DiskGenius[.]exe[.]7z

Resubmissions

03/10/2022, 08:06

221003-jzwn9aedd9 6

03/10/2022, 08:04

221003-jyqrlsech6 1

Sharing

Copy URL Twitter E-mail

General

Target

DiskGenius.exe.7z
Size

17.1MB
MD5

91601ccf1c206f1d87b7158f4ca30bd5
SHA1

ce426f9673fee3bd285e2f8883494dc67d17fc05
SHA256

4e1848f1f0cb0e785b8a834051a2d97e81e7bf287a532c73c6118da43ba46f2b
SHA512

8a9a2f892e11d014d18fa1a799f0a26c8410df046609525e06304dacf1679de7584def657f2cb6323165e8dcdddb1ca63a98b02912dec2b68fc14277bc8866a2
SSDEEP

393216:p5BIfMAgbmsgVjiQWTQvYClni89hIDz84fqH9XxZLNR:pEfMDbFMYYniCiM4fqHh

Score

N/A

Malware Config

Signatures

Files

DiskGenius.exe.7z
.7z

Password: infected
DiskGenius.exe
.exe windows x86

Password: infected

8319fe98963d1fd42093411aab0cab67

Code Sign

0d:45:37:0a:05:11:9b:ee:d8:84:ed:cc:b4:5c:4d:4b
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/02/2021, 00:00

Not After

12/02/2024, 23:59

Subject

SERIALNUMBER=91130302MA09JH3X4Y,CN=Qinhuangdao Yizhishu Software Development Co.\, Ltd.,OU=IT,O=Qinhuangdao Yizhishu Software Development Co.\, Ltd.,L=秦皇岛市,ST=河北省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e6b5b7e6b8afe58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b2b3e58c97e79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:a9:79:2c:2e:6c:ae:e1:46:e1:b5:78:64:44:0d:c5:60:e4:9f:e1
Signer

Actual PE Digest

41:a9:79:2c:2e:6c:ae:e1:46:e1:b5:78:64:44:0d:c5:60:e4:9f:e1

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=91130302MA09JH3X4Y,CN=Qinhuangdao Yizhishu Software Development Co.\, Ltd.,OU=IT,O=Qinhuangdao Yizhishu Software Development Co.\, Ltd.,L=秦皇岛市,ST=河北省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e6b5b7e6b8afe58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b2b3e58c97e79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

07/04/2022, 01:46
Valid: true

Chain 1

SERIALNUMBER=91130302MA09JH3X4Y,CN=Qinhuangdao Yizhishu Software Development Co.\, Ltd.,OU=IT,O=Qinhuangdao Yizhishu Software Development Co.\, Ltd.,L=秦皇岛市,ST=河北省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c09e6b5b7e6b8afe58cba,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b2b3e58c97e79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiEnumDeviceInfo

mpr

WNetGetConnectionW

version

GetFileVersionInfoW

winmm

timeBeginPeriod

kernel32

GetVersionExW
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetSystemMenu
CharUpperBuffW

gdi32

GetObjectType

msimg32

AlphaBlend

comdlg32

GetOpenFileNameW

winspool.drv

OpenPrinterW

advapi32

CloseServiceHandle

shell32

SHAppBarMessage

comctl32

ImageList_Draw

shlwapi

StrToIntExW

uxtheme

IsAppThemed

ole32

OleFlushClipboard

oleaut32

OleCreateFontIndirect

oledlg

OleUIBusyW

urlmon

URLDownloadToFileW

powrprof

SetSuspendState

gdiplus

GdipGetImageHeight

psapi

GetProcessImageFileNameW

wintrust

WTHelperGetProvSignerFromChain

crypt32

CertGetNameStringW

wininet

InternetGetConnectedState

oleacc

LresultFromObject

imm32

ImmGetContext

winhttp

WinHttpSetOption

Exports

Exports

j�F�!�h�=��rL��I<nH��;�4/�X�1k��L4~J�Q��O�uh�6宅g.h�_��B��N��y�H��C ��'��ؔ�8F�5W��nx�3W#�0N��i��WKF�:�-��_lȳ��d��\i��ju 5qQb��MB��e��Xs��;��t)��K�`�iZ*r�|5l/�PP��e�$��g ��p:�9�\��a��7zw�w�^'�ߋN�?J,c͵?�BK�g��p=C��oE��%wlm��m�]��W%�iF�`d�� ;��2Er��/UL�Sj!gp*��=��ė�2�*�/w��r9��״bԠ�kv66��<�ک�7��#�ߣ3�m)3]L( r &j��l&7d^>A�{�{��e@y�w��u9�� *�v�4�8$&�x(y�||&�f%r�K$]=��I�(��%�a��5k��@K�X�x�sA��}�B9��U��V�7L��=� U��~ڟ�&�maƬ��]P7FDRJR�6� zg\�s��کy�*�=ek)�X��ca?�Ꮔ��5N�2 ��>��Ʊ��T�Kќ8j#ZF�k��9$p1�1yk��^z(��魞0��V.�� M��2K�k�)T_��0��C��'�,�ڊ5�Zw9:�2m�`��X��y֬�"̞� 1:��ʠ�1�9�,�_�C !1NF�l$e{�ǯ�XSo=Ģ'9��scB�@�� Dp깄r�4z��m�=_lɻ1��5+R ��!��_�g�S��m�ˢc[sgUtL��-{5i艭X��+��2��*9~[��ɉ`��p��ZY��RH e�(^3X%I��^�r��M(Y'�$��6L��V�r�� l�^��3��3ؗ�6�� 8M�C:�|Q%򵣻/��aC%�[��L�u��u�_W�k��n��4c�{7�xLE-��QuK!�O�� P/wT{�D��)NWս��l��M�ɷj"�H�z+]?�)B�zy�w�{��Y'��cn��4++>�,�8?tWD��y7V�|��P��I�}8b.��z�x��H�Bp��D~E�~��̢�3e��dy'=��z�2_<T�g��^��"��4۠6��uw�q#w��# h-6ح� <��zL�f4t�X��(gGY(�<��j�.Q7]��sx�!L��H�C-?k�~b-�Y%��馮��)�o\�w�b*,��|w��Y��Se:��&u�:*?o�f�P��2^��V�o�G�Y�x��?�b+(u�}g��׾�V��^s�ݛ�Y)��Ȍ��c�� ʍ��0��5�Z&�1aN�G5J��n��>e+W�i 8QcJ��Q�0�[UG��o�H>��ڴ:�շ�g**ЦO��:8]��H�9OcԳ�#��M�1�ydl�ί�މ��M�l��q`xH��h��Ktɝ��ࡒ�gR��w38��Y��M�O2�Y�r�~X6�Jy��&Q��T�1��K�~�Xb\��3Q�MK��w1eeq��]��#s��~㏒l�N>͏}��^UK�_��C�],fo�&t��ئ7��)^~�:ˣ�?;=��9zw�k��c��L��ˠ��j4M��7N\u^��?�K�"��S �B��WҼ��n�$��$��F�Ly��sq�`�6>��Bע��8��7��z��ҟ` � ��$Xzk�z.�rM��^��(ˑ�3 � ��C�;R��3GN�L ��Q��8�z%�]k��%7�dFC�8�W�^��UNMK��▋��8_�e �1j4^�p�;�˼B̵#�oT��}ͤ��P��/��t��%�2��sl��5-�Ɇ��]��b��B�Y`�¯A��Fx#k��]��W.��8\��.�l��d�?7[r��+¬=�-��'W{ Vie�}b��~�� f��xɥ��W�;�� r��ز?��(�:m��!�SnzUI�y��F��U�zט�Rj��P�z��XM��=Nu��?�,O�J�tA� ��ɞx�rU�} %(y� ,�g�4�%��E+�: �*��ް�刀�α0>2��G ��Ǵ'|9�ο�� G~��ZU^��c��U��I�i�bQ�o��V��x��Չ��ԤS��)��*j�$��k^Y��PK��*�ʀc��3-��.�N��7�f#<ö��PT!��dxI��GQƶ��p%�5�z�S��]��mޙ��\�%)��@YQ�A.T�}��cC,#�#��*�A�Ygi?I�kO�`��(��%�+�ftm��Cv��w<��Q4T#M�P(�{��g��$E��[�>�S�N\��K+)�6��C\�~ܷ�&��J��/�t�֬{�P��`��-l��*��r�Mf�0-յ�(�ޞ��#ٵ{6�(Gj}�eX �×Ǜ�U��w1lt��\y��Ѫ&��6�[2��ǯ�2b��x�bt�-K�$f��x��y��CXTr�7p��0��A{��(C� v��ۅJ��j:�i1�e�>�]a8A��a�=_%��W��`=��P>C#�G!Q�(F�K3O ;��냾��1�+46�5�G��*�� kS��۳�=nu��ց��g1�U�,8f�9K�8H��X�ǐ��d��6�\�Gq��O�O��<Мv��;f��Т��s��z�N��u0�=$�G+19�q�"r��C�`��s��dx� ��K��n��XU�[��B:�cNu��&ar��f�&�;@�"d��hn��,*%�� (K~�G� ��U�DޕK��u�s�v}:��);�O�@��Y>П|E�J�L�f#�4��x4

Sections

.text
Size: - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1001KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.F;u
Size: - Virtual size: 10.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.kC.
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Gc_
Size: 15.7MB - Virtual size: 15.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11.2MB - Virtual size: 15.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

8319fe98963d1fd42093411aab0cab67

Code Sign

0d:45:37:0a:05:11:9b:ee:d8:84:ed:cc:b4:5c:4d:4bCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

41:a9:79:2c:2e:6c:ae:e1:46:e1:b5:78:64:44:0d:c5:60:e4:9f:e1Signer

Signature Validations

Verification

07/04/2022, 01:46 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

mpr

version

winmm

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

urlmon

powrprof

gdiplus

psapi

wintrust

crypt32

wininet

oleacc

imm32

winhttp

Exports

Exports

Sections

.text Size: - Virtual size: 4.8MB

.rdata Size: - Virtual size: 1001KB

.data Size: - Virtual size: 3.0MB

.F;u Size: - Virtual size: 10.2MB

.kC. Size: 4KB - Virtual size: 3KB

.Gc_ Size: 15.7MB - Virtual size: 15.7MB

.rsrc Size: 11.2MB - Virtual size: 15.2MB

0d:45:37:0a:05:11:9b:ee:d8:84:ed:cc:b4:5c:4d:4b
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

41:a9:79:2c:2e:6c:ae:e1:46:e1:b5:78:64:44:0d:c5:60:e4:9f:e1
Signer

07/04/2022, 01:46
Valid: true

.text
Size: - Virtual size: 4.8MB

.rdata
Size: - Virtual size: 1001KB

.data
Size: - Virtual size: 3.0MB

.F;u
Size: - Virtual size: 10.2MB

.kC.
Size: 4KB - Virtual size: 3KB

.Gc_
Size: 15.7MB - Virtual size: 15.7MB

.rsrc
Size: 11.2MB - Virtual size: 15.2MB