56adfd05daafde8c5652ff168be2d1ef2849745441836f842aeb64096898e86c

Sharing

Copy URL Twitter E-mail

General

Target

56adfd05daafde8c5652ff168be2d1ef2849745441836f842aeb64096898e86c
Size

3.7MB
MD5

1af5e96616c8662cbb4a9b8ca03cc0b7
SHA1

4c85a7856b387e35b0582871fe521f449cd67a2a
SHA256

56adfd05daafde8c5652ff168be2d1ef2849745441836f842aeb64096898e86c
SHA512

8c01a6cdff64a20d613b9f4a68dd67b5ba229148f0d50ff173cdc23725a34cba6b3b2be47e9971edf12c2fe9303bc9ad772dfff48562109aaf2c303da96dd962
SSDEEP

49152:QtXfbUhrov6fcWFdSwj96LXcnPiOsGDSEIVhpU1yIVftPO6VNELAe+M2:QtXDUBdfnPi6yhpUJfk6IA

Score

1^/10

Malware Config

Signatures

Files

56adfd05daafde8c5652ff168be2d1ef2849745441836f842aeb64096898e86c
.exe windows:6 windows x86 arch:x86

b91491f75fceae0d85d86b5e77e97c4f

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:90:b9:34:84:e6:f1:8e:fe:9f:43:68:3a:5f:49:d8
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/05/2021, 00:00

Not After

21/08/2024, 23:59

Subject

CN=Beijing Sogou Technology Development Co.\, Ltd.,O=Beijing Sogou Technology Development Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:60:f9:6b:db:44:4f:34:b3:b6:fc:8c:f3:7f:cb:a3:12:ef:01:58:48:8a:f0:72:ab:f0:f0:fc:01:be:8c:05
Signer

Actual PE Digest

30:60:f9:6b:db:44:4f:34:b3:b6:fc:8c:f3:7f:cb:a3:12:ef:01:58:48:8a:f0:72:ab:f0:f0:fc:01:be:8c:05

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\landun\pinyin_agent\workspace\p-f93f0d74ed8a49278e11882bf2562c5a\src\bin\Release_Win32\SogouComMgr.pdb

Imports

kernel32

VerifyVersionInfoW
DeleteFiber
ConvertFiberToThread
SetConsoleMode
ReadConsoleA
LoadLibraryA
MoveFileW
VerSetConditionMask
UnmapViewOfFile
DeleteFileW
GetTempPathW
FindClose
CreateSemaphoreW
TerminateThread
InitializeCriticalSection
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
GetExitCodeProcess
GetTickCount
GetTempFileNameW
DebugBreak
GetCurrentProcessId
DeleteCriticalSection
DecodePointer
CloseHandle
GetLastError
Sleep
WaitForSingleObject
InitializeCriticalSectionEx
FindNextFileW
FindFirstFileW
GlobalFree
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
GlobalHandle
WriteConsoleW
HeapSize
SetConsoleCtrlHandler
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapReAlloc
GetStdHandle
PeekNamedPipe
GetDriveTypeW
ExitProcess
GetConsoleMode
GetConsoleOutputCP
GetFileType
SetStdHandle
GetTimeZoneInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
RtlUnwind
GetCPInfo
GetStringTypeW
OutputDebugStringA
GetFileAttributesW
OutputDebugStringW
QueryPerformanceFrequency
GlobalLock
QueryPerformanceCounter
GlobalUnlock
GetVersionExW
GetCommandLineW
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
GetProcAddress
FreeLibrary
ReadFile
SetLastError
GetCurrentProcess
WriteFile
SetFilePointer
CreateFileW
GetCurrentThreadId
DuplicateHandle
ExitThread
CreateEventW
FormatMessageW
CreateThread
LocalFree
GetFileSize
GetSystemDirectoryW
LoadLibraryW
GetModuleHandleW
OpenMutexW
LoadLibraryExW
RemoveDirectoryW
SetFileAttributesW
FileTimeToSystemTime
MoveFileExW
CreateDirectoryW
GetProcessId
CreateProcessW
CopyFileW
GetFileTime
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
OpenEventW
lstrlenW
HeapFree
GetFullPathNameW
lstrlenA
LocalAlloc
HeapAlloc
GetProcessHeap
CreateMutexW
ReleaseMutex
GetWindowsDirectoryW
FlushFileBuffers
VirtualFree
VirtualAlloc
SetEvent
GetCurrentDirectoryW
ReleaseSRWLockExclusive
GetLocalTime
FindFirstFileExW
GetFileSizeEx
SetEndOfFile
GetFileInformationByHandle
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
IsDebuggerPresent
RaiseException
SetEnvironmentVariableW
GetEnvironmentVariableW
GetNativeSystemInfo
TerminateProcess
VirtualQuery
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
ResetEvent
GetQueuedCompletionStatus
CreateIoCompletionPort
lstrcatW
lstrcpyW
WaitForSingleObjectEx
TransactNamedPipe
SetNamedPipeHandleState
WaitNamedPipeW
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
InitializeSRWLock
EncodePointer
LCMapStringEx

user32

MessageBoxW
GetMessageW
DestroyWindow
MoveWindow
GetWindowRect
LoadCursorW
RegisterClassExW
EndPaint
BeginPaint
ReleaseDC
IsIconic
ReleaseCapture
GetParent
KillTimer
AppendMenuW
SetCursor
SetCapture
SetPropW
DestroyMenu
IsWindowEnabled
TrackMouseEvent
SetMenuItemInfoW
ClientToScreen
SetTimer
CreateWindowExW
GetWindowPlacement
SetWindowPos
CreatePopupMenu
GetSystemMetrics
GetPropW
IsWindowVisible
InsertMenuItemW
CallWindowProcW
GetKeyState
PtInRect
GetDesktopWindow
DrawTextW
UpdateLayeredWindow
GetFocus
IntersectRect
GetMonitorInfoW
MonitorFromPoint
SubtractRect
SetRectEmpty
CharNextW
LoadStringW
DefWindowProcW
wsprintfW
wvsprintfW
GetProcessWindowStation
GetUserObjectInformationW
ScreenToClient
GetDC
PostQuitMessage
SystemParametersInfoW
GetCursorPos
SendMessageW
ShowWindow
NotifyWinEvent
EnableWindow
TrackPopupMenu
IsWindow
DispatchMessageW
TranslateMessage
LoadIconW
FindWindowW
RegisterWindowMessageW
SetForegroundWindow
GetWindowTextW
GetWindowLongW
GetClientRect
SetWindowLongW
PostMessageW

advapi32

RegCloseKey
GetAce
GetAclInformation
SetFileSecurityW
BuildExplicitAccessWithNameW
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
LookupAccountSidW
GetTokenInformation
OpenProcessToken
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
LookupAccountNameW
AddAccessAllowedAce
GetLengthSid
AddAccessAllowedAceEx
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptAcquireContextW
CryptDecrypt
CryptSetKeyParam
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
InitializeAcl
InitializeSecurityDescriptor
GetFileSecurityW
AddAce
SetSecurityDescriptorSacl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegDeleteValueW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
EqualSid

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
OleCreate
OleSetContainedObject

oleaut32

SysAllocString
VariantInit
SysFreeString
VariantClear

imm32

ImmDisableIME

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetProcessMemoryInfo

msimg32

AlphaBlend

oleacc

AccessibleObjectFromWindow
LresultFromObject

wininet

HttpEndRequestW
HttpSendRequestExW
InternetConnectA
HttpAddRequestHeadersW
InternetCrackUrlA
InternetQueryOptionW
InternetReadFile
InternetSetOptionW
InternetCloseHandle
HttpQueryInfoW
InternetOpenW
InternetOpenUrlW
HttpOpenRequestA
InternetWriteFile

ws2_32

closesocket
WSASetLastError
send
WSAGetLastError
WSACleanup
recv

shell32

SHGetKnownFolderPath
CommandLineToArgvW
SHChangeNotify
SHFileOperationW
ShellExecuteExW
ShellExecuteW
SHGetFolderPathW

shlwapi

PathMatchSpecW

winmm

timeGetTime

gdi32

GetFontData
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
SetTextColor
SetBkMode
SetTextCharacterExtra
CreateDIBSection
GetObjectW
DeleteObject
CreateFontIndirectW

winhttp

WinHttpReadData
WinHttpWriteData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpen
WinHttpSetOption
WinHttpConnect
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpenRequest
WinHttpQueryOption
WinHttpAddRequestHeaders
WinHttpCrackUrl
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpSetTimeouts
WinHttpQueryDataAvailable
WinHttpCloseHandle

crypt32

CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateContext
CertGetCertificateContextProperty

bcrypt

BCryptGenRandom

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 678KB - Virtual size: 678KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 511KB - Virtual size: 511KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b91491f75fceae0d85d86b5e77e97c4f

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

08:90:b9:34:84:e6:f1:8e:fe:9f:43:68:3a:5f:49:d8Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

30:60:f9:6b:db:44:4f:34:b3:b6:fc:8c:f3:7f:cb:a3:12:ef:01:58:48:8a:f0:72:ab:f0:f0:fc:01:be:8c:05Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

imm32

version

psapi

msimg32

oleacc

wininet

ws2_32

shell32

shlwapi

winmm

gdi32

winhttp

crypt32

bcrypt

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 678KB - Virtual size: 678KB

.data Size: 53KB - Virtual size: 129KB

.rsrc Size: 164KB - Virtual size: 164KB

.reloc Size: 511KB - Virtual size: 511KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

08:90:b9:34:84:e6:f1:8e:fe:9f:43:68:3a:5f:49:d8
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

30:60:f9:6b:db:44:4f:34:b3:b6:fc:8c:f3:7f:cb:a3:12:ef:01:58:48:8a:f0:72:ab:f0:f0:fc:01:be:8c:05
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 678KB - Virtual size: 678KB

.data
Size: 53KB - Virtual size: 129KB

.rsrc
Size: 164KB - Virtual size: 164KB

.reloc
Size: 511KB - Virtual size: 511KB