698736e55ece42dc7355ac751fa900a4969b76a3ab7eaf3152b6bda691ca2558

Sharing

Copy URL Twitter E-mail

General

Target

698736e55ece42dc7355ac751fa900a4969b76a3ab7eaf3152b6bda691ca2558
Size

3.3MB
MD5

364d9ad2591615e40e98d1c53a146c0f
SHA1

5f11108acdd5705910a70596d202f466f2b425bd
SHA256

698736e55ece42dc7355ac751fa900a4969b76a3ab7eaf3152b6bda691ca2558
SHA512

0321331765c5623f95452a35929b103f8eace4ba1c77eb364eed3a7de679694f1c7dfe9dc252a102c31ee43e3b814bcf288a2f6f5065f3d1b40f94d369628212
SSDEEP

49152:yaWSD+htM6OEK2n7fE1oauKj1TpkyPI1rIamr4xiK:J+MEdng1oauKUV

Score

1^/10

Malware Config

Signatures

Files

698736e55ece42dc7355ac751fa900a4969b76a3ab7eaf3152b6bda691ca2558
.exe windows:5 windows x86 arch:x86

a649f937d51c6c6905d34d64a05f81f5

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:5b:f8:6e:85:26:53:40:33:13:83:7b
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

26/04/2023, 03:04

Not After

26/04/2026, 03:04

Subject

SERIALNUMBER=911101026662879416,CN=Beijing Qihu Technology Co.\, Ltd.,O=Beijing Qihu Technology Co.\, Ltd.,STREET=朝阳区酒仙桥路6号院2号楼1至19层104号内8层801,L=Beijing,ST=Beijing,C=CN,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:f5:cb:c8:91:d1:fc:70:79:d4:4f:2c:96:ec:7d:d2:bf:11:72:eb:02:6f:77:df:32:10:e2:b4:bf:30:ed:49
Signer

Actual PE Digest

2e:f5:cb:c8:91:d1:fc:70:79:d4:4f:2c:96:ec:7d:d2:bf:11:72:eb:02:6f:77:df:32:10:e2:b4:bf:30:ed:49

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\779683\out\Release\SoftupNotify.pdb

Imports

kernel32

GlobalLock
GlobalUnlock
GetTempPathW
GetTempFileNameW
InterlockedCompareExchange
InterlockedExchange
SetEndOfFile
CopyFileW
SystemTimeToFileTime
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
SetFileTime
GetWindowsDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenEventW
MapViewOfFile
FlushViewOfFile
DeviceIoControl
HeapAlloc
GetProcessHeap
HeapFree
GetThreadLocale
SetThreadLocale
GetVersionExW
GetWindowsDirectoryA
GetSystemDirectoryW
GetModuleHandleA
GlobalMemoryStatusEx
lstrcmpA
OpenThread
SuspendThread
ResumeThread
OutputDebugStringA
GetNativeSystemInfo
CreateIoCompletionPort
GetExitCodeThread
TerminateThread
PostQueuedCompletionStatus
GetQueuedCompletionStatus
SetFilePointerEx
EnumResourceNamesW
FreeResource
BeginUpdateResourceA
UpdateResourceW
EndUpdateResourceW
LoadLibraryExA
FindResourceExA
UpdateResourceA
GetModuleFileNameA
CreateFileA
ExpandEnvironmentStringsA
GetUserDefaultLangID
GetSystemDefaultLangID
GetSystemDirectoryA
WaitForMultipleObjects
FindNextFileW
GetFileAttributesA
FindFirstFileA
FindNextFileA
GetLogicalDriveStringsA
GetDiskFreeSpaceExA
GetDriveTypeA
lstrcmpiA
LoadLibraryA
GetPrivateProfileStringA
WritePrivateProfileStringA
SetThreadAffinityMask
GetCurrentThread
QueryPerformanceCounter
RemoveDirectoryA
DeleteFileA
FileTimeToSystemTime
OpenEventA
OpenMutexW
ReleaseMutex
SetThreadPriority
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
GetStdHandle
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
CompareStringA
CompareStringW
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetDateFormatA
GetTimeFormatA
RtlUnwind
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsAlloc
HeapWalk
HeapLock
HeapUnlock
TlsSetValue
TlsGetValue
LocalFileTimeToFileTime
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
HeapDestroy
SetEvent
ResetEvent
GetLocalTime
MoveFileA
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
GetSystemInfo
CreateEventW
GetFileAttributesExW
lstrcpynW
GlobalSize
GlobalReAlloc
GlobalFree
GlobalAlloc
GetFullPathNameW
FindFirstFileW
MulDiv
MoveFileW
FreeConsole
GetConsoleWindow
AllocConsole
SetErrorMode
ExpandEnvironmentStringsW
CreateProcessW
GetStartupInfoW
LoadLibraryExW
lstrcmpiW
Sleep
ReadFile
DeleteFileW
SetFileAttributesW
WideCharToMultiByte
CreateMutexW
GetLastError
MultiByteToWideChar
lstrlenA
CreateThread
TerminateProcess
WaitForSingleObject
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
FlushInstructionCache
GetCurrentProcess
SetLastError
RaiseException
GetCurrentThreadId
ExitProcess
lstrlenW
GetFileSize
UnmapViewOfFile
DuplicateHandle
CreateFileMappingW
OpenFileMappingW
MapViewOfFileEx
GetLongPathNameW
GetFileSizeEx
WritePrivateProfileStringW
RemoveDirectoryW
LocalFree
OpenProcess
MoveFileExW
CreateDirectoryW
CreateEventA
FindClose
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateFileW
SetFilePointer
OutputDebugStringW
WriteFile
GetCommandLineW
SizeofResource
CloseHandle
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
GetCurrentProcessId
EnterCriticalSection
GetProcAddress
FreeLibrary
LeaveCriticalSection
GetModuleFileNameW
FindResourceExW
FindResourceW
LoadResource
LockResource
GetFileTime

user32

MessageBoxW
SendMessageTimeoutW
FindWindowW
DefWindowProcW
CharNextW
SetWindowLongW
DialogBoxParamW
GetActiveWindow
GetLastInputInfo
DestroyWindow
UnregisterClassA
GetWindowTextA
SetPropW
OffsetRect
BeginPaint
EndPaint
CreatePopupMenu
AppendMenuW
SetActiveWindow
SetForegroundWindow
MessageBoxA
IsChild
FindWindowA
GetClassNameA
WaitForInputIdle
LoadStringA
GetWindowTextW
GetSystemMetrics
GetCursorInfo
SetCursorPos
ShowCursor
SystemParametersInfoW
GetWindowRect
SetWindowPos
GetDC
ReleaseDC
GetClassNameW
FindWindowExW
EnumWindows
GetWindowThreadProcessId
SendMessageW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
GetWindowLongW
CallWindowProcW
SetWindowTextW
SetTimer
MapWindowPoints
GetClientRect
GetParent
GetMonitorInfoW
MonitorFromWindow
GetWindow
KillTimer
CopyRect
InflateRect
GetCursorPos
ScreenToClient
ShowWindow
PostMessageW
EndDialog
WindowFromPoint
PtInRect
RegisterWindowMessageW
LoadIconW
PostQuitMessage
MoveWindow
GetPropW
CreateIconIndirect
GetIconInfo
IsWindowVisible
SetCursor
IsDialogMessageW
PostThreadMessageW
MonitorFromPoint
DestroyMenu
TrackPopupMenu
GetSubMenu
ClientToScreen
UpdateLayeredWindow
LoadMenuW
GetDesktopWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
GetAsyncKeyState
mouse_event
keybd_event
GetDlgItem
MsgWaitForMultipleObjects
IsWindow

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
SelectObject
DeleteDC
GetDeviceCaps
DeleteObject
GetObjectW
CreateDIBSection
GetDIBits
GetBitmapBits
BitBlt
SetBkColor
ExtTextOutW
DPtoLP
CreateBitmap

advapi32

RegCreateKeyExW
RegQueryValueExA
RegOpenKeyExA
RegEnumValueW
ConvertSidToStringSidW
IsValidSid
LookupAccountNameW
GetUserNameW
RegEnumKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

shell32

SHCreateDirectoryExA
SHGetSpecialFolderPathW
ord165
SHGetFolderPathW
ShellExecuteW
Shell_NotifyIconW
ShellExecuteExW
SHFileOperationW
SHCreateDirectoryExW
SHGetSpecialFolderPathA

ole32

PropVariantClear
CoLoadLibrary
CoInitializeEx
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
SafeArrayCopy
SafeArrayGetVartype
SysAllocStringByteLen
DispCallFunc
VariantClear
VariantInit
VarUI4FromStr
SysStringByteLen
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString

shlwapi

PathRemoveFileSpecA
PathStripPathW
PathIsRelativeW
PathIsRootW
StrToInt64ExA
StrRStrIW
StrRChrW
PathFileExistsA
StrCpyNW
PathCanonicalizeW
PathUnquoteSpacesW
StrFormatByteSizeW
PathFindNextComponentA
PathCanonicalizeA
SHDeleteKeyW
PathAppendA
ord176
StrStrIA
SHGetValueA
PathFindFileNameA
PathRemoveExtensionA
StrCmpNIA
StrRStrIA
PathIsDirectoryA
StrFormatByteSizeA
PathAddBackslashA
ord12
StrStrA
PathIsRelativeA
SHStrDupW
PathRemoveExtensionW
PathRemoveBackslashW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
PathCombineW
PathFindFileNameW
SHGetValueW
SHSetValueW
StrCmpIW
PathAddBackslashW
StrCmpNIW
StrChrW
StrStrIW
SHDeleteValueW
PathIsPrefixW
PathQuoteSpacesW
PathFindExtensionW
PathIsDirectoryW
SHSetValueA

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromFile
GdipFree
GdipCreateHBITMAPFromBitmap
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdipDrawImagePointRectI
GdipCloneBitmapAreaI
GdipCreateBitmapFromScan0
GdipImageRotateFlip
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipGraphicsClear
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipAlloc

comctl32

_TrackMouseEvent
InitCommonControlsEx

crypt32

CryptStringToBinaryW
CryptBinaryToStringA
CryptStringToBinaryA
CertGetNameStringW
CryptBinaryToStringW

iphlpapi

GetAdaptersInfo
GetIpAddrTable

imm32

ImmDisableIME

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

setupapi

SetupIterateCabinetW

netapi32

Netbios

psapi

GetModuleFileNameExW

msi

ord173
ord217

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 36KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a649f937d51c6c6905d34d64a05f81f5

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

29:5b:f8:6e:85:26:53:40:33:13:83:7bCertificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

2e:f5:cb:c8:91:d1:fc:70:79:d4:4f:2c:96:ec:7d:d2:bf:11:72:eb:02:6f:77:df:32:10:e2:b4:bf:30:ed:49Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

comctl32

crypt32

iphlpapi

imm32

version

wintrust

setupapi

netapi32

psapi

msi

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 344KB - Virtual size: 343KB

.data Size: 36KB - Virtual size: 58KB

.rsrc Size: 52KB - Virtual size: 52KB

.reloc Size: 1.4MB - Virtual size: 1.4MB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

29:5b:f8:6e:85:26:53:40:33:13:83:7b
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

2e:f5:cb:c8:91:d1:fc:70:79:d4:4f:2c:96:ec:7d:d2:bf:11:72:eb:02:6f:77:df:32:10:e2:b4:bf:30:ed:49
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 344KB - Virtual size: 343KB

.data
Size: 36KB - Virtual size: 58KB

.rsrc
Size: 52KB - Virtual size: 52KB

.reloc
Size: 1.4MB - Virtual size: 1.4MB