ff556c45bb1734bc2f29d7465291a3a4c209ef4deb91aebff81634934466c00d

Sharing

Copy URL Twitter E-mail

General

Target

ff556c45bb1734bc2f29d7465291a3a4c209ef4deb91aebff81634934466c00d
Size

728KB
MD5

bfa657d3eca9df2b122d0908ac23c1ed
SHA1

0166602f19294dd65f97882771df66ccb7c56895
SHA256

ff556c45bb1734bc2f29d7465291a3a4c209ef4deb91aebff81634934466c00d
SHA512

a1c2379e31b8af7b3887b1fefeb177b223f6296e003a0d54e497968ce280c7ea8a64e63e4188bba6828932e8a98c6c594c691fd570d9f8d5493b9c15886917a4
SSDEEP

6144:VORuh9OvIfY2QbRfo71zNkEiLxRpJQ2IuYAoVnCjIlvQDYB2Weysl9p6WCIUTHoH:VOyOvPUtr2IComs9iMomuMPjBXpi97

Score

1^/10

Malware Config

Signatures

Files

ff556c45bb1734bc2f29d7465291a3a4c209ef4deb91aebff81634934466c00d
.dll windows:6 windows x64 arch:x64

259c0cac424349fd901f32a94c639c70

Code Sign

75:36:79:6c:4e:c8:a8:fb:05:35:cb:4f:1a:56:82:a7
Certificate

Issuer

CN=WoTrus OV SSL CA,O=WoTrus CA Limited,C=CN

Not Before

05/11/2019, 12:51

Not After

05/02/2022, 12:51

Subject

CN=*.360.cn,O=北京奇虎科技有限公司,L=北京市,ST=北京市,C=CN

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:36:79:6c:4e:c8:a8:fb:05:35:cb:4f:1a:56:82:a7
Certificate

Issuer

CN=WoTrus OV SSL CA,O=WoTrus CA Limited,C=CN

Not Before

05/11/2019, 12:51

Not After

05/02/2022, 12:51

Subject

CN=*.360.cn,O=北京奇虎科技有限公司,L=北京市,ST=北京市,C=CN

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:71:fd:88:cc:91:c3:58:e3:19:f7:50:f2:63:30:b9:53:d7:c1:dc:6e:e3:bb:6e:6f:2f:07:1c:c3:24:6e:2d
Signer

Actual PE Digest

b4:71:fd:88:cc:91:c3:58:e3:19:f7:50:f2:63:30:b9:53:d7:c1:dc:6e:e3:bb:6e:6f:2f:07:1c:c3:24:6e:2d

Digest Algorithm

sha256

PE Digest Matches

true

5c:a9:35:fd:fb:d8:04:39:33:f3:56:10:71:e6:60:aa:28:ab:c1:90
Signer

Actual PE Digest

5c:a9:35:fd:fb:d8:04:39:33:f3:56:10:71:e6:60:aa:28:ab:c1:90

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\PangolinRev\Release\core\LiteCorex64.pdb

Imports

kernel32

ChangeTimerQueueTimer
CloseHandle
CreateDirectoryW
CreateEventW
CreateFileW
CreateMutexA
CreateThread
CreateTimerQueue
CreateTimerQueueTimer
CreateToolhelp32Snapshot
DecodePointer
DeleteCriticalSection
DeleteFileW
DeleteTimerQueueTimer
DisableThreadLibraryCalls
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FlushInstructionCache
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameExW
GetComputerNameW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetExitCodeThread
GetFileAttributesW
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetLastError
GetLocaleInfoW
GetLogicalProcessorInformation
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetNumaHighestNodeNumber
GetOEMCP
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExW
GetWindowsDirectoryW
GlobalFree
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
InterlockedPopEntrySList
InterlockedPushEntrySList
IsBadReadPtr
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
MoveFileExW
MultiByteToWideChar
OpenProcess
OpenThread
OutputDebugStringA
OutputDebugStringW
Process32FirstW
Process32NextW
QueryDepthSList
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
RegisterWaitForSingleObject
ReleaseSemaphore
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetEndOfFile
SetEvent
SetFileAttributesW
SetFilePointerEx
SetFileTime
SetLastError
SetStdHandle
SetThreadAffinityMask
SetThreadContext
SetThreadExecutionState
SetThreadPriority
SetUnhandledExceptionFilter
SignalObjectAndWait
Sleep
SuspendThread
SwitchToThread
TerminateProcess
Thread32First
Thread32Next
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnregisterWait
UnregisterWaitEx
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
GetUserNameW
ImpersonateLoggedOnUser
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegEnumValueW
RegOpenCurrentUser
RegOpenKeyExW
RegOverridePredefKey
RegQueryValueExW
RevertToSelf

user32

GetSystemMetrics
wsprintfA
wsprintfW

ole32

CoCreateGuid
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

wininet

HttpAddRequestHeadersW
HttpEndRequestW
HttpOpenRequestW
HttpQueryInfoW
HttpSendRequestExW
InternetCloseHandle
InternetConnectW
InternetOpenW
InternetQueryDataAvailable
InternetQueryOptionW
InternetReadFile
InternetSetOptionW
InternetWriteFile

shlwapi

PathRemoveFileSpecW
StrStrIW

mpr

WNetAddConnection3W

ws2_32

FreeAddrInfoW
GetAddrInfoW
WSAGetLastError
WSAIoctl
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
getsockname
getsockopt
htonl
htons
inet_addr
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

crypt32

CertCloseStore
CertFindChainInStore
CertOpenSystemStoreW
CryptBinaryToStringA
CryptDecodeObjectEx
CryptStringToBinaryA

netapi32

NetApiBufferFree
NetWkstaGetInfo

ntdll

RtlImageNtHeader

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryOption
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetOption

bcrypt

BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptDecrypt
BCryptDeriveKey
BCryptDestroyHash
BCryptDestroyKey
BCryptDestroySecret
BCryptEncrypt
BCryptExportKey
BCryptFinalizeKeyPair
BCryptFinishHash
BCryptGenRandom
BCryptGenerateKeyPair
BCryptGetProperty
BCryptHashData
BCryptImportKey
BCryptImportKeyPair
BCryptOpenAlgorithmProvider
BCryptSecretAgreement
BCryptSetProperty
BCryptSignHash
BCryptVerifySignature

Sections

.text
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

259c0cac424349fd901f32a94c639c70

Code Sign

75:36:79:6c:4e:c8:a8:fb:05:35:cb:4f:1a:56:82:a7Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

75:36:79:6c:4e:c8:a8:fb:05:35:cb:4f:1a:56:82:a7Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

b4:71:fd:88:cc:91:c3:58:e3:19:f7:50:f2:63:30:b9:53:d7:c1:dc:6e:e3:bb:6e:6f:2f:07:1c:c3:24:6e:2dSigner

5c:a9:35:fd:fb:d8:04:39:33:f3:56:10:71:e6:60:aa:28:ab:c1:90Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

ole32

oleaut32

wininet

shlwapi

mpr

ws2_32

crypt32

netapi32

ntdll

winhttp

bcrypt

Sections

.text Size: 480KB - Virtual size: 480KB

.rdata Size: 177KB - Virtual size: 177KB

.data Size: 17KB - Virtual size: 26KB

.pdata Size: 30KB - Virtual size: 30KB

.00cfg Size: 512B - Virtual size: 40B

.gehcont Size: 512B - Virtual size: 116B

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 5KB

75:36:79:6c:4e:c8:a8:fb:05:35:cb:4f:1a:56:82:a7
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

75:36:79:6c:4e:c8:a8:fb:05:35:cb:4f:1a:56:82:a7
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

b4:71:fd:88:cc:91:c3:58:e3:19:f7:50:f2:63:30:b9:53:d7:c1:dc:6e:e3:bb:6e:6f:2f:07:1c:c3:24:6e:2d
Signer

5c:a9:35:fd:fb:d8:04:39:33:f3:56:10:71:e6:60:aa:28:ab:c1:90
Signer

.text
Size: 480KB - Virtual size: 480KB

.rdata
Size: 177KB - Virtual size: 177KB

.data
Size: 17KB - Virtual size: 26KB

.pdata
Size: 30KB - Virtual size: 30KB

.00cfg
Size: 512B - Virtual size: 40B

.gehcont
Size: 512B - Virtual size: 116B

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 5KB