2659bd9f573c3a92f98c076df9a44ac0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2659bd9f573c3a92f98c076df9a44ac0N.exe
Size

662KB
MD5

2659bd9f573c3a92f98c076df9a44ac0
SHA1

3a0bd885dc2054b353cfa291c7bfb092fe1ed5a9
SHA256

089c4dc05006638bc5e80ccb79d912be7e26ed56a5c7927b34ceca693cdba0c9
SHA512

3c79ed9b3f3e7e308653dcb0d9b6a3dc3d98233200502a403d9ffa54d951e85aeee295a8d7d853be54649f132b56e5073822748bc886abe9e86f3d25261cba85
SSDEEP

12288:XXNE9fpRAOhJglOyraZ+5wgSn7t6chgZFG6Z8:XX29zvglhOZn7ccOZ86Z8

Score

1^/10

Malware Config

Signatures

Files

2659bd9f573c3a92f98c076df9a44ac0N.exe
.exe windows:5 windows x86 arch:x86

21b68bda5318554f2a099618982c7efe

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:bb:73:ea:02:c7:00:da:07:70:da:7b:63:d9:04:51
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/07/2020, 00:00

Not After

26/08/2021, 12:00

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,O=Beijing Sogou Technology Development Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:90:b9:34:84:e6:f1:8e:fe:9f:43:68:3a:5f:49:d8
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/05/2021, 00:00

Not After

21/08/2024, 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,O=Beijing Sogou Technology Development Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:d9:f2:3a:9f:34:58:09:be:70:f6:e0:e2:cf:8b:d6:b9:12:87:d5:b5:95:1a:f9:bf:57:50:51:a0:a4:d0:fc
Signer

Actual PE Digest

57:d9:f2:3a:9f:34:58:09:be:70:f6:e0:e2:cf:8b:d6:b9:12:87:d5:b5:95:1a:f9:bf:57:50:51:a0:a4:d0:fc

Digest Algorithm

sha256

PE Digest Matches

true

67:30:47:b4:00:0a:52:78:e8:3e:05:d0:84:3e:70:da:e9:36:ca:fa
Signer

Actual PE Digest

67:30:47:b4:00:0a:52:78:e8:3e:05:d0:84:3e:70:da:e9:36:ca:fa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\project\wubi\WB_5_2\bin\SogouPdb\SogouWubi\SogouWBSvc.pdb

Imports

userenv

CreateEnvironmentBlock

kernel32

GetCommandLineW
CreateEventW
GetTickCount
Sleep
WaitForSingleObject
SetEvent
GetCurrentThreadId
CreateThread
InterlockedCompareExchange
InterlockedExchange
DecodePointer
MultiByteToWideChar
FindResourceW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
CloseHandle
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
OpenProcess
GetProcAddress
FreeLibrary
InterlockedDecrement
SetEndOfFile
ReadConsoleW
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
InterlockedIncrement
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetFileType
DeleteFileW
EnumSystemLocalesW
GetUserDefaultLCID
GlobalFree
LoadLibraryW
GetSystemDirectoryW
SetLastError
WideCharToMultiByte
ReadFile
GetCurrentProcess
WriteFile
CreateFileW
ExitThread
FormatMessageW
LocalFree
GetFileSize
CreateProcessW
FindNextFileW
FindClose
GetFileAttributesW
SetFileAttributesW
CreateDirectoryW
HeapFree
HeapAlloc
FlushFileBuffers
GetCurrentProcessId
CreateMutexW
ReleaseMutex
OpenMutexW
LocalAlloc
GetProcessHeap
QueryPerformanceCounter
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
IsDebuggerPresent
OutputDebugStringW
GetStringTypeW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
GetModuleHandleExW
FindFirstFileExW
HeapReAlloc
ExitProcess
GetStdHandle
GetACP
HeapSize
GetDateFormatW
GetTimeFormatW
IsValidLocale

user32

CharNextW
GetMessageW
TranslateMessage
DispatchMessageW
GetClassNameW
IsWindowVisible
GetWindowThreadProcessId
SetRectEmpty
PostThreadMessageW
CharUpperW
SetTimer
MessageBoxW
LoadStringW

advapi32

RegCreateKeyExW
GetSecurityDescriptorSacl
DuplicateTokenEx
CreateProcessAsUserW
FreeSid
AllocateAndInitializeSid
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
RegQueryValueExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
EqualSid
SetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
InitializeAcl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
AddAccessAllowedAceEx
GetLengthSid
OpenProcessToken
GetTokenInformation
RegCloseKey

ole32

CoRevokeClassObject
CoResumeClassObjects
CoInitializeEx
CoReleaseServerProcess
CoInitializeSecurity
CoCreateInstance
CoUninitialize
StringFromGUID2
CoRegisterClassObject
CoTaskMemFree
CoTaskMemRealloc
CoAddRefServerProcess
CoTaskMemAlloc

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysAllocString

imm32

ImmDisableIME

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shell32

SHGetFolderPathW
ShellExecuteW

Sections

.text
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21b68bda5318554f2a099618982c7efe

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

06:bb:73:ea:02:c7:00:da:07:70:da:7b:63:d9:04:51Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

08:90:b9:34:84:e6:f1:8e:fe:9f:43:68:3a:5f:49:d8Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

57:d9:f2:3a:9f:34:58:09:be:70:f6:e0:e2:cf:8b:d6:b9:12:87:d5:b5:95:1a:f9:bf:57:50:51:a0:a4:d0:fcSigner

67:30:47:b4:00:0a:52:78:e8:3e:05:d0:84:3e:70:da:e9:36:ca:faSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

userenv

kernel32

user32

advapi32

ole32

oleaut32

imm32

version

shell32

Sections

.text Size: 270KB - Virtual size: 270KB

.rdata Size: 127KB - Virtual size: 126KB

.data Size: 20KB - Virtual size: 40KB

.rsrc Size: 215KB - Virtual size: 215KB

.reloc Size: 15KB - Virtual size: 15KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

06:bb:73:ea:02:c7:00:da:07:70:da:7b:63:d9:04:51
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

08:90:b9:34:84:e6:f1:8e:fe:9f:43:68:3a:5f:49:d8
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

57:d9:f2:3a:9f:34:58:09:be:70:f6:e0:e2:cf:8b:d6:b9:12:87:d5:b5:95:1a:f9:bf:57:50:51:a0:a4:d0:fc
Signer

67:30:47:b4:00:0a:52:78:e8:3e:05:d0:84:3e:70:da:e9:36:ca:fa
Signer

.text
Size: 270KB - Virtual size: 270KB

.rdata
Size: 127KB - Virtual size: 126KB

.data
Size: 20KB - Virtual size: 40KB

.rsrc
Size: 215KB - Virtual size: 215KB

.reloc
Size: 15KB - Virtual size: 15KB