e17df5b61a9fe814a051631f1bf4471ca5ea0e0b5140b24bc8cdb916c9833972

Sharing

Copy URL Twitter E-mail

General

Target

e17df5b61a9fe814a051631f1bf4471ca5ea0e0b5140b24bc8cdb916c9833972
Size

2.2MB
MD5

18825c59ce797231d144449d9af8cb98
SHA1

d0a34567610fc97091e48a58a0504d5d7fdc2f66
SHA256

e17df5b61a9fe814a051631f1bf4471ca5ea0e0b5140b24bc8cdb916c9833972
SHA512

7f3a8962b246915d00c471f2e0e3a849f6f05e8003a91b40f243e3fe4e7bf850f4eafdeb78df5be332a8232b4c73a1b0c4412914aeea7a54dcf70516fd34276a
SSDEEP

49152:1VNuXRwIY7BcH2nPqiJopViPZ7NrXOPF4xCssJjTqGTHRwu31mk:fNuBwp7KWnNJos7NrXhqKY

Score

1^/10

Malware Config

Signatures

Files

e17df5b61a9fe814a051631f1bf4471ca5ea0e0b5140b24bc8cdb916c9833972
.dll windows:5 windows x86 arch:x86

cd5f447cb4c4ca86972bab1c519a7fb9

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:39:9c:34:6d:0e:05:29:52:41:b6:66:f3:8b:c5:0d
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/06/2019, 00:00

Not After

17/06/2022, 12:00

Subject

CN=北京布丁跳跳科技有限公司,O=北京布丁跳跳科技有限公司,L=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:a2:18:36:cc:be:32:f5:e6:5e:a6:86:3e:12:7e:c7
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/06/2019, 00:00

Not After

17/06/2022, 12:00

Subject

CN=北京布丁跳跳科技有限公司,O=北京布丁跳跳科技有限公司,L=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:b4:7a:71:2b:7b:d1:c9:07:fc:59:ca:04:f6:4e:52:2d:fc:79:93:fd:25:18:83:90:ed:8f:71:2b:22:a4:08
Signer

Actual PE Digest

cf:b4:7a:71:2b:7b:d1:c9:07:fc:59:ca:04:f6:4e:52:2d:fc:79:93:fd:25:18:83:90:ed:8f:71:2b:22:a4:08

Digest Algorithm

sha256

PE Digest Matches

false

22:9c:60:29:c1:73:10:4a:b7:95:4f:16:f7:69:10:64:4b:4a:6f:c7
Signer

Actual PE Digest

22:9c:60:29:c1:73:10:4a:b7:95:4f:16:f7:69:10:64:4b:4a:6f:c7

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LoadLibraryW
GetFileSize
WriteFile
ReadFile
lstrcpyW
GetTempPathW
CreateFileW
GetFileAttributesW
GetFileAttributesExW
DeleteFileW
MoveFileExW
RemoveDirectoryW
GlobalAlloc
GlobalFree
LocalAlloc
LocalFree
OpenProcess
GetExitCodeProcess
GetLastError
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DecodePointer
HeapReAlloc
HeapSize
RaiseException
CreateThread
MultiByteToWideChar
WideCharToMultiByte
GetSystemInfo
GetVolumeInformationW
GetLongPathNameW
FileTimeToSystemTime
DeviceIoControl
OutputDebugStringA
SetPriorityClass
GetTempFileNameW
RtlUnwind
EncodePointer
InterlockedFlushSList
TlsAlloc
SetEvent
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetACP
GetStdHandle
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
WriteConsoleW
SetEndOfFile
OutputDebugStringW
IsBadReadPtr
LoadLibraryA
GetNativeSystemInfo
SetLastError
WaitForSingleObject
Sleep
CloseHandle
CreateEventW
GetTickCount
FreeConsole
GetProcessHeap
HeapFree
HeapAlloc
VirtualProtect
VirtualFree
VirtualAlloc
GetProcAddress
FreeLibrary
GetModuleFileNameW
WritePrivateProfileStringW
GetVersionExW
CopyFileW
FindNextFileW
FindFirstFileW
GetFullPathNameW
GetCurrentDirectoryW
SetConsoleMode
ReadConsoleInputA
TlsGetValue
CreateDirectoryW
GetSystemDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrlenW
WinExec
InitializeCriticalSectionAndSpinCount
FindClose
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
SystemTimeToFileTime
GetSystemTime
GlobalMemoryStatus
FlushConsoleInputBuffer
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
VerifyVersionInfoA
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
VerSetConditionMask
SleepEx
GetFileAttributesExA

advapi32

CryptAcquireContextA
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyW
RegCloseKey
RegOpenKeyW
RegEnumKeyW
RegCreateKeyExW
DuplicateTokenEx
CreateProcessAsUserW
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetTokenInformation
GetTokenInformation
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
DeregisterEventSource
RegisterEventSourceA
ReportEventA
RegSetValueW
CryptReleaseContext
RegSetValueExW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashA
CryptEnumProvidersA
SetServiceStatus
RegisterServiceCtrlHandlerW

shell32

SHFileOperationW
SHGetFolderPathW
ShellExecuteExW
SHGetSpecialFolderPathW

shlwapi

PathFileExistsW
PathRemoveFileSpecW

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
wsprintfW
LoadStringW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

iphlpapi

GetAdaptersInfo

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

ws2_32

htonl
gethostname
ioctlsocket
gethostbyname
getservbyname
WSAGetLastError
socket
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
htons
setsockopt
WSAIoctl
WSAStartup
WSACleanup
getaddrinfo
freeaddrinfo
accept
getsockopt
sendto
recvfrom
ntohs
shutdown
listen

wldap32

ord46
ord143
ord211
ord217
ord60
ord50
ord41
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22

wininet

InternetSetOptionW
HttpQueryInfoW
InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetOpenW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Exports

Exports

ServiceMain
ServiceStart

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 401KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd5f447cb4c4ca86972bab1c519a7fb9

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

01:39:9c:34:6d:0e:05:29:52:41:b6:66:f3:8b:c5:0dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0d:a2:18:36:cc:be:32:f5:e6:5e:a6:86:3e:12:7e:c7Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

cf:b4:7a:71:2b:7b:d1:c9:07:fc:59:ca:04:f6:4e:52:2d:fc:79:93:fd:25:18:83:90:ed:8f:71:2b:22:a4:08Signer

22:9c:60:29:c1:73:10:4a:b7:95:4f:16:f7:69:10:64:4b:4a:6f:c7Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

user32

ole32

iphlpapi

crypt32

ws2_32

wldap32

wininet

userenv

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 401KB - Virtual size: 401KB

.data Size: 45KB - Virtual size: 69KB

.gfids Size: 512B - Virtual size: 424B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 72KB - Virtual size: 72KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

01:39:9c:34:6d:0e:05:29:52:41:b6:66:f3:8b:c5:0d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0d:a2:18:36:cc:be:32:f5:e6:5e:a6:86:3e:12:7e:c7
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

cf:b4:7a:71:2b:7b:d1:c9:07:fc:59:ca:04:f6:4e:52:2d:fc:79:93:fd:25:18:83:90:ed:8f:71:2b:22:a4:08
Signer

22:9c:60:29:c1:73:10:4a:b7:95:4f:16:f7:69:10:64:4b:4a:6f:c7
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 401KB - Virtual size: 401KB

.data
Size: 45KB - Virtual size: 69KB

.gfids
Size: 512B - Virtual size: 424B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 72KB - Virtual size: 72KB