install_06[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

install_06.exe
Size

11.2MB
MD5

64a88d9c57b90bf5934b9549b4a972c3
SHA1

c61bdd064ff95ca3f8fb9896e94204c875a79eaa
SHA256

00b6404d5109abab6e410128dddfa3723ff817875973b2d90f1f9ead468c10ec
SHA512

034b8422962c90943a2462eaaa1b467a5381574ba0a8bd1e0581d4fc91d49a93d8e498d5b8a091d50f3bfe8dfdce8247f1932d9f72f4c8edf760a82cf0a6e834
SSDEEP

196608:T10yKDm07rMc7Ab62uYcVMvodUIcTTSePuvyoivQF4ddDyFUm22DscUNYXY+:T1ES0PMpsORz/Sy8y42/0f22Ds7NX+

Score

1^/10

Malware Config

Signatures

Files

install_06.exe
.exe windows:6 windows x86 arch:x86

98787825c143085961b0b6bcbd2c27ad

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a3:e2:67:5b:6e:d0:ab:38:cf:8b:3f:f6:e3:76:00:d4
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

30/05/2024, 00:00

Not After

30/05/2025, 23:59

Subject

CN=Changxiang Mutual Entertainment Network Technology Co.\, Ltd.,O=Changxiang Mutual Entertainment Network Technology Co.\, Ltd.,ST=Jiangsu Sheng,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\d\codes\Duilib_ScreenShot\Duilib_ScreenShot\Screenshot\Release\Install.pdb

Imports

shlwapi

PathIsRelativeW
PathFindFileNameW
PathFileExistsW
PathCombineW
SHSetValueW
SHGetValueW

winmm

timeGetTime
timeSetEvent
timeKillEvent

comctl32

_TrackMouseEvent
ord17

gdiplus

GdipSetPenDashCap197819
GdiplusStartup
GdipScaleMatrix
GdipMeasureString
GdipFillPath
GdipFillEllipseI
GdipDrawEllipseI
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawPath
GdipDrawRectangleI
GdipDrawBezierI
GdipDrawLineI
GdipFillRectangle
GdipDeletePath
GdipCreateBitmapFromFile
GdipIsOutlineVisiblePathPointI
GdipIsVisiblePathPointI
GdipGetPathWorldBoundsI
GdipAddPathPolygonI
GdipAddPathPieI
GdipAddPathArcI
GdipAddPathEllipseI
GdipAddPathRectangleI
GdipAddPathCurveI
GdipAddPathBezierI
GdipAddPathLine2I
GdipAddPathLineI
GdipClosePathFigure
GdipStartPathFigure
GdipGetPathFillMode
GdipSetPathFillMode
GdipResetPath
GdipClonePath
GdipCreatePath
GdipCreateTexture
GdipCreateBitmapFromHBITMAP
GdipCreateSolidFill
GdipGetPenDashStyle
GdipSetPenDashStyle
GdipGetPenLineJoin
GdipSetPenLineJoin
GdipGetPenDashCap197819
GdipGetPenEndCap
GdipGetPenStartCap
GdipTransformPath
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenColor
GdipGetPenWidth
GdipSetPenWidth
GdipClonePen
GdipCreateBitmapFromFileICM
GdipFree
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipImageRotateFlip
GdipDrawImageRect
GdipSetWorldTransform
GdipRotateMatrix
GdipTranslateMatrix
GdipCreatePen2
GdipSetLineBlend
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushFromRect
GdipDrawArc
GdipDeletePen
GdipCreatePen1
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeleteMatrix
GdipCreateMatrix
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipAlloc

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

msimg32

AlphaBlend

kernel32

IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
GetCPInfo
CompareStringEx
LCMapStringEx
EncodePointer
InitOnceComplete
InitOnceBeginInitialize
GetStringTypeW
SleepConditionVariableSRW
WakeAllConditionVariable
TryAcquireSRWLockExclusive
GetExitCodeThread
SwitchToThread
GetFileTime
LocalFree
SetFileAttributesW
GetFileAttributesExW
WaitForSingleObjectEx
SleepEx
GetEnvironmentVariableA
PeekNamedPipe
GetFileType
MoveFileExW
FormatMessageW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetLastError
IsDebuggerPresent
FreeLibraryAndExitThread
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
Sleep
GetTickCount
CloseHandle
lstrlenW
FindClose
FindFirstFileW
FindNextFileW
WideCharToMultiByte
GetVersionExW
GetModuleHandleExW
GetDriveTypeW
GetSystemDirectoryW
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
FindResourceW
GlobalUnlock
CreateFileW
DeleteFileW
GetFileSizeEx
ReadFile
SetFilePointerEx
GetStartupInfoW
DecodePointer
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
RtlUnwind
WaitForSingleObject
TerminateProcess
GetCurrentThreadId
CreateProcessW
OpenProcess
QueryFullProcessImageNameW
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
K32EnumProcessModules
K32GetModuleFileNameExW
GetCommandLineW
GetModuleHandleA
GetProcAddress
WritePrivateProfileStringW
InterlockedCompareExchange
GetFileAttributesW
LoadLibraryW
FreeLibrary
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
WaitForMultipleObjects
CreateEventW
SetEvent
TerminateThread
RaiseException
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetCurrentProcess
GetStdHandle
VirtualQuery
InterlockedExchange
GetModuleHandleW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
LocalFileTimeToFileTime
FileTimeToSystemTime
QueryPerformanceFrequency
SystemTimeToFileTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
CreateDirectoryW
GetCurrentDirectoryW
VerifyVersionInfoW
VerSetConditionMask
GlobalFree
GlobalAlloc
GlobalLock
GetFileSize
GlobalSize
MulDiv
GetCurrentProcessId
SetFilePointer
SetFileTime
GetEnvironmentVariableW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
ExitProcess
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
WriteFile
OutputDebugStringW
SetStdHandle
SetEndOfFile
GetFullPathNameW
FindFirstFileExW
IsValidCodePage
InterlockedPushEntrySList
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
LoadLibraryExW
CreateThread
DeleteCriticalSection
ExitThread
GetNativeSystemInfo

user32

OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
MapWindowPoints
GetParent
FindWindowW
GetDesktopWindow
GetAsyncKeyState
GetSysColor
ClientToScreen
IsWindowVisible
SetWindowRgn
MonitorFromPoint
IsZoomed
SetCursor
UnionRect
OffsetRect
CharNextW
PtInRect
UpdateLayeredWindow
IntersectRect
IsRectEmpty
GetClientRect
GetUpdateRect
MoveWindow
EndPaint
BeginPaint
ReleaseCapture
SetCapture
GetFocus
GetCursorPos
GetKeyState
ScreenToClient
InvalidateRect
SetWindowTextW
GetDC
GetPropW
SetPropW
CallWindowProcW
GetSystemMetrics
SetWindowPos
IsIconic
MonitorFromWindow
GetMonitorInfoW
SetFocus
EnableWindow
GetWindow
GetWindowLongW
IsWindow
SetWindowLongW
GetClassInfoExW
UnregisterClassW
ShowWindow
SetForegroundWindow
wsprintfW
PostMessageW
PostQuitMessage
RegisterClassW
LoadCursorW
ReleaseDC
DefWindowProcW
DestroyWindow
CreateWindowExW
WaitMessage
RegisterClassExW
GetWindowRect
MessageBoxW
KillTimer
TranslateMessage
GetQueueStatus
CallMsgFilterW
MsgWaitForMultipleObjectsEx
PeekMessageW
SendMessageW
SetTimer
DispatchMessageW

gdi32

DeleteDC
SetStretchBltMode
GetObjectA
CreateRectRgnIndirect
ExtSelectClipRgn
GetStockObject
CreateFontIndirectW
DeleteObject
SelectObject
BitBlt
CreateRoundRectRgn
GetDeviceCaps
CreateDIBSection
CreateCompatibleDC
SetWindowOrgEx
GetWindowOrgEx
GetObjectW
RestoreDC
SaveDC
StretchBlt

advapi32

CloseServiceHandle
ControlService
CreateServiceW
DeleteService
EnumDependentServicesW
OpenSCManagerW
OpenServiceW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
QueryServiceStatusEx
GetSecurityInfo
CryptEncrypt

shell32

SHBrowseForFolderW
SHGetFolderPathW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
ord165

ole32

CoInitialize
CoSetProxyBlanket
CoTaskMemFree
CreateStreamOnHGlobal
CoInitializeSecurity
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

VariantInit
SysStringLen
VariantClear
SysAllocString
SysFreeString
SysStringByteLen
SysAllocStringByteLen

bcrypt

BCryptDestroyKey
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptGetProperty
BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptHashData
BCryptFinishHash
BCryptDeriveKeyPBKDF2
BCryptCreateHash
BCryptDestroyHash

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

inet_pton
closesocket
htons
socket
inet_ntop
send
WSAGetLastError
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
bind
recvfrom
sendto
accept
getsockname
listen
ntohs
getsockopt
WSAResetEvent
WSAWaitForMultipleEvents
WSASetLastError
getaddrinfo
freeaddrinfo
setsockopt
WSAIoctl
htonl
WSAStartup
WSACleanup
connect
getpeername
recv
__WSAFDIsSet
select
ioctlsocket
gethostname

crypt32

CertFindCertificateInStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringW
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertOpenStore

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.4MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98787825c143085961b0b6bcbd2c27ad

Code Sign

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

a3:e2:67:5b:6e:d0:ab:38:cf:8b:3f:f6:e3:76:00:d4Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

winmm

comctl32

gdiplus

imm32

msimg32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

bcrypt

iphlpapi

version

ws2_32

crypt32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 285KB - Virtual size: 285KB

.data Size: 27KB - Virtual size: 37KB

.rsrc Size: 9.4MB - Virtual size: 9.4MB

.reloc Size: 61KB - Virtual size: 60KB

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

a3:e2:67:5b:6e:d0:ab:38:cf:8b:3f:f6:e3:76:00:d4
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 285KB - Virtual size: 285KB

.data
Size: 27KB - Virtual size: 37KB

.rsrc
Size: 9.4MB - Virtual size: 9.4MB

.reloc
Size: 61KB - Virtual size: 60KB