1485507e6b61175e2ea04d4866ee932620251b5ce895d78a959b7c4c5a2de18d

Resubmissions

07-01-2025 19:22

250107-x3kcaavmb1 10

07-01-2025 07:44

250107-jk35sa1mex 10

Sharing

Copy URL

Twitter E-mail

General

Target

1485507e6b61175e2ea04d4866ee932620251b5ce895d78a959b7c4c5a2de18d
Size

1.9MB
MD5

5332ac75c30c607e4b811a58baaa2069
SHA1

f1bada65a298ab4cf3c34dc9d9d425e4f94fdea2
SHA256

1485507e6b61175e2ea04d4866ee932620251b5ce895d78a959b7c4c5a2de18d
SHA512

e25015ca966a19f41f2330fe1df5ab5fc682f7c1ead6709489a9baa529b6ef629cf90be117090017cd57916e9e8529d57c6fc1e3ed613def4999b222a44a2c0e
SSDEEP

49152:VfaFUi5zWV33HXboEuQuBlWbAjI+CoZc1LaHDcI4CFezOEK:VEU0W1MEeBlW0woZqyYIiOEK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/css/d.bak

Files

1485507e6b61175e2ea04d4866ee932620251b5ce895d78a959b7c4c5a2de18d
.zip
css/1.bat
css/11.aspx
.jpg .js polyglot
css/2.bat
css/components.min.css
css/d.bak
.exe windows:6 windows x64 arch:x64

d42595b695fc008ef2c56aabd8efd68e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryW
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler
AddVectoredContinueHandler

Sections

.text
Size: 751KB - Virtual size: 751KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 950KB - Virtual size: 949KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
css/goto.7z
.exe windows:5 windows x64 arch:x64

8a98ca37f6f4c9b76127e450a14aec25

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:a0:99:d4:50:32:04:15:02:d1:f8:cc:00:8d:29:cf
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

10-12-2021 00:00

Not After

09-12-2024 23:59

Subject

SERIALNUMBER=91340100MA2T243T5P,CN=Hefei Pingbo Network Technology Co. Ltd,O=Hefei Pingbo Network Technology Co. Ltd,ST=Anhui Sheng,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

00:80:6f:a3:53:59:27:47:f3:82:95:07:0d:0c:29:1d:34:66:bf:3e:00:e6:e6:8c:57:9a:ca:22:46:9e:86:8d
Signer

Actual PE Digest

00:80:6f:a3:53:59:27:47:f3:82:95:07:0d:0c:29:1d:34:66:bf:3e:00:e6:e6:8c:57:9a:ca:22:46:9e:86:8d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSASetLastError
shutdown
send
ioctlsocket
WSAGetLastError
recv
connect
inet_ntoa
htons
inet_addr
htonl
getsockname
setsockopt
sendto
bind
gethostbyname
listen
accept
select
__WSAFDIsSet
getpeername
socket
closesocket
WSAStartup

kernel32

DeleteFileW
FindFirstFileW
GetDriveTypeW
CreateEventW
SetEvent
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WriteFile
GetFileAttributesW
GlobalSize
ReadFile
GetFileSize
SetFileTime
CreateFileW
MoveFileW
CreateDirectoryW
GetTempPathA
ResetEvent
WaitForSingleObject
TerminateThread
SetThreadPriority
CreateThread
WideCharToMultiByte
GetSystemTimeAsFileTime
GetLocalTime
OutputDebugStringA
CreateFileA
DeviceIoControl
FindFirstFileA
FindNextFileA
DeleteFileA
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemInfo
GetCurrentDirectoryA
GetFullPathNameA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
LoadLibraryA
FindNextFileW
HeapSize
HeapCreate
HeapSetInformation
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
GetStdHandle
GetTimeZoneInformation
GetStartupInfoW
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
VirtualQuery
VirtualProtect
ExitProcess
HeapReAlloc
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
GetProcessHeap
HeapAlloc
HeapFree
InterlockedPushEntrySList
LCMapStringA
LCMapStringW
FlushFileBuffers
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
FindClose
RemoveDirectoryW
OpenProcess
ProcessIdToSessionId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
LoadLibraryW
CreateProcessA
VerSetConditionMask
VerifyVersionInfoW
CreateFileMappingW
GetVersionExW
GetModuleFileNameA
Sleep
CreateMutexW
GetCommandLineW
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetLastError
lstrlenW
GetTickCount
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CloseHandle
GetCurrentProcessId
InitializeCriticalSection
SetLastError
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
GetVersion
GlobalMemoryStatus
FlushConsoleInputBuffer
FreeEnvironmentStringsW
GetEnvironmentStringsW
LocalAlloc
ReadConsoleInputA
SetConsoleMode
SetConsoleCtrlHandler

user32

GetCursorInfo
GetIconInfo
GetPriorityClipboardFormat
GetClipboardSequenceNumber
ExitWindowsEx
GetClipboardData
MapVirtualKeyW
SendInput
GetForegroundWindow
GetWindowThreadProcessId
GetGUIThreadInfo
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetThreadDesktop
FindWindowW
SetDlgItemTextW
SetDlgItemInt
SendDlgItemMessageW
GetDlgItemTextW
GetDlgItemInt
FillRect
DrawTextA
EnumDisplayMonitors
GetScrollInfo
ShowScrollBar
SetScrollPos
WindowFromPoint
GetScrollPos
EnableWindow
ClientToScreen
MoveWindow
CreatePopupMenu
GetActiveWindow
DialogBoxParamW
GetDlgCtrlID
GetKeyState
LockWorkStation
GetSystemMetrics
GetCursorPos
LoadIconW
GetCapture
PtInRect
SetCursor
ReleaseCapture
OffsetRect
EndPaint
BeginPaint
GetWindowLongPtrW
EnumDisplaySettingsW
IntersectRect
GetUserObjectInformationW
OpenInputDesktop
mouse_event
SetScrollInfo
UnionRect
GetSubMenu
TrackPopupMenu
CallWindowProcW
MonitorFromPoint
DestroyMenu
CheckMenuItem
EnableMenuItem
EnumWindows
UnregisterClassW
RegisterClassW
GetScrollRange
DeleteMenu
LoadMenuW
DrawTextW
SetForegroundWindow
SystemParametersInfoW
ChangeDisplaySettingsW
DrawIconEx
DestroyIcon
LoadImageW
SetWindowLongW
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
IsWindow
IsDialogMessageW
SetFocus
SetCapture
KillTimer
SetTimer
IsWindowVisible
ReleaseDC
GetDC
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SendMessageW
GetWindowLongW
DefWindowProcW
MessageBoxW
CreateWindowExW
RegisterClassExW
CharNextW
PeekMessageW
LoadStringW
LoadCursorW
GetClassInfoExW
OpenDesktopW
SetThreadDesktop
CloseDesktop
GetMessageW
PostQuitMessage
TranslateMessage
DispatchMessageW
CreateDialogParamW
SetWindowLongPtrW
GetDlgItemTextA
EndDialog
DestroyWindow
PostThreadMessageW
GetDlgItem
ShowWindow
InvalidateRect
UpdateWindow
GetClientRect
SetWindowPos
PostMessageW
UnregisterClassA
GetDesktopWindow
GetProcessWindowStation
AppendMenuW

gdi32

GetPaletteEntries
CreateDCW
StretchBlt
ExtSelectClipRgn
CreateRectRgn
RestoreDC
SaveDC
CreateCompatibleDC
CreateDIBSection
SetStretchBltMode
GetObjectW
GetDIBits
GetDeviceCaps
GetTextExtentExPointW
CreatePen
CreateHatchBrush
CreateFontW
SetBkColor
ExtTextOutW
RoundRect
Polygon
Ellipse
ExcludeClipRect
SelectClipRgn
SetViewportOrgEx
SetTextColor
SetBkMode
GetStockObject
DeleteDC
DeleteObject
CreateSolidBrush
BitBlt
SelectObject
Rectangle

advapi32

RegisterServiceCtrlHandlerW
SetServiceStatus
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
ReportEventW
DeregisterEventSource
RegisterEventSourceW
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
DeleteService
CreateServiceW
OpenServiceW
StartServiceW
ControlService
ChangeServiceConfig2W
OpenSCManagerW
CloseServiceHandle
GetUserNameW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
StartServiceCtrlDispatcherW

shell32

SHGetFolderPathW
DragFinish
Shell_NotifyIconW
DragAcceptFiles
ShellExecuteA
DragQueryFileW

ole32

CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VariantClear
VarUI4FromStr
VariantInit

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640KB - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
css/gotohttp.ini
css/plugins.min.css

Resubmissions

Sharing

General

Malware Config

Signatures

Files

d42595b695fc008ef2c56aabd8efd68e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 751KB - Virtual size: 751KB

.rdata Size: 950KB - Virtual size: 949KB

.data Size: 91KB - Virtual size: 383KB

.pdata Size: 21KB - Virtual size: 20KB

.xdata Size: 512B - Virtual size: 180B

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 18KB

.symtab Size: 512B - Virtual size: 4B

8a98ca37f6f4c9b76127e450a14aec25

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

57:a0:99:d4:50:32:04:15:02:d1:f8:cc:00:8d:29:cfCertificate

Extended Key Usages

Key Usages

00:80:6f:a3:53:59:27:47:f3:82:95:07:0d:0c:29:1d:34:66:bf:3e:00:e6:e6:8c:57:9a:ca:22:46:9e:86:8dSigner

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

userenv

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rodata Size: 2KB - Virtual size: 2KB

.rdata Size: 640KB - Virtual size: 640KB

.data Size: 101KB - Virtual size: 116KB

.pdata Size: 81KB - Virtual size: 80KB

.rsrc Size: 27KB - Virtual size: 26KB

.reloc Size: 28KB - Virtual size: 27KB

.text
Size: 751KB - Virtual size: 751KB

.rdata
Size: 950KB - Virtual size: 949KB

.data
Size: 91KB - Virtual size: 383KB

.pdata
Size: 21KB - Virtual size: 20KB

.xdata
Size: 512B - Virtual size: 180B

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 18KB

.symtab
Size: 512B - Virtual size: 4B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

57:a0:99:d4:50:32:04:15:02:d1:f8:cc:00:8d:29:cf
Certificate

00:80:6f:a3:53:59:27:47:f3:82:95:07:0d:0c:29:1d:34:66:bf:3e:00:e6:e6:8c:57:9a:ca:22:46:9e:86:8d
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rodata
Size: 2KB - Virtual size: 2KB

.rdata
Size: 640KB - Virtual size: 640KB

.data
Size: 101KB - Virtual size: 116KB

.pdata
Size: 81KB - Virtual size: 80KB

.rsrc
Size: 27KB - Virtual size: 26KB

.reloc
Size: 28KB - Virtual size: 27KB