610cb0b3aff74f1ea4146aae6f08ff92898355bc238251cf8ac033845489094e

Sharing

Copy URL Twitter E-mail

General

Target

610cb0b3aff74f1ea4146aae6f08ff92898355bc238251cf8ac033845489094e
Size

2.3MB
MD5

38715c786c289dc07af360f7ab4cf3ab
SHA1

c1a44d62423a651a37c4ce489fbb4d9dc1de465b
SHA256

610cb0b3aff74f1ea4146aae6f08ff92898355bc238251cf8ac033845489094e
SHA512

441812bb0b13c20f0096c160bb5bc8236582720e577110d002bf90939fd84be24d343051b8b7d3a846eea29b6b08f37ea0c5dfe61826fb2e76ba5433588cba31
SSDEEP

49152:3z1IaC5EyEfRXh0uczZnZrZzRp/ae2ucP:3zCf5oKu4nXae2u

Score

1^/10

Malware Config

Signatures

Files

610cb0b3aff74f1ea4146aae6f08ff92898355bc238251cf8ac033845489094e
.exe windows:4 windows x86 arch:x86

dfef40fcb453e1f1f2d0f8fc9081e9c1

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:90:b9:34:84:e6:f1:8e:fe:9f:43:68:3a:5f:49:d8
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/05/2021, 00:00

Not After

21/08/2024, 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,O=Beijing Sogou Technology Development Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b6:76:83:5c:e7:9e:e6:4a:4a:f5:6f:d4:d7:f2:a4:82:1f:80:b5:ad:be:7c:67:09:3e:12:74:6d:ed:a5:db:00
Signer

Actual PE Digest

b6:76:83:5c:e7:9e:e6:4a:4a:f5:6f:d4:d7:f2:a4:82:1f:80:b5:ad:be:7c:67:09:3e:12:74:6d:ed:a5:db:00

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
GetPrivateProfileStringW
UnmapViewOfFile
OpenFileMappingW
MapViewOfFile
WaitNamedPipeW
FreeLibrary
LocalAlloc
SetFilePointer
WaitForSingleObject
GetExitCodeThread
SetFileAttributesW
GetLocalTime
OutputDebugStringW
GetFileInformationByHandle
FileTimeToSystemTime
GetTempPathW
GetModuleHandleW
WriteFile
lstrlenW
DeleteCriticalSection
ReadFile
GetFileSize
CreateFileW
lstrlenA
FindClose
FindNextFileW
MoveFileExA
SetLastError
FormatMessageA
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
GetEnvironmentVariableA
SleepEx
QueryPerformanceFrequency
GetModuleHandleA
LoadLibraryA
GetSystemDirectoryA
DeleteFileW
FindFirstFileW
GetLastError
CreateDirectoryW
GetFileAttributesW
GetModuleFileNameW
MoveFileExW
RemoveDirectoryW
WideCharToMultiByte
CloseHandle
InitializeCriticalSection
LocalFree
GetTickCount
ReleaseMutex
MultiByteToWideChar
CreateMutexW
GlobalMemoryStatus
GetVersion
FlushConsoleInputBuffer
GetSystemTime
Sleep
GetProcAddress
LoadLibraryW
FindResourceExW
LoadResource
LockResource
SizeofResource
SystemTimeToFileTime
HeapDestroy
HeapAlloc
FindResourceW
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedCompareExchange
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

wsprintfW
GetDesktopWindow
UnregisterClassA
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW

advapi32

CryptDecrypt
CryptSetHashParam
CryptSignHashA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyW
RegCreateKeyExW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CryptEnumProvidersA
CryptReleaseContext
CryptDestroyKey
CryptGetProvParam
CryptAcquireContextA
CryptGetUserKey
CryptExportKey
CryptDestroyHash
RegSetValueExW
CryptCreateHash

shell32

SHFileOperationW
ShellExecuteW
ShellExecuteExW

shlwapi

PathAppendW
PathFileExistsW
PathRemoveFileSpecW

msvcp80

??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?str@?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBDI@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??_D?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z

msvcr80

ferror
_stricmp
isspace
tolower
isalpha
isalnum
strchr
strncmp
_wtol
wcscpy_s
wcsncmp
strncpy
rand
srand
_fileno
_fstat64i32
memset
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
abort
_open
_close
_unlink
_write
_read
_access
_strdup
fputc
ftell
_wfopen_s
_vsnprintf_s
fprintf
atoi
malloc
wcsncpy
__RTDynamicCast
_snwprintf
_vsnwprintf_s
wcsstr
wcstok
_wstat32
_recalloc
calloc
free
iswspace
vswprintf_s
_vscwprintf
_wcsicmp
_wcslwr_s
_wtoi
wcschr
_CxxThrowException
__CxxFrameHandler3
_strtoi64
_gmtime64
__sys_nerr
fgets
strspn
strcspn
wcspbrk
wcsspn
wcsrchr
wcscspn
fseek
fwrite
??_V@YAXPAX@Z
vsprintf_s
_vscprintf
fclose
fread
memcpy_s
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_beginthreadex
_invalid_parameter_noinfo
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@XZ
_purecall
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
memmove_s
??3@YAXPAX@Z
_stat64i32
getenv
signal
_getch
isxdigit
isdigit
_setmode
_vsnprintf
raise
strcmp
_strnicmp
_lseeki64
printf
isupper
toupper
_wfopen
_wcslwr
realloc
__iob_func
memcpy
_errno
_mbspbrk
strstr
fopen
strerror
strtoul
strtol
strrchr
_stat64
feof
memmove
_time64
sscanf
qsort
fputs
strcpy_s
strncpy_s
sprintf_s
strcat_s
sprintf
setvbuf
fflush
strpbrk
_getpid
memchr
_fstat64
floor

wldap32

ord32
ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord200
ord30
ord26
ord50
ord143
ord217
ord211
ord22
ord60

ws2_32

send
WSACleanup
WSAStartup
recv
WSAIoctl
setsockopt
getsockname
htons
ntohs
bind
WSASetLastError
connect
socket
getpeername
getsockopt
closesocket
shutdown
inet_addr
gethostbyname
inet_ntoa
htonl
getservbyname
gethostbyaddr
getservbyport
accept
listen
sendto
recvfrom
__WSAFDIsSet
select
ioctlsocket
gethostname
WSAGetLastError

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFreeCertificateContext

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 348KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 44KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 414KB - Virtual size: 414KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dfef40fcb453e1f1f2d0f8fc9081e9c1

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

08:90:b9:34:84:e6:f1:8e:fe:9f:43:68:3a:5f:49:d8Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

b6:76:83:5c:e7:9e:e6:4a:4a:f5:6f:d4:d7:f2:a4:82:1f:80:b5:ad:be:7c:67:09:3e:12:74:6d:ed:a5:db:00Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

msvcp80

msvcr80

wldap32

ws2_32

crypt32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 348KB - Virtual size: 345KB

.data Size: 44KB - Virtual size: 55KB

Size: 414KB - Virtual size: 414KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

08:90:b9:34:84:e6:f1:8e:fe:9f:43:68:3a:5f:49:d8
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

b6:76:83:5c:e7:9e:e6:4a:4a:f5:6f:d4:d7:f2:a4:82:1f:80:b5:ad:be:7c:67:09:3e:12:74:6d:ed:a5:db:00
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 348KB - Virtual size: 345KB

.data
Size: 44KB - Virtual size: 55KB