360DeskAna64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

360DeskAna64.exe
Size

225KB
MD5

72c5eb4b0f49ca22beb556757288e1ea
SHA1

cf53d31402699b8aa23b582403d439712ad45a2d
SHA256

4462ae51cf0aea45cee5bec43605e122a0867d9d61f120a75eb68cc8a65dc7fe
SHA512

93f7b9ace70201948ad16262ddd231c4c350ee78be9ef132334730cff00dd2c0a54daf3330830f25c00503dfd3b322f6f211ddb6338852d1530ee4de93eec9c6
SSDEEP

3072:oMD/z1VBcUyaOOkTk+yBvPHRak27ytiH2DoJGz3nYh9JFIg:oMDR1yrcHR31AWDBYh9j

Score

1^/10

Malware Config

Signatures

Files

360DeskAna64.exe
.exe windows:5 windows x64 arch:x64

222c30ab98e1b282df860f1d4b30c864

Code Sign

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/11/2019, 00:00

Not After

04/02/2023, 12:00

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b9:3d:bc:a4:23:0d:e8:35:d7:66:17:f4:d9:74:95:4f:58:d3:37:1a:34:54:18:4e:0f:d1:85:55:d5:8b:7f:49
Signer

Actual PE Digest

b9:3d:bc:a4:23:0d:e8:35:d7:66:17:f4:d9:74:95:4f:58:d3:37:1a:34:54:18:4e:0f:d1:85:55:d5:8b:7f:49

Digest Algorithm

sha256

PE Digest Matches

true

15:fc:76:a3:32:07:1d:b3:f7:91:5c:82:53:31:42:60:69:10:98:3e
Signer

Actual PE Digest

15:fc:76:a3:32:07:1d:b3:f7:91:5c:82:53:31:42:60:69:10:98:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\vmagent_new\bin\joblist\660937\out\Release\360DeskAna64.pdb

Imports

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW

kernel32

OpenEventW
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetExitCodeThread
OpenFileMappingW
MapViewOfFile
GetProcessId
UnmapViewOfFile
IsProcessInJob
QueryInformationJobObject
GetCommandLineW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LoadLibraryW
ProcessIdToSessionId
GetCurrentProcessId
GetSystemDirectoryW
SetLastError
MultiByteToWideChar
LoadLibraryA
GetSystemDirectoryA
ExpandEnvironmentStringsA
CreateFileMappingW
CreateEventW
HeapCreate
WideCharToMultiByte
EnterCriticalSection
GlobalFree
LeaveCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
ReadProcessMemory
LocalFileTimeToFileTime
WriteFile
SetEvent
GlobalAlloc
ReadFile
GetModuleFileNameW
ExpandEnvironmentStringsW
TlsSetValue
TlsGetValue
TlsFree
FreeLibrary
TlsAlloc
LoadLibraryExW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
GetCurrentProcess
TerminateProcess
Sleep
CreateProcessW
GetVersionExW
CloseHandle
OpenProcess
GetModuleHandleW
GetProcAddress
SystemTimeToFileTime
GetSystemTimeAsFileTime
OutputDebugStringW
GetModuleHandleExW
ExitProcess
CreateFileA
GetFileSizeEx
SetFilePointerEx
VirtualProtect
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
CreateMutexW
ReleaseMutex
CreateFileW
WaitForSingleObject
HeapLock
HeapUnlock
OpenThread
GetCurrentThreadId
HeapWalk
DeviceIoControl
IsDebuggerPresent

user32

FindWindowW
GetWindowThreadProcessId
WaitForInputIdle

advapi32

RegEnumKeyExW
RegQueryValueExA
RegQueryValueExW
RevertToSelf
CreateProcessAsUserW
ImpersonateLoggedOnUser
DuplicateTokenEx
GetTokenInformation
RegCloseKey
RegOpenKeyExW
OpenProcessToken
GetUserNameW
SetNamedSecurityInfoW
LookupAccountNameW
LookupAccountSidW
AdjustTokenPrivileges
LookupPrivilegeValueW

ole32

CoCreateInstance
CoUninitialize
StringFromGUID2
CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity
CoInitialize

oleaut32

SysAllocString
SysFreeString
VariantClear

shlwapi

StrStrIW
PathFindFileNameW
PathAppendW

ws2_32

WSCDeinstallProvider32
WSCDeinstallProvider
WSCGetProviderPath
WSCEnumProtocols
WSAStartup
WSACleanup

imm32

ImmDisableIME

psapi

GetModuleFileNameExW
EnumProcesses
EnumProcessModules

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

msvcrt

__CxxFrameHandler
_wcslwr
_wfopen
___lc_codepage_func
_lock
_unlock
_iob
__pctype_func
tolower
___mb_cur_max_func
wcstol
strtol
localeconv
iswctype
calloc
_initterm
_msize
__set_app_type
_wcmdln
_controlfp
_XcptFilter
_fmode
_commode
mbtowc
___lc_handle_func
strrchr
_isatty
fflush
_fileno
abort
_wcsicmp
realloc
memcpy
wcscmp
__setusermatherr
ceil
log10
_clearfp
_statusfp
?terminate@@YAXXZ
_wcstoui64
memcmp
??3@YAXPEAX@Z
_CxxThrowException
fputc
fwrite
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
__C_specific_handler
??0exception@@QEAA@AEBQEBD@Z
memset
memmove
malloc
fclose
fseek
fread
free
??2@YAPEAX_K@Z
_errno
_wtoi
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
wcschr
wcsstr
__wgetmainargs

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 650KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

222c30ab98e1b282df860f1d4b30c864

Code Sign

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7eCertificate

Extended Key Usages

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:deCertificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

b9:3d:bc:a4:23:0d:e8:35:d7:66:17:f4:d9:74:95:4f:58:d3:37:1a:34:54:18:4e:0f:d1:85:55:d5:8b:7f:49Signer

15:fc:76:a3:32:07:1d:b3:f7:91:5c:82:53:31:42:60:69:10:98:3eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

ws2_32

imm32

psapi

wtsapi32

userenv

msvcrt

Sections

.text Size: 133KB - Virtual size: 133KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 8KB - Virtual size: 650KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 336B

0a:1f:3a:05:7a:1d:ce:4b:f7:d7:6d:0c:7a:df:83:7e
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:83:09:ba:16:54:68:50:e6:05:e7:5d:77:3e:56:de
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

b9:3d:bc:a4:23:0d:e8:35:d7:66:17:f4:d9:74:95:4f:58:d3:37:1a:34:54:18:4e:0f:d1:85:55:d5:8b:7f:49
Signer

15:fc:76:a3:32:07:1d:b3:f7:91:5c:82:53:31:42:60:69:10:98:3e
Signer

.text
Size: 133KB - Virtual size: 133KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 8KB - Virtual size: 650KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 336B