a04626fbb92150043ba2a3d82790e5d0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a04626fbb92150043ba2a3d82790e5d0N.exe
Size

387KB
MD5

a04626fbb92150043ba2a3d82790e5d0
SHA1

f108432d3c363815af63676b39550bf5a26158d0
SHA256

37b44a8986b68ef93be4e9e5583f3d19a9608d0fc2a33ed970aee2d6170adba5
SHA512

3ec797f40b348e1c5dbd0daf2a913c6aefa8b7f1ebeb4793ac38a2e4a32b690e4cbe891c7c7c250dc1c163204769920fea4cca47d228b7b8290a5d64448796dc
SSDEEP

6144:egHWq49OAX9ibac60DI6nSAIJjo0tkaKwelgNXdkFC:n2q49Ng560DEJsOkaKwelGkFC

Score

1^/10

Malware Config

Signatures

Files

a04626fbb92150043ba2a3d82790e5d0N.exe
.exe windows:6 windows x86 arch:x86

1715beb641cedeea66fc88b9236aa095

Code Sign

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:26:2c:99:1c:e8:12:8e:f2:d1:28:c2:93:d2:c6:0e
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

11/01/2022, 00:00

Not After

08/02/2025, 23:59

Subject

CN=Beijing Venustech Cybervision Co.\, Ltd.,O=Beijing Venustech Cybervision Co.\, Ltd.,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9f:04:cf:df:e2:37:7d:31:c0:2a:1d:e6:ea:b1:5e:ef:ce:0d:7e:8c
Signer

Actual PE Digest

9f:04:cf:df:e2:37:7d:31:c0:2a:1d:e6:ea:b1:5e:ef:ce:0d:7e:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\sdp1.1-code\功能\branch-5-7469\app\DnsProxy\Release\SdpDns.pdb

Imports

iphlpapi

if_nametoindex

ws2_32

ioctlsocket
getsockopt
htonl
listen
ntohl
ntohs
setsockopt
getservbyname
getprotobynumber
WSASetLastError
getaddrinfo
freeaddrinfo
select
WSAIoctl
recvfrom
sendto
gethostname
closesocket
WSAGetLastError
getsockname
htons
socket
inet_addr
WSAStartup
bind
WSACleanup
recv
send
accept
connect

dbghelp

MiniDumpWriteDump

kernel32

MultiByteToWideChar
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
WideCharToMultiByte
RaiseException
InitializeSListHead
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
GetVersion
CreateSemaphoreA
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
PostQueuedCompletionStatus
DeviceIoControl
CreateFileW
GetLastError
CloseHandle
TrySubmitThreadpoolCallback
WaitForSingleObject
GetCurrentThreadId
UnmapViewOfFile
CreateEventW
CreateFileMappingW
MapViewOfFile
SetUnhandledExceptionFilter
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
OutputDebugStringA
TerminateProcess
K32GetProcessImageFileNameW
OpenProcess
GetLogicalDriveStringsW
QueryDosDeviceW
OutputDebugStringW
LoadLibraryW
GetProcAddress
GetCurrentProcessId
FreeLibrary
GetSystemDirectoryA
LoadLibraryA
LocalAlloc
LocalFree
FormatMessageA
Sleep
QueryPerformanceCounter
QueryPerformanceFrequency
SetWaitableTimer
GetSystemTimeAsFileTime
CreateWaitableTimerA
CreateIoCompletionPort
GetQueuedCompletionStatus

advapi32

EnumServicesStatusExW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
CryptGenRandom
CryptAcquireContextA
OpenServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
StartServiceW

shell32

SHGetSpecialFolderPathA

msvcp140

?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
?c_str@?$_Yarn@D@std@@QBEPBDXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?id@?$ctype@D@std@@2V0locale@2@A
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
_Strxfrm
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z

vcruntime140

__vcrt_LoadLibraryExW
__vcrt_GetModuleFileNameW
_except_handler4_common
__current_exception_context
__current_exception
_CxxThrowException
memchr
memcmp
memset
memcpy
strchr
_purecall
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
memmove

api-ms-win-crt-string-l1-1-0

strcat_s
isspace
strcpy_s
strtok
strcmp
_strdup
_wcsnicmp
strcat
wcscpy_s
strncpy
isdigit
strncmp
wcscat_s
wcsncpy
strlen

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
free
calloc
malloc
realloc

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
_getpid
terminate
_beginthreadex
abort
_register_thread_local_exe_atexit_callback
exit
signal
_beginthread
_c_exit
_exit
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_errno
_get_narrow_winmain_command_line
strerror

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
_set_fmode
fputc
__stdio_common_vsprintf_s
__stdio_common_vfprintf
__stdio_common_vswprintf_s
__p__commode
__stdio_common_vsscanf
_open
_read
__stdio_common_vswprintf
__stdio_common_vsprintf
_close

api-ms-win-crt-convert-l1-1-0

strtod
strtoll
strtoul
strtol
atoi

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_fstat64

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_time64

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

EVUTIL_ISALNUM_
EVUTIL_ISALPHA_
EVUTIL_ISDIGIT_
EVUTIL_ISXDIGIT_
EVUTIL_TOLOWER_
EVUTIL_TOUPPER_
evdns_add_server_port
evdns_add_server_port_with_base
evdns_base_clear_host_addresses
evdns_base_clear_nameservers_and_suspend
evdns_base_config_windows_nameservers
evdns_base_count_nameservers
evdns_base_free
evdns_base_get_nameserver_addr
evdns_base_load_hosts
evdns_base_nameserver_add
evdns_base_nameserver_ip_add
evdns_base_nameserver_sockaddr_add
evdns_base_new
evdns_base_resolv_conf_parse
evdns_base_resolve_ipv4
evdns_base_resolve_ipv6
evdns_base_resolve_reverse
evdns_base_resolve_reverse_ipv6
evdns_base_resume
evdns_base_search_add
evdns_base_search_clear
evdns_base_search_ndots_set
evdns_base_set_option
evdns_cancel_request
evdns_clear_nameservers_and_suspend
evdns_close_server_port
evdns_config_windows_nameservers
evdns_count_nameservers
evdns_err_to_string
evdns_get_global_base
evdns_getaddrinfo
evdns_getaddrinfo_cancel
evdns_init
evdns_nameserver_add
evdns_nameserver_ip_add
evdns_resolv_conf_parse
evdns_resolve_ipv4
evdns_resolve_ipv6
evdns_resolve_reverse
evdns_resolve_reverse_ipv6
evdns_resume
evdns_search_add
evdns_search_clear
evdns_search_ndots_set
evdns_server_request_add_a_reply
evdns_server_request_add_aaaa_reply
evdns_server_request_add_cname_reply
evdns_server_request_add_ptr_reply
evdns_server_request_add_reply
evdns_server_request_drop
evdns_server_request_get_requesting_addr
evdns_server_request_respond
evdns_server_request_set_flags
evdns_set_log_fn
evdns_set_option
evdns_set_random_bytes_fn
evdns_set_transaction_id_fn
evdns_shutdown
event_active
event_active_later_
event_add
event_assign
event_base_active_by_fd
event_base_active_by_signal
event_base_add_virtual_
event_base_assert_ok_
event_base_dispatch
event_base_dump_events
event_base_foreach_event
event_base_free
event_base_free_nofinalize
event_base_get_features
event_base_get_iocp_
event_base_get_max_events
event_base_get_method
event_base_get_npriorities
event_base_get_num_events
event_base_get_running_event
event_base_gettimeofday_cached
event_base_got_break
event_base_got_exit
event_base_init_common_timeout
event_base_loop
event_base_loopbreak
event_base_loopcontinue
event_base_loopexit
event_base_new
event_base_new_with_config
event_base_once
event_base_priority_init
event_base_set
event_base_start_iocp_
event_base_update_cache_time
event_callback_activate_
event_callback_finalize_
event_config_avoid_method
event_config_free
event_config_new
event_config_require_features
event_config_set_flag
event_config_set_max_dispatch_interval
event_config_set_num_cpus_hint
event_debug_logging_mask_
event_debug_unassign
event_debugx_
event_deferred_cb_cancel_
event_deferred_cb_init_
event_deferred_cb_schedule_
event_del
event_del_block
event_del_noblock
event_dispatch
event_enable_debug_logging
event_enable_debug_mode
event_err
event_errx
event_finalize
event_free
event_free_finalize
event_get_assignment
event_get_base
event_get_callback
event_get_callback_arg
event_get_events
event_get_fd
event_get_method
event_get_priority
event_get_struct_event_size
event_get_supported_methods
event_get_version
event_get_version_number
event_get_win32_extension_fns_
event_gettime_monotonic
event_global_current_base_
event_init
event_initialized
event_iocp_activate_overlapped_
event_iocp_port_associate_
event_iocp_port_launch_
event_iocp_shutdown_
event_logv_
event_loop
event_loopbreak
event_loopexit
event_mm_calloc_
event_mm_free_
event_mm_malloc_
event_mm_realloc_
event_mm_strdup_
event_msgx
event_new
event_once
event_overlapped_init_
event_pending
event_priority_init
event_priority_set
event_reinit
event_remove_timer
event_self_cbarg
event_set
event_set_fatal_callback
event_set_log_callback
event_set_mem_functions
event_sock_err
event_sock_warn
event_strlcpy_
event_warn
event_warnx
evthread_enable_lock_debugging
evthread_enable_lock_debuging
evthread_get_lock_callbacks
evthread_is_debug_lock_held_
evthread_make_base_notifiable
evthread_set_condition_callbacks
evthread_set_id_callback
evthread_set_lock_callbacks
evthreadimpl_cond_alloc_
evthreadimpl_cond_free_
evthreadimpl_cond_signal_
evthreadimpl_cond_wait_
evthreadimpl_is_lock_debugging_enabled_
evthreadimpl_lock_alloc_
evthreadimpl_lock_free_
evthreadimpl_lock_lock_
evthreadimpl_lock_unlock_
evutil_addrinfo_append_
evutil_adjust_hints_for_addrconfig_
evutil_ascii_strcasecmp
evutil_ascii_strncasecmp
evutil_closesocket
evutil_configure_monotonic_time
evutil_configure_monotonic_time_
evutil_date_rfc1123
evutil_ersatz_socketpair_
evutil_format_sockaddr_port_
evutil_freeaddrinfo
evutil_gai_strerror
evutil_getaddrinfo
evutil_getaddrinfo_common_
evutil_gettime_monotonic
evutil_gettime_monotonic_
evutil_gettimeofday
evutil_inet_ntop
evutil_inet_pton
evutil_inet_pton_scope
evutil_load_windows_system_library_
evutil_make_internal_pipe_
evutil_make_listen_socket_ipv6only
evutil_make_listen_socket_reuseable
evutil_make_listen_socket_reuseable_port
evutil_make_socket_closeonexec
evutil_make_socket_nonblocking
evutil_make_tcp_listen_socket_deferred
evutil_monotonic_timer_free
evutil_monotonic_timer_new
evutil_new_addrinfo_
evutil_parse_sockaddr_port
evutil_read_file_
evutil_rtrim_lws_
evutil_secure_rng_add_bytes
evutil_secure_rng_get_bytes
evutil_secure_rng_init
evutil_secure_rng_set_urandom_device_file
evutil_set_evdns_getaddrinfo_cancel_fn_
evutil_set_evdns_getaddrinfo_fn_
evutil_snprintf
evutil_sockaddr_cmp
evutil_sockaddr_is_loopback_
evutil_socket_
evutil_socket_connect_
evutil_socket_error_to_string
evutil_socket_geterror
evutil_socketpair
evutil_strtoll
evutil_usleep_
evutil_v4addr_is_local_
evutil_v6addr_is_local_
evutil_vsnprintf
evutil_weakrand_
evutil_weakrand_range_
evutil_weakrand_seed_
libevent_global_shutdown

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1715beb641cedeea66fc88b9236aa095

Code Sign

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:26:2c:99:1c:e8:12:8e:f2:d1:28:c2:93:d2:c6:0eCertificate

Extended Key Usages

Key Usages

9f:04:cf:df:e2:37:7d:31:c0:2a:1d:e6:ea:b1:5e:ef:ce:0d:7e:8cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

ws2_32

dbghelp

kernel32

advapi32

shell32

msvcp140

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 264KB - Virtual size: 263KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 73KB - Virtual size: 76KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 11KB - Virtual size: 11KB

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:26:2c:99:1c:e8:12:8e:f2:d1:28:c2:93:d2:c6:0e
Certificate

9f:04:cf:df:e2:37:7d:31:c0:2a:1d:e6:ea:b1:5e:ef:ce:0d:7e:8c
Signer

.text
Size: 264KB - Virtual size: 263KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 73KB - Virtual size: 76KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 11KB - Virtual size: 11KB