63207f62f47deaf7f126b2596a0c3799b91e44b05e3b93a1332ee0a3bced7ce5

Sharing

Copy URL

Twitter E-mail

General

Target

63207f62f47deaf7f126b2596a0c3799b91e44b05e3b93a1332ee0a3bced7ce5
Size

177KB
MD5

2cea99df866f93e1678e68a60217e5d6
SHA1

df448d1b7f6d08d54705a8e0560e6478a01c32da
SHA256

63207f62f47deaf7f126b2596a0c3799b91e44b05e3b93a1332ee0a3bced7ce5
SHA512

7eacff0b3500a9046e1bb19dd8dc51df1923057d4877acf582474c793a40cec3d079a52bb06b1a0246375c5f0074d2935b5107a63bd07bf685f7341f68a03764
SSDEEP

3072:WSPpvjK0kTtXFhpoY1fQDJqg98KsVE36TBfdv0x6X+FZRlc38FDwx:Wao0kTtXnpZ+DwgPWE36TB1v0sX+FZr0

Score

1^/10

Malware Config

Signatures

Files

63207f62f47deaf7f126b2596a0c3799b91e44b05e3b93a1332ee0a3bced7ce5
.exe windows:5 windows x86 arch:x86

78601a559d43ad97eff330d8ed48a831

Code Sign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:55

Not After

15-04-2021 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09-06-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:ac:2e:8f:c0:3a:a9:87:1f:bd:68:e5
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25-09-2019 08:54

Not After

23-10-2022 07:28

Subject

SERIALNUMBER=91330106MA2AYNWD8M,CN=浙江诺诺网络科技有限公司,O=浙江诺诺网络科技有限公司,STREET=西湖区双龙街199号杭政储出【2013】51号地块商业商务用房5#楼7层701-708室,L=杭州市,ST=浙江省,C=CN,1.3.6.1.4.1.311.60.2.1.1=#130848414e475a484f55,1.3.6.1.4.1.311.60.2.1.2=#13085a48454a49414e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1b:96:27:91:f0:cf:ae:43:0f:61:0a:02:58:45:3e:6f:e7:a8:96:e1
Signer

Actual PE Digest

1b:96:27:91:f0:cf:ae:43:0f:61:0a:02:58:45:3e:6f:e7:a8:96:e1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\中文customer_client_v1.7.8\src\CrashReporter\bin\Release\CrashReporter.pdb

Imports

mfc120u

ord1470
ord973
ord7382
ord6404
ord10919
ord12006
ord6121
ord13612
ord2718
ord9091
ord12047
ord8921
ord10896
ord11271
ord10353
ord458
ord3361
ord3362
ord3122
ord6434
ord6032
ord6123
ord13616
ord3263
ord3260
ord10136
ord8092
ord2719
ord10166
ord10168
ord10167
ord10165
ord10169
ord5557
ord11600
ord11601
ord9020
ord11964
ord3795
ord3790
ord11811
ord14447
ord8846
ord12095
ord6875
ord9349
ord10883
ord9137
ord3224
ord13738
ord12134
ord12132
ord1711
ord1723
ord1731
ord1727
ord1736
ord4879
ord4920
ord4887
ord4899
ord4895
ord4891
ord4928
ord4916
ord4883
ord4932
ord4905
ord4867
ord4874
ord4909
ord4459
ord5693
ord9574
ord4451
ord3013
ord14449
ord7807
ord14455
ord14367
ord6774
ord12123
ord4434
ord11592
ord14094
ord13991
ord13563
ord5838
ord7704
ord13997
ord2640
ord11999
ord3898
ord3329
ord3330
ord3223
ord12043
ord999
ord3654
ord3653
ord4842
ord1386
ord887
ord2204
ord8346
ord4772
ord1687
ord1518
ord296
ord5020
ord265
ord1400
ord2163
ord8352
ord7542
ord1467
ord8268
ord12122
ord4548
ord10315
ord12800
ord997
ord7330
ord7375
ord1139
ord2843
ord11837
ord500
ord4280
ord10314
ord12799
ord2347
ord2343
ord266
ord3317
ord3195
ord6702
ord12736
ord4546
ord7881
ord8206
ord5262
ord10260
ord2444
ord12413
ord12412
ord14448
ord7806
ord14454
ord9279
ord4109
ord4047
ord12818
ord7825
ord1992
ord11858
ord11857
ord14326
ord12402
ord7884
ord14526
ord6251
ord14528
ord6253
ord14527
ord6252
ord13771
ord992
ord6758
ord3809
ord5821
ord12114
ord8099
ord12126
ord12094
ord1130
ord1063
ord1441
ord1108
ord2262
ord2173
ord2131
ord6452
ord9007
ord4176
ord3103
ord6393
ord9016
ord4193
ord3215
ord13333
ord6735
ord4049
ord5157
ord5454
ord5664
ord9231
ord5430
ord5667
ord5160
ord5316
ord5137
ord7609
ord7610
ord7600
ord5314
ord8101
ord10131
ord9090
ord5824
ord1520
ord1042
ord286
ord285
ord2967
ord1506
ord2367
ord1447
ord1508

msvcr120

strchr
realloc
strstr
sprintf
sscanf
strncmp
tolower
floor
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
?terminate@@YAXXZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_except1
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
srand
rand
malloc
fwrite
_ftelli64
_fseeki64
ferror
?what@exception@std@@UBEPBDXZ
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
printf
memset
??8type_info@@QBE_NABV0@@Z
_time64
_mktime64
fread
fopen
feof
fclose
swscanf
_waccess
wcsncpy
memchr
towlower
memcpy
__CxxFrameHandler3
_CxxThrowException
free
wcsrchr
memmove
_purecall
_libm_sse2_pow_precise

kernel32

OutputDebugStringW
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObject
GetModuleFileNameW
GetCommandLineW
DeleteFileW
IsBadReadPtr
SuspendThread
ResumeThread
GetPrivateProfileIntW
WritePrivateProfileStringW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
MultiByteToWideChar
DecodePointer
lstrcmpW

user32

GetSystemMetrics
GetSystemMenu
AppendMenuW
DrawIcon
EnableWindow
GetWindowRect
LoadIconW
PostMessageW
KillTimer
SetTimer
IsIconic
PostQuitMessage
SendMessageW
GetClientRect

shell32

CommandLineToArgvW
ShellExecuteW

comctl32

ord17

shlwapi

PathFindFileNameW

msvcp120

??1_Pad@std@@QAE@XZ
??0_Pad@std@@QAE@XZ
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
_Thrd_equal
_Thrd_current
?_Throw_Cpp_error@std@@YAXH@Z
??0_Locinfo@std@@QAE@HPBD@Z
??1_Locinfo@std@@QAE@XZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??Bid@locale@std@@QAEIXZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
?_Launch@_Pad@std@@QAEXPAU_Thrd_imp_t@@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?out@?$codecvt@_WDH@std@@QBEHAAHPB_W1AAPB_WPAD3AAPAD@Z
??0?$codecvt@_WDH@std@@QAE@I@Z
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??_7_Facet_base@std@@6B@
??_7facet@locale@std@@6B@
??_7codecvt_base@std@@6B@
?id@?$codecvt@_WDH@std@@2V0locale@2@A
??_7?$codecvt@_WDH@std@@6B@
?_Release@_Pad@std@@QAEXXZ
?_Close_dir@sys@tr2@std@@YAXPAX@Z
?_Open_dir@sys@tr2@std@@YAPAXAAY0BAE@_WPB_WAAHAAW4file_type@123@@Z
?_Read_dir@sys@tr2@std@@YAPA_WAAY0BAE@_WPAXAAW4file_type@123@@Z
?_Stat@sys@tr2@std@@YA?AW4file_type@123@PB_WAAH@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
_Thrd_join
?_Xruntime_error@std@@YAXPBD@Z

curllib

curl_slist_append
curl_easy_setopt
curl_easy_perform
curl_easy_cleanup
curl_global_init
curl_easy_getinfo
curl_global_cleanup
curl_slist_free_all
curl_easy_init
curl_easy_reset
curl_formadd
curl_formfree

libeay32

ord2970
ord2708
ord964
ord2747
ord2784
ord333
ord965
ord2572

Exports

Exports

urlsafe_b64_decode
urlsafe_b64_decode2
urlsafe_b64_encode
urlsafe_b64_encode2

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

78601a559d43ad97eff330d8ed48a831

Code Sign

04:00:00:00:00:01:25:07:1d:f9:afCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

24:ac:2e:8f:c0:3a:a9:87:1f:bd:68:e5Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

1b:96:27:91:f0:cf:ae:43:0f:61:0a:02:58:45:3e:6f:e7:a8:96:e1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc120u

msvcr120

kernel32

user32

shell32

comctl32

shlwapi

msvcp120

curllib

libeay32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 30KB - Virtual size: 30KB

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

24:ac:2e:8f:c0:3a:a9:87:1f:bd:68:e5
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

1b:96:27:91:f0:cf:ae:43:0f:61:0a:02:58:45:3e:6f:e7:a8:96:e1
Signer

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 30KB - Virtual size: 30KB