d949403e3a64e035f3accc5f3d3c118cd60b913bf5c73433e633bdf6142d53f3

Sharing

Copy URL

Twitter E-mail

General

Target

d949403e3a64e035f3accc5f3d3c118cd60b913bf5c73433e633bdf6142d53f3
Size

3.7MB
MD5

a9c6f29108c0f39d71f87b02a76784b9
SHA1

dbe7345cda624aa00c20040fc25a76e4ec352069
SHA256

d949403e3a64e035f3accc5f3d3c118cd60b913bf5c73433e633bdf6142d53f3
SHA512

df017e487067c0169657940440aa38f2830b12c545a772fa0d00f94c707e8b1a15d4f33a929251c77d16a6a4b8d093f7ad53cf5dff29e85392148d0b78fa1714
SSDEEP

49152:SGtlqgCVwASO20IU6iiZ7I4VpH2rS7sSsgPYxAHHNU4TZlJQHR8Oh5PNazwnM4XT:Pb+iFfMYmq9+HFazwn1iLiRDMq

Score

1^/10

Malware Config

Signatures

Files

d949403e3a64e035f3accc5f3d3c118cd60b913bf5c73433e633bdf6142d53f3
.dll windows:6 windows x64 arch:x64

b700dba68e0e76c329ba52cea16c68e5

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:3c:ec:b6:e7:77:b8:ca:25:0c:77:67
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

15-02-2023 03:11

Not After

15-02-2026 03:11

Subject

SERIALNUMBER=9131011434217342X2,CN=Shanghai Lilith Network Technology Co.\, Ltd.,O=Shanghai Lilith Network Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:45

Not After

08-05-2033 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

00:47:96:be:a1:54:67:f2:d5:ec:36:b8:ad:f1:1d:16:05:79:81:c1:ac:ac:19:45:97:3d:e2:f4:f8:27:3b:70
Signer

Actual PE Digest

00:47:96:be:a1:54:67:f2:d5:ec:36:b8:ad:f1:1d:16:05:79:81:c1:ac:ac:19:45:97:3d:e2:f4:f8:27:3b:70

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\WorkSpace\crashsight-tqm-client\clientX64\x64\TQM_Release\spy\CrashSight64.pdb

Imports

dbghelp

MiniDumpWriteDump

iphlpapi

GetAdaptersInfo

shell32

ShellExecuteA
SHGetSpecialFolderLocation
CommandLineToArgvW
SHGetPathFromIDListA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

shlwapi

PathFileExistsA

kernel32

GetProcAddress
GetFileSize
GetTickCount
SetUnhandledExceptionFilter
TryEnterCriticalSection
Process32First
EnterCriticalSection
GetCommandLineW
Module32Next
LeaveCriticalSection
InitializeCriticalSection
Module32First
DuplicateHandle
OpenProcess
Process32Next
CreateProcessW
CreateEventA
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
GetCurrentDirectoryW
OutputDebugStringA
lstrlenA
SystemTimeToFileTime
GetSystemTime
DebugBreak
GetPrivateProfileIntA
GetFileTime
CreateDirectoryA
OpenEventA
MoveFileA
FindFirstFileA
SetFileTime
FindNextFileA
FindClose
SetEvent
WideCharToMultiByte
GetSystemTimeAsFileTime
K32GetProcessImageFileNameA
GetTempPathA
CopyFileA
LocalFree
GetExitCodeProcess
GetVersionExA
GetSystemInfo
GetPrivateProfileStringA
CreateFileMappingW
LoadLibraryW
RtlVirtualUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
GetModuleHandleExW
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
GetModuleHandleW
ConvertFiberToThread
ConvertThreadToFiber
FindFirstFileW
FindNextFileW
QueryPerformanceCounter
FreeLibrary
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
HeapCreate
VirtualProtect
LoadLibraryA
HeapReAlloc
HeapAlloc
HeapDestroy
GetThreadContext
FlushInstructionCache
SetThreadContext
VirtualFree
VirtualAlloc
VirtualQuery
K32GetProcessMemoryInfo
GlobalMemoryStatusEx
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
AddVectoredExceptionHandler
HeapSize
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
SetEndOfFile
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
Sleep
WaitForSingleObject
RemoveVectoredExceptionHandler
ReadFile
CreateDirectoryW
OpenThread
FormatMessageA
CloseHandle
RtlUnwind
DeleteFileW
DeleteFileA
CreateFileA
MultiByteToWideChar
CreateToolhelp32Snapshot
GetModuleHandleA
ResumeThread
SuspendThread
GetCurrentThreadId
CreateFileW
Thread32First
Thread32Next
GetModuleFileNameW
GetCurrentProcess
RtlCaptureContext
GetCurrentProcessId
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionEx
GetModuleFileNameA
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetDateFormatW
GetFileAttributesExW
GetACP
GetTempPathW
FreeLibraryAndExitThread
ExitThread
GetConsoleCP
SetFilePointerEx
SetConsoleCtrlHandler
ExitProcess
WriteConsoleW
FindFirstFileExW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
GetFullPathNameW
GetDriveTypeW
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
EncodePointer
GetCurrentThread
SwitchToThread
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
RtlLookupFunctionEntry
GetThreadTimes
GetVersionExW
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
CreateThread
HeapFree
CreateEventW
WaitForSingleObjectEx
ResetEvent

user32

MessageBoxW
GetSystemMetrics
CharNextA
GetWindowThreadProcessId
EnumWindows
IsWindowVisible
GetCursorPos
PtInRect
IntersectRect
GetMonitorInfoA
GetWindowLongA
GetWindowTextA
CopyRect
GetCursorInfo
DrawIcon
GetIconInfo
EnumDisplayMonitors
LoadStringA
GetWindowRect
GetProcessWindowStation
GetUserObjectInformationW

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetDIBits
DeleteDC
DeleteObject
CreateDCA
BitBlt

advapi32

CryptDestroyKey
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExA
RegOpenKeyA
RegQueryInfoKeyA
RegCloseKey
RegEnumKeyA
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptReleaseContext
OpenProcessToken

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateGuid
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
VariantClear
SysFreeString

ws2_32

closesocket
WSASetLastError
__WSAFDIsSet
WSAStartup
WSACleanup
WSAGetLastError
setsockopt
getnameinfo
ioctlsocket
inet_addr
htons
htonl
getsockopt
recv
connect
ntohs
socket
send
getpeername
getaddrinfo
inet_pton
WSASocketW
shutdown
select
freeaddrinfo

crypt32

CertFreeCertificateContext
CertCloseStore
CertFindCertificateInStore
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty

urlmon

URLDownloadToCacheFileA

bcrypt

BCryptGenRandom

Exports

Exports

CS_AddValidExpCode
CS_InitContext
CS_MonitorEnable
CS_PrintLog
CS_ReportCrash
CS_ReportDump
CS_ReportException
CS_SetCrashCallback
CS_SetCustomLogDir
CS_SetExtraHandler
CS_SetUserId
CS_SetUserValue
CS_SetVehEnable
CS_UnrealCriticalErrorEnable
CS_UploadGivenPathDump
CsReportCrash
Finalize
GbCollectorCheckFirstGameExist
GbCollectorCheckGameExist
GbCollectorCheckGameExistTime
GbCollectorGetListCount
GbCollectorGetListIndex
GbCollectorGetMSG
GbCollectorGetQQUid
GbCollectorInit
GbCollectorIsDeleteDump
GbCollectorListRemove
GbCollectorLog
GbCollectorSetDeleteDump
GbCollectorSetProcess
GbCollectorSetQQListIndex
GbCollectorTerm
GbCollectorTermSimple
MonitorEnable
PrintLog
SetCrashCallback
SetCustomLogDir
SetExtraHandler
SetInitializedCallback
SetSteamID
SetTQMConfig
SetUserId
SetUserValue
SetVehEnable
UploadGivenPathDump
reportException

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 848KB - Virtual size: 847KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 22.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b700dba68e0e76c329ba52cea16c68e5

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

17:3c:ec:b6:e7:77:b8:ca:25:0c:77:67Certificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

00:47:96:be:a1:54:67:f2:d5:ec:36:b8:ad:f1:1d:16:05:79:81:c1:ac:ac:19:45:97:3d:e2:f4:f8:27:3b:70Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

iphlpapi

shell32

version

shlwapi

kernel32

user32

gdi32

advapi32

ole32

oleaut32

ws2_32

crypt32

urlmon

bcrypt

Exports

Exports

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 848KB - Virtual size: 847KB

.data Size: 51KB - Virtual size: 22.7MB

.pdata Size: 125KB - Virtual size: 125KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 31KB - Virtual size: 31KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

17:3c:ec:b6:e7:77:b8:ca:25:0c:77:67
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

00:47:96:be:a1:54:67:f2:d5:ec:36:b8:ad:f1:1d:16:05:79:81:c1:ac:ac:19:45:97:3d:e2:f4:f8:27:3b:70
Signer

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 848KB - Virtual size: 847KB

.data
Size: 51KB - Virtual size: 22.7MB

.pdata
Size: 125KB - Virtual size: 125KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 31KB - Virtual size: 31KB