c6379fad831d9a5c4d48d21c6c2ac72749239b5de5b30455f5575be17796d7a8

Sharing

Copy URL Twitter E-mail

General

Target

c6379fad831d9a5c4d48d21c6c2ac72749239b5de5b30455f5575be17796d7a8
Size

302KB
MD5

e510c0024d7db49d4ebf41fc2a7446a3
SHA1

b4a9a5741850f2d4afd6abb213a0d84e03ea8e37
SHA256

c6379fad831d9a5c4d48d21c6c2ac72749239b5de5b30455f5575be17796d7a8
SHA512

a22b1900c924b02fc47d9a61c72f99fec4b8382eb345e3abe88fcb67ebdcf245919cd86ac49a4885f9a437bcdefab4ca3bfc13305eae1dba933788ee560a1765
SSDEEP

6144:iBlxCXUaDOKrs4TTAHw1xPX0C5NU0MXQ4f:iBlxCXU0OKwmTAHGPaQq

Score

1^/10

Malware Config

Signatures

Files

c6379fad831d9a5c4d48d21c6c2ac72749239b5de5b30455f5575be17796d7a8
.dll windows:4 windows x86 arch:x86

caef40ed1b40ff9644d2c59fe57f4c33

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:c8:68:df:f5:28:83:d7:49:d8:3e:ad
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

31/08/2023, 09:37

Not After

31/08/2026, 09:37

Subject

CN=OKWare Co.\, Ltd,O=OKWare Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

19/01/2024, 16:46

Not After

01/06/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fd:97:ae:de:17:72:6b:41:c5:aa:44:ea:22:48:35:0e:86:17:1e:ca:82:35:6f:b3:95:c8:d5:cd:60:37:a3:a8
Signer

Actual PE Digest

fd:97:ae:de:17:72:6b:41:c5:aa:44:ea:22:48:35:0e:86:17:1e:ca:82:35:6f:b3:95:c8:d5:cd:60:37:a3:a8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsA
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepEx
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoA
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

__dllonexit
_amsg_exit
_beginthreadex
_errno
_initterm
_iob
_lock
_onexit
time
gmtime
_sys_nerr
_unlock
calloc
fclose
fflush
fgets
fopen
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
islower
isspace
isupper
malloc
memchr
memcmp
memcpy
memmove
memset
qsort
realloc
setvbuf
sprintf
sscanf
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
strtoul
abort
tolower
vfprintf
_stati64
_write
_strdup
_read
_access

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
gethostname
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohs
recv
select
send
setsockopt
socket

libcrypto-1_1

ASN1_STRING_get0_data
ASN1_STRING_length
ASN1_STRING_print
ASN1_STRING_to_UTF8
ASN1_STRING_type
ASN1_TIME_print
BIO_ctrl
BIO_free
BIO_new
BIO_printf
BIO_puts
BIO_s_file
BIO_s_mem
BN_num_bits
BN_print
CONF_modules_load_file
CRYPTO_free
CRYPTO_get_ex_new_index
CRYPTO_malloc
DH_get0_key
DH_get0_pqg
DSA_get0_key
DSA_get0_pqg
ENGINE_by_id
ENGINE_ctrl
ENGINE_ctrl_cmd
ENGINE_finish
ENGINE_free
ENGINE_get_first
ENGINE_get_id
ENGINE_get_next
ENGINE_init
ENGINE_load_builtin_engines
ENGINE_load_private_key
ENGINE_set_default
ERR_clear_error
ERR_error_string_n
ERR_get_error
ERR_peek_error
EVP_DigestFinal_ex
EVP_DigestInit_ex
EVP_DigestUpdate
EVP_MD_CTX_free
EVP_MD_CTX_new
EVP_PKEY_copy_parameters
EVP_PKEY_free
EVP_PKEY_get0_DH
EVP_PKEY_get0_DSA
EVP_PKEY_get0_RSA
EVP_PKEY_get1_RSA
EVP_PKEY_id
EVP_md5
EVP_sha256
GENERAL_NAMES_free
MD4_Final
MD4_Init
MD4_Update
MD5_Final
MD5_Init
MD5_Update
OCSP_BASICRESP_free
OCSP_RESPONSE_free
OCSP_basic_verify
OCSP_cert_status_str
OCSP_check_validity
OCSP_crl_reason_str
OCSP_resp_count
OCSP_resp_get0
OCSP_response_get1_basic
OCSP_response_status
OCSP_response_status_str
OCSP_single_get0_status
OPENSSL_load_builtin_modules
OPENSSL_sk_num
OPENSSL_sk_pop
OPENSSL_sk_pop_free
OPENSSL_sk_value
OpenSSL_version_num
PEM_read_bio_X509
PEM_write_bio_X509
PKCS12_PBE_add
PKCS12_free
PKCS12_parse
RAND_add
RAND_bytes
RAND_file_name
RAND_load_file
RAND_status
RSA_flags
RSA_free
RSA_get0_key
SHA256_Final
SHA256_Init
SHA256_Update
UI_OpenSSL
UI_create_method
UI_destroy_method
UI_get0_user_data
UI_get_input_flags
UI_get_string_type
UI_method_get_closer
UI_method_get_opener
UI_method_get_reader
UI_method_get_writer
UI_method_set_closer
UI_method_set_opener
UI_method_set_reader
UI_method_set_writer
UI_set_result
X509V3_EXT_print
X509_EXTENSION_get_data
X509_EXTENSION_get_object
X509_LOOKUP_file
X509_NAME_ENTRY_get_data
X509_NAME_get_entry
X509_NAME_get_index_by_NID
X509_NAME_print_ex
X509_PUBKEY_get0_param
X509_STORE_add_lookup
X509_STORE_set_flags
X509_check_issued
X509_free
X509_get0_extensions
X509_get0_notAfter
X509_get0_notBefore
X509_get0_signature
X509_get_X509_PUBKEY
X509_get_ext_d2i
X509_get_issuer_name
X509_get_pubkey
X509_get_serialNumber
X509_get_subject_name
X509_get_version
X509_load_crl_file
X509_verify_cert_error_string
d2i_OCSP_RESPONSE
d2i_PKCS12_bio
i2a_ASN1_OBJECT
i2d_X509_PUBKEY
i2t_ASN1_OBJECT

libssl-1_1

BIO_f_ssl
SSL_CIPHER_get_name
SSL_CTX_add_client_CA
SSL_CTX_check_private_key
SSL_CTX_ctrl
SSL_CTX_free
SSL_CTX_get_cert_store
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_sess_set_new_cb
SSL_CTX_set_alpn_protos
SSL_CTX_set_cipher_list
SSL_CTX_set_ciphersuites
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_keylog_callback
SSL_CTX_set_msg_callback
SSL_CTX_set_next_proto_select_cb
SSL_CTX_set_options
SSL_CTX_set_post_handshake_auth
SSL_CTX_set_verify
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_certificate
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_file
SSL_SESSION_free
SSL_alert_desc_string_long
SSL_connect
SSL_ctrl
SSL_free
SSL_get0_alpn_selected
SSL_get_certificate
SSL_get_current_cipher
SSL_get_error
SSL_get_ex_data
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_privatekey
SSL_get_shutdown
SSL_get_verify_result
SSL_new
SSL_pending
SSL_read
SSL_set_bio
SSL_set_connect_state
SSL_set_ex_data
SSL_set_fd
SSL_set_session
SSL_shutdown
SSL_version
SSL_write
TLS_client_method

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_version
curl_version_info

Sections

.text
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

caef40ed1b40ff9644d2c59fe57f4c33

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

17:c8:68:df:f5:28:83:d7:49:d8:3e:adCertificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04Certificate

Extended Key Usages

Key Usages

fd:97:ae:de:17:72:6b:41:c5:aa:44:ea:22:48:35:0e:86:17:1e:ca:82:35:6f:b3:95:c8:d5:cd:60:37:a3:a8Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ws2_32

libcrypto-1_1

libssl-1_1

Exports

Exports

Sections

.text Size: 229KB - Virtual size: 229KB

.data Size: 512B - Virtual size: 160B

.rdata Size: 37KB - Virtual size: 37KB

.bss Size: - Virtual size: 1KB

.edata Size: 2KB - Virtual size: 2KB

.idata Size: 9KB - Virtual size: 9KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

17:c8:68:df:f5:28:83:d7:49:d8:3e:ad
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

fd:97:ae:de:17:72:6b:41:c5:aa:44:ea:22:48:35:0e:86:17:1e:ca:82:35:6f:b3:95:c8:d5:cd:60:37:a3:a8
Signer

.text
Size: 229KB - Virtual size: 229KB

.data
Size: 512B - Virtual size: 160B

.rdata
Size: 37KB - Virtual size: 37KB

.bss
Size: - Virtual size: 1KB

.edata
Size: 2KB - Virtual size: 2KB

.idata
Size: 9KB - Virtual size: 9KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB