9ad7fd6c64c3ae787c467ed9f011a6e88e0d5ab04ba67b57240ed52a744a7129

Sharing

Copy URL Twitter E-mail

General

Target

9ad7fd6c64c3ae787c467ed9f011a6e88e0d5ab04ba67b57240ed52a744a7129
Size

2.1MB
MD5

1d26ca7e22577987e7de2167bcdadea5
SHA1

d668eff3215ce618f89f834c714879992293d079
SHA256

9ad7fd6c64c3ae787c467ed9f011a6e88e0d5ab04ba67b57240ed52a744a7129
SHA512

045d0b054bab60c9ae772dba8eea1993d49e24d1bb6abbc842e078089884862061bc0ebd6b00997cbac26b774ca54aedbe06a6c2c2223b5fc28d09a5793cb52f
SSDEEP

49152:dkUDnXhPG/WTJInNeloNzxb24YJpq+SnTTG4IRPp1q/:yShPG/WVUNzxa4gM+lU/

Score

1^/10

Malware Config

Signatures

Files

9ad7fd6c64c3ae787c467ed9f011a6e88e0d5ab04ba67b57240ed52a744a7129
.exe windows:5 windows x86 arch:x86

777f177e820a91bcad21af29a0dbb13c

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:db:1e:b1:c8:38:c9:bb:e3:30:f5:89:b1:2d:91:4f:45:dc:26:72:2a:05:21:e0:82:77:01:09:72:3e:72:42
Signer

Actual PE Digest

61:db:1e:b1:c8:38:c9:bb:e3:30:f5:89:b1:2d:91:4f:45:dc:26:72:2a:05:21:e0:82:77:01:09:72:3e:72:42

Digest Algorithm

sha256

PE Digest Matches

false

a6:19:e1:ca:a5:66:aa:53:69:59:17:01:62:dd:68:33:04:12:e7:73
Signer

Actual PE Digest

a6:19:e1:ca:a5:66:aa:53:69:59:17:01:62:dd:68:33:04:12:e7:73

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\workspace\qb_driver_service\master\out\Release\TsService.pdb

Imports

kernel32

ReleaseMutex
ReadConsoleInputA
DeleteCriticalSection
DecodePointer
HeapSize
GetLastError
RaiseException
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
Sleep
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetVersionExW
FlushConsoleInputBuffer
LoadLibraryA
GlobalMemoryStatus
GetModuleHandleA
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
SetConsoleCtrlHandler
GetTimeZoneInformation
ReadConsoleW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
FlushFileBuffers
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
GetOEMCP
GetACP
IsValidCodePage
WaitForSingleObject
SetEvent
CloseHandle
CreateEventW
ResetEvent
DeviceIoControl
CreateFileW
GetCurrentProcessId
OpenProcess
SetLastError
GetSystemDirectoryW
LoadLibraryExW
GetModuleHandleExW
ExpandEnvironmentStringsW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetLocalTime
SystemTimeToFileTime
QueryDosDeviceW
LocalFree
GetCurrentProcess
LoadLibraryW
FreeLibrary
SearchPathW
TerminateProcess
GetTickCount
GetCommandLineW
WTSGetActiveConsoleSessionId
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
GetSystemDefaultLangID
CreateThread
GetSystemTimeAsFileTime
OpenEventW
IsBadReadPtr
UnregisterWait
TerminateThread
WaitForMultipleObjects
InitializeCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
DeleteFileW
GetSystemTime
CreateProcessW
GetExitCodeProcess
GetSystemInfo
WideCharToMultiByte
VirtualFree
GetCurrentThreadId
HeapCreate
FindFirstFileW
FindClose
CreateDirectoryW
RemoveDirectoryW
SetFilePointer
WriteFile
lstrcmpiW
FindNextFileW
GetFullPathNameW
LocalAlloc
GetNativeSystemInfo
OutputDebugStringA
ExpandEnvironmentStringsA
GetPrivateProfileStringA
GetFileSize
ReadFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
VirtualAllocEx
VirtualQuery
Thread32First
OpenThread
SuspendThread
Thread32Next
Module32FirstW
Module32NextW
DuplicateHandle
SetErrorMode
SetUnhandledExceptionFilter
ReadProcessMemory
WriteProcessMemory
QueueUserWorkItem
EncodePointer
AddAtomW
FindAtomW
DeleteAtom
FileTimeToSystemTime
GetTempFileNameW
CopyFileW
DeleteFileA
OutputDebugStringW
CompareFileTime
GetFileTime
GetCurrentDirectoryW
SystemTimeToTzSpecificLocalTime
GetSystemDefaultLCID
MoveFileExW
lstrlenW
GetFileSizeEx
SetFilePointerEx
OpenFileMappingW
GetTempPathW
SetEndOfFile
GetStdHandle
SetHandleInformation
GlobalFree
IsDebuggerPresent
CreateMutexW
IsProcessorFeaturePresent
GetStringTypeW
FindFirstFileExW
GetDriveTypeW
ExitThread
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
AreFileApisANSI
SetConsoleMode

user32

MessageBoxA
GetProcessWindowStation
CreateDesktopW
CloseDesktop
GetCursorPos
KillTimer
DispatchMessageW
TranslateMessage
PeekMessageW
SetTimer
GetUserObjectInformationW

advapi32

ProcessTrace
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
AllocateAndInitializeSid
FreeSid
GetLengthSid
CopySid
CreateWellKnownSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
GetTokenInformation
ConvertSidToStringSidW
LookupAccountSidW
OpenProcessToken
OpenServiceW
StartServiceW
ControlService
QueryServiceStatusEx
RegCreateKeyExW
CloseServiceHandle
RegCloseKey
RegOpenKeyExW
StartServiceCtrlDispatcherW
RegSetValueExW
CreateServiceW
ChangeServiceConfig2W
ReportEventA
RegisterEventSourceA
DeregisterEventSource
GetUserNameA
LookupAccountNameA
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
RegQueryValueExA
RegOpenKeyExA
AddAccessAllowedAce
InitializeAcl
DuplicateTokenEx
RegCreateKeyW
ControlTraceW
EnableTrace
StartTraceW
CloseTrace
ImpersonateLoggedOnUser
OpenTraceW
RegQueryValueW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
CreateProcessAsUserW
IsValidSid
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyW
SetServiceStatus
RegisterServiceCtrlHandlerExW
OpenSCManagerW
RevertToSelf
GetNamedSecurityInfoW

shlwapi

PathGetDriveNumberW
PathRemoveFileSpecW
PathCombineW
PathFindFileNameW
SHCopyKeyW
SHSetValueW
StrStrIW
PathFileExistsA
SHDeleteKeyW
PathRemoveBlanksW
PathRemoveBackslashW
PathFileExistsW
AssocQueryStringW
PathAppendW
SHGetValueW

ws2_32

send
recv
ioctlsocket
WSAGetLastError
socket
connect
setsockopt
accept
inet_ntoa
listen
getsockname
sendto
recvfrom
getsockopt
__WSAFDIsSet
getpeername
closesocket
ntohl
ntohs
htons
bind
htonl
select

wtsapi32

WTSQueryUserToken

dnsapi

DnsFree
DnsQuery_A

psapi

EnumProcessModules
GetModuleBaseNameW
GetModuleBaseNameA
GetModuleFileNameExA
GetModuleFileNameExW
GetProcessImageFileNameW

wininet

InternetConnectW
InternetSetOptionW
InternetOpenA
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestW

userenv

CreateEnvironmentBlock
ExpandEnvironmentStringsForUserW
DestroyEnvironmentBlock

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

rpcrt4

I_RpcBindingInqLocalClientPID
RpcServerRegisterIfEx
RpcServerListen
RpcMgmtStopServerListening
NdrServerCall2
RpcServerUnregisterIf
RpcServerUseProtseqEpW

netapi32

NetGetJoinInformation
Netbios
NetApiBufferFree
NetWkstaTransportEnum

winhttp

WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpWriteData
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen

shell32

ord165
SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoInitializeEx
CoCreateGuid
CoUninitialize
CoInitialize

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

777f177e820a91bcad21af29a0dbb13c

Code Sign

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

61:db:1e:b1:c8:38:c9:bb:e3:30:f5:89:b1:2d:91:4f:45:dc:26:72:2a:05:21:e0:82:77:01:09:72:3e:72:42Signer

a6:19:e1:ca:a5:66:aa:53:69:59:17:01:62:dd:68:33:04:12:e7:73Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shlwapi

ws2_32

wtsapi32

dnsapi

psapi

wininet

userenv

version

rpcrt4

netapi32

winhttp

shell32

ole32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 343KB - Virtual size: 343KB

.data Size: 38KB - Virtual size: 62KB

.rsrc Size: 106KB - Virtual size: 106KB

.reloc Size: 66KB - Virtual size: 65KB

61:1c:b2:8a:00:00:00:00:00:26
Certificate

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

61:db:1e:b1:c8:38:c9:bb:e3:30:f5:89:b1:2d:91:4f:45:dc:26:72:2a:05:21:e0:82:77:01:09:72:3e:72:42
Signer

a6:19:e1:ca:a5:66:aa:53:69:59:17:01:62:dd:68:33:04:12:e7:73
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 343KB - Virtual size: 343KB

.data
Size: 38KB - Virtual size: 62KB

.rsrc
Size: 106KB - Virtual size: 106KB

.reloc
Size: 66KB - Virtual size: 65KB