84ceae0a261ba58f370caa5a1d7acaf99437f1f7a9e922bf4369ec999142a685

Sharing

Copy URL Twitter E-mail

General

Target

84ceae0a261ba58f370caa5a1d7acaf99437f1f7a9e922bf4369ec999142a685
Size

1.5MB
MD5

3f83f16680d816c5471321ac3b7112db
SHA1

4126e3196e96512ab5606fe767c3dbf29e669ce7
SHA256

84ceae0a261ba58f370caa5a1d7acaf99437f1f7a9e922bf4369ec999142a685
SHA512

039b632827785a19d404cb78d1c80820c3ba6ee18d702f47f650cb6e3a597f3860e4317c143d6bd1dd902b0a0f48442e9f04006bad6ecd869ff743988ca0bc2b
SSDEEP

24576:97EpEy1xGuuhpqdqzA5AD0UyW5/aI532LXT0rRsPF2xzCV:/hpku0HW5/aDbT3IxzCV

Score

1^/10

Malware Config

Signatures

Files

84ceae0a261ba58f370caa5a1d7acaf99437f1f7a9e922bf4369ec999142a685
.exe windows:5 windows x86 arch:x86

1f44c0daa90e4b43200170ffa315afc8

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:5b:f8:6e:85:26:53:40:33:13:83:7b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

26/04/2023, 03:04

Not After

26/04/2026, 03:04

Subject

SERIALNUMBER=911101026662879416,CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,STREET=朝阳区酒仙桥路6号院2号楼1至19层104号内8层801,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9c:54:7f:51:ce:83:f8:d6:96:51:f3:c7:d7:0d:39:77:eb:ac:64:90:f1:bc:04:3f:f7:97:79:68:30:35:b3:1e
Signer

Actual PE Digest

9c:54:7f:51:ce:83:f8:d6:96:51:f3:c7:d7:0d:39:77:eb:ac:64:90:f1:bc:04:3f:f7:97:79:68:30:35:b3:1e

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\793167\out\Release\MultiTip.pdb

Imports

kernel32

SetFileAttributesW
HeapAlloc
GetProcessHeap
OpenProcess
HeapFree
GetFileSize
MapViewOfFileEx
GetVersionExW
GetSystemInfo
GetWindowsDirectoryA
SystemTimeToFileTime
GetModuleHandleA
GlobalMemoryStatusEx
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetExitCodeProcess
ExpandEnvironmentStringsA
GlobalLock
GlobalUnlock
GetModuleFileNameA
CreateFileA
OutputDebugStringA
GetThreadLocale
SetThreadLocale
SetFilePointerEx
TerminateProcess
lstrcmpA
OpenThread
SuspendThread
ResumeThread
GetUserDefaultLangID
GetSystemDefaultLangID
GetSystemDirectoryA
MoveFileA
GetFileTime
GetFileAttributesA
FindFirstFileA
FindNextFileA
GetLogicalDriveStringsA
GetDiskFreeSpaceExA
GetDriveTypeA
lstrcmpiA
LoadLibraryA
GetPrivateProfileStringA
WritePrivateProfileStringA
EnumResourceNamesW
FreeResource
BeginUpdateResourceA
UpdateResourceW
EndUpdateResourceW
LoadLibraryExA
GetFileAttributesExW
UpdateResourceA
MoveFileExW
ResetEvent
CreateIoCompletionPort
GetExitCodeThread
TerminateThread
PostQueuedCompletionStatus
FindFirstFileW
SetThreadAffinityMask
GetCurrentThread
QueryPerformanceCounter
GetStartupInfoW
RemoveDirectoryA
DeleteFileA
CreateEventA
OpenEventA
OpenMutexW
ReleaseMutex
DuplicateHandle
SetThreadPriority
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
HeapCreate
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
CompareStringA
CompareStringW
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
GetDateFormatA
GetTimeFormatA
ExitProcess
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsAlloc
HeapWalk
HeapLock
HeapUnlock
TlsSetValue
TlsGetValue
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
HeapDestroy
RemoveDirectoryW
FindClose
GlobalFree
GlobalAlloc
DeviceIoControl
CreateProcessW
CreateFileMappingW
SetEndOfFile
FindNextFileW
GetNativeSystemInfo
DeleteFileW
FlushViewOfFile
ExpandEnvironmentStringsW
GetTickCount
LocalFree
WideCharToMultiByte
GetCurrentProcess
InterlockedCompareExchange
SetEvent
InterlockedExchange
WaitForSingleObject
CreateEventW
LoadLibraryW
MulDiv
CopyFileW
GetCommandLineW
GetCurrentThreadId
SetErrorMode
LoadLibraryExW
MultiByteToWideChar
GetLongPathNameW
GetTempFileNameW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateThread
FlushInstructionCache
SetLastError
lstrlenA
CreateDirectoryW
GetLocalTime
GetTempPathW
GetQueuedCompletionStatus
GetFileSizeEx
RaiseException
lstrcmpiW
lstrlenW
ReadFile
InterlockedDecrement
Sleep
InterlockedIncrement
CreateMutexW
GetLastError
GetCurrentProcessId
GetProcAddress
FreeLibrary
GetModuleHandleW
WriteFile
OutputDebugStringW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
SetFilePointer
CreateFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
DeleteCriticalSection
FindResourceExA

user32

PeekMessageW
PostThreadMessageW
ReleaseDC
GetDC
DestroyWindow
DefWindowProcW
SendMessageTimeoutW
WaitForInputIdle
FindWindowW
CharNextW
UnregisterClassA
GetWindowTextW
EnumWindows
CreateIconIndirect
LoadStringA
GetCursorInfo
SetCursorPos
ShowCursor
GetAsyncKeyState
mouse_event
TranslateMessage
DispatchMessageW
IsWindow
SendMessageW
MessageBoxW
IsWindowVisible
PostQuitMessage
SetTimer
GetLastInputInfo
GetCursorPos
GetWindowRect
PtInRect
PostMessageW
KillTimer
GetPropW
CallWindowProcW
DestroyIcon
MoveWindow
SetWindowPos
SetWindowLongW
GetWindowLongW
ShowWindow
LoadCursorW
GetWindowTextA
SetWindowTextW
SystemParametersInfoW
MapWindowPoints
GetClientRect
GetParent
GetMonitorInfoW
MonitorFromWindow
GetWindow
SetPropW
CopyRect
OffsetRect
ClientToScreen
GetWindowThreadProcessId
GetClassNameW
FindWindowExW
GetClassNameA
FindWindowA
IsChild
WindowFromPoint
MessageBoxA
SetForegroundWindow
SetActiveWindow
DestroyMenu
LoadImageW
GetSystemMetrics
UpdateLayeredWindow
MonitorFromPoint
AppendMenuW
ScreenToClient
BeginPaint
EndPaint
RegisterClassExW
GetClassInfoExW
CreateWindowExW
CreatePopupMenu
TrackPopupMenu
keybd_event
RegisterWindowMessageW
GetDlgItem
MsgWaitForMultipleObjects
GetMessageW

gdi32

DeleteDC
CreateFontIndirectW
CreateCompatibleDC
GetDeviceCaps
DeleteObject
CreateDIBSection
SelectObject
CreateCompatibleBitmap
BitBlt
SetBkColor
ExtTextOutW
DPtoLP
CreateBitmap

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

shell32

CommandLineToArgvW
SHCreateDirectoryExA
SHGetSpecialFolderPathA
SHGetFolderPathW
ord165
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
SHCreateDirectoryExW

ole32

PropVariantClear
CoLoadLibrary
CoInitializeEx
CoTaskMemFree
CreateStreamOnHGlobal
CoSetProxyBlanket
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
DispCallFunc
SafeArrayGetUBound
SafeArrayGetLBound
VariantInit
VariantCopy
SafeArrayCopy
SafeArrayGetVartype
VariantClear
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysFreeString
SysAllocString

shlwapi

SHGetValueA
PathAppendA
StrCmpNIA
StrRStrIA
StrStrIA
PathFindFileNameA
PathIsDirectoryA
StrFormatByteSizeA
PathAddBackslashA
ord12
StrStrA
PathIsRelativeA
PathRemoveExtensionA
ord176
PathFindFileNameW
PathCombineW
PathAppendW
PathFileExistsW
PathAddBackslashW
StrCmpNIW
SHGetValueW
StrStrIW
StrCmpIW
PathRemoveFileSpecW
SHSetValueW
StrCpyNW
PathFileExistsA
PathRemoveFileSpecA
StrRChrW
StrRStrIW
StrToInt64ExA
SHStrDupW
PathFindExtensionW
PathIsRelativeW
PathCanonicalizeW
PathIsRootW
PathIsDirectoryW
PathRemoveBackslashW
PathIsPrefixW
SHSetValueA

gdiplus

GdiplusStartup
GdiplusShutdown
GdipFree
GdipDisposeImage
GdipAlloc
GdipCreateHBITMAPFromBitmap
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipSaveImageToFile
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDrawImagePointRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCloneBitmapAreaI
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipImageRotateFlip
GdipCloneImage
GdipGetImageGraphicsContext

comctl32

InitCommonControlsEx

crypt32

CryptStringToBinaryA
CryptBinaryToStringA
CertGetNameStringW
CryptStringToBinaryW

imm32

ImmDisableIME

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winmm

mixerGetLineInfoW
mixerGetLineControlsW
mixerGetNumDevs
mixerGetControlDetailsW
mixerSetControlDetails
mixerOpen

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

setupapi

SetupIterateCabinetW

netapi32

Netbios

psapi

GetModuleFileNameExW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1f44c0daa90e4b43200170ffa315afc8

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

29:5b:f8:6e:85:26:53:40:33:13:83:7bCertificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

9c:54:7f:51:ce:83:f8:d6:96:51:f3:c7:d7:0d:39:77:eb:ac:64:90:f1:bc:04:3f:f7:97:79:68:30:35:b3:1eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

comctl32

crypt32

imm32

version

winmm

wintrust

setupapi

netapi32

psapi

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 232KB - Virtual size: 231KB

.data Size: 29KB - Virtual size: 45KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 190KB - Virtual size: 190KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

29:5b:f8:6e:85:26:53:40:33:13:83:7b
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

9c:54:7f:51:ce:83:f8:d6:96:51:f3:c7:d7:0d:39:77:eb:ac:64:90:f1:bc:04:3f:f7:97:79:68:30:35:b3:1e
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 232KB - Virtual size: 231KB

.data
Size: 29KB - Virtual size: 45KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 190KB - Virtual size: 190KB