67a291be8d5938679f35748e8f9aa781fe15728d5e0a4ffd23dcc819d8188a51

Sharing

Copy URL Twitter E-mail

General

Target

67a291be8d5938679f35748e8f9aa781fe15728d5e0a4ffd23dcc819d8188a51
Size

2.5MB
MD5

5eeae98ea011a45a33e1eb73e63cdebc
SHA1

36272c04a8879dcf8b4055185494b5f4f026da5d
SHA256

67a291be8d5938679f35748e8f9aa781fe15728d5e0a4ffd23dcc819d8188a51
SHA512

8a2e09bf28e2132dac008c2eb262d224affbf5d492bf12f2c06620cf543c722b39b882da6e58b4a37ef8b7453768442d148709b40d45502bf23750c11b624306
SSDEEP

49152:XceW3Q9SggBITf9y7ltEZ+luP/FyhzVzDsNd/QtgmW:XcesQg+oZtEEkFyP4r

Score

1^/10

Malware Config

Signatures

Files

67a291be8d5938679f35748e8f9aa781fe15728d5e0a4ffd23dcc819d8188a51
.exe windows:5 windows x86 arch:x86

d1bb74ce8f91556b1854ff6f3350b989

Code Sign

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:64:0a:ec:22:b4:2a:a8:ba:d8:9a:1b:02:16:52:35
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14/05/2024, 00:00

Not After

16/05/2025, 23:59

Subject

CN=沧州句号网络科技有限公司,O=沧州句号网络科技有限公司,L=沧州市,ST=河北省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:64:0a:ec:22:b4:2a:a8:ba:d8:9a:1b:02:16:52:35
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

14/05/2024, 00:00

Not After

16/05/2025, 23:59

Subject

CN=沧州句号网络科技有限公司,O=沧州句号网络科技有限公司,L=沧州市,ST=河北省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b1:64:e3:fa:60:f7:84:80:60:16:74:51:45:9b:46:3d:74:e5:9d:96:a6:53:0d:9a:11:dd:a5:4b:18:7a:7e:72
Signer

Actual PE Digest

b1:64:e3:fa:60:f7:84:80:60:16:74:51:45:9b:46:3d:74:e5:9d:96:a6:53:0d:9a:11:dd:a5:4b:18:7a:7e:72

Digest Algorithm

sha256

PE Digest Matches

false

70:82:6f:7e:98:eb:ef:be:1c:1b:eb:ca:9c:b5:d1:9d:97:84:aa:4e
Signer

Actual PE Digest

70:82:6f:7e:98:eb:ef:be:1c:1b:eb:ca:9c:b5:d1:9d:97:84:aa:4e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
DecodePointer
DeleteCriticalSection
WideCharToMultiByte
FindFirstFileW
FindNextFileW
GetLongPathNameW
FindClose
lstrcpyW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateEventW
GetExitCodeThread
Sleep
SetEvent
TerminateThread
CreateThread
ReadFile
WriteFile
GetTempPathW
GetFileAttributesW
GetFileAttributesExW
FileTimeToSystemTime
DeleteFileW
MoveFileExW
GetFileSize
CopyFileW
GetCurrentProcessId
CreateDirectoryW
GetEnvironmentVariableW
WTSGetActiveConsoleSessionId
GetDriveTypeW
TerminateProcess
LocalAlloc
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
GlobalAlloc
HeapSize
GlobalFree
LocalFree
CreateProcessW
GetCurrentThreadId
GetModuleHandleW
GetTickCount
HeapReAlloc
GetSystemInfo
InitializeCriticalSectionAndSpinCount
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
OpenFileMappingW
IsBadReadPtr
SetEndOfFile
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetStdHandle
GetFullPathNameW
GetProcessHeap
HeapAlloc
GetNativeSystemInfo
LoadLibraryA
VirtualAlloc
VirtualFree
SetLastError
HeapFree
VirtualProtect
GetPrivateProfileStringW
GetModuleFileNameW
GetPrivateProfileIntW
lstrlenW
WritePrivateProfileStringW
GetSystemDirectoryW
GetVolumeInformationW
ReleaseMutex
CreateMutexW
FreeLibrary
GetProcAddress
LoadLibraryW
CloseHandle
GetCurrentDirectoryW
GetTimeZoneInformation
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
GetACP
SetConsoleCtrlHandler
MultiByteToWideChar
GetLastError
GetVersionExW
CreateFileW
DeviceIoControl
OutputDebugStringA
GetCurrentProcess
Process32FirstW
SetPriorityClass
ExitProcess
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
ExitThread
RtlUnwind
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
SystemTimeToFileTime
GetSystemTime
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
GetModuleHandleExW
VerifyVersionInfoA
GetSystemDirectoryA
GetModuleHandleA
VerSetConditionMask
ExpandEnvironmentStringsA
PeekNamedPipe
GetStdHandle
GetFileType
WaitForMultipleObjects
SleepEx
FormatMessageA
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
WaitForSingleObjectEx
GetCurrentThread
QueryPerformanceCounter
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW

user32

wsprintfW
LoadStringW
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation

advapi32

InitializeSecurityDescriptor
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExW
RegDeleteValueW
SetSecurityDescriptorDacl
OpenProcessToken
ReportEventW
DuplicateTokenEx
LookupAccountSidW
GetTokenInformation
RevertToSelf
RegEnumKeyW
ImpersonateLoggedOnUser
RegOpenKeyW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathA
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

shlwapi

PathAddBackslashW

wldap32

ord27
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord143

ws2_32

setsockopt
socket
WSAIoctl
getaddrinfo
accept
gethostname
freeaddrinfo
htons
recvfrom
sendto
ioctlsocket
listen
getsockopt
WSAStartup
WSACleanup
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
ntohs

wtsapi32

WTSQueryUserToken

wininet

InternetQueryOptionW
HttpQueryInfoW
InternetOpenW
InternetSetOptionW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 523KB - Virtual size: 522KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1bb74ce8f91556b1854ff6f3350b989

Code Sign

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:64:0a:ec:22:b4:2a:a8:ba:d8:9a:1b:02:16:52:35Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:64:0a:ec:22:b4:2a:a8:ba:d8:9a:1b:02:16:52:35Certificate

Extended Key Usages

Key Usages

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

b1:64:e3:fa:60:f7:84:80:60:16:74:51:45:9b:46:3d:74:e5:9d:96:a6:53:0d:9a:11:dd:a5:4b:18:7a:7e:72Signer

70:82:6f:7e:98:eb:ef:be:1c:1b:eb:ca:9c:b5:d1:9d:97:84:aa:4eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

wldap32

ws2_32

wtsapi32

wininet

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 523KB - Virtual size: 522KB

.data Size: 19KB - Virtual size: 45KB

.gfids Size: 1024B - Virtual size: 712B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 203KB - Virtual size: 202KB

.reloc Size: 77KB - Virtual size: 76KB

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:64:0a:ec:22:b4:2a:a8:ba:d8:9a:1b:02:16:52:35
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:64:0a:ec:22:b4:2a:a8:ba:d8:9a:1b:02:16:52:35
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

b1:64:e3:fa:60:f7:84:80:60:16:74:51:45:9b:46:3d:74:e5:9d:96:a6:53:0d:9a:11:dd:a5:4b:18:7a:7e:72
Signer

70:82:6f:7e:98:eb:ef:be:1c:1b:eb:ca:9c:b5:d1:9d:97:84:aa:4e
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 523KB - Virtual size: 522KB

.data
Size: 19KB - Virtual size: 45KB

.gfids
Size: 1024B - Virtual size: 712B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 203KB - Virtual size: 202KB

.reloc
Size: 77KB - Virtual size: 76KB