2024-06-16_92fca526ffcb424c64c137a57b731e37_xiaoba

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-16_92fca526ffcb424c64c137a57b731e37_xiaoba
Size

3.9MB
MD5

92fca526ffcb424c64c137a57b731e37
SHA1

fb31311d3c55a7b93b9caca10067c69d01f8e1d8
SHA256

a4759ef16e3b8a3c47976e5b5ff32c298c4066ad6e193c0d99bc796b56f9d09f
SHA512

0e6a3f6f310a3befb9096f6a140730782391e33ef08424ba39807e1d3d3107a9cd80aa50bf0ba59e307860f12b8b463c385a8edb6ee27b97293a2af76aba334d
SSDEEP

49152:746sMBdDx2h+93eYDTSELqvFkEBznjeSwkyZ936ItS+/Ivs:8NM4h+9uYFqvFndwky7q9+V

Score

1^/10

Malware Config

Signatures

Files

2024-06-16_92fca526ffcb424c64c137a57b731e37_xiaoba
.exe windows:5 windows x86 arch:x86

46149bd73fa20c7a32e98fd88ec23ffe

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

21:8a:9a:f2:ce:95:f1:0c:b3:f2:10:d7:4f:44:a2:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/12/2012, 00:00

Not After

27/12/2014, 23:59

Subject

CN=Beijing WoZhi Technology Co.\,Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing WoZhi Technology Co.\,Ltd.,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:11:3a:44:c2:c9:c1:90:fb:3b:6d:3c:b8:6f:f7:60:fb:62:d0:0d
Signer

Actual PE Digest

46:11:3a:44:c2:c9:c1:90:fb:3b:6d:3c:b8:6f:f7:60:fb:62:d0:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
GetModuleHandleA
GetVersion
SetEnvironmentVariableA
CompareStringA
GetDriveTypeA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetStringTypeA
GetCurrentDirectoryA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameW
InitializeCriticalSectionAndSpinCount
SetStdHandle
SetFilePointer
GetStartupInfoA
SetHandleCount
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetNativeSystemInfo
HeapCreate
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
GetDriveTypeW
ExitProcess
GetFileType
CreateThread
ExitThread
MoveFileW
VirtualQuery
GetSystemInfo
VirtualProtect
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
TerminateThread
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
PulseEvent
GetLocalTime
GetTimeZoneInformation
CreateProcessW
GetCurrentThread
LocalAlloc
GetFileTime
GetFileSize
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
ReadFile
GetUserDefaultLCID
GetPrivateProfileSectionW
WritePrivateProfileStringW
FindNextFileW
RemoveDirectoryW
GetComputerNameExW
GetTempPathW
GetWindowsDirectoryW
GetSystemDirectoryW
GetShortPathNameW
GetLongPathNameW
CreateFileW
WriteFile
GetLocaleInfoW
GetNumberFormatW
GetTimeFormatW
GetThreadLocale
GetDateFormatW
FindFirstFileW
FindClose
GetModuleHandleW
GetFileAttributesW
CreateDirectoryW
GetCommandLineW
GetACP
GlobalSize
CompareStringW
lstrcpyW
GetExitCodeThread
SetThreadPriority
ResumeThread
OpenMutexW
SetEvent
WaitForSingleObject
CreateEventW
DeleteFileW
WideCharToMultiByte
FormatMessageW
LocalFree
Sleep
GlobalHandle
GlobalFree
GetPrivateProfileStringW
CreateMutexW
GetExitCodeProcess
CloseHandle
GetPrivateProfileIntW
lstrlenA
SetCurrentDirectoryW
GetVersionExW
LoadLibraryW
GetProcAddress
CopyFileW
GetCurrentProcessId
InterlockedExchange
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
SetLastError
MulDiv
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
GetTickCount
FindResourceExW
LockResource
InterlockedDecrement
InterlockedIncrement
RaiseException
lstrcmpiW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
lstrlenW
GetModuleFileNameW

user32

LoadImageW
GetWindowRgn
GetSystemMetrics
SetWindowRgn
CopyAcceleratorTableW
MessageBeep
PeekMessageW
ShowScrollBar
UnregisterClassA
EndDialog
GetParent
SetWindowPos
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindowRect
GetWindow
CharNextW
SetWindowTextW
ScreenToClient
ShowWindow
SetTimer
KillTimer
IsWindow
DefWindowProcW
SetWindowLongW
CallWindowProcW
EqualRect
BeginPaint
EndPaint
RegisterWindowMessageW
MoveWindow
GetWindowTextW
GetWindowTextLengthW
RegisterClassExW
LoadCursorW
GetClassInfoExW
GetMessagePos
GetCapture
GetWindowDC
SystemParametersInfoW
GetMenuItemID
LoadStringA
DrawEdge
TrackPopupMenuEx
DeleteMenu
EnableMenuItem
CheckMenuRadioItem
MessageBoxW
MapDialogRect
SendDlgItemMessageW
SetWindowContextHelpId
ExitWindowsEx
RegisterClipboardFormatW
CheckMenuItem
LoadIconW
SetLayeredWindowAttributes
GetScrollPos
SetScrollPos
DrawTextW
DestroyIcon
GetDlgCtrlID
IsWindowEnabled
DrawIconEx
GetLastInputInfo
RegisterHotKey
UnregisterHotKey
CreateDialogIndirectParamW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
FindWindowW
PostThreadMessageW
GetDoubleClickTime
InflateRect
GetCaretPos
GetSysColorBrush
AdjustWindowRectEx
GetMenu
DrawFocusRect
SetScrollInfo
OffsetRect
SetRect
ScrollWindowEx
GetScrollInfo
GetMessageExtraInfo
DialogBoxIndirectParamW
SendMessageTimeoutW
AttachThreadInput
EnumChildWindows
EnumWindows
DispatchMessageW
TranslateMessage
GetMessageW
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
EnumClipboardFormats
SetClipboardData
EmptyClipboard
EnableWindow
EnumDisplayMonitors
SetScrollRange
IsRectEmpty
FindWindowExW
GetShellWindow
SendMessageW
DestroyAcceleratorTable
GetSysColor
SetRectEmpty
GetMenuStringW
MonitorFromPoint
DestroyMenu
SetCursor
DialogBoxParamW
GetMenuItemInfoW
SetMenuItemInfoW
LoadStringW
LoadAcceleratorsW
BringWindowToTop
PtInRect
CopyRect
RemoveMenu
GetSubMenu
GetMenuItemCount
TrackPopupMenu
LoadMenuW
CreatePopupMenu
SetPropW
EnableScrollBar
RemovePropW
GetFocus
SetFocus
IsChild
FillRect
RedrawWindow
GetClassNameW
GetDesktopWindow
ReleaseDC
GetDC
CreateAcceleratorTableW
ClientToScreen
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
GetDlgItem
DestroyWindow
CreateWindowExW
GetCursorPos
GetForegroundWindow
GetWindowThreadProcessId
WindowFromPoint
IsDialogMessageW
GetKeyState
SetForegroundWindow
PostQuitMessage
PostMessageW
SetMenu
UpdateWindow
IsWindowVisible
GetActiveWindow
SetParent
SetMenuDefaultItem
IsMenu
SetActiveWindow
TranslateAcceleratorW
GetPropW
GetScrollRange
AppendMenuW
InsertMenuW

gdi32

GetTextExtentExPointW
GetDIBits
SetDIBits
GetClipBox
CreateDCW
SelectClipRgn
SetROP2
Polygon
GetDIBColorTable
StretchBlt
RestoreDC
SaveDC
SetStretchBltMode
CreateFontIndirectW
CreateRoundRectRgn
LineTo
MoveToEx
RoundRect
CreatePen
SetPixelV
GetTextExtentPoint32W
PatBlt
CreateBitmap
CreatePatternBrush
SetDIBColorTable
ExcludeClipRect
SetBkColor
ExtTextOutW
CreatePolygonRgn
CreateRectRgn
PtInRegion
TextOutW
SetTextColor
SetBkMode
CreateDIBSection
GetStockObject
GetObjectW
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
SetViewportOrgEx
SelectObject
CreateCompatibleDC
DeleteDC
Rectangle
BitBlt

comdlg32

FindTextW
ChooseFontW
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
IsTextUnicode
RegEnumValueW
GetUserNameW
FreeSid
RevertToSelf
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
ImpersonateSelf
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
RegDeleteKeyW

shell32

SHBrowseForFolderW
SHGetMalloc
SHGetFolderPathW
SHGetFileInfoW
SHFileOperationW
SHAppBarMessage
Shell_NotifyIconW
DragAcceptFiles
ShellExecuteW
SHGetSpecialFolderPathW
ExtractIconW
SHOpenFolderAndSelectItems
SHGetDesktopFolder
ShellExecuteExW
DragQueryFileW
SHGetPathFromIDListW

ole32

CoInitialize
CoTaskMemAlloc
OleRun
GetHGlobalFromStream
CoCreateGuid
DoDragDrop
OleSetContainedObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleCreateFromFile
OleDraw
CoSuspendClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoFreeUnusedLibraries
CoUninitialize
CoTaskMemFree
CoResumeClassObjects
RevokeDragDrop
RegisterDragDrop
ProgIDFromCLSID
OleLockRunning
StringFromGUID2
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemRealloc

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysAllocStringLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayRedim
VariantCopyInd
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
VariantChangeType
SafeArrayDestroy
DispCallFunc
SafeArrayLock
SafeArrayUnlock
VarBstrCmp
RegisterTypeLi
UnRegisterTypeLi
SafeArrayCopy
SafeArrayGetVartype
VarDecCmp
VarDecFromStr
VarR8FromStr
VarI4FromStr
VarDateFromStr
OleCreatePictureIndirect
GetErrorInfo
SysStringByteLen
SysAllocStringByteLen

shlwapi

UrlEscapeW
PathCombineW
UrlUnescapeA
UrlCanonicalizeA
PathCreateFromUrlW
UrlUnescapeW
StrCmpIW
UrlIsW
StrRChrW
StrChrW
UrlGetPartW
UrlEscapeA
ChrCmpIW
StrStrIA
StrRStrIA
StrRStrIW
SHDeleteKeyW
StrFormatByteSizeW
StrTrimW
PathRelativePathToW
PathAddBackslashW
StrCpyW
UrlCombineW
StrCmpNIW
StrStrIW
PathIsDirectoryW
PathFindExtensionW
UrlCanonicalizeW
PathFileExistsW

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

comctl32

ImageList_Draw
_TrackMouseEvent
ImageList_DragEnter
ImageList_DragMove
ImageList_DragLeave
InitCommonControlsEx
ImageList_GetImageCount
ImageList_Create
ImageList_Add
ImageList_AddMasked
ImageList_EndDrag
ImageList_Destroy
ImageList_BeginDrag
ImageList_DragShowNolock
ImageList_ReplaceIcon
ImageList_Remove
ImageList_GetIcon
ImageList_GetIconSize

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdipSaveImageToFile
GdiplusShutdown
GdipFree
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdiplusStartup
GdipDisposeImage

libcef

cef_time_from_timet
cef_string_utf16_cmp
cef_string_utf16_set
cef_string_utf8_clear
cef_string_utf16_to_utf8
cef_string_utf8_to_utf16
cef_string_utf16_clear
cef_string_list_free
cef_build_revision
cef_post_task
cef_register_extension
cef_string_list_append
cef_string_map_append
cef_string_multimap_append
cef_string_map_value
cef_string_map_key
cef_string_map_size
cef_string_multimap_value
cef_string_multimap_key
cef_string_multimap_size
cef_string_list_value
cef_string_list_size
cef_string_list_copy
cef_string_multimap_free
cef_string_multimap_alloc
cef_string_map_free
cef_string_map_alloc
cef_time_to_timet
cef_string_userfree_utf16_free
cef_v8value_create_null
cef_v8value_create_bool
cef_v8value_create_int
cef_v8value_create_date
cef_v8value_create_string
cef_v8value_create_object
cef_v8value_create_array
cef_v8value_create_function
cef_string_list_alloc
cef_browser_create
cef_cookie_manager_get_global_manager
cef_shutdown
cef_run_message_loop
cef_set_osmodal_loop
cef_initialize

oleacc

ObjectFromLresult

wininet

GetUrlCacheEntryInfoW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 563KB - Virtual size: 562KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 553KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46149bd73fa20c7a32e98fd88ec23ffe

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

21:8a:9a:f2:ce:95:f1:0c:b3:f2:10:d7:4f:44:a2:5aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

46:11:3a:44:c2:c9:c1:90:fb:3b:6d:3c:b8:6f:f7:60:fb:62:d0:0dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

comctl32

msimg32

gdiplus

libcef

oleacc

wininet

version

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 563KB - Virtual size: 562KB

.data Size: 66KB - Virtual size: 83KB

.rsrc Size: 553KB - Virtual size: 552KB

.reloc Size: 149KB - Virtual size: 148KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

21:8a:9a:f2:ce:95:f1:0c:b3:f2:10:d7:4f:44:a2:5a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

46:11:3a:44:c2:c9:c1:90:fb:3b:6d:3c:b8:6f:f7:60:fb:62:d0:0d
Signer

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 563KB - Virtual size: 562KB

.data
Size: 66KB - Virtual size: 83KB

.rsrc
Size: 553KB - Virtual size: 552KB

.reloc
Size: 149KB - Virtual size: 148KB