General

Malware Config

Signatures

Files

• 9bb8ca69a0118ba479292d3df9c99bb82d47263513be3d7ec3f78a134d6fa610

  .exe windows x86

  374667feebf679ebaafe57e3022937de

  
  

  Code Sign

  1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78

  Certificate

  Issuer

  OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

  Not Before

  08-11-2006 00:00

  Not After

  07-11-2021 23:59

  Subject

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  2c:2a:cd:9e:52:b3:fc:95:24:22:9d:8d:21:3d:87:58

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Not Before

  21-01-2019 00:00

  Not After

  04-02-2020 23:59

  Subject

  CN=上海展盟网络科技有限公司,OU=IT,O=上海展盟网络科技有限公司,L=Shanghai,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66

  Certificate

  Issuer

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2014 00:00

  Not After

  22-10-2024 00:00

  Subject

  CN=DigiCert Timestamp Responder,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  10-11-2006 00:00

  Not After

  10-11-2021 00:00

  Subject

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageServerAuth

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  ExtKeyUsageEmailProtection

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78

  Certificate

  Issuer

  OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

  Not Before

  08-11-2006 00:00

  Not After

  07-11-2021 23:59

  Subject

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0d:9d:6a:bc:d0:f9:df:4e:41:ee:cf:e8:d9:0f:a5:0b

  Certificate

  Issuer

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  21-01-2019 00:00

  Not After

  04-02-2020 23:59

  Subject

  CN=上海展盟网络科技有限公司,OU=IT,O=上海展盟网络科技有限公司,L=Shanghai,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  10-12-2013 00:00

  Not After

  09-12-2023 23:59

  Subject

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-10-2019 00:00

  Not After

  17-10-2030 00:00

  Subject

  CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  07-01-2016 12:00

  Not After

  07-01-2031 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  2f:91:d5:8d:d3:bd:a9:67:29:38:02:bd:46:5f:5d:ae:34:fb:62:e8:80:11:17:e4:2e:a9:49:da:b3:06:38:e1

  Signer

  Actual PE Digest

  2f:91:d5:8d:d3:bd:a9:67:29:38:02:bd:46:5f:5d:ae:34:fb:62:e8:80:11:17:e4:2e:a9:49:da:b3:06:38:e1

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=上海展盟网络科技有限公司,OU=IT,O=上海展盟网络科技有限公司,L=Shanghai,C=CN

  21-11-2019 07:04

  Valid: false

  03:f8:9b:32:bc:2b:12:16:5f:78:b8:fd:1d:79:ed:bc:0f:48:81:bd

  Signer

  Actual PE Digest

  03:f8:9b:32:bc:2b:12:16:5f:78:b8:fd:1d:79:ed:bc:0f:48:81:bd

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=上海展盟网络科技有限公司,OU=IT,O=上海展盟网络科技有限公司,L=Shanghai,C=CN

  21-11-2019 07:04

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetCurrentProcess

  LoadLibraryA

  HeapAlloc

  GetProcessHeap

  GetModuleHandleW

  IsBadReadPtr

  HeapSize

  HeapReAlloc

  RaiseException

  DecodePointer

  DeleteCriticalSection

  GetModuleFileNameW

  MultiByteToWideChar

  HeapFree

  WideCharToMultiByte

  WriteConsoleW

  SetStdHandle

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  CloseHandle

  CreateEventW

  LoadLibraryExW

  GetProcAddress

  FreeLibrary

  InitializeCriticalSectionAndSpinCount

  SetLastError

  GetLastError

  GetCommandLineW

  GetCommandLineA

  GetOEMCP

  IsValidCodePage

  FindNextFileW

  FindFirstFileExW

  FindClose

  SetFilePointerEx

  GetConsoleMode

  GetConsoleCP

  FlushFileBuffers

  GetFileType

  GetACP

  EnterCriticalSection

  LeaveCriticalSection

  EncodePointer

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetSystemTimeAsFileTime

  LCMapStringW

  GetStringTypeW

  GetCPInfo

  IsProcessorFeaturePresent

  IsDebuggerPresent

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetStartupInfoW

  TerminateProcess

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  InitializeSListHead

  OutputDebugStringW

  RtlUnwind

  ExitProcess

  GetModuleHandleExW

  GetStdHandle

  WriteFile

  Sections

  .text

  Size: 68KB - Virtual size: 68KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 85KB - Virtual size: 84KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1.6MB - Virtual size: 1.6MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 512B - Virtual size: 328B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 48KB - Virtual size: 48KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 6KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ