82b3322701c76b956d4caa278ccdd45bd68710d3904f9899ecba8f2cd2541558

Sharing

Copy URL Twitter E-mail

General

Target

82b3322701c76b956d4caa278ccdd45bd68710d3904f9899ecba8f2cd2541558
Size

5.5MB
MD5

79fd9e3865b0d2ce2f40234e26ac49d4
SHA1

dc6578352d1578a56cd1bd65cc4ca0fc15e5bf78
SHA256

82b3322701c76b956d4caa278ccdd45bd68710d3904f9899ecba8f2cd2541558
SHA512

a39455b75adad5bc34eafe69e92d2f48095f366dddc1432e6fa10931dc8dd3a9b9b07da59d680fea6d7cbdb337ec1c02c67140d52c3b90a95b11d2bfa2f03101
SSDEEP

98304:098BKSZhFPR5Rctk1KTKK4KKDyK5FZ1EEEEmEEE1EEEEEEEEEEElKK1KKK1KKKaF:09vSZhFR5Rci9f6o

Score

1^/10

Malware Config

Signatures

Files

82b3322701c76b956d4caa278ccdd45bd68710d3904f9899ecba8f2cd2541558
.exe windows:5 windows x64 arch:x64

6f48e750d7ee9ddb4a9a307a70e8ef38

Code Sign

02:0e:b5:27:ba:c0:10:99:59:3e:2e:a9:02:e3:97:cb
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12/07/2018, 00:00

Not After

15/07/2021, 12:00

Subject

CN=Hangzhou Infogo Tech Co.\, Ltd.,O=Hangzhou Infogo Tech Co.\, Ltd.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:e3:ce:b2:52:74:1f:1c:6d:9f:3a:20:96:51:10:a8:0a:44:f9:22
Signer

Actual PE Digest

22:e3:ce:b2:52:74:1f:1c:6d:9f:3a:20:96:51:10:a8:0a:44:f9:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\jenkins\workspace\ci.dingding.manual.new\DingTalk-Win\win\bin\release\DingTalkUpdater.exe.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
GetTokenInformation
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetSecurityDescriptorDacl
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
CryptSignHashW
CryptDestroyHash
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptEnumProvidersW

gdi32

LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
MoveToEx
TextOutW
ExtTextOutW
GdiFlush
GetTextExtentPoint32W
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
CreatePen
GetClipBox
GetCharABCWidthsW
DeleteDC
DeleteObject
GetStockObject
Rectangle
RestoreDC
SaveDC
SelectObject
GetTextMetricsW
GetObjectW
SetWindowOrgEx
GetDeviceCaps
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreatePenIndirect
CreatePatternBrush
CombineRgn
GetObjectA

kernel32

GetCurrentProcessId
TerminateProcess
GetCurrentThread
GetCurrentThreadId
GetModuleFileNameW
GetProcAddress
LoadLibraryW
SetEnvironmentVariableW
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExW
SetLastError
SetEvent
WaitForSingleObject
CreateMutexW
CreateEventW
Sleep
GetExitCodeProcess
CreateProcessW
OpenProcess
GetTickCount
GetWindowsDirectoryW
GetVersionExW
LocalFree
CopyFileW
MoveFileW
MoveFileExW
ReplaceFileW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileStringW
GetTempPathW
GetLocalTime
GlobalFree
FormatMessageW
GetDateFormatW
SetEndOfFile
SetFilePointerEx
WriteFile
GetFileInformationByHandleEx
FreeLibrary
LoadLibraryExW
GetACP
MulDiv
GetCurrentDirectoryW
GetFileAttributesW
GetFileSize
FreeResource
GetFileType
SetFilePointer
RemoveDirectoryW
DuplicateHandle
DosDateTimeToFileTime
SystemTimeToFileTime
GlobalAlloc
GlobalUnlock
GlobalLock
GetConsoleOutputCP
DeleteFileW
CreateDirectoryW
SetCurrentDirectoryW
CloseHandle
ReadFile
CreateFileW
ExitProcess
SetConsoleCtrlHandler
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
WideCharToMultiByte
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ResetEvent
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
EnterCriticalSection
LCMapStringEx
EncodePointer
SetFileInformationByHandle
GetFullPathNameW
GetFinalPathNameByHandleW
GetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
GetStringTypeW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetNativeSystemInfo
RtlPcToFileHeader
GetSystemTime
ConvertThreadToFiber
ConvertFiberToThread
LoadLibraryA
CreateFiber
DeleteFiber
SwitchToFiber
GetSystemTimeAsFileTime
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
GetEnvironmentVariableW
FormatMessageA
WaitForMultipleObjects
PeekNamedPipe
GetStdHandle
ExpandEnvironmentStringsA
WaitForSingleObjectEx
QueryPerformanceCounter
VerifyVersionInfoW
GetSystemDirectoryW
QueryPerformanceFrequency
VerSetConditionMask
SleepEx
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
CompareStringW
LCMapStringW
LeaveCriticalSection
InitializeCriticalSection
SetUnhandledExceptionFilter
WritePrivateProfileStringW
GetModuleHandleW
GetCurrentProcess
GetDriveTypeW
SetFileTime
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
VirtualProtect
WriteConsoleW

ole32

PropVariantClear
CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysFreeString

shell32

ShellExecuteExW
CommandLineToArgvW
SHGetSpecialFolderPathW
ord165
SHGetFolderPathW
ShellExecuteW

shlwapi

PathCombineW
PathAppendW
PathMatchSpecW
PathFileExistsW

user32

BringWindowToTop
SetActiveWindow
SetForegroundWindow
IsIconic
GetClientRect
ScreenToClient
GetWindowLongW
SetWindowLongW
wsprintfW
MessageBoxW
GetMessageW
IsWindowVisible
SendMessageTimeoutW
PostMessageW
ShowWindow
PostQuitMessage
PostThreadMessageW
FlashWindow
GetPropW
EnumWindows
RegisterWindowMessageA
wvsprintfW
SetCursor
UnionRect
OffsetRect
LoadCursorW
SetWindowPos
GetDC
ReleaseDC
GetDesktopWindow
MonitorFromPoint
MonitorFromWindow
GetUserObjectInformationW
SendMessageW
GetProcessWindowStation
SetPropW
GetWindowLongPtrW
TranslateMessage
RedrawWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetSysColor
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
SetRect
FillRect
DrawTextW
CharPrevW
SetWindowLongPtrW
IsZoomed
EnableWindow
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
NotifyWinEvent
GetMonitorInfoW
GetWindow
GetParent
PtInRect
IsRectEmpty
IntersectRect
MapWindowPoints
GetCursorPos
GetWindowRect
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
SetFocus
CharNextW
DestroyWindow
IsWindow
CreateWindowExW
DispatchMessageW

oleacc

AccessibleObjectFromWindow
LresultFromObject

comctl32

_TrackMouseEvent
ord17

imm32

ImmReleaseContext
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

bcrypt

BCryptGenRandom

ws2_32

shutdown
getnameinfo
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
WSAGetLastError
socket
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSAIoctl

wldap32

ord167
ord46
ord127
ord27
ord79
ord118
ord41
ord208
ord216
ord14
ord142
ord133
ord147
ord301
ord219
ord26
ord145

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CertGetCertificateContextProperty

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 912KB - Virtual size: 911KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f48e750d7ee9ddb4a9a307a70e8ef38

Code Sign

02:0e:b5:27:ba:c0:10:99:59:3e:2e:a9:02:e3:97:cbCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

22:e3:ce:b2:52:74:1f:1c:6d:9f:3a:20:96:51:10:a8:0a:44:f9:22Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

gdi32

kernel32

ole32

oleaut32

shell32

shlwapi

user32

oleacc

comctl32

imm32

bcrypt

ws2_32

wldap32

crypt32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 912KB - Virtual size: 911KB

.data Size: 40KB - Virtual size: 67KB

.pdata Size: 121KB - Virtual size: 121KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 39KB - Virtual size: 39KB

02:0e:b5:27:ba:c0:10:99:59:3e:2e:a9:02:e3:97:cb
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

22:e3:ce:b2:52:74:1f:1c:6d:9f:3a:20:96:51:10:a8:0a:44:f9:22
Signer

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 912KB - Virtual size: 911KB

.data
Size: 40KB - Virtual size: 67KB

.pdata
Size: 121KB - Virtual size: 121KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 39KB - Virtual size: 39KB