz0fIbhO

Score

1^/10

Malware Config

Signatures

Files

eacec0265aa8fe169e792e26b44f1cb2ab092eee06720d07538ca0dd58b8d7f9
.exe windows:6 windows x64 arch:x64

faa3abd941cf245dcb80eb6c4fe17816

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:6a:f9:5e:02:ce:45:d3:5f:44:51:1e:61:c6:ce:d6
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/12/2020, 00:00

Not After

02/01/2024, 23:59

Subject

CN=NetEase (Hangzhou) Network Co.\, Ltd,O=NetEase (Hangzhou) Network Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:a7:5d:33:e4:51:82:4a:61:20:fc:a9:33:4e:58:60:f9:da:8a:3e:77:70:65:f8:c8:eb:e7:38:af:2e:d4:42
Signer

Actual PE Digest

57:a7:5d:33:e4:51:82:4a:61:20:fc:a9:33:4e:58:60:f9:da:8a:3e:77:70:65:f8:c8:eb:e7:38:af:2e:d4:42

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

T:\unity_szfq\artifacts\UnityCrashHandler\release_Win64_VS2019\UnityCrashHandler64.pdb

Imports

user32

SetForegroundWindow
SetWindowTextW
InflateRect
UnionRect
GetDlgItem
LookupIconIdFromDirectoryEx
DialogBoxParamA
SendDlgItemMessageA
GetWindowLongA
SetWindowPos
EndDialog
AdjustWindowRect
SendMessageW
CreateIconFromResourceEx
OffsetRect
LoadImageA
GetIconInfo

kernel32

InterlockedPopEntrySList
DuplicateHandle
VirtualProtect
GetVersionExW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SignalObjectAndWait
CreateTimerQueue
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapQueryInformation
HeapSize
HeapReAlloc
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapFree
HeapAlloc
FreeLibraryAndExitThread
GetConsoleOutputCP
GetConsoleMode
SetConsoleCtrlHandler
GetFileType
SetStdHandle
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
CloseHandle
RaiseException
GetCurrentThread
OpenThread
GetThreadTimes
GetModuleHandleA
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
WaitForSingleObjectEx
SwitchToThread
CreateThread
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
SuspendThread
ResumeThread
TlsGetValue
TlsSetValue
GetThreadContext
GetLastError
SetLastError
CreateEventW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
FlushFileBuffers
GetFileAttributesA
QueryDepthSList
ReadFile
SetFilePointerEx
WriteFile
GetEnvironmentVariableA
GetCurrentDirectoryA
OutputDebugStringA
GetSystemTime
ReadProcessMemory
VerSetConditionMask
GetSystemTimeAsFileTime
GetCurrentProcessId
GetModuleHandleW
WaitForSingleObject
LocalFree
FormatMessageW
VerifyVersionInfoW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetStdHandle
GetFileSize
GetTempPathW
SetEvent
WaitForMultipleObjectsEx
Sleep
TerminateProcess
GetExitCodeProcess
GetProcessId
GetThreadId
OpenProcess
CopyFileExW
AllocConsole
SetErrorMode
GetCommandLineW
InitializeCriticalSection
CreateEventA
TerminateThread
GetExitCodeThread
LoadLibraryExW
LoadResource
LockResource
SizeofResource
FindResourceA
EnumResourceNamesA
IsDebuggerPresent
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
TlsAlloc
TlsFree
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
RtlUnwindEx
RtlPcToFileHeader
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
DecodePointer
EncodePointer
GetTickCount
GetStringTypeW
UnregisterWaitEx
InitializeSListHead
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
GetFileAttributesW
CreateProcessW

dbghelp

SymRegisterFunctionEntryCallback64
SymLoadModuleEx

shell32

CommandLineToArgvW
SHCreateDirectoryExW

ole32

CoCreateGuid
CoTaskMemFree
CoInitializeEx

psapi

GetModuleFileNameExW

advapi32

GetUserNameA

wininet

HttpSendRequestA
InternetOpenA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
HttpQueryInfoA
InternetCrackUrlA

gdi32

GetObjectA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 523KB - Virtual size: 522KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 472KB - Virtual size: 471KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

faa3abd941cf245dcb80eb6c4fe17816

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

03:6a:f9:5e:02:ce:45:d3:5f:44:51:1e:61:c6:ce:d6Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

57:a7:5d:33:e4:51:82:4a:61:20:fc:a9:33:4e:58:60:f9:da:8a:3e:77:70:65:f8:c8:eb:e7:38:af:2e:d4:42Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

kernel32

dbghelp

shell32

ole32

psapi

advapi32

wininet

gdi32

version

Sections

.text Size: 523KB - Virtual size: 522KB

.rdata Size: 159KB - Virtual size: 158KB

.data Size: 11KB - Virtual size: 21KB

.pdata Size: 30KB - Virtual size: 30KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 472KB - Virtual size: 471KB

.reloc Size: 5KB - Virtual size: 5KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:6a:f9:5e:02:ce:45:d3:5f:44:51:1e:61:c6:ce:d6
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

57:a7:5d:33:e4:51:82:4a:61:20:fc:a9:33:4e:58:60:f9:da:8a:3e:77:70:65:f8:c8:eb:e7:38:af:2e:d4:42
Signer

.text
Size: 523KB - Virtual size: 522KB

.rdata
Size: 159KB - Virtual size: 158KB

.data
Size: 11KB - Virtual size: 21KB

.pdata
Size: 30KB - Virtual size: 30KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 472KB - Virtual size: 471KB

.reloc
Size: 5KB - Virtual size: 5KB