da2bef8e6b1aa12566e262424889c2e90284ca26e1097ea8c6a91f56a86fbc7f[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

da2bef8e6b1aa12566e262424889c2e90284ca26e1097ea8c6a91f56a86fbc7f.exe
Size

661KB
MD5

96cc14236123757075f68408a000989e
SHA1

f567fbc52553eed83c7c675ea9fc2ebe8fdab4ce
SHA256

da2bef8e6b1aa12566e262424889c2e90284ca26e1097ea8c6a91f56a86fbc7f
SHA512

c75e2aad429d7e420ebd6759157be87cf1595a76ea97a88bcc807b527a1732c5e05fa6931b8c3272c63043dc18818cfedf0cf7a8f5e44cf3ba2aa787f88bc697
SSDEEP

6144:kRAvDPAq8HIBhYRqqlqqlqqlqqlqqlqqlqqlqqlqqlqqlqqlqqlqqlqqlqqlqqbk:k6qZ929E+

Score

1^/10

Malware Config

Signatures

Files

da2bef8e6b1aa12566e262424889c2e90284ca26e1097ea8c6a91f56a86fbc7f.exe
.exe windows:4 windows x86 arch:x86

73e85365bf028be6b7cc17723133e94b

Code Sign

08:c8:ec:ea:59:44:ae:e2:2b:b2:18:50:8e:97:98:b8
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31-07-2020 00:00

Not After

03-08-2023 12:00

Subject

CN=Qi An Xin Technology Group Inc.,O=Qi An Xin Technology Group Inc.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:41

Not After

15-04-2021 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31-05-2021 06:43

Not After

17-09-2029 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28-07-2022 08:56

Not After

27-07-2033 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:45

Not After

15-04-2021 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:bc:db:09:00:11:fd:11:c3:34:1d:74:52:75:e9:9a
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-08-2020 00:00

Not After

03-08-2023 12:00

Subject

SERIALNUMBER=91110105397625067T,CN=Qi An Xin Technology Group Inc.,O=Qi An Xin Technology Group Inc.,ST=Beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28-07-2022 08:56

Not After

27-07-2033 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31-05-2021 06:43

Not After

17-09-2029 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:e7:5e:cb:fb:b8:2e:e8:19:ac:78:6b:77:ad:d9:d5:91:51:03:a7:37:55:0a:bc:de:f5:44:2c:d3:1c:4b:bb
Signer

Actual PE Digest

30:e7:5e:cb:fb:b8:2e:e8:19:ac:78:6b:77:ad:d9:d5:91:51:03:a7:37:55:0a:bc:de:f5:44:2c:d3:1c:4b:bb

Digest Algorithm

sha256

PE Digest Matches

true

dd:d9:67:2c:cf:cc:71:7f:b0:8d:e4:75:c7:01:4d:c5:7d:7e:3b:2d
Signer

Actual PE Digest

dd:d9:67:2c:cf:cc:71:7f:b0:8d:e4:75:c7:01:4d:c5:7d:7e:3b:2d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileTime
GetVersionExA
GetSystemInfo
GetModuleHandleA
FileTimeToLocalFileTime
MultiByteToWideChar
CreateDirectoryA
ExpandEnvironmentStringsA
GetCurrentProcess
QueryDosDeviceA
GetLogicalDriveStringsA
Process32NextW
Process32FirstW
GetTimeZoneInformation
GetExitCodeProcess
ProcessIdToSessionId
CreateProcessA
GetCurrentThread
Module32Next
Module32First
LocalFree
GetModuleHandleW
VirtualQuery
GetEnvironmentVariableA
GetSystemWindowsDirectoryA
LocalAlloc
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileA
FindNextFileA
GetFileAttributesA
FindClose
RemoveDirectoryA
LoadLibraryExA
FindResourceA
LoadResource
LockResource
lstrcmpiW
SetFileAttributesA
MoveFileExA
GetLastError
GetSystemTime
GetProcessHeap
HeapAlloc
HeapFree
CloseHandle
GetCurrentProcessId
Sleep
WaitForSingleObject
ResetEvent
SetEvent
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
GetLocalTime
OutputDebugStringA
CreateFileA
SetFilePointer
SetEndOfFile
WriteFile
CopyFileA
DeleteFileA
CreateEventA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
GetStartupInfoA

user32

LoadIconA
UpdateWindow
ShowWindow
CreateWindowExA
LoadCursorA
DialogBoxParamA
DefWindowProcA
PostQuitMessage
EndPaint
EnumWindows
MessageBoxA
RegisterClassExA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadMenuA
GetSubMenu
ModifyMenuA
GetCursorPos
SetForegroundWindow
TrackPopupMenu
PostMessageA
EndDialog
LoadStringA
BeginPaint
GetWindowThreadProcessId
SendMessageA
ExitWindowsEx
GetClientRect
DrawTextA

advapi32

OpenSCManagerA
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
FreeSid
RegEnumKeyExA
RegDeleteKeyA
RegEnumKeyA
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
AllocateAndInitializeSid
RegDeleteValueA
SetFileSecurityA
AddAccessAllowedAceEx
CreateProcessAsUserA
OpenProcessToken
SetTokenInformation
DuplicateTokenEx
EqualSid
GetTokenInformation
OpenThreadToken
LookupPrivilegeNameA
CloseServiceHandle
AdjustTokenPrivileges
LookupPrivilegeValueA
LookupAccountSidA
ConvertSidToStringSidA
LookupAccountNameA
GetLengthSid

shell32

Shell_NotifyIconA
StrCmpNIA
StrStrIA

ws2_32

WSASetLastError
inet_ntoa
htonl
WSAGetLastError
gethostbyname
inet_addr
getservbyname
htons
gethostbyaddr
ntohs
WSAIoctl
closesocket
WSAAddressToStringA
getservbyport
WSARecv
WSAGetOverlappedResult
WSASend
shutdown
listen
WSAEventSelect
bind
WSAEnumNetworkEvents
accept
ntohl
WSACleanup
WSASocketA
connect
setsockopt
WSAStartup
getsockname

shlwapi

StrTrimA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

msvcrt

_fileno
strncmp
_read
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_CxxThrowException
sscanf
_wcsicmp
fseek
ftell
_access
fopen
fclose
_snprintf
strrchr
iscntrl
__p___argc
__p___argv
atoi
strstr
_strnicmp
malloc
strchr
strtoul
calloc
free
sprintf
_vsnprintf
strncat
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
memmove
__CxxFrameHandler
strncpy

msvcp60

?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0Init@ios_base@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1_Winit@std@@QAE@XZ

psapi

GetModuleFileNameExA
GetProcessImageFileNameA

iphlpapi

SetTcpEntry
GetTcpTable

crypt32

CertGetIntendedKeyUsage
CertFreeCertificateContext
CertCloseStore
CertFindCertificateInStore
CertOpenSystemStoreA
CertAddCertificateContextToStore
CertOpenStore
CertNameToStrA
CertFindChainInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertGetNameStringA

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 565KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73e85365bf028be6b7cc17723133e94b

Code Sign

08:c8:ec:ea:59:44:ae:e2:2b:b2:18:50:8e:97:98:b8Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

0a:bc:db:09:00:11:fd:11:c3:34:1d:74:52:75:e9:9aCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

30:e7:5e:cb:fb:b8:2e:e8:19:ac:78:6b:77:ad:d9:d5:91:51:03:a7:37:55:0a:bc:de:f5:44:2c:d3:1c:4b:bbSigner

dd:d9:67:2c:cf:cc:71:7f:b0:8d:e4:75:c7:01:4d:c5:7d:7e:3b:2dSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

shlwapi

version

msvcrt

msvcp60

psapi

iphlpapi

crypt32

wintrust

Sections

.text Size: 53KB - Virtual size: 53KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 565KB - Virtual size: 564KB

08:c8:ec:ea:59:44:ae:e2:2b:b2:18:50:8e:97:98:b8
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

0a:bc:db:09:00:11:fd:11:c3:34:1d:74:52:75:e9:9a
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

30:e7:5e:cb:fb:b8:2e:e8:19:ac:78:6b:77:ad:d9:d5:91:51:03:a7:37:55:0a:bc:de:f5:44:2c:d3:1c:4b:bb
Signer

dd:d9:67:2c:cf:cc:71:7f:b0:8d:e4:75:c7:01:4d:c5:7d:7e:3b:2d
Signer

.text
Size: 53KB - Virtual size: 53KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 565KB - Virtual size: 564KB