1ff6d5b9a690c42f5808ee741b6e5c89f64b2f7b17d7a0bdbdc21ad1a3b53878

Sharing

Copy URL

Twitter E-mail

General

Target

1ff6d5b9a690c42f5808ee741b6e5c89f64b2f7b17d7a0bdbdc21ad1a3b53878
Size

1.6MB
MD5

f18e59faba7804187199e16fb92c3831
SHA1

063a18a82a8a71b2a2da02a0b5d8301b9d0a06f0
SHA256

1ff6d5b9a690c42f5808ee741b6e5c89f64b2f7b17d7a0bdbdc21ad1a3b53878
SHA512

bc856b7dc350c7ac14c6e90941729dcb813cefd3cf1ddc85d32491ca749bc0806cced8948e2a95d246aa64464e2c5e7b65815589c046a334e48ed4831f12140a
SSDEEP

24576:2Th69Fnix1kHcPGlFERUmu4T/Wzmq3fjmNV3vpK0vMTuFU9Kr61B9wrEH7Q:I69FikjsYvjmNJvpX0TuF2Z1A

Score

1^/10

Malware Config

Signatures

Files

1ff6d5b9a690c42f5808ee741b6e5c89f64b2f7b17d7a0bdbdc21ad1a3b53878
.dll regsvr32 windows:5 windows x86 arch:x86

8a750bf910e26f401e6725747d15674a

Code Sign

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-11-2019 00:00

Not After

04-02-2023 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-11-2019 00:00

Not After

04-02-2023 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

28-01-2021 11:08

Not After

01-03-2032 11:08

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fd:b7:d1:63:41:66:b4:9a:a5:19:fc:41:85:ce:1f:c1:08:6a:82:f8:3c:5b:d6:e8:06:5c:72:fb:4c:eb:67:a2
Signer

Actual PE Digest

fd:b7:d1:63:41:66:b4:9a:a5:19:fc:41:85:ce:1f:c1:08:6a:82:f8:3c:5b:d6:e8:06:5c:72:fb:4c:eb:67:a2

Digest Algorithm

sha256

PE Digest Matches

false

df:4d:08:9a:42:a4:00:f1:63:a9:2b:ee:49:17:40:b0:cc:96:a7:1f
Signer

Actual PE Digest

df:4d:08:9a:42:a4:00:f1:63:a9:2b:ee:49:17:40:b0:cc:96:a7:1f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\641453\out\Release_i18n\safemon.pdb

Imports

kernel32

GetSystemInfo
GetCurrentProcessId
OpenProcess
GetModuleFileNameA
lstrcmpiA
OutputDebugStringW
GetShortPathNameW
Sleep
GetCommandLineW
LoadLibraryExW
GetPrivateProfileIntW
TlsGetValue
GetTickCount
ExpandEnvironmentStringsW
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
GetPrivateProfileIntA
CreateThread
CreateFileA
CreateFileMappingA
MapViewOfFileEx
UnmapViewOfFile
VirtualAllocEx
VirtualFreeEx
GetVersionExA
CreateDirectoryA
SetEndOfFile
SetUnhandledExceptionFilter
GetSystemDirectoryA
CreateRemoteThread
VirtualAlloc
VirtualFree
IsBadStringPtrW
VirtualProtect
CreateFileMappingW
MapViewOfFile
GetPrivateProfileStringA
GetPrivateProfileSectionW
CreateEventW
SetEvent
WaitForMultipleObjects
GlobalSize
GlobalLock
GlobalUnlock
GetProcessHeap
HeapAlloc
lstrcpynW
lstrcmpA
OpenFileMappingW
GetLocalTime
IsDebuggerPresent
OpenMutexW
GetModuleHandleA
CreateDirectoryW
CopyFileW
IsBadCodePtr
GetSystemTime
SystemTimeToFileTime
LoadLibraryA
CreateProcessW
GetExitCodeThread
GetTempPathW
GetTempFileNameW
HeapFree
GetEnvironmentVariableW
ResetEvent
lstrcmpW
ReleaseMutex
HeapWalk
HeapLock
OpenThread
HeapUnlock
CreateMutexW
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
GetPrivateProfileStringW
SetFilePointer
GetVersionExW
FreeResource
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetStdHandle
HeapCreate
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SuspendThread
LocalAlloc
GetFileAttributesW
LoadLibraryW
GetSystemDirectoryW
LocalFree
SearchPathW
VirtualQuery
GetLongPathNameW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
GetFileAttributesExW
lstrcpynA
WideCharToMultiByte
lstrlenW
TerminateProcess
MultiByteToWideChar
InterlockedCompareExchange
lstrlenA
WriteFile
CloseHandle
ReadFile
GetFileSize
CreateFileW
SetLastError
RaiseException
lstrcmpiW
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
GetCurrentThread
SetErrorMode
IsBadReadPtr
TlsSetValue
GetModuleFileNameW
FreeLibrary
GetModuleHandleW
TlsFree
TlsAlloc
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
SetThreadContext
GetThreadContext
ResumeThread
DeviceIoControl
HeapSize
HeapReAlloc
HeapDestroy
IsProcessorFeaturePresent
InterlockedExchange
DebugBreak

user32

CallWindowProcW
SetParent
SetWindowPos
IsWindow
ShowWindow
GetClientRect
MoveWindow
GetWindowLongW
GetSystemMetrics
RedrawWindow
SetWindowLongW
GetParent
DefWindowProcW
GetWindowRect
UnregisterClassA
ScreenToClient
InvalidateRect
EnumChildWindows
IsWindowVisible
DestroyWindow
GetClassNameW
FindWindowExW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
PostQuitMessage
EnumThreadWindows
EndDialog
DialogBoxParamW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RegisterClassW
GetMonitorInfoW
MonitorFromPoint
DestroyMenu
EndPaint
BeginPaint
AppendMenuW
TrackPopupMenu
CreatePopupMenu
DrawTextW
RegisterWindowMessageW
InflateRect
OffsetRect
CopyRect
KillTimer
SetTimer
SendMessageW
GetWindowTextW
SetWindowTextW
SetRectEmpty
SetRect
DrawIconEx
PostMessageW
PtInRect
GetDC
ReleaseDC
GetCursorPos
wsprintfW
FindWindowW
LoadImageW
CharNextW
SendMessageTimeoutW
UnhookWindowsHookEx
BroadcastSystemMessageW
SetWindowsHookExW
CallNextHookEx

gdi32

CreateFontIndirectW
ExtTextOutW
SetBkColor
SetTextColor
SetBkMode
GetStockObject
BitBlt
CreateDIBSection
SetStretchBltMode
StretchBlt
SelectObject
CreateCompatibleDC
DeleteDC
DeleteObject
GetObjectW
SetViewportOrgEx
CreateCompatibleBitmap
CreateBitmap
SetPixel
PatBlt

advapi32

RegQueryValueExA
CryptAcquireContextW
LookupAccountNameW
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
ConvertSidToStringSidW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
CryptGenRandom
CryptReleaseContext
RegQueryValueExW

shell32

ord51
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetFolderPathA
SHGetSpecialFolderPathA
CommandLineToArgvW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
StringFromCLSID
StringFromGUID2
GetHGlobalFromStream
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CreateStreamOnHGlobal
CoTaskMemRealloc

oleaut32

SysStringByteLen
SysAllocStringByteLen
UnRegisterTypeLi
SysAllocStringLen
VariantClear
SysFreeString
DispCallFunc
SysStringLen
LoadTypeLi
VariantInit
VarUI4FromStr
LoadRegTypeLi
SysAllocString
VarBstrCmp

shlwapi

StrCmpW
StrChrW
StrDupW
PathIsDirectoryW
PathFindExtensionW
StrCmpNIA
PathRemoveFileSpecW
StrCmpNW
UrlGetPartW
StrCmpNIW
StrStrIA
PathGetArgsW
UrlUnescapeW
PathFileExistsA
PathRemoveFileSpecA
PathCombineA
StrStrW
PathMatchSpecW
SHSetValueW
SHDeleteKeyW
PathRemoveExtensionW
PathRemoveBackslashW
PathIsRootW
PathIsPrefixW
UrlGetPartA
StrDupA
StrChrA
wnsprintfW
PathAppendW
PathFindFileNameW
StrRChrIW
StrRStrIW
StrChrIW
StrCmpIW
StrStrIW
SHGetValueW
PathFileExistsW
StrCpyNW
PathCombineW

psapi

EnumProcessModules
GetModuleInformation
GetModuleBaseNameW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

oleacc

AccessibleObjectFromPoint

urlmon

UrlMkSetSessionOption
UrlMkGetSessionOption

ws2_32

htonl
ntohl
WSASetLastError
getpeername
inet_ntoa
inet_addr

netapi32

NetApiBufferFree
NetWkstaUserGetInfo

Exports

Exports

CommonNotify
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetSafeVedioVersion
GetUrlSiteType
IsTraystupidRealRunning
SetMailGuardCallback
SetNetpayGuardState
SetSafeVedioVersion
SetWDPayProPopWndState
Start
StartF
Stop
Update
pcre_callout
pcre_compile
pcre_compile2
pcre_exec
pcre_free
pcre_malloc
pcre_stack_free
pcre_stack_malloc
safemon_100
safemon_101
safemon_102
safemon_103
safemon_104
safemon_105
safemon_106
safemon_107
safemon_108
safemon_109
safemon_110
safemoninit

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.share
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARE
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a750bf910e26f401e6725747d15674a

Code Sign

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7eCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:deCertificate

Extended Key Usages

Key Usages

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

fd:b7:d1:63:41:66:b4:9a:a5:19:fc:41:85:ce:1f:c1:08:6a:82:f8:3c:5b:d6:e8:06:5c:72:fb:4c:eb:67:a2Signer

df:4d:08:9a:42:a4:00:f1:63:a9:2b:ee:49:17:40:b0:cc:96:a7:1fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

version

oleacc

urlmon

ws2_32

netapi32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 187KB - Virtual size: 186KB

.data Size: 52KB - Virtual size: 148KB

.share Size: 512B - Virtual size: 56B

.SHARE Size: 512B - Virtual size: 4B

.rsrc Size: 57KB - Virtual size: 56KB

.reloc Size: 71KB - Virtual size: 71KB

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

fd:b7:d1:63:41:66:b4:9a:a5:19:fc:41:85:ce:1f:c1:08:6a:82:f8:3c:5b:d6:e8:06:5c:72:fb:4c:eb:67:a2
Signer

df:4d:08:9a:42:a4:00:f1:63:a9:2b:ee:49:17:40:b0:cc:96:a7:1f
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 187KB - Virtual size: 186KB

.data
Size: 52KB - Virtual size: 148KB

.share
Size: 512B - Virtual size: 56B

.SHARE
Size: 512B - Virtual size: 4B

.rsrc
Size: 57KB - Virtual size: 56KB

.reloc
Size: 71KB - Virtual size: 71KB