d9d46a925bea85160b1bbafdecc3892b2444eb85c89ca609c8077dda54c7888bN

Sharing

Copy URL Twitter E-mail

General

Target

d9d46a925bea85160b1bbafdecc3892b2444eb85c89ca609c8077dda54c7888bN
Size

254KB
MD5

033e8195674dd9ce39c72ed35bd287b0
SHA1

e270c510dfb29f1acca49f536419ac553e2f17c5
SHA256

d9d46a925bea85160b1bbafdecc3892b2444eb85c89ca609c8077dda54c7888b
SHA512

209de4d77b4b4a0ce7ad501ffc8405da197f909f686847e4e12e24522918d82589b4235b55ef63d60b8d1507d5ae1f52594a4a1ca687eedc12ffdd770cce7510
SSDEEP

6144:AV0vstYhBh5gcTGPvoqqkNwaEmgdNXargk7B+NS:AVIgfgiEvXer

Score

1^/10

Malware Config

Signatures

Files

d9d46a925bea85160b1bbafdecc3892b2444eb85c89ca609c8077dda54c7888bN
.dll windows:4 windows x86 arch:x86

7c18d8fa951d575b5252ab1a10cb5b81

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:82:bc:35:5a:44:3b:ae:ce:fe:2b:a2:57:5c:ee:0f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26/10/2021, 00:00

Not After

25/10/2024, 23:59

Subject

CN=Shenzhou Rongan Technology (Beijing) Limited,O=Shenzhou Rongan Technology (Beijing) Limited,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:82:bc:35:5a:44:3b:ae:ce:fe:2b:a2:57:5c:ee:0f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26/10/2021, 00:00

Not After

25/10/2024, 23:59

Subject

CN=Shenzhou Rongan Technology (Beijing) Limited,O=Shenzhou Rongan Technology (Beijing) Limited,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9e:a7:06:02:c2:b4:2e:2c:0b:fa:82:6f:6c:e4:b0:9b:3c:77:96:04:63:79:08:33:cf:65:a5:8b:ff:7c:79:9c
Signer

Actual PE Digest

9e:a7:06:02:c2:b4:2e:2c:0b:fa:82:6f:6c:e4:b0:9b:3c:77:96:04:63:79:08:33:cf:65:a5:8b:ff:7c:79:9c

Digest Algorithm

sha256

PE Digest Matches

true

a4:66:d2:1d:3e:05:86:83:eb:9f:0b:41:07:47:98:26:ba:93:96:9c
Signer

Actual PE Digest

a4:66:d2:1d:3e:05:86:83:eb:9f:0b:41:07:47:98:26:ba:93:96:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CryptVerifyCertificateSignature
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertCompareCertificate
CertDeleteCertificateFromStore
CertGetIntendedKeyUsage
CertGetNameStringW
CertSetCertificateContextProperty
CertAddCertificateContextToStore
CertCreateCertificateContext
CertOpenStore
CertAddEncodedCertificateToStore
CertVerifySubjectCertificateContext
CertFreeCertificateContext

kernel32

UnmapViewOfFile
GetCurrentProcess
CreateFileA
CreateDirectoryA
GetLocalTime
GetTempPathA
LoadLibraryA
GetSystemDirectoryA
SetUnhandledExceptionFilter
OutputDebugStringA
FileTimeToSystemTime
lstrlenW
WideCharToMultiByte
lstrcatW
GetModuleHandleW
GetModuleFileNameW
MultiByteToWideChar
MapViewOfFile
VirtualQuery
GetShortPathNameA
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
ReadFile
WriteFile
OpenFileMappingW
GetSystemDirectoryW
CreateFileMappingW
FreeLibrary
OpenMutexW
GetVersionExW
GetProcAddress
LoadLibraryW
GetCurrentProcessId
ReleaseMutex
WaitForSingleObject
CloseHandle
CreateMutexW
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetLastError
lstrcpyW
InterlockedExchangeAdd
lstrcmpW
InitializeCriticalSection
DeleteCriticalSection
CreateFileW
Sleep
DeviceIoControl
GlobalFree
GlobalAlloc
GetModuleFileNameA

user32

GetSystemMetrics
wsprintfW

advapi32

SetSecurityDescriptorDacl
StartServiceCtrlDispatcherW
CloseServiceHandle
DeleteService
StartServiceW
OpenServiceW
CreateServiceW
OpenSCManagerW
SetServiceStatus
RegOpenKeyExA
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
InitializeSecurityDescriptor
RegisterServiceCtrlHandlerW

msvcp60

?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

msvcrt

strchr
strcmp
wcsncpy
wcschr
_purecall
swprintf
wcscat
strncat
_vsnprintf
isprint
strcpy
_wcsicmp
vsprintf
vswprintf
sprintf
wcscmp
_except_handler3
wcsstr
wcsrchr
_wcslwr
wcstok
atol
atoi
strstr
towlower
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
_ltoa
_strupr
_strlwr
_getpid
_CxxThrowException
wcscpy
time
wcslen
strlen
malloc
memcmp
memset
??2@YAPAXI@Z
__CxxFrameHandler
memcpy
free
calloc
_chkesp

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW

hid

HidD_GetFeature
HidD_SetFeature
HidD_GetHidGuid
HidD_GetPreparsedData
HidP_GetCaps
HidD_FlushQueue
HidD_FreePreparsedData

winscard

g_rgSCardT1Pci
SCardDisconnect
g_rgSCardT0Pci
SCardReleaseContext
SCardIsValidContext
SCardEstablishContext
SCardEndTransaction
SCardBeginTransaction
SCardGetAttrib
SCardListReadersW
SCardConnectW
SCardReconnect
SCardTransmit

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList

Exports

Exports

RACreateTokenInstance
RADestroyTokenInstance
RAToken_ClearCacheByType
RAToken_ClearDevice
RAToken_DeleteKeyPair
RAToken_GenInternalKey
RAToken_GetDevNamebySlotID
RAToken_GetDevType
RAToken_GetP10
RAToken_GetProgramID
RAToken_GetTokenDisplayLang
RAToken_ImportKeySoft
RAToken_InternalSignHash
RAToken_IsTranHashMethByHandle
RAToken_KillProcessW
RAToken_ReadMemCertByIndex
RAToken_SCSISvr
RAToken_TransmitAPDU
RAToken_VerifyPINSignHash

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c18d8fa951d575b5252ab1a10cb5b81

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:82:bc:35:5a:44:3b:ae:ce:fe:2b:a2:57:5c:ee:0fCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:82:bc:35:5a:44:3b:ae:ce:fe:2b:a2:57:5c:ee:0fCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

9e:a7:06:02:c2:b4:2e:2c:0b:fa:82:6f:6c:e4:b0:9b:3c:77:96:04:63:79:08:33:cf:65:a5:8b:ff:7c:79:9cSigner

a4:66:d2:1d:3e:05:86:83:eb:9f:0b:41:07:47:98:26:ba:93:96:9cSigner

Headers

File Characteristics

Imports

crypt32

kernel32

user32

advapi32

msvcp60

msvcrt

wtsapi32

hid

winscard

setupapi

Exports

Exports

Sections

.text Size: 167KB - Virtual size: 166KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 45KB - Virtual size: 66KB

shared Size: 512B - Virtual size: 4B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:82:bc:35:5a:44:3b:ae:ce:fe:2b:a2:57:5c:ee:0f
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:82:bc:35:5a:44:3b:ae:ce:fe:2b:a2:57:5c:ee:0f
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

9e:a7:06:02:c2:b4:2e:2c:0b:fa:82:6f:6c:e4:b0:9b:3c:77:96:04:63:79:08:33:cf:65:a5:8b:ff:7c:79:9c
Signer

a4:66:d2:1d:3e:05:86:83:eb:9f:0b:41:07:47:98:26:ba:93:96:9c
Signer

.text
Size: 167KB - Virtual size: 166KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 45KB - Virtual size: 66KB

shared
Size: 512B - Virtual size: 4B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB