b22ad2a4ab1735b2fb6c800b52d1fbe9608698e2e749fbd028e5c4b8d6852ecf

Sharing

Copy URL

Twitter E-mail

General

Target

b22ad2a4ab1735b2fb6c800b52d1fbe9608698e2e749fbd028e5c4b8d6852ecf
Size

1.3MB
MD5

ebf6fdf0ca889437185d81df3c7c8734
SHA1

f47ca75a4d943180e58c40293d411db9f5e2769d
SHA256

b22ad2a4ab1735b2fb6c800b52d1fbe9608698e2e749fbd028e5c4b8d6852ecf
SHA512

3e76576e0ce2860e2265ee567bfce7a69b0b5b7312786c81137fadcec509e7a081772b4639cbd4530271a8389711867121f7eecfc70479651a707f85a9471fda
SSDEEP

24576:Ws/66GbJFLBoVs9nIDak3ri91DcSF+oYPaBcrmMO4k5mBoMRGJ/qofV:WWADsbWgo/BwBvk5mBq1qM

Score

1^/10

Malware Config

Signatures

Files

b22ad2a4ab1735b2fb6c800b52d1fbe9608698e2e749fbd028e5c4b8d6852ecf
.exe windows:5 windows x86 arch:x86

346786683915e7bace122a8990f4e833

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:b5:35:26:dd:9e:3f:80:81:49:52:e2:12:ff:b1:c4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

30-08-2022 00:00

Not After

02-10-2025 23:59

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=成都市,ST=四川省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ad:e9:06:5b:1b:03:f9:f2:11:b2:4e:30:be:11:f1:3e:53:30:b3:20:56:20:c0:60:57:24:a1:0d:6a:d3:9e:d7
Signer

Actual PE Digest

ad:e9:06:5b:1b:03:f9:f2:11:b2:4e:30:be:11:f1:3e:53:30:b3:20:56:20:c0:60:57:24:a1:0d:6a:d3:9e:d7

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleA
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetModuleHandleA
GetCurrentDirectoryA
GetFullPathNameA
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetHandleCount
HeapSize
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
SetEnvironmentVariableA
VirtualFree
HeapCreate
GetStringTypeW
LCMapStringW
GetConsoleOutputCP
GetCPInfo
RtlUnwind
RaiseException
ExitThread
GetFileInformationByHandle
GetCurrentProcessId
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
MoveFileW
HeapReAlloc
HeapAlloc
GetStartupInfoW
GetFileAttributesA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapFree
InterlockedExchange
InterlockedCompareExchange
GetFileSizeEx
GetSystemDirectoryW
VerSetConditionMask
VerifyVersionInfoW
FormatMessageA
SetLastError
ExpandEnvironmentStringsA
GetStdHandle
PeekNamedPipe
SleepEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WaitForMultipleObjects
WriteConsoleW
CreateFileA
CompareStringA
LCMapStringA
CompareStringW
Process32NextW
WaitForSingleObject
GetCurrentThreadId
SetFilePointerEx
SetEndOfFile
GlobalUnlock
GlobalLock
GlobalAlloc
DuplicateHandle
GetFileType
WriteFile
SystemTimeToFileTime
DosDateTimeToFileTime
MulDiv
InterlockedDecrement
InterlockedIncrement
ExitProcess
LockResource
SizeofResource
FreeResource
LoadResource
FindResourceW
GetTickCount
GetCurrentDirectoryW
GetACP
ReleaseMutex
OutputDebugStringA
GetUserDefaultUILanguage
GetLocalTime
TerminateProcess
OpenProcess
GetModuleHandleW
CreateMutexW
GetPrivateProfileStringA
GetModuleFileNameA
DeleteFileW
GetTempPathW
SetFilePointer
CreateThread
CreateToolhelp32Snapshot
CloseHandle
CreatePipe
GetSystemInfo
Process32FirstW
LoadLibraryA
GetProcAddress
GetLastError
GetStartupInfoA
CreateFileW
GetTimeZoneInformation
ReadFile
lstrlenA
CreateProcessA
GetExitCodeProcess
GetVersionExW
Sleep
GetLocaleInfoW
LoadLibraryW
OutputDebugStringW
GetCurrentProcess
CreateProcessW
FreeLibrary
GetFileSize
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
WideCharToMultiByte
VirtualAlloc
GetProcessHeap

user32

PeekMessageW
wsprintfW
ExitWindowsEx
GetSystemMetrics
SendMessageW
DispatchMessageW
TranslateMessage
GetWindowLongW
SetWindowLongW
GetClientRect
GetParent
MsgWaitForMultipleObjects
LoadImageW
IsIconic
GetWindowRect
ScreenToClient
SetWindowRgn
DestroyWindow
PtInRect
IsZoomed
KillTimer
SetTimer
ClientToScreen
PostQuitMessage
MoveWindow
ReleaseDC
GetWindowDC
IsWindow
SetFocus
FindWindowW
SetForegroundWindow
GetDC
CharNextW
DefWindowProcW
CreateWindowExW
ShowWindow
GetWindow
EnableWindow
GetMessageW
GetMonitorInfoW
MonitorFromWindow
SetWindowPos
LoadCursorW
RegisterClassW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
SetPropW
GetPropW
PostMessageW
AdjustWindowRectEx
GetMenu
OffsetRect
UnionRect
wvsprintfW
SetCursor
GetKeyState
GetActiveWindow
BeginPaint
EndPaint
GetGUIThreadInfo
CreateAcceleratorTableW
InvalidateRgn
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
CharPrevW
SetRect
DrawTextW
FillRect
GetCaretBlinkTime
GetSysColor
SetCaretPos
GetCaretPos
HideCaret
ShowCaret
CreateCaret
MessageBoxW
ReleaseCapture
SetCapture
InvalidateRect
IsRectEmpty
GetUpdateRect
IsWindowVisible
IntersectRect
MapWindowPoints
GetCursorPos
GetFocus

gdi32

CombineRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
SelectClipRgn
GetDeviceCaps
GetObjectA
GetTextMetricsW
SetWindowOrgEx
Rectangle
RestoreDC
BitBlt
CreateDIBSection
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
CreatePen
CreateFontIndirectW
GetStockObject
GetObjectW
GetTextExtentPoint32W
CreateFontW
SelectObject
GetTextExtentPointW
DeleteObject
CreateRoundRectRgn
StretchBlt
SetStretchBltMode
SetBkColor
ExtTextOutW
CreateSolidBrush
CreatePenIndirect
MoveToEx
LineTo
SetBkMode
SetTextColor
GetCharABCWidthsW
TextOutW
GdiFlush
SaveDC
CreatePatternBrush

advapi32

LookupAccountNameW
CryptEncrypt
CryptDestroyKey
CryptGenRandom
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
CryptHashData
RegCloseKey
AdjustTokenPrivileges
CryptDestroyHash
RegOpenKeyExW
IsValidSid
CryptCreateHash
LookupPrivilegeValueW
RegCreateKeyExA
RegQueryValueExW
CryptReleaseContext
RegSetValueExA
GetSidSubAuthorityCount
GetUserNameW
CryptAcquireContextW
GetSidSubAuthority
OpenProcessToken
GetSidIdentifierAuthority
CryptGetHashParam
CryptImportKey

shell32

SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoInitialize
OleLockRunning
CoCreateGuid

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

gdiplus

GdipLoadImageFromStream
GdipImageSelectActiveFrame
GdipGetImageHeight
GdipGetImageWidth
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDrawPath
GdipFillPath
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathArcI
GdipDeletePath
GdipCreatePath
GdipCreateSolidFill
GdipDeletePen
GdipCreatePen1
GdipDrawImage
GdipGraphicsClear
GdipDrawImageRectI
GdipDrawString
GdipGetFamily
GdipDeleteFontFamily
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateLineBrushI
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdiplusShutdown
GdiplusStartup
GdipGetPropertyItem

imm32

ImmGetContext
ImmSetCompositionFontW
ImmReleaseContext
ImmSetCompositionWindow

comctl32

ord17
_TrackMouseEvent

crypt32

CertFreeCertificateChain
CertGetNameStringW
CryptQueryObject
CertAddCertificateContextToStore
CertFreeCertificateChainEngine
CryptStringToBinaryW
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CertGetCertificateChain
CertOpenStore
CertCreateCertificateChainEngine

ws2_32

freeaddrinfo
getaddrinfo
listen
htonl
ntohl
accept
recvfrom
sendto
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
send
WSAIoctl
select
__WSAFDIsSet
ioctlsocket
WSASetLastError
recv
WSAGetLastError
WSACleanup
gethostname
WSAStartup
setsockopt

wldap32

ord14
ord145
ord208
ord26
ord133
ord147
ord127
ord142
ord79
ord167
ord301
ord27
ord41
ord46
ord216
ord73
ord118

Sections

.text
Size: 974KB - Virtual size: 974KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

346786683915e7bace122a8990f4e833

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:b5:35:26:dd:9e:3f:80:81:49:52:e2:12:ff:b1:c4Certificate

Extended Key Usages

Key Usages

ad:e9:06:5b:1b:03:f9:f2:11:b2:4e:30:be:11:f1:3e:53:30:b3:20:56:20:c0:60:57:24:a1:0d:6a:d3:9e:d7Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

imm32

comctl32

crypt32

ws2_32

wldap32

Sections

.text Size: 974KB - Virtual size: 974KB

.rdata Size: 175KB - Virtual size: 175KB

.data Size: 13KB - Virtual size: 23KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 53KB - Virtual size: 53KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:b5:35:26:dd:9e:3f:80:81:49:52:e2:12:ff:b1:c4
Certificate

ad:e9:06:5b:1b:03:f9:f2:11:b2:4e:30:be:11:f1:3e:53:30:b3:20:56:20:c0:60:57:24:a1:0d:6a:d3:9e:d7
Signer

.text
Size: 974KB - Virtual size: 974KB

.rdata
Size: 175KB - Virtual size: 175KB

.data
Size: 13KB - Virtual size: 23KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 53KB - Virtual size: 53KB