5cbaa91348be54aea9137e9e9dd35f2665a99a81299000ce8f8c3f36932c4603

Sharing

Copy URL Twitter E-mail

General

Target

5cbaa91348be54aea9137e9e9dd35f2665a99a81299000ce8f8c3f36932c4603
Size

2.6MB
MD5

d0c5a9c5ee183264d98dc771a99ed2cb
SHA1

8c427dd6703ef46bccea00c52acc8bb4f6b1dcc4
SHA256

5cbaa91348be54aea9137e9e9dd35f2665a99a81299000ce8f8c3f36932c4603
SHA512

26b2cf1bb12be6f152c611f4a6fecf4bde4b0387a56244bc90ffca1313ebea2d6acd561925f159c134a5d08cce92428d16919c9dc238ee048982f7af505dadca
SSDEEP

49152:bIUGbZKKLdDVWEMFm4qgtP9iFN3T71dinNiHjxAq6:bIT2nFvqEiFNVC

Score

1^/10

Malware Config

Signatures

Files

5cbaa91348be54aea9137e9e9dd35f2665a99a81299000ce8f8c3f36932c4603
.exe windows:5 windows x86 arch:x86

536750547cc17ba91c9823e63d91570f

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:5d:45:23:54:52:ea:9e:e9:0c:37:04:98:8e:02:8e
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/04/2022, 00:00

Not After

02/05/2025, 23:59

Subject

SERIALNUMBER=91510100677184972A,CN=四川迅游网络科技股份有限公司,O=四川迅游网络科技股份有限公司,L=成都市,ST=四川省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c21e68890e983bde9ab98e696b0e68a80e69cafe4baa7e4b89ae5bc80e58f91e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e59b9be5b79de79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:d4:17:44:75:8d:c8:37:af:f0:6a:51:23:6c:f2:29:c4:f0:4b:9a:64:d6:b4:f6:54:aa:1d:6d:9f:a0:65:51
Signer

Actual PE Digest

8e:d4:17:44:75:8d:c8:37:af:f0:6a:51:23:6c:f2:29:c4:f0:4b:9a:64:d6:b4:f6:54:aa:1d:6d:9f:a0:65:51

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\workspace\yxqxunyou_new\output\yxqxunyou.pdb

Imports

wldap32

ord26
ord27
ord41
ord167
ord142
ord79
ord133
ord147
ord301
ord208
ord73
ord216
ord14
ord145
ord46
ord127
ord219
ord117

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore
CertOpenSystemStoreA
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertGetCertificateContextProperty

kernel32

CreateFileW
CloseHandle
GetFileSize
FindFirstFileW
FindNextFileW
FindClose
GetTempPathA
DeleteFileW
lstrcmpiW
GetModuleFileNameA
SetLastError
WriteFile
MultiByteToWideChar
SetFilePointerEx
WideCharToMultiByte
GetLocalTime
LoadLibraryA
GetProcAddress
OpenEventA
WaitForSingleObject
OpenFileMappingW
UnmapViewOfFile
SetEvent
GetCurrentProcessId
CreateFileMappingW
CreateEventA
MapViewOfFile
CreateDirectoryW
GetCurrentProcess
WaitForMultipleObjects
GetTempPathW
GetCurrentThreadId
OpenProcess
CreateToolhelp32Snapshot
Sleep
GetTickCount64
Process32NextW
Process32FirstW
CreateProcessW
GetModuleHandleW
CopyFileW
CreateEventW
LoadLibraryW
SetUnhandledExceptionFilter
GetStdHandle
GetWindowsDirectoryA
FindFirstFileExW
GetComputerNameA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
RtlCaptureStackBackTrace
GetSystemTimeAsFileTime
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryW
VerifyVersionInfoW
QueryPerformanceCounter
GetTickCount
MoveFileExA
CompareFileTime
GetEnvironmentVariableA
GetModuleFileNameW
PeekNamedPipe
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
FormatMessageW
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTime
SystemTimeToFileTime
CreateProcessA
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
OutputDebugStringA
ReadFile
FormatMessageA
FreeLibrary
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetDriveTypeW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
ResetEvent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetExitCodeThread
GetCurrentThread
InitializeCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
GetFileType
HeapSize
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetProcessHeap
GetTimeZoneInformation
SetEndOfFile
WriteConsoleW
GetFullPathNameW
GetCurrentDirectoryW
CreatePipe
GetExitCodeProcess
FlushFileBuffers
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
GetCommandLineW
GetCommandLineA
HeapReAlloc
HeapFree
HeapAlloc
ExitProcess
WaitForSingleObjectEx
DuplicateHandle
ExitThread
GetFileAttributesExW
SetConsoleCtrlHandler
GetConsoleCP
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
EncodePointer
TryEnterCriticalSection

user32

GetPropW
GetProcessWindowStation
MessageBoxW
EnumWindows
SendMessageW
GetUserObjectInformationW

advapi32

CryptSignHashW
CryptEnumProvidersW
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptGenRandom
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptDestroyKey
CryptAcquireContextW
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptReleaseContext

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
SHCreateDirectoryExW

shlwapi

PathFileExistsW
StrCmpIW
PathIsDirectoryW

wininet

InternetOpenW
HttpQueryInfoW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle

iphlpapi

GetAdaptersInfo
GetIpForwardTable

ws2_32

getpeername
htons
inet_addr
WSAStartup
WSACleanup
sendto
recvfrom
getnameinfo
ntohl
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSAIoctl
WSASetLastError
setsockopt
ntohs
getsockopt
getsockname
shutdown
connect
bind
WSAGetLastError
send
recv
gethostbyname
gethostname
getaddrinfo
inet_ntoa
freeaddrinfo
closesocket
select
socket

psapi

GetModuleFileNameExW

dbghelp

SymSetOptions
SymCleanup
SymInitialize
SymFromAddr
UnDecorateSymbolName
MiniDumpWriteDump

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 566KB - Virtual size: 565KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

536750547cc17ba91c9823e63d91570f

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:5d:45:23:54:52:ea:9e:e9:0c:37:04:98:8e:02:8eCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

8e:d4:17:44:75:8d:c8:37:af:f0:6a:51:23:6c:f2:29:c4:f0:4b:9a:64:d6:b4:f6:54:aa:1d:6d:9f:a0:65:51Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wldap32

crypt32

kernel32

user32

advapi32

shell32

shlwapi

wininet

iphlpapi

ws2_32

psapi

dbghelp

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 566KB - Virtual size: 565KB

.data Size: 62KB - Virtual size: 144KB

.tls Size: 30KB - Virtual size: 29KB

.gfids Size: 3KB - Virtual size: 2KB

.rsrc Size: 38KB - Virtual size: 37KB

.reloc Size: 88KB - Virtual size: 87KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:5d:45:23:54:52:ea:9e:e9:0c:37:04:98:8e:02:8e
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

8e:d4:17:44:75:8d:c8:37:af:f0:6a:51:23:6c:f2:29:c4:f0:4b:9a:64:d6:b4:f6:54:aa:1d:6d:9f:a0:65:51
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 566KB - Virtual size: 565KB

.data
Size: 62KB - Virtual size: 144KB

.tls
Size: 30KB - Virtual size: 29KB

.gfids
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 38KB - Virtual size: 37KB

.reloc
Size: 88KB - Virtual size: 87KB