23b7fe6e6109608a63f6952c182b246ba05d5be77c99b442a39064aedd167099

Sharing

Copy URL Twitter E-mail

General

Target

23b7fe6e6109608a63f6952c182b246ba05d5be77c99b442a39064aedd167099
Size

7.5MB
MD5

f2b98f3f1e9f8fec40aa7fed759b53ff
SHA1

50a8521f48288717d270d000247cbb2f8965490d
SHA256

23b7fe6e6109608a63f6952c182b246ba05d5be77c99b442a39064aedd167099
SHA512

560edffa09d8f68834584af01ecb53e676fa8ec906e4ea59586e3b3f5fe995434b484b8bd00bb2245fdf94cd425751178da703148092c4286d4ed395f8dd5a52
SSDEEP

49152:aT8eqLLRUVNp+lwcHl5WRd15rfxvUf9r9C06ZxofvxQB7hOJoSDd+PPWiuYawpoD:aTXVPcF49fR69lNIpofFTEbGoU

Score

1^/10

Malware Config

Signatures

Files

23b7fe6e6109608a63f6952c182b246ba05d5be77c99b442a39064aedd167099
.dll windows:6 windows x86 arch:x86

490a15e74ad61f7c9604b0902880c6ad

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:6a:73:d0:15:d3:84:9c:e5:43:01:d1:77:5c:08:f4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

20/10/2023, 00:00

Not After

22/10/2026, 23:59

Subject

CN=Beijing Duyou Science and Technology Co.\,Ltd.,O=Beijing Duyou Science and Technology Co.\,Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:6a:73:d0:15:d3:84:9c:e5:43:01:d1:77:5c:08:f4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

20/10/2023, 00:00

Not After

22/10/2026, 23:59

Subject

CN=Beijing Duyou Science and Technology Co.\,Ltd.,O=Beijing Duyou Science and Technology Co.\,Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e0:9f:be:2f:24:81:84:2d:e5:e0:f9:c0:2a:54:91:77:c8:67:29:a6:fd:b7:70:0d:6a:49:a7:1d:80:ea:da:25
Signer

Actual PE Digest

e0:9f:be:2f:24:81:84:2d:e5:e0:f9:c0:2a:54:91:77:c8:67:29:a6:fd:b7:70:0d:6a:49:a7:1d:80:ea:da:25

Digest Algorithm

sha256

PE Digest Matches

false

d8:10:cc:33:96:b5:7e:7b:e1:03:21:3b:52:09:ad:21:b5:be:4b:20
Signer

Actual PE Digest

d8:10:cc:33:96:b5:7e:7b:e1:03:21:3b:52:09:ad:21:b5:be:4b:20

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\baidu\netdisk\pc-sdk-upload\build\RelWithDebInfo\bnusdk.pdb

Imports

kernel32

GetProcessHeap
HeapAlloc
HeapFree
DuplicateHandle
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
GetCurrentProcess
CreateSemaphoreA
GetVolumeInformationA
CreateFileA
DeviceIoControl
CreateFileW
FindClose
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceExA
GetDriveTypeA
GetFileAttributesW
GetFileTime
GetLogicalDrives
SetFileAttributesW
Sleep
ExitProcess
GetTickCount
GetSystemDirectoryW
GetVersionExW
VirtualQuery
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadResource
LockResource
LoadLibraryW
FindResourceW
MultiByteToWideChar
EnterCriticalSection
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
SetLastError
VerSetConditionMask
GetSystemTimeAsFileTime
CloseHandle
WaitForMultipleObjects
WaitForSingleObject
InitializeCriticalSection
VerifyVersionInfoW
CreateWaitableTimerW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateThread
QueueUserAPC
SetWaitableTimer
DeleteCriticalSection
WaitForSingleObjectEx
SleepEx
GetCurrentThreadId
SetEvent
CreateEventW
CreateEventA
LocalFree
WideCharToMultiByte
FormatMessageW
FormatMessageA
WriteConsoleW
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetTimeZoneInformation
SetStdHandle
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetCurrentThread
GetConsoleCP
GetModuleFileNameA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
RtlUnwind
RaiseException
InterlockedFlushSList
InterlockedPushEntrySList
IsDBCSLeadByteEx
IsValidCodePage
CopyFileW
CreateDirectoryExW
GetWindowsDirectoryW
SetFileTime
SetFilePointerEx
RemoveDirectoryW
GetFileInformationByHandle
GetDiskFreeSpaceExW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetStringTypeExA
GetUserDefaultLCID
LCMapStringA
GetStringTypeExW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
GetLastError
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
MoveFileExA
CompareFileTime
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
GetCurrentProcessId
GetSystemTime
SystemTimeToFileTime
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
SwitchToFiber
DeleteFiber
CreateFiber
GetModuleHandleExW
WriteFile
GetModuleHandleW
ConvertFiberToThread
ConvertThreadToFiber
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
GetFileSize
LockFileEx
CreateFileMappingA
UnlockFile
HeapDestroy
HeapCompact
GetSystemInfo
HeapReAlloc
DeleteFileW
DeleteFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
AreFileApisANSI
TryEnterCriticalSection
VirtualLock
VirtualUnlock
MoveFileExW
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
ResetEvent
WaitForMultipleObjectsEx
OpenEventA
ResumeThread
GetLogicalProcessorInformation
CreateWaitableTimerA
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess

shell32

SHGetSpecialFolderPathW

advapi32

CryptEnumProvidersW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
GetUserNameW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
CryptDestroyHash
CryptSignHashW

crypt32

CertOpenStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertCloseStore
CertOpenSystemStoreA
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext

wldap32

ord26
ord22
ord41
ord217
ord50
ord45
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord60
ord211
ord46
ord143

normaliz

IdnToAscii

ws2_32

WSACreateEvent
WSACloseEvent
send
WSAEnumNetworkEvents
getnameinfo
WSAEventSelect
getaddrinfo
inet_ntoa
select
WSACleanup
WSAStartup
WSAResetEvent
WSASetEvent
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
ntohs
WSASetLastError
setsockopt
WSAIoctl
htons
socket
__WSAFDIsSet
accept
bind
connect
getsockname
htonl
listen
recv
recvfrom
sendto
getpeername
ioctlsocket
gethostname
gethostbyname
getsockopt
freeaddrinfo

iphlpapi

GetAdaptersAddresses

shlwapi

StrCmpLogicalW

bcrypt

BCryptGenRandom

user32

GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW
LoadStringA
LoadStringW

Exports

Exports

bnu_sdk_add_old_client_task
bnu_sdk_create_auto_back_task
bnu_sdk_create_diff_full_data_check_task
bnu_sdk_create_online_edit_task
bnu_sdk_create_sync_check_task
bnu_sdk_create_sync_task
bnu_sdk_create_task
bnu_sdk_create_task_priority
bnu_sdk_create_task_types
bnu_sdk_delete_history_task_items
bnu_sdk_delete_task
bnu_sdk_get_version
bnu_sdk_init
bnu_sdk_is_sync_task_full
bnu_sdk_pause_task
bnu_sdk_query_all_task_items
bnu_sdk_query_history_task_items
bnu_sdk_query_quota
bnu_sdk_query_task_items
bnu_sdk_query_task_items_type
bnu_sdk_query_total_status
bnu_sdk_search_history_items
bnu_sdk_set_net_proxy
bnu_sdk_set_new_token
bnu_sdk_set_speed_limit
bnu_sdk_start_task
bnu_sdk_uninit

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

490a15e74ad61f7c9604b0902880c6ad

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

0d:6a:73:d0:15:d3:84:9c:e5:43:01:d1:77:5c:08:f4Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:6a:73:d0:15:d3:84:9c:e5:43:01:d1:77:5c:08:f4Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

e0:9f:be:2f:24:81:84:2d:e5:e0:f9:c0:2a:54:91:77:c8:67:29:a6:fd:b7:70:0d:6a:49:a7:1d:80:ea:da:25Signer

d8:10:cc:33:96:b5:7e:7b:e1:03:21:3b:52:09:ad:21:b5:be:4b:20Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

advapi32

crypt32

wldap32

normaliz

ws2_32

iphlpapi

shlwapi

bcrypt

user32

Exports

Exports

Sections

.text Size: 5.7MB - Virtual size: 5.7MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 101KB - Virtual size: 129KB

.idata Size: 10KB - Virtual size: 9KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 274KB - Virtual size: 273KB

.reloc Size: 227KB - Virtual size: 227KB

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

0d:6a:73:d0:15:d3:84:9c:e5:43:01:d1:77:5c:08:f4
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:6a:73:d0:15:d3:84:9c:e5:43:01:d1:77:5c:08:f4
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

e0:9f:be:2f:24:81:84:2d:e5:e0:f9:c0:2a:54:91:77:c8:67:29:a6:fd:b7:70:0d:6a:49:a7:1d:80:ea:da:25
Signer

d8:10:cc:33:96:b5:7e:7b:e1:03:21:3b:52:09:ad:21:b5:be:4b:20
Signer

.text
Size: 5.7MB - Virtual size: 5.7MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 101KB - Virtual size: 129KB

.idata
Size: 10KB - Virtual size: 9KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 274KB - Virtual size: 273KB

.reloc
Size: 227KB - Virtual size: 227KB