8bbdcdf049738fe92b23e27bc2e533af567f52c8a1073d0d34748ab721a2321f

Sharing

Copy URL

Twitter E-mail

General

Target

8bbdcdf049738fe92b23e27bc2e533af567f52c8a1073d0d34748ab721a2321f
Size

2.7MB
MD5

a39fc9b6591f325c5265933bc1770b23
SHA1

b6bda30ae5d97585c93389519d180992fb84642d
SHA256

8bbdcdf049738fe92b23e27bc2e533af567f52c8a1073d0d34748ab721a2321f
SHA512

ad8c0706e2322aa52d2e03172eae923fb5230118e1aaa16a2964ab4720e96d8d70e5c111fc917f8c53072c4e0c4179c879565be384be5b22e05fc7208600029b
SSDEEP

49152:Th8V8W7BqrjBTKyUnMKBzCQxbvQ/qpyr0kaMpx1PGE7KIgTcKFdJhks:Th8VlFqrjBTKyU62bvQ/qpyr0kaMP4Ep

Score

1^/10

Malware Config

Signatures

Files

8bbdcdf049738fe92b23e27bc2e533af567f52c8a1073d0d34748ab721a2321f
.exe windows:5 windows x86 arch:x86

8726661cf3abc5bb4250bd8636203937

Code Sign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:55

Not After

15-04-2021 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09-06-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:ac:2e:8f:c0:3a:a9:87:1f:bd:68:e5
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25-09-2019 08:54

Not After

23-10-2022 07:28

Subject

SERIALNUMBER=91330106MA2AYNWD8M,CN=浙江诺诺网络科技有限公司,O=浙江诺诺网络科技有限公司,STREET=西湖区双龙街199号杭政储出【2013】51号地块商业商务用房5#楼7层701-708室,L=杭州市,ST=浙江省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#130848414e475a484f55,1.3.6.1.4.1.311.60.2.1.2=#13085a48454a49414e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c4:e7:0a:d7:be:f4:27:2d:84:09:8d:ed:ec:ab:45:75:22:24:50:d4
Signer

Actual PE Digest

c4:e7:0a:d7:be:f4:27:2d:84:09:8d:ed:ec:ab:45:75:22:24:50:d4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\公共组件库\roy\热更新\bin\Release\upgrade.pdb

Imports

shlwapi

PathFindFileNameW

kernel32

HeapSize
GetCurrentProcess
TerminateProcess
GetModuleFileNameA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SleepEx
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
ReadFile
Sleep
WaitForMultipleObjects
GetProcessHeap
GetStdHandle
PeekNamedPipe
GetEnvironmentVariableA
QueryPerformanceCounter
GetSystemTimeAsFileTime
CompareFileTime
SetLastError
FormatMessageA
VerSetConditionMask
VerifyVersionInfoW
HeapFree
HeapAlloc
WriteFile
MoveFileExW
OutputDebugStringA
HeapReAlloc
DeleteCriticalSection
MoveFileW
GetTickCount
GetFileSize
WaitForSingleObject
CloseHandle
GetFileType
DecodePointer
GetLastError
RaiseException
lstrlenW
MultiByteToWideChar
lstrcmpW
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetModuleHandleW
OutputDebugStringW
GetCommandLineW
CreateFileW
QueryPerformanceFrequency
GetCurrentThread
SystemTimeToFileTime
GetSystemTime
FindFirstFileW
ConvertThreadToFiber
ConvertFiberToThread
LoadLibraryA
CreateFiber
DeleteFiber
SwitchToFiber
FormatMessageW
SetConsoleMode
ReadConsoleA
GetEnvironmentVariableW
SetEndOfFile
WriteConsoleW
GetTimeZoneInformation
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
CopyFileW
AreFileApisANSI
DuplicateHandle
GetCurrentThreadId
GetExitCodeThread
EncodePointer
GetStringTypeW
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
LoadLibraryExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetCurrentProcessId
SetFilePointerEx
FileTimeToLocalFileTime
RtlUnwind
DeleteFileW
GetFullPathNameW
GetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
SetEnvironmentVariableA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CreateSemaphoreW
CreateTimerQueue
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
GetConsoleCP
FlushFileBuffers
IsValidCodePage
GetACP
GetOEMCP
SetConsoleCtrlHandler
SetStdHandle

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation

advapi32

DeregisterEventSource
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegisterEventSourceW

shell32

CommandLineToArgvW

crypt32

CertGetCertificateContextProperty
CertOpenSystemStoreW
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext

ws2_32

getaddrinfo
listen
freeaddrinfo
sendto
recvfrom
WSACleanup
WSAStartup
__WSAFDIsSet
select
htonl
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
closesocket
ioctlsocket
gethostname
getnameinfo
shutdown
accept

wldap32

ord26
ord117
ord41
ord208
ord27
ord14
ord46
ord219
ord145
ord127
ord167
ord142
ord79
ord133
ord147
ord301
ord216

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 539KB - Virtual size: 539KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8726661cf3abc5bb4250bd8636203937

Code Sign

04:00:00:00:00:01:25:07:1d:f9:afCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

24:ac:2e:8f:c0:3a:a9:87:1f:bd:68:e5Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

c4:e7:0a:d7:be:f4:27:2d:84:09:8d:ed:ec:ab:45:75:22:24:50:d4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

advapi32

shell32

crypt32

ws2_32

wldap32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 539KB - Virtual size: 539KB

.data Size: 30KB - Virtual size: 62KB

.rsrc Size: 187KB - Virtual size: 187KB

.reloc Size: 110KB - Virtual size: 110KB

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

24:ac:2e:8f:c0:3a:a9:87:1f:bd:68:e5
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

c4:e7:0a:d7:be:f4:27:2d:84:09:8d:ed:ec:ab:45:75:22:24:50:d4
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 539KB - Virtual size: 539KB

.data
Size: 30KB - Virtual size: 62KB

.rsrc
Size: 187KB - Virtual size: 187KB

.reloc
Size: 110KB - Virtual size: 110KB