666a6bf853778d510f20b9c681d4b6cd5fa20c129b7bae6032b9f30eb26e08d0

Sharing

Copy URL Twitter E-mail

General

Target

666a6bf853778d510f20b9c681d4b6cd5fa20c129b7bae6032b9f30eb26e08d0
Size

11.8MB
MD5

75081c1dba2a92b7036177dd0bf7f112
SHA1

a9a5ef1a2a58b84fb895fedec816126a579915a1
SHA256

666a6bf853778d510f20b9c681d4b6cd5fa20c129b7bae6032b9f30eb26e08d0
SHA512

d1adae0d032b6be47f6c030b633ec772e3af9dca861fe9a168dc1f2c0b5d8a45fb6d5b23668820d97e99c97c616fc642151e93c2e2bbd40582eb6ec979a65b19
SSDEEP

196608:srsfjXYvgnsMNEv56EHqAXL34S8IEwUX5zWelFf/3Kl5mvu2dl6J+9VbNMn8k:DXYvkNEAHA734S8pwUNPpAkdC+9VbNM3

Score

1^/10

Malware Config

Signatures

Files

666a6bf853778d510f20b9c681d4b6cd5fa20c129b7bae6032b9f30eb26e08d0
.zip
vps帐号密码ip.docx .exe
.exe windows:6 windows x64 arch:x64

e1cd7cf4125ed5d67b66a364f82b3779

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:a8:1d:3b:96:27:0d:9a:1d:eb:07:cd:88:67:d0:a9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14/10/2021, 00:00

Not After

16/10/2024, 23:59

Subject

CN=Zhuhai Kingsoft Office Software Co.\, Ltd.,O=Zhuhai Kingsoft Office Software Co.\, Ltd.,L=珠海市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:a8:1d:3b:96:27:0d:9a:1d:eb:07:cd:88:67:d0:a9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14/10/2021, 00:00

Not After

16/10/2024, 23:59

Subject

CN=Zhuhai Kingsoft Office Software Co.\, Ltd.,O=Zhuhai Kingsoft Office Software Co.\, Ltd.,L=珠海市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

86:34:da:f2:8a:d7:fa:fa:79:a3:52:05:2e:81:2c:2a:78:5b:3d:3c:c1:be:b0:e6:7c:9a:e1:f1:c2:44:fe:1a
Signer

Actual PE Digest

86:34:da:f2:8a:d7:fa:fa:79:a3:52:05:2e:81:2c:2a:78:5b:3d:3c:c1:be:b0:e6:7c:9a:e1:f1:c2:44:fe:1a

Digest Algorithm

sha256

PE Digest Matches

false

4a:7c:5f:52:98:2b:4e:1f:5f:e6:e5:93:18:bb:84:75:8a:b1:b6:d3
Signer

Actual PE Digest

4a:7c:5f:52:98:2b:4e:1f:5f:e6:e5:93:18:bb:84:75:8a:b1:b6:d3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

a.pdb

Imports

api-ms-win-crt-heap-l1-1-0

_aligned_free
_aligned_malloc
_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-private-l1-1-0

__C_specific_handler
memchr

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_beginthreadex
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_exit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
fflush
fputc
fwrite

api-ms-win-crt-string-l1-1-0

isxdigit
strcmp
strlen
strncmp

kernel32

AcquireSRWLockExclusive
CloseHandle
DeleteCriticalSection
EnterCriticalSection
FlsAlloc
FlsGetValue
FlsSetValue
GetConsoleWindow
GetCurrentThreadId
GetLastError
GetSystemTimePreciseAsFileTime
GetThreadId
InitOnceExecuteOnce
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSRWLockExclusive
RtlCaptureContext
RtlLookupFunctionEntry
RtlRestoreContext
RtlUnwindEx
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SwitchToThread
TlsGetValue
TryAcquireSRWLockExclusive
TryEnterCriticalSection
VirtualAlloc
VirtualProtect
VirtualQuery
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable

user32

ShowWindow

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset

Exports

Exports

_GCC_specific_handler
_Unwind_DeleteException
_Unwind_ForcedUnwind
_Unwind_GetGR
_Unwind_GetIP
_Unwind_GetLanguageSpecificData
_Unwind_GetRegionStart
_Unwind_RaiseException
_Unwind_Resume
_Unwind_SetGR
_Unwind_SetIP
unw_get_fpreg
unw_get_proc_info
unw_get_proc_name
unw_get_reg
unw_getcontext
unw_init_local
unw_is_fpreg
unw_is_signal_frame
unw_local_addr_space
unw_regname
unw_resume
unw_set_fpreg
unw_set_reg
unw_step

Sections

.text
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15.0MB - Virtual size: 15.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 58B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 33B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/33
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 512B - Virtual size: 171B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1cd7cf4125ed5d67b66a364f82b3779

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

05:a8:1d:3b:96:27:0d:9a:1d:eb:07:cd:88:67:d0:a9Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:a8:1d:3b:96:27:0d:9a:1d:eb:07:cd:88:67:d0:a9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

86:34:da:f2:8a:d7:fa:fa:79:a3:52:05:2e:81:2c:2a:78:5b:3d:3c:c1:be:b0:e6:7c:9a:e1:f1:c2:44:fe:1aSigner

4a:7c:5f:52:98:2b:4e:1f:5f:e6:e5:93:18:bb:84:75:8a:b1:b6:d3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

kernel32

user32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 256KB - Virtual size: 256KB

.rdata Size: 15.0MB - Virtual size: 15.0MB

.buildid Size: 512B - Virtual size: 58B

.data Size: 512B - Virtual size: 5KB

.pdata Size: 14KB - Virtual size: 13KB

.tls Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 3KB

/4 Size: 512B - Virtual size: 33B

/18 Size: 512B - Virtual size: 48B

/33 Size: 512B - Virtual size: 284B

/45 Size: 512B - Virtual size: 171B

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

05:a8:1d:3b:96:27:0d:9a:1d:eb:07:cd:88:67:d0:a9
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:a8:1d:3b:96:27:0d:9a:1d:eb:07:cd:88:67:d0:a9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

86:34:da:f2:8a:d7:fa:fa:79:a3:52:05:2e:81:2c:2a:78:5b:3d:3c:c1:be:b0:e6:7c:9a:e1:f1:c2:44:fe:1a
Signer

4a:7c:5f:52:98:2b:4e:1f:5f:e6:e5:93:18:bb:84:75:8a:b1:b6:d3
Signer

.text
Size: 256KB - Virtual size: 256KB

.rdata
Size: 15.0MB - Virtual size: 15.0MB

.buildid
Size: 512B - Virtual size: 58B

.data
Size: 512B - Virtual size: 5KB

.pdata
Size: 14KB - Virtual size: 13KB

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 3KB

/4
Size: 512B - Virtual size: 33B

/18
Size: 512B - Virtual size: 48B

/33
Size: 512B - Virtual size: 284B

/45
Size: 512B - Virtual size: 171B