648b16041ec1d647d0e34fb3a15b6bc29883321d09d7167dd74a98ec1a02487c

Sharing

Copy URL Twitter E-mail

General

Target

648b16041ec1d647d0e34fb3a15b6bc29883321d09d7167dd74a98ec1a02487c
Size

141KB
MD5

76f134ad987f7a18cf542140199959d8
SHA1

f11589094494994398235de031b1d37fd383f04c
SHA256

648b16041ec1d647d0e34fb3a15b6bc29883321d09d7167dd74a98ec1a02487c
SHA512

55709bc0730ed32ed2df26b44d9b04fc445273fa075758884fb3d0e38fa2bdf15727c0cfee1f81b4873e1f03e1ae0b0e33c05664e1bff2ad9d2650e795cc10df
SSDEEP

3072:bbKVOdBthydbJy/b6ipfpP9XNyFlWTBfNxtIbCvZHj:bbKk/yd9y/b6ipBOFlWTBqOD

Score

N/A

Malware Config

Signatures

Files

648b16041ec1d647d0e34fb3a15b6bc29883321d09d7167dd74a98ec1a02487c
.dll windows x86

985caaff4a8b850aa25170e1796c41a7

Code Sign

3b:7a:b6:02:1b:b8:af:cb:fd:fb:f7:bc:ba:fc:3d:84
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

05/12/2016, 07:15

Not After

05/07/2018, 07:15

Subject

CN=Hangzhou Infogo Tech Co.\, Ltd.,O=Hangzhou Infogo Tech Co.\, Ltd.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b0:d4:e1:31:03:f3:95:60:2e:12:53:3b:67:b2:7b:da:64:c7:ac:ef
Signer

Actual PE Digest

b0:d4:e1:31:03:f3:95:60:2e:12:53:3b:67:b2:7b:da:64:c7:ac:ef

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Hangzhou Infogo Tech Co.\, Ltd.,O=Hangzhou Infogo Tech Co.\, Ltd.,L=Hangzhou,ST=Zhejiang,C=CN

10/05/2018, 11:13
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

isamanage

IsiGetAgentID
IsiGetFile
IsiIsSystem
IsiAddTask
IsiSend

kernel32

Sleep
GetModuleHandleA
LoadLibraryA
CreateToolhelp32Snapshot
MultiByteToWideChar
CreateThread
GetLocalTime
GetDiskFreeSpaceExA
Process32First
CloseHandle
GetCurrentProcessId
GetTempPathA
DeleteFileA
ExpandEnvironmentStringsA
Process32Next
GetDriveTypeA
TerminateThread
GetProcAddress
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
RtlUnwind
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
OpenFileMappingA
GetOverlappedResult
FlushFileBuffers
WaitForSingleObject
SetEvent
GetLastError
LockFileEx
GetFileAttributesExA
UnlockFileEx
FormatMessageA
WriteFile
CreateFileA
OpenEventA
GetFileSize
GetModuleFileNameA
CreateEventA
SetFilePointer
CancelIo
MapViewOfFile
UnmapViewOfFile
GetCurrentThreadId
HeapReAlloc
HeapSize
HeapAlloc
HeapFree
GetProcessHeap
MoveFileExA
ReadFile
EnterCriticalSection
InitializeCriticalSection
WideCharToMultiByte
LeaveCriticalSection
SetLastError
OpenProcess
TerminateProcess
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetTickCount
CopyFileA
SetFileAttributesA
FindClose
SetEndOfFile
GetFileAttributesA
MoveFileA
CreateDirectoryA
FindFirstFileA
GetVersionExA
GetSystemDirectoryA
GetWindowsDirectoryA
GetPrivateProfileStringA
GetCommandLineA
InterlockedIncrement
InterlockedDecrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
ExitProcess
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
GetFileType

user32

ExitWindowsEx

advapi32

SetSecurityDescriptorDacl
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
InitializeSecurityDescriptor

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetSetOptionA
HttpSendRequestA
HttpOpenRequestA
InternetReadFile
InternetCrackUrlA
HttpQueryInfoA
InternetConnectA
InternetQueryDataAvailable

Exports

Exports

IsInitFuncModule
MD_DoWork

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

985caaff4a8b850aa25170e1796c41a7

Code Sign

3b:7a:b6:02:1b:b8:af:cb:fd:fb:f7:bc:ba:fc:3d:84Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

b0:d4:e1:31:03:f3:95:60:2e:12:53:3b:67:b2:7b:da:64:c7:ac:efSigner

Signature Validations

Verification

10/05/2018, 11:13 Valid: false

Headers

File Characteristics

Imports

isamanage

kernel32

user32

advapi32

wininet

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 81KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 8KB - Virtual size: 37KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

3b:7a:b6:02:1b:b8:af:cb:fd:fb:f7:bc:ba:fc:3d:84
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

b0:d4:e1:31:03:f3:95:60:2e:12:53:3b:67:b2:7b:da:64:c7:ac:ef
Signer

10/05/2018, 11:13
Valid: false

.text
Size: 84KB - Virtual size: 81KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 37KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB