248c02a31c7f1e4ce520b7c72c3ddc44a8a29ee7b0f9dfa15f4cbf6e834febd1

Sharing

Copy URL Twitter E-mail

General

Target

248c02a31c7f1e4ce520b7c72c3ddc44a8a29ee7b0f9dfa15f4cbf6e834febd1
Size

1.2MB
MD5

110522df0a620e9ba88910a55e4450f3
SHA1

d621121290261aaab5f2fb54e7307c1363c7b976
SHA256

248c02a31c7f1e4ce520b7c72c3ddc44a8a29ee7b0f9dfa15f4cbf6e834febd1
SHA512

14d24c49f0043a1cd605b9e5ea33043a8946e216d6af5249e4fce099b381555c04f4f8e82697a02b8bf10ca80d5a46dc686eb5406b41d4e79f588e2f584a54c2
SSDEEP

24576:i2+arzGdvwk3mumDyVZWy2Fj8aXaIiiHlKrxw23OSiq9buZwmMRkLtWXctHkf:J9Kdv1m+VZWHFj8UfiOKrxkau6BREMXr

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
248c02a31c7f1e4ce520b7c72c3ddc44a8a29ee7b0f9dfa15f4cbf6e834febd1
unpack001/$PLUGINSDIR/BgWorker.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsProcess.dll
unpack001/Application/1.3.1.3036/AssWrapper.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

248c02a31c7f1e4ce520b7c72c3ddc44a8a29ee7b0f9dfa15f4cbf6e834febd1
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BgWorker.dll
.dll windows:4 windows x86 arch:x86

db2755f409b81c4dbfc04f648cfb80b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GetModuleHandleA
CloseHandle
SetThreadPriority
CreateThread

user32

IsWindowUnicode
PostMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects

Exports

Exports

CallAndWait

Sections

.text
Size: 1024B - Virtual size: 987B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 66B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/logo.ico
$PLUGINSDIR/nsNiuniuSkin.dll
.dll windows:4 windows x86 arch:x86

f18124498dfaa11a8bc7e2d37a9eb809

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:1d:17:9a:5a:0a:54:52:42:73:70:d1:7a:7d:f7:01
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

09/11/2015, 00:00

Not After

08/11/2016, 23:59

Subject

CN=Shao zhengjun,OU=Individual Developer,O=No Organization Affiliation,L=Shenzhen,ST=Guang Dong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5c:36:6a:50:fb:75:6b:0b:ce:82:3c:56:e2:b4:f7:56:a5:cf:93:f9
Signer

Actual PE Digest

5c:36:6a:50:fb:75:6b:0b:ce:82:3c:56:e2:b4:f7:56:a5:cf:93:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\NiuNiuCapture\nsis+duilib\plugin\nsNiuniuSkin.pdb

Imports

kernel32

GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WideCharToMultiByte
lstrcpyA
ExitProcess
GlobalAlloc
SetEndOfFile
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetStdHandle
LoadLibraryA
lstrcpynA
GlobalFree
lstrlenA
MultiByteToWideChar
MulDiv
GetProcAddress
LoadLibraryW
LockResource
SizeofResource
FreeResource
LoadResource
FindResourceW
GetModuleFileNameW
GetCurrentDirectoryW
GetModuleHandleW
GetTickCount
GetLastError
CloseHandle
ReadFile
GetFileSize
CreateFileW
SetFilePointer
GetFileType
DuplicateHandle
GetCurrentProcess
SystemTimeToFileTime
DosDateTimeToFileTime
CreateDirectoryW
SetFileTime
WriteFile
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
GlobalLock
GetLocalTime
HeapFree
GetProcessHeap
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
HeapAlloc
HeapReAlloc
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleA
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW

user32

GetWindowLongA
OffsetRect
InflateRect
UnionRect
SetCursor
LoadCursorW
CreateCaret
SetCaretPos
GetSysColor
PtInRect
GetKeyState
SendMessageW
GetWindowLongW
CharNextW
IntersectRect
GetCaretPos
HideCaret
ShowCaret
IsIconic
GetMonitorInfoW
MonitorFromWindow
IsZoomed
SetWindowRgn
MessageBoxW
SetWindowLongW
GetDC
InvalidateRect
SetTimer
KillTimer
IsWindow
SetCapture
ReleaseCapture
PostMessageW
GetCaretBlinkTime
GetFocus
ReleaseDC
SetWindowTextW
SetFocus
CreateWindowExW
UpdateLayeredWindow
IsRectEmpty
EndPaint
BeginPaint
GetUpdateRect
GetWindow
GetCursorPos
GetParent
DefWindowProcW
ShowWindow
PostQuitMessage
EnableWindow
LoadImageW
GetSystemMetrics
CallWindowProcW
GetPropW
SetPropW
RegisterClassW
RegisterClassExW
GetClassInfoExW
FillRect
CharPrevW
SetRect
DrawTextW
GetWindowRgn
MoveWindow
GetWindowTextW
GetWindowTextLengthW
MapWindowPoints
InvalidateRgn
CreateAcceleratorTableW
FindWindowW
ClientToScreen
GetMessageW
DispatchMessageW
SetWindowPos
GetWindowRect
TranslateMessage
ScreenToClient
GetClientRect
DestroyWindow

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comctl32

ord17
_TrackMouseEvent

gdiplus

GdipCreateFromHDC
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCreateSolidFill
GdipDeleteFont
GdipDeleteGraphics
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipAlloc
GdipFree
GdipDeleteBrush
GdiplusShutdown
GdiplusStartup
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipFillRectangleI
GdipDrawString
GdipMeasureString
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCloneBrush
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCloneImage
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

gdi32

SaveDC
GetDeviceCaps
GetObjectW
DeleteObject
CreateFontIndirectW
GetStockObject
CreateRoundRectRgn
GetTextMetricsW
SelectObject
CreatePen
DeleteDC
RestoreDC
PtInRegion
GetObjectA
SetBkMode
SetTextColor
SetBkColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
RoundRect
Rectangle
CreatePenIndirect
CreateCompatibleBitmap
CreateRectRgn
GetClipBox
MoveToEx
LineTo
CreateSolidBrush
SetStretchBltMode
StretchBlt
CombineRgn
CreateDIBSection
CreateRectRgnIndirect
ExtSelectClipRgn
SelectClipRgn
CreateCompatibleDC
BitBlt

ole32

OleLockRunning
CLSIDFromProgID
CreateStreamOnHGlobal
CLSIDFromString
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

Exports

Exports

BindCallBack
ExitDUISetup
FindControl
GetCheckboxStatus
GetControlAttribute
GetCtrlPos
GetDialogStyle
GetDirValue
GetWindowSize
InitResourcePath
InitSkinPage
IsControlVisible
NextPage
PrePage
SelectInstallDir
SetControlAttribute
SetDirValue
SetSliderRange
SetSliderValue
SetWindowSize
SetWindowTile
ShowMsgBox
ShowPage
ShowPageItem
add

Sections

.text
Size: 372KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:5 windows x86 arch:x86

a49b0342971aa199fc6349725b90146d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
OpenProcess
lstrcpynA
lstrlenA
LoadLibraryA
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryW
GetVersionExA
GlobalFree
GlobalAlloc

user32

GetWindowThreadProcessId
EnumWindows
wsprintfA
PostMessageA

Exports

Exports

_CloseProcess
_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 910B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 250B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/skin.zip
.zip
back.png
.png
bg.png
.png
bg1.png
.png
bg2.png
.png
bg3.png
.png
bgb.png
.png
bkcfg.png
.png
bottom.png
.png
btn_hot.png
.png
btn_normal.png
.png
btn_pushed.png
.png
checkbox.png
.png
configpage.xml
default.xml
.xml
exit.png
.png
finishpage.xml
install.png
.png
install.xml
installingpage.xml
license_bk.png
.png
licensepage.xml
line.png
.png
logo.png
.png
min.png
.png
mod_dir.png
.png
msgBox.xml
.xml
msgWarning.png
.png
scrollthumb.png
.png
selfdef.png
.png
selfdef1.png
.png
selfdef2.png
.png
slider_fore.png
.png
slider_value.png
.png
uninstall_complete.png
.png
uninstallfinishpage.xml
uninstallpage.xml
Application/1.3.1.3036/360Base64.dll
.dll windows:5 windows x64 arch:x64

d13c657a4dbd412a927d1687846959dd

Code Sign

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8b:33:41:ab:be:24:98:cd:d3:da:9f:b2:a3:0e:23:a6:cc:e4:c1:45:da:d3:77:c5:d3:9a:ee:72:63:b5:a2:2b
Signer

Actual PE Digest

8b:33:41:ab:be:24:98:cd:d3:da:9f:b2:a3:0e:23:a6:cc:e4:c1:45:da:d3:77:c5:d3:9a:ee:72:63:b5:a2:2b

Digest Algorithm

sha256

PE Digest Matches

true

bd:a7:96:73:98:b9:fb:d9:4d:1e:9b:e0:6a:69:51:5f:06:de:6c:a8
Signer

Actual PE Digest

bd:a7:96:73:98:b9:fb:d9:4d:1e:9b:e0:6a:69:51:5f:06:de:6c:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\672000\out\Release\360Base64.pdb

Imports

kernel32

GetUserDefaultLCID
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
lstrcmpiW
SizeofResource
LoadResource
FindResourceW
GetCurrentProcessId
GetSystemWindowsDirectoryW
GetVersionExW
LockResource
FreeResource
SetFilePointerEx
GetFileSizeEx
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
HeapDestroy
HeapSize
GetProcessHeap
FindResourceExW
lstrcmpA
LocalFree
GetFileSize
WriteFile
SetFilePointer
GetLocalTime
GetCurrentThreadId
FlushFileBuffers
SystemTimeToFileTime
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
ReadFile
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesExW
MoveFileExW
QueryPerformanceCounter
LockFileEx
UnlockFileEx
MapViewOfFile
GetFileType
lstrlenW
ReleaseMutex
GetACP
lstrlenA
LocalFileTimeToFileTime
lstrcmpiA
GetCurrentProcess
LoadLibraryW
GetProcAddress
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
Sleep
CreateMutexW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetStdHandle
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
OpenThread
HeapWalk
HeapUnlock
HeapLock
CreateFileA
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
lstrcatW
GlobalMemoryStatus
RtlVirtualUnwind
GetStdHandle
GetCPInfo
GetStringTypeW
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
OutputDebugStringW
IsDebuggerPresent
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
HeapFree
HeapReAlloc
HeapAlloc
SetErrorMode
SetLastError
GetLastError
RaiseException
CloseHandle
GetFileAttributesW
CreateFileW

user32

CharNextW
GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW

advapi32

RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptAcquireContextW
GetTokenInformation
OpenProcessToken
RegQueryValueExW
CryptReleaseContext
CryptGenRandom
RegQueryValueExA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoCreateGuid

oleaut32

SysAllocString
VarUI4FromStr

shlwapi

SHGetValueA
PathFileExistsW
StrTrimA
StrRChrW
PathAppendW
PathCombineW
StrCmpNIW
StrStrIW
StrCmpIW
StrStrIA
SHSetValueA
PathFindFileNameW

version

VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CryptMsgControl
CertFindCertificateInStore
CryptQueryObject
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CryptDecodeObjectEx
CertFreeCertificateChain
CryptDecodeObject
CertAddStoreToCollection
CertOpenStore
CertCloseStore
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgClose
CertOpenSystemStoreW
CryptMsgGetParam
CertGetCertificateChain

iphlpapi

GetAdaptersInfo

Exports

Exports

CreateObject
InitLibs

Sections

.text
Size: 851KB - Virtual size: 850KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 297KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Application/1.3.1.3036/AssWrapper.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Sections

.text
Size: 860KB - Virtual size: 859KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 12KB - Virtual size: 12KB

db2755f409b81c4dbfc04f648cfb80b9

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 987B

.reloc Size: 512B - Virtual size: 66B

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

f18124498dfaa11a8bc7e2d37a9eb809

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7d:1d:17:9a:5a:0a:54:52:42:73:70:d1:7a:7d:f7:01Certificate

Extended Key Usages

Key Usages

5c:36:6a:50:fb:75:6b:0b:ce:82:3c:56:e2:b4:f7:56:a5:cf:93:f9Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

comctl32

gdiplus

imm32

gdi32

ole32

oleaut32

Exports

Exports

Sections

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 12KB - Virtual size: 12KB

.text
Size: 1024B - Virtual size: 987B

.reloc
Size: 512B - Virtual size: 66B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7d:1d:17:9a:5a:0a:54:52:42:73:70:d1:7a:7d:f7:01
Certificate

5c:36:6a:50:fb:75:6b:0b:ce:82:3c:56:e2:b4:f7:56:a5:cf:93:f9
Signer

.text
Size: 372KB - Virtual size: 369KB

.rdata
Size: 92KB - Virtual size: 88KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 27KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 910B

.data
Size: - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 250B

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

8b:33:41:ab:be:24:98:cd:d3:da:9f:b2:a3:0e:23:a6:cc:e4:c1:45:da:d3:77:c5:d3:9a:ee:72:63:b5:a2:2b
Signer

bd:a7:96:73:98:b9:fb:d9:4d:1e:9b:e0:6a:69:51:5f:06:de:6c:a8
Signer