6b2e784fbc44422f8b5d89f60020e490N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6b2e784fbc44422f8b5d89f60020e490N.exe
Size

3.4MB
MD5

6b2e784fbc44422f8b5d89f60020e490
SHA1

bbdac2b4d27073a91ee14cf26f6bc13d2a5d59d6
SHA256

115f614f34bb00d8fe6c927eaf1a8de86ac96231b5810d5a39985c5cb30bb709
SHA512

e4cbb95f7b01681fcdbecaa4fb0f106742b5948c3d8db52d505271db77087ce0321f15f3d34330c58c840f234c425d8ab6f0fd24b6a80c394ff5521ff55d114d
SSDEEP

98304:WZxpbbHWqYTT/VkfsGG7K11ylkLEVY0+lgAPgVHJ4Zf:Kl9YTyfh4KKlkLEVY09APgVHe

Score

1^/10

Malware Config

Signatures

Files

6b2e784fbc44422f8b5d89f60020e490N.exe
.exe windows:5 windows x86 arch:x86

c622cefca0ddb627d304a0c0db99c3a3

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

09:64:0a:ec:22:b4:2a:a8:ba:d8:9a:1b:02:16:52:35
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14/05/2024, 00:00

Not After

16/05/2025, 23:59

Subject

CN=沧州句号网络科技有限公司,O=沧州句号网络科技有限公司,L=沧州市,ST=河北省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:64:0a:ec:22:b4:2a:a8:ba:d8:9a:1b:02:16:52:35
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14/05/2024, 00:00

Not After

16/05/2025, 23:59

Subject

CN=沧州句号网络科技有限公司,O=沧州句号网络科技有限公司,L=沧州市,ST=河北省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f5:67:56:80:a6:19:cb:28:a6:87:f8:f4:31:5e:11:3f:8c:26:f3:88:2f:6d:f4:cf:8c:f6:e7:d2:f8:4b:b1:9e
Signer

Actual PE Digest

f5:67:56:80:a6:19:cb:28:a6:87:f8:f4:31:5e:11:3f:8c:26:f3:88:2f:6d:f4:cf:8c:f6:e7:d2:f8:4b:b1:9e

Digest Algorithm

sha256

PE Digest Matches

true

fd:68:5e:01:ad:6f:92:53:80:63:81:12:38:b4:d5:36:08:ec:6d:89
Signer

Actual PE Digest

fd:68:5e:01:ad:6f:92:53:80:63:81:12:38:b4:d5:36:08:ec:6d:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadTimes
CreateSemaphoreA
CreateEventA
SetThreadPriority
GetFullPathNameW
GetSystemTime
ReadConsoleA
SetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
InterlockedDecrement
OpenEventW
GetSystemDirectoryW
GetCurrentThreadId
GetFileTime
GlobalUnlock
SystemTimeToTzSpecificLocalTime
CreateFileMappingW
CopyFileW
MultiByteToWideChar
DeleteFileW
CreateThread
TerminateThread
Sleep
CreateFiber
DeleteFiber
SwitchToFiber
VerifyVersionInfoA
GetSystemDirectoryA
ExpandEnvironmentStringsA
PeekNamedPipe
WaitForMultipleObjects
SleepEx
FormatMessageA
GetModuleHandleW
InterlockedIncrement
SetLocalTime
GetExitCodeThread
lstrcmpiW
GetWindowsDirectoryW
OpenProcess
MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
GetProcessHeap
FileTimeToSystemTime
HeapAlloc
LoadLibraryA
HeapFree
WritePrivateProfileStringW
GetPrivateProfileStringW
GetTempPathW
LocalFree
FormatMessageW
GetVersionExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
EncodePointer
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
LoadLibraryExA
LocalAlloc
GetLongPathNameW
GetExitCodeProcess
GetTickCount
HeapReAlloc
HeapSize
WideCharToMultiByte
GlobalAlloc
GlobalFree
lstrcpyW
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFileAttributesExW
MoveFileExW
GetEnvironmentVariableW
GetDriveTypeW
CreateDirectoryW
WTSGetActiveConsoleSessionId
GetSystemInfo
GetVolumeInformationW
ReleaseMutex
CreateMutexW
GlobalLock
SetErrorMode
GetLocalTime
GetCommandLineW
DeviceIoControl
OutputDebugStringA
SetPriorityClass
VerSetConditionMask
VerifyVersionInfoW
GetACP
FreeResource
MulDiv
ExitProcess
GetFileType
DuplicateHandle
SystemTimeToFileTime
DosDateTimeToFileTime
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
GetCurrentThread
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
SetStdHandle
FlushFileBuffers
WriteConsoleW
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
InitializeCriticalSection
ReleaseSemaphore
VirtualAlloc
VirtualFree
lstrlenW
GetCurrentDirectoryW
GetFileSize
CloseHandle
CreateFileW
SetEndOfFile
SetFilePointer
SetFileTime
WriteFile
ReadFile
GetLastError
GetModuleHandleA
GetFileAttributesW
FindClose
FindNextFileW
SetLastError
FindFirstFileW
LoadLibraryExW
FreeLibrary
LoadLibraryW
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcAddress

user32

GetWindowRect
GetClientRect
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
KillTimer
ReleaseCapture
SetCapture
IsZoomed
UpdateLayeredWindow
GetMessageW
PtInRect
IsRectEmpty
IntersectRect
SetCursor
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetForegroundWindow
BringWindowToTop
PeekMessageW
DispatchMessageW
GetCursorPos
GetDesktopWindow
SetWindowTextW
wsprintfW
CharUpperW
LoadStringW
IsWindow
GetUserObjectInformationW
GetProcessWindowStation
ScreenToClient
MapWindowPoints
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
CreateCaret
GetWindowRgn
ShowWindow
UnregisterClassW
SendMessageW
SetWindowPos
GetWindowTextW
GetClassNameW
SetRect
FillRect
DrawTextW
CharPrevW
MonitorFromPoint
MessageBoxW
SetWindowRgn
IsIconic
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetPropW
EnumChildWindows
SetPropW
UnionRect
GetWindow
InflateRect
OffsetRect
InvalidateRgn
CreateAcceleratorTableW
MoveWindow
ClientToScreen
GetSysColor
GetParent
SetWindowLongW
EndDialog
FindWindowExW
CallWindowProcW
PostQuitMessage
SetFocus
GetFocus
PostMessageW
ShowScrollBar
GetKeyState
SetTimer
GetClassInfoExW
LoadCursorW
RegisterClassExW
CreateWindowExW
DefWindowProcW
GetWindowTextLengthW
GetWindowLongW
CharNextW
GetSystemMetrics
MsgWaitForMultipleObjects
IsWindowVisible
RegisterClassW
TranslateMessage
DestroyWindow
EnableWindow

gdi32

CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
CreateDCW
GetDeviceCaps
CreateRoundRectRgn
SetTextColor
SetBkMode
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
SelectClipRgn
ExtSelectClipRgn
SetBkColor
PtInRegion
CreateRectRgn
TextOutW
SetWindowOrgEx
CreateDIBSection
GetTextMetricsW
SelectObject
SaveDC
RestoreDC
Rectangle
CreatePen
CreateFontIndirectW
CreateCompatibleDC
MoveToEx
GetObjectA
SetStretchBltMode
GetStockObject
DeleteDC
CreateCompatibleBitmap
BitBlt
GetObjectW
GetDIBits
DeleteObject
StretchBlt

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

DuplicateTokenEx
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyW
RegEnumKeyW
ImpersonateLoggedOnUser
RevertToSelf
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupAccountSidW
GetTokenInformation
OpenProcessToken
ReportEventW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
DragQueryFileW
DragFinish
SHGetFolderPathW
SHGetSpecialFolderPathA
SHChangeNotify

ole32

CoUninitialize
ReleaseStgMedium
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
RevokeDragDrop
RegisterDragDrop
CoTaskMemRealloc
CoTaskMemFree
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoCreateInstance
CoInitialize

oleaut32

SysAllocStringLen
VarUI4FromStr
SysFreeString
SysAllocString
VariantCopy
VariantInit
SysStringByteLen
SysStringLen
VariantClear

shlwapi

ord219
PathAddBackslashW
SHDeleteValueW
SHDeleteKeyW
SHSetValueW
SHGetValueW
PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmGetVirtualKey

wtsapi32

WTSQueryUserToken

comctl32

_TrackMouseEvent
ord17

wldap32

ord301
ord143
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord200
ord30

ws2_32

WSASetLastError
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
recvfrom
sendto
accept
listen
ioctlsocket
gethostname
select
__WSAFDIsSet
WSAGetLastError
send
recv
WSACleanup
WSAStartup
bind

gdiplus

GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipFree
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDrawImageRectRect
GdiplusStartup
GdiplusShutdown
GdipCreateLineBrushI
GdipCreateStringFormat
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawArcI
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipSetCompositingMode
GdipAlloc
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathArcI
GdipAddPathLineI
GdipDeletePath
GdipCreatePath
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipSetStringFormatTrimming
GdipCloneImage
GdipMeasureString

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 721KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c622cefca0ddb627d304a0c0db99c3a3

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

09:64:0a:ec:22:b4:2a:a8:ba:d8:9a:1b:02:16:52:35Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:64:0a:ec:22:b4:2a:a8:ba:d8:9a:1b:02:16:52:35Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

f5:67:56:80:a6:19:cb:28:a6:87:f8:f4:31:5e:11:3f:8c:26:f3:88:2f:6d:f4:cf:8c:f6:e7:d2:f8:4b:b1:9eSigner

fd:68:5e:01:ad:6f:92:53:80:63:81:12:38:b4:d5:36:08:ec:6d:89Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

version

imm32

wtsapi32

comctl32

wldap32

ws2_32

gdiplus

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 721KB - Virtual size: 720KB

.data Size: 52KB - Virtual size: 85KB

.gfids Size: 512B - Virtual size: 504B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 243KB - Virtual size: 242KB

.reloc Size: 130KB - Virtual size: 129KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

09:64:0a:ec:22:b4:2a:a8:ba:d8:9a:1b:02:16:52:35
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:64:0a:ec:22:b4:2a:a8:ba:d8:9a:1b:02:16:52:35
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

f5:67:56:80:a6:19:cb:28:a6:87:f8:f4:31:5e:11:3f:8c:26:f3:88:2f:6d:f4:cf:8c:f6:e7:d2:f8:4b:b1:9e
Signer

fd:68:5e:01:ad:6f:92:53:80:63:81:12:38:b4:d5:36:08:ec:6d:89
Signer

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 721KB - Virtual size: 720KB

.data
Size: 52KB - Virtual size: 85KB

.gfids
Size: 512B - Virtual size: 504B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 243KB - Virtual size: 242KB

.reloc
Size: 130KB - Virtual size: 129KB