2956898308f1187aa9be2e8a8bae66b117fd4ffc1213ba7ade404bbc8e9838f8

Sharing

Copy URL Twitter E-mail

General

Target

2956898308f1187aa9be2e8a8bae66b117fd4ffc1213ba7ade404bbc8e9838f8
Size

2.6MB
MD5

548fe021fc0640d0c4c8667869b7de78
SHA1

2163bdfe4413d8f53a450a9294b1caae9060c21a
SHA256

2956898308f1187aa9be2e8a8bae66b117fd4ffc1213ba7ade404bbc8e9838f8
SHA512

90467861614a9349411c538eb4c339089c94390e00c42409421c6cdcc4763d32dba0bbcbff997931c7e2e007a0e8eb06a35d80f5e0ec67f94b4de88dd2a3f91f
SSDEEP

49152:5ryQI3Ae6iC+eW9nP7I4dk6wSUanq7NecPjJXzOsIMAQBJJG:5xWAe6p+d9nPE6k6wiq7Ne+q

Score

1^/10

Malware Config

Signatures

Files

2956898308f1187aa9be2e8a8bae66b117fd4ffc1213ba7ade404bbc8e9838f8
.exe windows:5 windows x86 arch:x86

58a1591822d9c692727c384b0e1f0d63

Code Sign

0b:21:b5:09:7b:18:9b:e4:45:48:a6:5a:9a:ea:eb:6b
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/06/2020, 00:00

Not After

19/07/2021, 12:00

Subject

SERIALNUMBER=91110105MA0198RL2R,CN=北京华网智讯信息有限公司,O=北京华网智讯信息有限公司,L=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

58:00:f9:0a:97:18:47:9f:71:ae:07:9f:b1:5b:03:01:df:ce:e8:e9:c6:ca:8c:6f:29:5e:1e:cb:4c:f0:95:c3
Signer

Actual PE Digest

58:00:f9:0a:97:18:47:9f:71:ae:07:9f:b1:5b:03:01:df:ce:e8:e9:c6:ca:8c:6f:29:5e:1e:cb:4c:f0:95:c3

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
GetLastError
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
InterlockedDecrement
SizeofResource
GetCurrentProcessId
DeleteCriticalSection
CreateThread
SetEvent
CreateEventW
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadResource
FindResourceW
DecodePointer
GetModuleHandleW
TryEnterCriticalSection
GetCurrentThreadId
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
GetCurrentThread
QueryPerformanceCounter
QueryPerformanceFrequency
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
WideCharToMultiByte
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
OutputDebugStringW
GetTempPathW
GetLongPathNameW
DeleteFileW
GetFileAttributesW
GetTempFileNameW
CopyFileW
WriteFile
GetExitCodeProcess
HeapReAlloc
HeapSize
GetFileSize
ReadFile
GetPrivateProfileIntW
GlobalAlloc
GlobalFree
LocalAlloc
LocalFree
OpenProcess
ReadProcessMemory
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
IsBadReadPtr
FindClose
lstrcpyW
GetFileAttributesExW
FindFirstFileW
FindNextFileW
MoveFileExW
CreateDirectoryW
ReleaseMutex
CreateMutexW
FileTimeToSystemTime
GetSystemDirectoryW
GetVolumeInformationW
OutputDebugStringA
InterlockedIncrement
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
ExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetConsoleCtrlHandler
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
GetTimeZoneInformation
FlushFileBuffers
WriteConsoleW
SetEndOfFile
lstrcmpiW
GetFullPathNameW
GetCurrentDirectoryW
SetConsoleMode
ReadConsoleInputA
FreeLibrary
GetProcessHeap
HeapAlloc
GetNativeSystemInfo
LoadLibraryA
VirtualAlloc
VirtualFree
SetLastError
HeapFree
VirtualProtect
GetPrivateProfileStringW
WritePrivateProfileStringW
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
SystemTimeToFileTime
GetSystemTime
GlobalMemoryStatus
SetPriorityClass
LoadLibraryExW
FlushConsoleInputBuffer
FormatMessageA
CloseHandle
CreateFileW
DeviceIoControl
GetProcAddress
LoadLibraryW
Sleep
Process32NextW
GetVersionExW
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
VerifyVersionInfoA
GetSystemDirectoryA
VerSetConditionMask
SleepEx
GetFileAttributesExA

user32

CharNextW
GetUserObjectInformationW
GetProcessWindowStation
LoadStringW
wsprintfW
MessageBoxA

advapi32

RegisterEventSourceA
CryptSignHashA
CryptDestroyHash
CryptCreateHash
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegOpenKeyW
RegEnumKeyW
ImpersonateLoggedOnUser
RevertToSelf
DuplicateTokenEx
CreateProcessAsUserW
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetTokenInformation
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegSetValueExW
DeregisterEventSource
CryptEnumProvidersA
ReportEventA
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
SHChangeNotify

ole32

CoTaskMemFree
CoTaskMemRealloc
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemAlloc

oleaut32

VarUI4FromStr

shlwapi

SHGetValueW
PathFileExistsW
SHSetValueW
SHDeleteKeyW
SHDeleteValueW

iphlpapi

GetAdaptersInfo

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wininet

InternetSetOptionW
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
HttpQueryInfoW
InternetQueryOptionW
InternetOpenW

wldap32

ord211
ord60
ord50
ord217
ord143
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord46

ws2_32

getpeername
connect
closesocket
bind
send
recv
getsockname
select
__WSAFDIsSet
socket
WSAGetLastError
getsockopt
htons
gethostbyname
getservbyname
ntohs
setsockopt
WSAIoctl
WSAStartup
WSACleanup
getaddrinfo
freeaddrinfo
accept
htonl
shutdown
listen
recvfrom
sendto
ioctlsocket
gethostname
WSASetLastError

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 403KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 425KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58a1591822d9c692727c384b0e1f0d63

Code Sign

0b:21:b5:09:7b:18:9b:e4:45:48:a6:5a:9a:ea:eb:6bCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

58:00:f9:0a:97:18:47:9f:71:ae:07:9f:b1:5b:03:01:df:ce:e8:e9:c6:ca:8c:6f:29:5e:1e:cb:4c:f0:95:c3Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

crypt32

userenv

wininet

wldap32

ws2_32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 403KB - Virtual size: 403KB

.data Size: 50KB - Virtual size: 76KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 425KB - Virtual size: 424KB

.reloc Size: 78KB - Virtual size: 77KB

0b:21:b5:09:7b:18:9b:e4:45:48:a6:5a:9a:ea:eb:6b
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

58:00:f9:0a:97:18:47:9f:71:ae:07:9f:b1:5b:03:01:df:ce:e8:e9:c6:ca:8c:6f:29:5e:1e:cb:4c:f0:95:c3
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 403KB - Virtual size: 403KB

.data
Size: 50KB - Virtual size: 76KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 425KB - Virtual size: 424KB

.reloc
Size: 78KB - Virtual size: 77KB