SecuriteInfo[.]com[.]Variant[.]Giant[.]Zusy[.]6[.]12808[.]9954[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Variant.Giant.Zusy.6.12808.9954.exe
Size

50.5MB
MD5

5504c5780f2394597248ba27a9e3f134
SHA1

bb6e3662df8f8b23e9d5358f4dce4c7bc710da8f
SHA256

f2496c4145599f2e6f65db674f37eb0cd6bfce98d82d27b36019e3765c55728d
SHA512

232af1396bcffba82d1517fa924633bc784c7f18264b6afedc3e2b5b034a15cdeb0de81a1e21d841aa183ec07780d49edd5b6aa06f18f484bf307b0143439721
SSDEEP

1572864:LrYkrzURogFpuKQpMmAAgV8H31G7T+7hiwPOEhLE:nzrMQujAgGH31G7itiwmqLE

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.Variant.Giant.Zusy.6.12808.9954.exe
.exe windows:4 windows x86 arch:x86

bbec9bb284873332debefe242565ae59

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:26:d0:80:d8:92:9b:42:de:b1:ca:08:cd:61:54:5a
Certificate

Issuer

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Not Before

25/01/2022, 12:22

Not After

24/01/2025, 12:22

Subject

CN=珠海市莫停之科技有限公司,O=珠海市莫停之科技有限公司,L=珠海市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

26/05/2021, 06:46

Not After

18/05/2027, 06:46

Subject

CN=WoTrus Code Signing 2021 CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

98:73:ec:22:df:8c:1c:6b:cd:47:a6:ce:76:bc:5e:80:7a:af:2c:10:bc:10:f9:20:4d:c3:e3:16:5f:68:41:a5
Signer

Actual PE Digest

98:73:ec:22:df:8c:1c:6b:cd:47:a6:ce:76:bc:5e:80:7a:af:2c:10:bc:10:f9:20:4d:c3:e3:16:5f:68:41:a5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\jekins_work\workspace\pcmgr_vip\product\win32\dbginfo\installer.pdb

Imports

imm32

ImmDisableIME

kernel32

FileTimeToLocalFileTime
GetWindowsDirectoryW
OutputDebugStringA
InterlockedExchange
RaiseException
InterlockedIncrement
InterlockedDecrement
OutputDebugStringW
FreeResource
FlushInstructionCache
GetStdHandle
WaitForMultipleObjects
VirtualFree
VirtualAlloc
SetEvent
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
CreateEventW
lstrcpyW
SetFileAttributesW
CreateFileA
CreateThread
TerminateThread
ExpandEnvironmentStringsW
TerminateProcess
GetComputerNameA
GetDiskFreeSpaceExW
GetModuleFileNameA
CreateProcessW
lstrcmpiW
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
GetCommandLineW
GetDriveTypeW
MapViewOfFileEx
LoadLibraryExW
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetFullPathNameA
GetDriveTypeA
GetCurrentDirectoryA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
HeapCreate
GetStartupInfoA
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
VirtualQuery
VirtualProtect
ExitThread
GetFileType
SetStdHandle
ExitProcess
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
LoadLibraryA
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetFileAttributesW
DeleteFileW
SystemTimeToFileTime
EnterCriticalSection
GetLastError
LeaveCriticalSection
CreateDirectoryW
InitializeCriticalSection
FindClose
RemoveDirectoryW
FreeLibrary
GetModuleFileNameW
DeleteCriticalSection
WideCharToMultiByte
CreateFileW
CloseHandle
WriteFile
GetSystemTimeAsFileTime
FileTimeToSystemTime
FlushFileBuffers
GetTempPathW
UnmapViewOfFile
MapViewOfFile
GetTempFileNameW
MoveFileW
QueryDosDeviceW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileMappingW
CopyFileW
GetLogicalDriveStringsW
MoveFileExW
GetSystemInfo
Sleep
WaitForSingleObject
SetLastError
GetTickCount
GetCurrentProcessId
SetEndOfFile
GetLocalTime
SetFilePointer
InterlockedCompareExchange
GetCurrentThreadId
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
LocalFree
LocalAlloc
LoadLibraryW
OpenProcess
Process32NextW
GetVersionExW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
MultiByteToWideChar
lstrlenA
ReadFile
GetFileSize
lstrlenW
FindFirstFileA

user32

CopyRect
CharUpperW
CharLowerW
wsprintfW
ExitWindowsEx
LoadBitmapW
SetWindowTextW
GetWindowTextW
GetKeyState
GetActiveWindow
IsIconic
CreateWindowExW
GetWindow
IntersectRect
GetNextDlgTabItem
GetDesktopWindow
UnregisterClassA
PostMessageW
ReleaseDC
KillTimer
GetWindowLongW
SetFocus
PostThreadMessageW
InflateRect
EqualRect
GetWindowTextLengthW
WindowFromPoint
GetClientRect
MoveWindow
RegisterWindowMessageW
GetDlgCtrlID
LoadIconW
GetWindowThreadProcessId
MapWindowPoints
SetWindowLongW
DefWindowProcW
GetScrollPos
CharNextW
LoadStringW
EnableWindow
IsRectEmpty
DestroyWindow
GetForegroundWindow
GetFocus
LoadCursorW
ClientToScreen
MonitorFromWindow
SetCapture
SystemParametersInfoW
IsChild
RegisterClassExW
GetMonitorInfoW
AttachThreadInput
DestroyIcon
IsWindowEnabled
SetForegroundWindow
IsDialogMessageW
OffsetRect
SetRectEmpty
ReleaseCapture
SetActiveWindow
ShowWindow
SetCursor
SetWindowPos
GetClassInfoExW
PeekMessageW
GetParent
DrawTextW
IsWindowVisible
SetTimer
GetMessageW
InvalidateRect
TranslateMessage
CallWindowProcW
GetDlgItem
DispatchMessageW
LoadImageW
IsWindow
SetWindowRgn
GetWindowRect
PtInRect
EndPaint
UpdateLayeredWindow
BeginPaint
GetCursorPos
SendMessageW
ScreenToClient
SetRect
FindWindowW
DrawIconEx
GetDC

gdi32

RectInRegion
CreateRectRgnIndirect
GetTextMetricsW
SetStretchBltMode
CreateBitmap
CreateCompatibleBitmap
StretchBlt
GetStretchBltMode
CreateRoundRectRgn
DeleteObject
GetTextExtentPoint32W
TextOutW
GetDeviceCaps
RoundRect
LineTo
Rectangle
MoveToEx
SetTextColor
CreatePen
ExtSelectClipRgn
CreateFontIndirectW
GetClipRgn
CreateDIBSection
SetViewportOrgEx
GetStockObject
CombineRgn
GetViewportOrgEx
CreateRectRgn
GetTextColor
GetCurrentObject
BitBlt
DeleteDC
ExtTextOutW
SetBkColor
SelectObject
SelectClipRgn
CreateCompatibleDC
SetBkMode
RestoreDC
GetObjectW
SaveDC
OffsetRgn

advapi32

RegOpenKeyW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
StartServiceW
DeleteService
ChangeServiceConfig2W
ChangeServiceConfigW
CreateServiceW
RegQueryInfoKeyW
ControlService
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
DeleteAce
GetAce
GetNamedSecurityInfoW
CreateProcessAsUserW
RegEnumKeyExW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteValueW
SetTokenInformation
DuplicateTokenEx
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegCreateKeyExW

shell32

ShellExecuteW
SHGetFolderPathW
SHGetMalloc
SHGetPathFromIDListW
SHFileOperationW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetSpecialFolderLocation
SHBrowseForFolderW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeEx
CoCreateGuid
CreateStreamOnHGlobal

oleaut32

VariantClear
SysAllocString
VarUI4FromStr
SysStringLen
VariantCopy
SysFreeString

shlwapi

PathRemoveBackslashW
PathStripPathW
StrToIntW
PathAddBackslashW
StrToIntA
PathFindFileNameW
PathRemoveFileSpecW
PathIsDirectoryW
PathFileExistsW

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

gdiplus

GdipGetImageGraphicsContext
GdipLoadImageFromFile
GdipDeleteGraphics
GdipAddPathLineI
GdipCloneImage
GdipCreateLineBrushFromRectWithAngleI
GdipAddPathArcI
GdipGraphicsClear
GdipFillRectangle
GdipSetCompositingQuality
GdiplusStartup
GdipFillRectangleI
GdiplusShutdown
GdipSetTextRenderingHint
GdipSetPenDashStyle
GdipGetImageWidth
GdipGetImageHeight
GdipSetInterpolationMode
GdipFillPath
GdipDrawImagePointsRectI
GdipLoadImageFromStream
GdipGetImagePixelFormat
GdipImageRotateFlip
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipCloneBitmapArea
GdipDrawPath
GdipSetClipPath
GdipSetPenMode
GdipDeleteFont
GdipDisposeImageAttributes
GdipAlloc
GdipCreateImageAttributes
GdipFree
GdipCreateFont
GdipCreateFromHDC
GdipDeletePath
GdipCreateFontFromLogfontW
GdipCreateBitmapFromScan0
GdipSetPenEndCap
GdipDrawLinesI
GdipSetPenStartCap
GdipDeleteFontFamily
GdipDrawImageRectRectI
GdipDrawLine
GdipSetStringFormatTrimming
GdipDeletePen
GdipCreateSolidFill
GdipDrawImageRectRect
GdipCreatePen1
GdipPrivateAddFontFile
GdipDeletePrivateFontCollection
GdipDrawImageRectI
GdipAddPathStringI
GdipCloneBrush
GdipNewPrivateFontCollection
GdipDrawImageI
GdipDeleteBrush
GdipSetStringFormatLineAlign
GdipRotateWorldTransform
GdipScaleWorldTransform
GdipAddPathPieI
GdipSetStringFormatAlign
GdipTranslateWorldTransform
GdipCloneFontFamily
GdipSetStringFormatFlags
GdipGetFontCollectionFamilyList
GdipMeasureString
GdipResetWorldTransform
GdipDeleteStringFormat
GdipGetFontCollectionFamilyCount
GdipDrawString
GdipSetPixelOffsetMode
GdipAddPathRectangleI
GdipCreateStringFormat
GdipAddPathRectangle
GdipSetSmoothingMode
GdipDisposeImage
GdipGetFontSize
GdipSetImageAttributesColorMatrix
GdipClosePathFigure
GdipStartPathFigure
GdipDrawRectangleI
GdipGetFamily
GdipCreatePath

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 692KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 368KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbec9bb284873332debefe242565ae59

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

7f:26:d0:80:d8:92:9b:42:de:b1:ca:08:cd:61:54:5aCertificate

Extended Key Usages

Key Usages

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

98:73:ec:22:df:8c:1c:6b:cd:47:a6:ce:76:bc:5e:80:7a:af:2c:10:bc:10:f9:20:4d:c3:e3:16:5f:68:41:a5Signer

Headers

File Characteristics

PDB Paths

Imports

imm32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

version

wtsapi32

gdiplus

iphlpapi

Sections

.text Size: 692KB - Virtual size: 690KB

.rdata Size: 156KB - Virtual size: 155KB

.data Size: 24KB - Virtual size: 38KB

.rsrc Size: 368KB - Virtual size: 365KB

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

7f:26:d0:80:d8:92:9b:42:de:b1:ca:08:cd:61:54:5a
Certificate

38:9c:d2:9d:8f:db:c7:39:f5:49:33:be:ce:98:93:b4
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

98:73:ec:22:df:8c:1c:6b:cd:47:a6:ce:76:bc:5e:80:7a:af:2c:10:bc:10:f9:20:4d:c3:e3:16:5f:68:41:a5
Signer

.text
Size: 692KB - Virtual size: 690KB

.rdata
Size: 156KB - Virtual size: 155KB

.data
Size: 24KB - Virtual size: 38KB

.rsrc
Size: 368KB - Virtual size: 365KB