0ec598a9663c6a801a166cd8885ea660N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0ec598a9663c6a801a166cd8885ea660N.exe
Size

3.4MB
MD5

0ec598a9663c6a801a166cd8885ea660
SHA1

a669efa77f722a606eda328d009b181aaf2d6390
SHA256

21ba9ca7560dd65881eaa4e22cc9f9a2bf025f754288649343ca25b3009ee6a4
SHA512

7b6610bc859bf757f94cecddb06bd18a80907611602f8e41c73ea79d07e8c76b89786d11a3ec8586e62b466694d402b03fd71cd11b9cf08c12302fce0ebf3468
SSDEEP

98304:vQqxy2QN4GTcfmx1ElY38veF8zJ6XZMGJvhNCvP7emTBtx:IfbcfTW38veFTXZMGJ87VV

Score

1^/10

Malware Config

Signatures

Files

0ec598a9663c6a801a166cd8885ea660N.exe
.exe windows:5 windows x86 arch:x86

66d3ad69d5ebad14bcd3d9c69f2efef2

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:b8:d1:a2:09:09:eb:bb:0a:fd:0f:29:83:a2:11:76
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

23/08/2023, 00:00

Not After

22/08/2024, 23:59

Subject

SERIALNUMBER=91110302MA01E5GT7C,CN=Beijing SkyGuard Information Security Technology Co.\,Ltd.,O=Beijing SkyGuard Information Security Technology Co.\,Ltd.,ST=北京市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c1be58c97e4baace7bb8fe6b58ee68a80e69cafe5bc80e58f91e58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e58c97e4baace5b882,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:08:82:d1:d6:4e:c4:fd:65:54:4c:86:53:0f:15:93:41:cc:2b:cf:d3:ed:72:71:66:c9:f7:2b:52:2b:87:21
Signer

Actual PE Digest

1e:08:82:d1:d6:4e:c4:fd:65:54:4c:86:53:0f:15:93:41:cc:2b:cf:d3:ed:72:71:66:c9:f7:2b:52:2b:87:21

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\opt\builddir\EndpointInstaller\src\skyguard\EndpointOnlineUpdate\OnlineSetup\Release\OnlineSetup.pdb

Imports

kernel32

WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetTimeZoneInformation
ReadConsoleW
EnumSystemLocalesW
IsValidLocale
SetFilePointerEx
GetConsoleCP
GetACP
ExitProcess
GetStdHandle
SetStdHandle
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
GetCommandLineW
GetCommandLineA
RtlUnwind
GetCPInfo
GetStringTypeW
LCMapStringW
QueryPerformanceFrequency
OutputDebugStringW
GetThreadTimes
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetUserDefaultLCID
Sleep
SearchPathW
GetProfileIntW
GetTickCount
GetTempPathW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
FindResourceExW
lstrcpyW
GetWindowsDirectoryW
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
VirtualProtect
FileTimeToSystemTime
GlobalGetAtomNameW
lstrcmpiW
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GlobalFindAtomW
LoadLibraryA
GetSystemDirectoryW
EncodePointer
CopyFileW
FormatMessageW
MulDiv
LocalFree
GlobalSize
GetCurrentProcessId
GlobalAddAtomW
ResumeThread
SetThreadPriority
SetEvent
GlobalFree
GetModuleHandleA
SetLastError
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetModuleHandleW
lstrcmpW
lstrcmpA
GlobalDeleteAtom
LoadLibraryExW
GetVersionExW
GetCurrentThreadId
GetCurrentThread
SetFileTime
WriteFile
DosDateTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
ReadFile
SetFilePointer
GetFileType
CreateFileW
GetCurrentProcess
DuplicateHandle
WideCharToMultiByte
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
CreateEventW
HeapSize
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
HeapFree
WaitForSingleObject
CreateProcessW
FreeResource
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
OutputDebugStringA
GetProcAddress
SetCurrentDirectoryW
DeleteFileW
CreateDirectoryW
CreateDirectoryA
GetModuleFileNameW
DeleteFileA
SizeofResource
LockResource
LoadResource
FindResourceW
LoadLibraryW
MultiByteToWideChar
FreeLibrary
CloseHandle
GetLastError
GetConsoleMode

user32

LoadMenuW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
IntersectRect
MapDialogRect
GetAsyncKeyState
InflateRect
GetMenuItemInfoW
DestroyMenu
CharUpperW
DestroyIcon
GetSysColorBrush
OffsetRect
SetRectEmpty
SendDlgItemMessageA
InvalidateRect
KillTimer
RealChildWindowFromPoint
DeleteMenu
CopyImage
LoadCursorW
WindowFromPoint
ReleaseCapture
SetCapture
WaitMessage
FillRect
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CreatePopupMenu
GetTopWindow
GetClassNameW
GetClassLongW
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
EnumDisplayMonitors
SetClassLongW
SetWindowRgn
MessageBoxW
LoadIconW
OpenClipboard
SendMessageW
EnumDisplaySettingsW
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
InsertMenuItemW
LoadImageW
UnpackDDElParam
ReuseDDElParam
SetLayeredWindowAttributes
GetMenuDefaultItem
TrackMouseEvent
GetKeyNameTextW
MapVirtualKeyW
UnionRect
IsRectEmpty
GetSystemMenu
SetParent
GetNextDlgGroupItem
DrawFocusRect
DrawIconEx
GetIconInfo
MessageBeep
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
GetWindow
SetTimer
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SystemParametersInfoW
ClientToScreen
GetDC
GetWindowRect
GetWindowLongW
SetWindowLongW
ReleaseDC
MessageBoxA
PostThreadMessageW
EnableWindow
UnregisterClassW
PostMessageW
PostQuitMessage
IsWindow
DestroyWindow
CreateDialogIndirectParamW
EndDialog
GetDlgItem
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
SetActiveWindow
GetDesktopWindow
TranslateMDISysAccel
GetParent
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
IsWindowVisible
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
ShowOwnedPopups
SetCursor
GetWindowThreadProcessId
GetLastActivePopup
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
UnhookWindowsHookEx
RegisterWindowMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
IsZoomed
SetCursorPos
CopyIcon
FrameRect
SetRect
LockWindowUpdate
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
DestroyCursor
GetWindowRgn
CreateMenu
SubtractRect
SetWindowPos

gdi32

CreateRectRgn
CreateSolidBrush
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
GetTextMetricsW
CreatePatternBrush
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
CreatePen
CreateHatchBrush
BitBlt
GetObjectW
SetTextColor
SetBkColor
GetDeviceCaps
CreateDCW
CopyMetaFileW
CreateBitmap
DeleteDC
DeleteObject
SelectObject
CreateCompatibleBitmap
CombineRgn
LineTo
CreateCompatibleDC

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

DragFinish
SHGetFileInfoW
DragQueryFileW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHAppBarMessage
SHBrowseForFolderW
SHGetSpecialFolderPathA

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW
PathFileExistsW

uxtheme

GetThemeColor
GetThemeSysColor
DrawThemeText
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetWindowTheme
GetCurrentThemeName
GetThemePartSize
IsAppThemed

ole32

IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CoInitializeEx
CoDisconnectObject
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
CreateStreamOnHGlobal
ReleaseStgMedium

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
SysAllocString
VariantCopy
VarBstrFromDate
LoadTypeLi

gdiplus

GdipGetFontHeightGivenDPI
GdipSetInterpolationMode
GdiplusStartup
GdiplusShutdown
GdipGetImageWidth
GdipGetImageHeight
GdipFree
GdipDisposeImage
GdipAlloc
GdipCloneImage
GdipLoadImageFromStream
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteFont
GdipTranslateWorldTransform
GdipSetTextRenderingHint
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDrawString
GdipDrawImageI
GdipReleaseDC
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromHBITMAP

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 354KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66d3ad69d5ebad14bcd3d9c69f2efef2

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

07:b8:d1:a2:09:09:eb:bb:0a:fd:0f:29:83:a2:11:76Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

1e:08:82:d1:d6:4e:c4:fd:65:54:4c:86:53:0f:15:93:41:cc:2b:cf:d3:ed:72:71:66:c9:f7:2b:52:2b:87:21Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 354KB - Virtual size: 353KB

.data Size: 22KB - Virtual size: 48KB

.gfids Size: 105KB - Virtual size: 104KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 122KB - Virtual size: 122KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:b8:d1:a2:09:09:eb:bb:0a:fd:0f:29:83:a2:11:76
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1e:08:82:d1:d6:4e:c4:fd:65:54:4c:86:53:0f:15:93:41:cc:2b:cf:d3:ed:72:71:66:c9:f7:2b:52:2b:87:21
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 354KB - Virtual size: 353KB

.data
Size: 22KB - Virtual size: 48KB

.gfids
Size: 105KB - Virtual size: 104KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 122KB - Virtual size: 122KB