2024-04-22_ca61b5dd71fefec14b48b90369b36e4d_xiaoba

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-22_ca61b5dd71fefec14b48b90369b36e4d_xiaoba
Size

4.3MB
MD5

ca61b5dd71fefec14b48b90369b36e4d
SHA1

4fe31ff6b47536cf917068316748663be0237750
SHA256

3a7a7a3fbca652d7d875944f92f1ff121f8a6d4a6a68639c810e2afb1ed2daad
SHA512

503fcb6022e92e9a35ea9c23d86465896f4c48d50cb4b24b92a8d17f2171312b18b116a7dce7e9bcc288ed5ce0f6718ab26d10bd18171abedc8470dd9150c46e
SSDEEP

98304:ujzK5/Rso7R0lkbQR+D0j+8xMJYE0w/YtzmIj19Ra:ozK5/Rso7R0mbQR+gBxF7rRa

Score

1^/10

Malware Config

Signatures

Files

2024-04-22_ca61b5dd71fefec14b48b90369b36e4d_xiaoba
.exe windows:5 windows x86 arch:x86

6bb6b747a04127f1af8d007803024376

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

45:50:27:80:e3:8e:cd:23:24:fb:71:71:5e:03:4d:aa
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/12/2014, 00:00

Not After

07/12/2016, 23:59

Subject

CN=BeiJing Wozhi Technology Co. Ltd,OU=IT,O=BeiJing Wozhi Technology Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b2:d5:e8:68:93:1c:20:37:08:46:75:6a:30:89:8e:db:a2:44:07:6c
Signer

Actual PE Digest

b2:d5:e8:68:93:1c:20:37:08:46:75:6a:30:89:8e:db:a2:44:07:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseSemaphore
ReleaseMutex
TerminateThread
GetNativeSystemInfo
FileTimeToSystemTime
FileTimeToLocalFileTime
GetModuleHandleA
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetVersion
SetEnvironmentVariableA
CompareStringA
GetDriveTypeA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetStringTypeA
GetCurrentDirectoryA
PeekNamedPipe
GetFullPathNameW
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetStartupInfoA
SetHandleCount
GetConsoleMode
CreateSemaphoreW
IsValidCodePage
GetOEMCP
HeapCreate
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
GetDriveTypeW
ExitProcess
GetFileType
CreateThread
ExitThread
MoveFileW
VirtualQuery
GetSystemInfo
VirtualProtect
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
ResetEvent
PulseEvent
GetLocalTime
GetTimeZoneInformation
CreateProcessW
GetCurrentThread
LocalAlloc
GetFileTime
GetFileSize
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
GetPrivateProfileSectionW
WritePrivateProfileStringW
FindNextFileW
RemoveDirectoryW
GetComputerNameExW
GetTempPathW
GetWindowsDirectoryW
GetSystemDirectoryW
GetShortPathNameW
GetLongPathNameW
GetLocaleInfoW
GetNumberFormatW
GetTimeFormatW
GetThreadLocale
GetDateFormatW
FindFirstFileW
FindClose
GetCommandLineW
GetACP
GlobalSize
CompareStringW
GetModuleHandleW
lstrcpyW
GetExitCodeThread
SetThreadPriority
ResumeThread
GetUserDefaultLCID
SetEvent
WaitForSingleObject
CreateEventW
OpenMutexW
DeleteFileW
FormatMessageW
LocalFree
WriteFile
SetFileTime
GetFileAttributesW
CreateDirectoryW
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
ReadFile
CreateFileW
SetFilePointer
GetPrivateProfileStringW
CreateMutexW
GetExitCodeProcess
CloseHandle
GetPrivateProfileIntW
GlobalHandle
GlobalFree
SetCurrentDirectoryW
lstrlenA
GetVersionExW
LoadLibraryW
GetProcAddress
CopyFileW
GetCurrentProcessId
InterlockedExchange
WideCharToMultiByte
Sleep
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
SetLastError
MulDiv
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
GetTickCount
FindResourceExW
LockResource
InterlockedDecrement
InterlockedIncrement
RaiseException
lstrcmpiW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
lstrlenW
GetModuleFileNameW
GetConsoleCP

user32

MapDialogRect
SendDlgItemMessageW
DestroyMenu
MonitorFromPoint
GetMenuStringW
SetRectEmpty
CopyAcceleratorTableW
LoadImageW
GetWindowRgn
GetSystemMetrics
SetWindowRgn
MessageBeep
PeekMessageW
GetMessagePos
GetCapture
UnregisterClassA
EndDialog
GetParent
SetWindowPos
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindowRect
GetWindow
CharNextW
SetWindowTextW
ScreenToClient
ShowWindow
SetTimer
KillTimer
IsWindow
DefWindowProcW
SetWindowLongW
CallWindowProcW
EqualRect
BeginPaint
EndPaint
RegisterWindowMessageW
MoveWindow
GetWindowTextW
GetScrollRange
RegisterClassExW
LoadCursorW
GetWindowDC
SystemParametersInfoW
GetMenuItemID
LoadStringA
DrawEdge
TrackPopupMenuEx
DeleteMenu
EnableMenuItem
CheckMenuRadioItem
DialogBoxIndirectParamW
MessageBoxW
EnableWindow
SetDlgItemTextW
ExitWindowsEx
RegisterClipboardFormatW
CheckMenuItem
LoadIconW
SetLayeredWindowAttributes
GetScrollPos
SetScrollPos
DrawTextW
DestroyIcon
GetDlgCtrlID
IsWindowEnabled
DrawIconEx
GetLastInputInfo
RegisterHotKey
UnregisterHotKey
CreateDialogIndirectParamW
wsprintfW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
FindWindowW
PostThreadMessageW
GetDoubleClickTime
InflateRect
GetCaretPos
AdjustWindowRectEx
GetMenu
DrawFocusRect
SetScrollInfo
OffsetRect
SetRect
ScrollWindowEx
GetScrollInfo
GetMessageExtraInfo
SendMessageTimeoutW
AttachThreadInput
EnumChildWindows
EnumWindows
DispatchMessageW
TranslateMessage
GetMessageW
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
EnumClipboardFormats
SetClipboardData
EmptyClipboard
EnumDisplayMonitors
DrawIcon
GetCursorInfo
SetScrollRange
IsRectEmpty
GetSysColorBrush
FindWindowExW
GetShellWindow
ShowScrollBar
GetClassInfoExW
SendMessageW
DestroyAcceleratorTable
SetWindowContextHelpId
DialogBoxParamW
SetCursor
LoadStringW
LoadAcceleratorsW
GetMenuItemInfoW
SetMenuItemInfoW
RemoveMenu
GetSubMenu
GetMenuItemCount
TrackPopupMenu
LoadMenuW
CreatePopupMenu
InsertMenuW
AppendMenuW
TranslateAcceleratorW
PtInRect
CopyRect
SetActiveWindow
GetPropW
RemovePropW
EnableScrollBar
GetSysColor
GetFocus
SetFocus
IsChild
FillRect
RedrawWindow
GetClassNameW
GetDesktopWindow
ReleaseDC
GetDC
CreateAcceleratorTableW
ClientToScreen
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
GetDlgItem
DestroyWindow
CreateWindowExW
PostMessageW
GetCursorPos
GetForegroundWindow
GetWindowThreadProcessId
WindowFromPoint
IsDialogMessageW
GetKeyState
SetForegroundWindow
PostQuitMessage
AnimateWindow
SetMenu
BringWindowToTop
UpdateWindow
IsWindowVisible
SetParent
GetActiveWindow
SetMenuDefaultItem
IsMenu
GetWindowTextLengthW
SetPropW

gdi32

GetRgnBox
GetTextExtentExPointW
GetDIBits
SetDIBits
GetClipBox
CreateDCW
SelectClipRgn
SetROP2
Polygon
RestoreDC
SaveDC
SetStretchBltMode
CreateFontIndirectW
CreateRoundRectRgn
LineTo
MoveToEx
RoundRect
CreatePen
SetPixelV
GetTextExtentPoint32W
Rectangle
CreateBitmap
CreatePatternBrush
ExcludeClipRect
SetBkColor
ExtTextOutW
CreatePolygonRgn
CreateRectRgn
PtInRegion
TextOutW
SetTextColor
SetBkMode
GetDIBColorTable
SetDIBColorTable
StretchBlt
CreateDIBSection
GetStockObject
GetObjectW
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
SetViewportOrgEx
SelectObject
CreateCompatibleDC
DeleteDC
PatBlt
BitBlt

comdlg32

ChooseFontW
FindTextW
GetSaveFileNameW
GetOpenFileNameW

advapi32

FreeSid
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
IsTextUnicode
RegEnumValueW
GetUserNameW
RevertToSelf
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
ImpersonateSelf
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
RegDeleteKeyW

shell32

SHAppBarMessage
DragAcceptFiles
ShellExecuteW
SHFileOperationW
SHGetFileInfoW
SHGetFolderPathW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
ExtractIconW
SHOpenFolderAndSelectItems
SHGetDesktopFolder
ShellExecuteExW
DragQueryFileW
Shell_NotifyIconW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
StringFromGUID2
OleLockRunning
ProgIDFromCLSID
RegisterDragDrop
RevokeDragDrop
CoResumeClassObjects
CoInitialize
CoFreeUnusedLibraries
CoRegisterClassObject
CoRevokeClassObject
CoSuspendClassObjects
OleDraw
OleCreateFromFile
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleSetContainedObject
DoDragDrop
GetHGlobalFromStream
CoCreateGuid
OleRun
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysAllocStringLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayRedim
VariantCopyInd
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
VariantChangeType
SafeArrayDestroy
DispCallFunc
SafeArrayLock
SafeArrayUnlock
VarBstrCmp
RegisterTypeLi
UnRegisterTypeLi
VarDecCmp
VarDecFromStr
VarR8FromStr
VarI4FromStr
VarDateFromStr
OleCreatePictureIndirect
GetErrorInfo
SysStringByteLen
SysAllocStringByteLen
SafeArrayGetVartype
SafeArrayCopy
VarUdateFromDate

shlwapi

StrCmpIW
UrlEscapeW
PathCombineW
UrlUnescapeA
UrlCanonicalizeA
PathCreateFromUrlW
ChrCmpIW
UrlCanonicalizeW
UrlIsW
StrRChrW
StrChrW
UrlGetPartW
StrStrIA
StrRStrIA
StrRStrIW
SHDeleteKeyW
StrFormatByteSizeW
StrTrimW
UrlEscapeA
PathRelativePathToW
PathAddBackslashW
StrCpyW
UrlCombineW
StrCmpNIW
StrStrIW
PathIsDirectoryW
PathFindExtensionW
UrlUnescapeW
PathFileExistsW

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

comctl32

_TrackMouseEvent
ImageList_DragEnter
ImageList_DragMove
ImageList_DragLeave
InitCommonControlsEx
ImageList_GetIconSize
ImageList_Destroy
ImageList_GetImageCount
ImageList_AddMasked
ImageList_EndDrag
ImageList_Create
ImageList_BeginDrag
ImageList_DragShowNolock
ImageList_Remove
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Add
ImageList_Draw

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdipAlloc
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipFree
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImageGraphicsContext
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageI
GdipDeleteGraphics

ws2_32

WSAStartup
socket
WSAGetLastError
htons
setsockopt
connect
shutdown
closesocket
WSACleanup
bind
recvfrom
recv

libcef

cef_string_list_free
cef_string_utf16_clear
cef_string_utf8_to_utf16
cef_string_utf16_set
cef_string_utf16_cmp
cef_time_from_timet
cef_time_to_timet
cef_string_map_alloc
cef_string_map_free
cef_string_multimap_alloc
cef_string_multimap_free
cef_string_list_copy
cef_string_list_size
cef_string_list_value
cef_string_multimap_size
cef_string_multimap_key
cef_string_multimap_value
cef_string_map_size
cef_string_map_key
cef_string_map_value
cef_string_multimap_append
cef_string_map_append
cef_string_list_append
cef_cookie_manager_get_global_manager
cef_register_extension
cef_post_task
cef_string_userfree_utf16_free
cef_v8value_create_null
cef_v8value_create_bool
cef_v8value_create_int
cef_v8value_create_date
cef_v8value_create_string
cef_v8value_create_object
cef_v8value_create_array
cef_v8value_create_function
cef_string_list_alloc
cef_browser_create
cef_shutdown
cef_do_message_loop_work
cef_run_message_loop
cef_set_osmodal_loop
cef_initialize
cef_build_revision

wininet

GetUrlCacheEntryInfoW
InternetCloseHandle
InternetOpenW
InternetGetLastResponseInfoW
InternetReadFile
InternetSetOptionW
InternetWriteFile
InternetQueryOptionW
HttpSendRequestW
HttpEndRequestW
HttpQueryInfoW
HttpSendRequestExW
InternetConnectW
HttpOpenRequestW

oleacc

ObjectFromLresult

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 653KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 559KB - Virtual size: 558KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bb6b747a04127f1af8d007803024376

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

45:50:27:80:e3:8e:cd:23:24:fb:71:71:5e:03:4d:aaCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

b2:d5:e8:68:93:1c:20:37:08:46:75:6a:30:89:8e:db:a2:44:07:6cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

comctl32

msimg32

gdiplus

ws2_32

libcef

wininet

oleacc

version

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 653KB - Virtual size: 652KB

.data Size: 69KB - Virtual size: 88KB

.rsrc Size: 559KB - Virtual size: 558KB

.reloc Size: 165KB - Virtual size: 164KB

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

45:50:27:80:e3:8e:cd:23:24:fb:71:71:5e:03:4d:aa
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

b2:d5:e8:68:93:1c:20:37:08:46:75:6a:30:89:8e:db:a2:44:07:6c
Signer

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 653KB - Virtual size: 652KB

.data
Size: 69KB - Virtual size: 88KB

.rsrc
Size: 559KB - Virtual size: 558KB

.reloc
Size: 165KB - Virtual size: 164KB