ac0982d579f8a2998edddd177feffd451a4063e18a32a36582387cdcf2a1375f

Sharing

Copy URL Twitter E-mail

General

Target

ac0982d579f8a2998edddd177feffd451a4063e18a32a36582387cdcf2a1375f
Size

69KB
MD5

7c7aa46fb0c00c81949e2cc9a9cb0a56
SHA1

6da16a9c78fe4b733bb6f25caf886cc9025cd62b
SHA256

ac0982d579f8a2998edddd177feffd451a4063e18a32a36582387cdcf2a1375f
SHA512

8e8bc6c5c6ba48dccd84591e54cdee603e86a3867a9a78dae286737788e4c8513bfec1fa925a08dbe5a4d0aac98a203a126c12877b49417684326c358447a76e
SSDEEP

1536:b2OvpU04v3JCPCV3zgieTF7tAZcBcVOlaQBn2fpicxjW:quyUiex7tALOlaZfpigjW

Score

N/A

Malware Config

Signatures

Files

ac0982d579f8a2998edddd177feffd451a4063e18a32a36582387cdcf2a1375f
.dll windows x64

ed2e70eac43684b8ad935d4038dcd357

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:86:ed:40:3e:c1:bf:44:1c:8f:33:5c:84:1e:ea:00
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/08/2019, 00:00

Not After

02/10/2022, 12:00

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:09:1e:19:18:55:a7:0a:91:70:ef:18:e4:23:ea:d3
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/08/2019, 00:00

Not After

02/10/2022, 12:00

Subject

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fc:78:2b:3b:fb:4b:35:63:7c:5e:d6:b8:ac:96:b8:3d:b8:e1:fd:74:13:6d:53:99:e0:c0:14:b3:2e:4e:10:f0
Signer

Actual PE Digest

fc:78:2b:3b:fb:4b:35:63:7c:5e:d6:b8:ac:96:b8:3d:b8:e1:fd:74:13:6d:53:99:e0:c0:14:b3:2e:4e:10:f0

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

17/11/2022, 13:16
Valid: false

b3:cc:ac:3a:b2:6f:4a:ad:ae:bf:f3:86:32:8d:19:86:bc:3c:81:fc
Signer

Actual PE Digest

b3:cc:ac:3a:b2:6f:4a:ad:ae:bf:f3:86:32:8d:19:86:bc:3c:81:fc

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=CHENGDU YIWO Tech Development Co.\, Ltd.,O=CHENGDU YIWO Tech Development Co.\, Ltd.,L=Chengdu,ST=Sichuan,C=CN

17/11/2022, 13:16
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libiconv-2

ord8
ord7
ord6

libxml2-2

ord698
ord450
ord392
ord454
ord666
ord1086
ord510
ord671
ord1529
ord1439
ord1555
ord353
ord659
ord352
ord944
ord939
ord639
ord824
ord396
ord1532
ord406
ord701
ord1523

kernel32

Sleep
SetFileAttributesA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
FreeLibrary
GetFileAttributesA
GetProcAddress
LoadLibraryA

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@PEBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAD_K@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@AEBV01@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_NXZ

msvcr90

__C_specific_handler
__CppXcptFilter
__crt_debugger_hook
__CxxFrameHandler3
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
__RTDynamicCast
?terminate@@YAXXZ
strcat_s
??_V@YAXPEAX@Z
_CxxThrowException
strcpy_s
free
??0exception@std@@QEAA@AEBQEBD@Z
??1exception@std@@UEAA@XZ
??3@YAXPEAX@Z
??0exception@std@@QEAA@XZ
??0exception@std@@QEAA@AEBV01@@Z
??2@YAPEAX_K@Z
_invalid_parameter_noinfo
malloc
?what@exception@std@@UEBAPEBDXZ
_encode_pointer
_malloc_crt
_initterm
_initterm_e
_encoded_null
_decode_pointer
_amsg_exit

Exports

Exports

??0CXmlDocument@@QEAA@XZ
??0CXmlNode@@QEAA@AEBV0@@Z
??0CXmlNode@@QEAA@AEBV0@QEAD@Z
??0CXmlNode@@QEAA@PEAX@Z
??0CXmlNode@@QEAA@XZ
??1CXmlDocument@@QEAA@XZ
??1CXmlNode@@QEAA@XZ
??4CXmlDocument@@QEAAAEAV0@AEBV0@@Z
??4CXmlNode@@QEAAAEAV0@AEBV0@@Z
??4_Init_locks@std@@QEAAAEAV01@AEBV01@@Z
??ACXmlNode@@QEAA?AV0@QEAD@Z
??ECXmlNode@@QEAAXXZ
?ClearChildrenNode@CXmlNode@@QEAAIXZ
?CompareNodeName@CXmlNode@@AEAAHQEAD@Z
?ContentIsByteData@CXmlNode@@AEAAIAEAH@Z
?CreateNode@CXmlNode@@QEAAIAEAV1@QEAD111@Z
?CreateNode@CXmlNode@@QEAAIAEAV1@QEADQEAXH@Z
?DeleteChildrenElement@CXmlNode@@QEAAIXZ
?DeleteFirstElement@CXmlNode@@QEAAIQEAD@Z
?DeleteNextNode@CXmlNode@@QEAAIQEAD@Z
?DeleteNode@CXmlNode@@QEAAIXZ
?FindNodeSet@CXmlDocument@@QEAAIQEAD@Z
?GetByteData@CXmlNode@@AEAAIQEADPEADAEAH@Z
?GetChildrenNode@CXmlNode@@QEAA?AV1@XZ
?GetFirstElement@CXmlNode@@QEAA?AV1@AEBV1@QEAD@Z
?GetFirstElement@CXmlNode@@QEAA?AV1@QEAD@Z
?GetNextElement@CXmlNode@@QEAA?AV1@QEAD@Z
?GetNodeContent@CXmlNode@@QEAAIPEADAEAH@Z
?GetNodeName@CXmlNode@@QEAAIPEADAEAH@Z
?GetNodeNs@CXmlNode@@QEAAPEAXXZ
?GetNodeNsHref@CXmlNode@@QEAAIPEADAEAH@Z
?GetNodeNsPrefix@CXmlNode@@QEAAIPEADAEAH@Z
?GetNodeProperty@CXmlNode@@QEAAIQEADPEADAEAH@Z
?GetNodeSetElement@CXmlDocument@@QEAA?AVCXmlNode@@H@Z
?GetNodeSetNum@CXmlDocument@@QEAAHXZ
?GetNsMap@CXmlNode@@QEAA?AV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@std@@AEAVCXmlDocument@@@Z
?GetNsMapRe@CXmlNode@@QEAA?AV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@std@@AEAVCXmlDocument@@@Z
?GetRootElement@CXmlDocument@@QEAA?AVCXmlNode@@XZ
?GetSiblingNode@CXmlNode@@QEAA?AV1@XZ
?GetXmlDocPointer@CXmlDocument@@QEAAPEAXXZ
?GetXmlNodePointer@CXmlNode@@AEBAPEAXXZ
?NodeExists@CXmlNode@@QEAAHQEAD@Z
?NodeValid@CXmlNode@@QEBAHXZ
?OpenXmlFile@CXmlDocument@@QEAAIQEAD0@Z
?PropertyExists@CXmlNode@@QEAAHQEAD@Z
?SaveXmlFile@CXmlDocument@@QEAAIQEAD0@Z
?SetCurrent@CXmlNode@@AEAAXPEAX@Z
?SetNodeContent@CXmlNode@@QEAAIQEAD@Z
?SetNodeContent@CXmlNode@@QEAAIQEAXH@Z
?SetNodeName@CXmlNode@@QEAAIQEAD@Z
?SetNodeProperty@CXmlNode@@QEAAIQEAD0@Z
?code_convert@CXmlNode@@AEBAIPEAD00H0H@Z
?g2u@CXmlNode@@AEBAPEADPEAD@Z
?u2g@CXmlNode@@AEBAPEADPEAD@Z

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed2e70eac43684b8ad935d4038dcd357

Code Sign

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

06:86:ed:40:3e:c1:bf:44:1c:8f:33:5c:84:1e:ea:00Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

01:09:1e:19:18:55:a7:0a:91:70:ef:18:e4:23:ea:d3Certificate

Extended Key Usages

Key Usages

fc:78:2b:3b:fb:4b:35:63:7c:5e:d6:b8:ac:96:b8:3d:b8:e1:fd:74:13:6d:53:99:e0:c0:14:b3:2e:4e:10:f0Signer

Signature Validations

Verification

17/11/2022, 13:16 Valid: false

b3:cc:ac:3a:b2:6f:4a:ad:ae:bf:f3:86:32:8d:19:86:bc:3c:81:fcSigner

Signature Validations

Verification

17/11/2022, 13:16 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

libiconv-2

libxml2-2

kernel32

msvcp90

msvcr90

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 232B

61:1c:b2:8a:00:00:00:00:00:26
Certificate

06:86:ed:40:3e:c1:bf:44:1c:8f:33:5c:84:1e:ea:00
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

01:09:1e:19:18:55:a7:0a:91:70:ef:18:e4:23:ea:d3
Certificate

fc:78:2b:3b:fb:4b:35:63:7c:5e:d6:b8:ac:96:b8:3d:b8:e1:fd:74:13:6d:53:99:e0:c0:14:b3:2e:4e:10:f0
Signer

17/11/2022, 13:16
Valid: false

b3:cc:ac:3a:b2:6f:4a:ad:ae:bf:f3:86:32:8d:19:86:bc:3c:81:fc
Signer

17/11/2022, 13:16
Valid: false

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 232B