09bd6ec4d61afba6f3e4ed08d559b94d77e40c20fdc627e3678fb3df05bf4755

Sharing

Copy URL Twitter E-mail

General

Target

09bd6ec4d61afba6f3e4ed08d559b94d77e40c20fdc627e3678fb3df05bf4755
Size

120KB
MD5

2030e0ea6fb8769ec2745ac0ed7d9da0
SHA1

c3a47a80de5cbd7b1b8ee466a5c61d378e7496f3
SHA256

09bd6ec4d61afba6f3e4ed08d559b94d77e40c20fdc627e3678fb3df05bf4755
SHA512

a22fe2951d1729afeb1b8e3aa4971ffc93d6d41e90dcc16d40178c9a5092642ed12f83e028e388ce2c88ec7141a4dd2aa53acc878fdd5f17b3da94ce980fe737
SSDEEP

3072:3fG8eIUY9DSomtFzBKi/YAU0EClW1Uz+HdV:vnGHN/Yd0S1Uqd

Score

N/A

Malware Config

Signatures

Files

09bd6ec4d61afba6f3e4ed08d559b94d77e40c20fdc627e3678fb3df05bf4755
.exe windows x86

f29262aeb4794fa170361fa5e3ff95c1

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

cc:31:84:83:81:c9:a0:c5:2f:13:6f:2b:2f:60:17:fc
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

29/10/2007, 00:00

Not After

28/10/2008, 23:59

Subject

CN=深圳市世强电脑科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=深圳市世强电脑科技有限公司,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

e7:1d:7c:df:6b:ef:6a:29:20:cb:a4:f1:6b:93:1c:5d:0d:71:92:f4
Signer

Actual PE Digest

e7:1d:7c:df:6b:ef:6a:29:20:cb:a4:f1:6b:93:1c:5d:0d:71:92:f4

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=深圳市世强电脑科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=深圳市世强电脑科技有限公司,L=深圳市,ST=广东省,C=CN

06/10/2022, 18:38
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameA
GetModuleHandleA
SetFilePointer
GetVersionExA
SetEndOfFile
ReadFile
GetFileSize
CopyFileA
CreateDirectoryA
WinExec
Sleep
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
lstrcpyA
FlushFileBuffers
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LoadLibraryA
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
CloseHandle
GetLocaleInfoA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetACP
InterlockedExchange
CreateFileA
WriteFile
DeleteFileA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ExitProcess
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetFileType
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetOEMCP
GetCPInfo
SetUnhandledExceptionFilter
HeapCreate
VirtualFree
IsBadWritePtr
GetProcAddress
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
SetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA

user32

FindWindowA
PostMessageA
MessageBoxA

advapi32

RegQueryValueExA
RegOpenKeyA

shlwapi

PathFileExistsA

cabinet

ord22
ord21
ord23
ord20

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f29262aeb4794fa170361fa5e3ff95c1

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

cc:31:84:83:81:c9:a0:c5:2f:13:6f:2b:2f:60:17:fcCertificate

Extended Key Usages

Key Usages

e7:1d:7c:df:6b:ef:6a:29:20:cb:a4:f1:6b:93:1c:5d:0d:71:92:f4Signer

Signature Validations

Verification

06/10/2022, 18:38 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

cabinet

Sections

.text Size: 68KB - Virtual size: 66KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 32KB - Virtual size: 32KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

cc:31:84:83:81:c9:a0:c5:2f:13:6f:2b:2f:60:17:fc
Certificate

e7:1d:7c:df:6b:ef:6a:29:20:cb:a4:f1:6b:93:1c:5d:0d:71:92:f4
Signer

06/10/2022, 18:38
Valid: false

.text
Size: 68KB - Virtual size: 66KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 32KB - Virtual size: 32KB