ad980dd6b197ecf15551ea45725a9c1ed3a95cda833972c62056ddb535f8b886

Sharing

Copy URL Twitter E-mail

General

Target

ad980dd6b197ecf15551ea45725a9c1ed3a95cda833972c62056ddb535f8b886
Size

2.1MB
MD5

34a3eb9291c0cd657c4c5d4c0a82b6f2
SHA1

90f4ae6945463d73cd165f3758227e4d260f0838
SHA256

ad980dd6b197ecf15551ea45725a9c1ed3a95cda833972c62056ddb535f8b886
SHA512

614bf66e9c7e8210c1faba6701737a7c996c95ac3d0644a61b03dad075085d63648baceae4f47605d8c880823d1a7bef9556e4bc4a9652890b7b79b023628787
SSDEEP

24576:45pWWtQGpCvZWJGoBFju6crqDx9MLq+koFd3zIisgBpgFOkQk9VKWWdr:851CvY3u6c20LAonn9eJ9EWWl

Score

1^/10

Malware Config

Signatures

Files

ad980dd6b197ecf15551ea45725a9c1ed3a95cda833972c62056ddb535f8b886
.exe windows:6 windows x64 arch:x64

0bf08bc4d2c0c58aa51c9eaa39fba013

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:44:53:70:9c:84:72:5b:99:03:71:85:6b:0e:50:e0
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/10/2021, 00:00

Not After

23/10/2024, 23:59

Subject

SERIALNUMBER=91330000788831167A,CN=NetEase (Hangzhou) Network Co.\, Ltd,O=NetEase (Hangzhou) Network Co.\, Ltd,L=杭州市,ST=浙江省,C=CN,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b599e6b19fe79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d6:35:2e:3f:07:60:bd:df:6a:51:2c:51:64:87:b0:b8:eb:cf:77:43:76:24:5e:a2:58:77:cc:33:88:e5:15:b6
Signer

Actual PE Digest

d6:35:2e:3f:07:60:bd:df:6a:51:2c:51:64:87:b0:b8:eb:cf:77:43:76:24:5e:a2:58:77:cc:33:88:e5:15:b6

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\jenkins\workspace\18_11_IOS_PACKER_CI_PC3fabu\music_pc\setup\build\na\orpheus\bin_x64_Release\cloudmusic.pdb

Imports

shlwapi

SHDeleteKeyW
PathRemoveFileSpecW

kernel32

lstrlenW
lstrcmpiW
LocalFree
GetCommandLineW
LoadLibraryExW
FindClose
FindFirstFileW
CloseHandle
GetLastError
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
GetPrivateProfileStringW
MultiByteToWideChar
WideCharToMultiByte
RtlCaptureContext
CreateFileW
SetUnhandledExceptionFilter
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
CreateSemaphoreW
GetCurrentProcess
CreateThread
GetCurrentThreadId
OpenThread
TerminateThread
SuspendThread
ResumeThread
GetProcessId
GetThreadContext
VirtualQueryEx
LoadLibraryW
WriteFile
DuplicateHandle
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
WaitForMultipleObjects
GetCurrentProcessId
DeleteFileW
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
IsDebuggerPresent
RaiseException
Sleep
GetCurrentThread
SetThreadPriority
SetFilePointer
OutputDebugStringA
SetLastError
ReleaseMutex
CreateMutexW
CreateProcessW
GetTickCount
GetModuleHandleA
FormatMessageA
FlushFileBuffers
GetFileInformationByHandle
ReadFile
SetEndOfFile
SetFilePointerEx
SetFileTime
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
GetFileAttributesExW
GetLogicalDriveStringsW
GetLongPathNameW
GetTempFileNameW
GetVolumeInformationW
GetVolumePathNameW
QueryDosDeviceW
RemoveDirectoryW
GetTempPathW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CopyFileW
MoveFileW
MoveFileExW
GetProcAddress
FindNextFileW
GetModuleHandleExW
GetVersionExW
GetNativeSystemInfo
GetModuleHandleW
OpenProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameW
GetStringTypeW
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
InitializeCriticalSectionEx
GetLocaleInfoEx
EncodePointer
DecodePointer
LCMapStringEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
SetFileInformationByHandle
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitOnceExecuteOnce
SleepConditionVariableCS
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetFileInformationByHandleEx
CreateSymbolicLinkW
CompareStringEx
GetCPInfo
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
ExitProcess
ExitThread
FreeLibraryAndExitThread
GetConsoleOutputCP
GetConsoleMode
SetStdHandle
GetFileType
GetFullPathNameW
GetStdHandle
GetFileSizeEx
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetConsoleCtrlHandler
ReadConsoleW
GetTimeZoneInformation
HeapReAlloc
GetDriveTypeW
OutputDebugStringW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
HeapSize
FreeLibrary
ReplaceFileW
ExpandEnvironmentStringsW

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW
SHFileOperationW

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

psapi

GetMappedFileNameW

user32

WaitForInputIdle
CharUpperW
wsprintfW
MessageBoxW

advapi32

GetSidSubAuthority
OpenProcessToken
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
GetTokenInformation
GetSidSubAuthorityCount
RegEnumValueW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW

Sections

.textbss
Size: - Virtual size: 719KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 671B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0bf08bc4d2c0c58aa51c9eaa39fba013

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:44:53:70:9c:84:72:5b:99:03:71:85:6b:0e:50:e0Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

d6:35:2e:3f:07:60:bd:df:6a:51:2c:51:64:87:b0:b8:eb:cf:77:43:76:24:5e:a2:58:77:cc:33:88:e5:15:b6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

shell32

winmm

psapi

user32

advapi32

Sections

.textbss Size: - Virtual size: 719KB

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 271KB - Virtual size: 270KB

.data Size: 13KB - Virtual size: 29KB

.pdata Size: 81KB - Virtual size: 80KB

.idata Size: 11KB - Virtual size: 10KB

.msvcjmc Size: 2KB - Virtual size: 2KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 373B

_RDATA Size: 1024B - Virtual size: 671B

.rsrc Size: 177KB - Virtual size: 176KB

.reloc Size: 13KB - Virtual size: 13KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:44:53:70:9c:84:72:5b:99:03:71:85:6b:0e:50:e0
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

d6:35:2e:3f:07:60:bd:df:6a:51:2c:51:64:87:b0:b8:eb:cf:77:43:76:24:5e:a2:58:77:cc:33:88:e5:15:b6
Signer

.textbss
Size: - Virtual size: 719KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 271KB - Virtual size: 270KB

.data
Size: 13KB - Virtual size: 29KB

.pdata
Size: 81KB - Virtual size: 80KB

.idata
Size: 11KB - Virtual size: 10KB

.msvcjmc
Size: 2KB - Virtual size: 2KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 373B

_RDATA
Size: 1024B - Virtual size: 671B

.rsrc
Size: 177KB - Virtual size: 176KB

.reloc
Size: 13KB - Virtual size: 13KB