773e30084a326274e15214197f607a890cb01f42446d3301d24e6155f7192093

Sharing

Copy URL Twitter E-mail

General

Target

773e30084a326274e15214197f607a890cb01f42446d3301d24e6155f7192093
Size

856KB
MD5

3909a8d0d6ac235507d7bc6488a703be
SHA1

3443708169c93030b0063256c382f85cbd3914b6
SHA256

773e30084a326274e15214197f607a890cb01f42446d3301d24e6155f7192093
SHA512

e6cb50f6ec542b7bcb23a79c04a27c1deb375df2ee38e032da093b857db95718bb4a69570f1ac5d127df4148ea7cf18162df03d85030234eb4b8f3b58f19c691
SSDEEP

12288:J4IMc8YIIwbAAh6UFPQ02G9yA+yd8tLP8sS1RV+F0szVnxgr3BJ:P/A4UFCGspyd8hPwi0szVnxgrRJ

Score

1^/10

Malware Config

Signatures

Files

773e30084a326274e15214197f607a890cb01f42446d3301d24e6155f7192093
.dll windows:4 windows x86 arch:x86

153110c3bcc026f8cf434d160d67aafc

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0b:98:41:aa:e8:06:68:9a:fc:0b:07:20:3c:f3:1e:59
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

24/10/2022, 00:00

Not After

22/10/2025, 23:59

Subject

CN=Guangzhou TEC Solutions Co.\, Ltd.,O=Guangzhou TEC Solutions Co.\, Ltd.,L=Guangzhou,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:98:41:aa:e8:06:68:9a:fc:0b:07:20:3c:f3:1e:59
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

24/10/2022, 00:00

Not After

22/10/2025, 23:59

Subject

CN=Guangzhou TEC Solutions Co.\, Ltd.,O=Guangzhou TEC Solutions Co.\, Ltd.,L=Guangzhou,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:ee:fd:e4:cc:75:e6:d7:e6:69:02:05:2c:ce:0f:df:f1:5d:8d:fb:67:9f:4d:49:3a:be:49:88:c3:dc:dd:cb
Signer

Actual PE Digest

7a:ee:fd:e4:cc:75:e6:d7:e6:69:02:05:2c:ce:0f:df:f1:5d:8d:fb:67:9f:4d:49:3a:be:49:88:c3:dc:dd:cb

Digest Algorithm

sha256

PE Digest Matches

true

90:6f:60:40:36:d7:bb:7f:b9:37:79:9f:a8:14:8b:4c:60:62:e8:ca
Signer

Actual PE Digest

90:6f:60:40:36:d7:bb:7f:b9:37:79:9f:a8:14:8b:4c:60:62:e8:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenProcess
GetCommandLineW
GetSystemDefaultLangID
GetUserDefaultLangID
GetVersion
GetProfileStringA
GetPrivateProfileStringA
SetFilePointer
FindFirstFileW
FreeConsole
WriteConsoleA
GetStdHandle
AllocConsole
GetSystemTime
WideCharToMultiByte
IsBadReadPtr
MultiByteToWideChar
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
WriteFile
CreateThread
GetFileAttributesExA
GetFileAttributesExW
GetFileInformationByHandle
OutputDebugStringW
GetCurrentThreadId
QueryPerformanceCounter
OpenMutexA
GetLastError
GetCommandLineA
VirtualProtectEx
IsBadWritePtr
GetFileAttributesW
CreateFileW
CreateFileMappingW
GetFileAttributesA
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
GetExitCodeThread
GetModuleHandleW
GetModuleHandleA
InterlockedDecrement
lstrlenA
InterlockedIncrement
LocalFree
FormatMessageA
LoadResource
FindResourceExA
GetACP
lstrlenW
FormatMessageW
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
SleepEx
InterlockedExchange
CreateSemaphoreA
ReleaseSemaphore
CreateEventA
SetEvent
PulseEvent
ResetEvent
WaitForMultipleObjects
GetSystemInfo
ExpandEnvironmentStringsA
LoadLibraryA
GetTempPathA
GetTempPathW
GetEnvironmentVariableA
GetEnvironmentVariableW
SetFileAttributesA
DeleteFileA
SetFileAttributesW
DeleteFileW
MoveFileA
MoveFileW
CreateDirectoryA
CopyFileA
RemoveDirectoryA
CreateDirectoryW
CopyFileW
RemoveDirectoryW
MoveFileExW
lstrcmpW
MoveFileExA
RtlUnwind
RaiseException
ExitProcess
FatalAppExitA
GetCPInfo
GetOEMCP
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetCurrentThread
TerminateProcess
HeapReAlloc
HeapAlloc
HeapSize
HeapFree
SetUnhandledExceptionFilter
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
UnhandledExceptionFilter
VirtualAlloc
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
SetStdHandle
ReadFile
FlushFileBuffers
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
FreeResource
LoadLibraryExA
VirtualQuery
LockResource
SizeofResource
EnumResourceNamesA
EnumResourceTypesA
EnumResourceLanguagesA
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
GetWindowsDirectoryA
VirtualProtect
VirtualQueryEx
ReadProcessMemory
WriteProcessMemory
lstrcmpA
SuspendThread
ResumeThread
TerminateThread
SetPriorityClass
GetPriorityClass
SetThreadPriority
GetThreadPriority
GetExitCodeProcess
CreateProcessA
InterlockedCompareExchange
InterlockedExchangeAdd
CreateProcessW
GetDriveTypeA
GetDriveTypeW
GetLogicalDrives
QueryDosDeviceA
QueryDosDeviceW
GetVolumeInformationA
SetVolumeLabelA
GetDiskFreeSpaceExA
DefineDosDeviceA
OutputDebugStringA
GetCurrentProcess
WaitForSingleObject
ReleaseMutex
SetLastError
CloseHandle
CreateMutexA
GetTickCount
GetLocalTime
GetCurrentProcessId
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentDirectoryW
GetModuleFileNameW
GetSystemDirectoryW
GetCurrentDirectoryA
GetModuleFileNameA
ExpandEnvironmentStringsW
GetSystemDirectoryA
SetEndOfFile

user32

MsgWaitForMultipleObjects
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
CloseDesktop
GetUserObjectInformationW
GetDesktopWindow
MessageBoxW
MessageBoxA
OpenWindowStationA
SetProcessWindowStation
CloseWindowStation
GetProcessWindowStation
GetUserObjectInformationA
OpenInputDesktop
OpenDesktopA
GetThreadDesktop
SetThreadDesktop
GetSystemMetrics

advapi32

InitializeAcl
GetAce
SetSecurityDescriptorDacl
LookupAccountNameW
RegSetKeySecurity
SetFileSecurityA
RegCreateKeyExW
RegDeleteValueA
RegDeleteKeyA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegConnectRegistryA
GetLengthSid
InitializeSecurityDescriptor
AddAccessAllowedAce
LookupAccountSidW
GetUserNameA
GetUserNameW
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
GetTokenInformation
RegCreateKeyW
RegQueryValueExA
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
RegCloseKey
DeregisterEventSource
ReportEventA
RegisterEventSourceA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

gdi32

DeleteDC
GetBitmapBits
BitBlt
GetObjectA
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateDCA
DeleteObject

ole32

CoInitializeEx
CoInitialize

Exports

Exports

HAFInitShareSeg
HAFStart
HAFStop
InstallDetours
UninstallDetours

Sections

.text
Size: 620KB - Virtual size: 617KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Desktop
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

153110c3bcc026f8cf434d160d67aafc

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

0b:98:41:aa:e8:06:68:9a:fc:0b:07:20:3c:f3:1e:59Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:98:41:aa:e8:06:68:9a:fc:0b:07:20:3c:f3:1e:59Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

7a:ee:fd:e4:cc:75:e6:d7:e6:69:02:05:2c:ce:0f:df:f1:5d:8d:fb:67:9f:4d:49:3a:be:49:88:c3:dc:dd:cbSigner

90:6f:60:40:36:d7:bb:7f:b9:37:79:9f:a8:14:8b:4c:60:62:e8:caSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

version

gdi32

ole32

Exports

Exports

Sections

.text Size: 620KB - Virtual size: 617KB

.rdata Size: 72KB - Virtual size: 70KB

.data Size: 84KB - Virtual size: 118KB

.Desktop Size: 8KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 44KB - Virtual size: 41KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0b:98:41:aa:e8:06:68:9a:fc:0b:07:20:3c:f3:1e:59
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:98:41:aa:e8:06:68:9a:fc:0b:07:20:3c:f3:1e:59
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

7a:ee:fd:e4:cc:75:e6:d7:e6:69:02:05:2c:ce:0f:df:f1:5d:8d:fb:67:9f:4d:49:3a:be:49:88:c3:dc:dd:cb
Signer

90:6f:60:40:36:d7:bb:7f:b9:37:79:9f:a8:14:8b:4c:60:62:e8:ca
Signer

.text
Size: 620KB - Virtual size: 617KB

.rdata
Size: 72KB - Virtual size: 70KB

.data
Size: 84KB - Virtual size: 118KB

.Desktop
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 44KB - Virtual size: 41KB