General

Malware Config

Signatures

Files

• 4807e30569af6120a9b02a62d72405594d93a91cd949d91cb88f32e03daa73bd

  .rar
• WXCltAidEx.exe

  .exe windows x86

  ea7ecf68fe524f488e40ecea21fa9692

  
  

  Code Sign

  04:00:00:00:00:01:2f:4e:e1:35:5c

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  13-04-2011 10:00

  Not After

  13-04-2019 10:00

  Subject

  CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  11:21:86:12:2f:8a:0f:58:14:6a:73:cd:b5:61:8f:c8:09:d8

  Certificate

  Issuer

  CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

  Not Before

  03-06-2013 10:11

  Not After

  03-06-2016 10:11

  Subject

  CN=成都吉胜科技有限责任公司,O=成都吉胜科技有限责任公司,L=成都,ST=四川,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  9f:63:00:01:00:02:1f:a8:dc:56:b5:ea:e7:2c

  Certificate

  Issuer

  CN=TC TrustCenter Class 2-II L1 CA IV,OU=TC TrustCenter Class 2-II L1 CA,O=TC TrustCenter GmbH,C=DE

  Not Before

  17-06-2009 15:22

  Not After

  31-12-2025 19:59

  Subject

  CN=TC TrustCenter Authenticode Timestamp II,OU=Timestamp,O=TC TrustCenter,L=Hamburg,ST=Hamburg,C=DE

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  0e:1a:4e:36:0e:00:f0:93:cb:8c:0e:a9:7a:53:90:2c:06:0f:df:fd

  Signer

  Actual PE Digest

  0e:1a:4e:36:0e:00:f0:93:cb:8c:0e:a9:7a:53:90:2c:06:0f:df:fd

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=成都吉胜科技有限责任公司,O=成都吉胜科技有限责任公司,L=成都,ST=四川,C=CN

  13-08-2014 01:29

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  gdiplus

  GdipImageGetFrameDimensionsList

  dbghelp

  MiniDumpWriteDump

  psapi

  GetProcessMemoryInfo

  shlwapi

  PathStripToRootW

  kernel32

  ConvertDefaultLocale

  GetModuleHandleA

  LoadLibraryA

  LocalAlloc

  LocalFree

  GetModuleFileNameA

  ExitProcess

  user32

  SendMessageW

  MessageBoxA

  advapi32

  RegDeleteKeyW

  ole32

  OleFlushClipboard

  shell32

  DragFinish

  oleaut32

  VariantTimeToSystemTime

  winhttp

  WinHttpGetProxyForUrl

  ws2_32

  gethostbyname

  gdi32

  SetRectRgn

  msimg32

  AlphaBlend

  comdlg32

  GetFileTitleW

  winspool.drv

  DocumentPropertiesW

  comctl32

  ImageList_GetIconSize

  oledlg

  OleUIBusyW

  oleacc

  LresultFromObject

  imm32

  ImmGetOpenStatus

  winmm

  PlaySoundW

  version

  VerQueryValueW

  Sections

  .text

  Size: - Virtual size: 1.7MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 378KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 100KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 101KB - Virtual size: 1.2MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .vmp0

  Size: - Virtual size: 225KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: - Virtual size: 1.9MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp2

  Size: 3.6MB - Virtual size: 3.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 512B - Virtual size: 212B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• clsmn.exe

  .exe windows x86

  816d3b84389993fb39f1cfe73cb89369

  
  

  Code Sign

  04:00:00:00:00:01:2f:4e:e1:35:5c

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  13-04-2011 10:00

  Not After

  13-04-2019 10:00

  Subject

  CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  11:21:86:12:2f:8a:0f:58:14:6a:73:cd:b5:61:8f:c8:09:d8

  Certificate

  Issuer

  CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

  Not Before

  03-06-2013 10:11

  Not After

  03-06-2016 10:11

  Subject

  CN=成都吉胜科技有限责任公司,O=成都吉胜科技有限责任公司,L=成都,ST=四川,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  9f:63:00:01:00:02:1f:a8:dc:56:b5:ea:e7:2c

  Certificate

  Issuer

  CN=TC TrustCenter Class 2-II L1 CA IV,OU=TC TrustCenter Class 2-II L1 CA,O=TC TrustCenter GmbH,C=DE

  Not Before

  17-06-2009 15:22

  Not After

  31-12-2025 19:59

  Subject

  CN=TC TrustCenter Authenticode Timestamp II,OU=Timestamp,O=TC TrustCenter,L=Hamburg,ST=Hamburg,C=DE

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  30:05:5f:14:ef:cd:a5:a5:bc:e8:96:6d:a9:ec:b5:0e:d9:e8:95:96

  Signer

  Actual PE Digest

  30:05:5f:14:ef:cd:a5:a5:bc:e8:96:6d:a9:ec:b5:0e:d9:e8:95:96

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=成都吉胜科技有限责任公司,O=成都吉胜科技有限责任公司,L=成都,ST=四川,C=CN

  13-08-2014 01:25

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  psapi

  GetProcessMemoryInfo

  iocp

  tcp_local_address

  dbghelp

  MiniDumpWriteDump

  shlwapi

  SHDeleteKeyW

  ws2_32

  WSAGetLastError

  iphlpapi

  GetAdaptersInfo

  kernel32

  GetFileTime

  GetModuleHandleA

  LoadLibraryA

  LocalAlloc

  LocalFree

  GetModuleFileNameA

  ExitProcess

  user32

  EnumDesktopWindows

  MessageBoxA

  advapi32

  RegQueryValueExW

  ole32

  CoCreateGuid

  shell32

  SHGetFolderPathW

  oleaut32

  OleLoadPicture

  wintrust

  WinVerifyTrust

  userenv

  RefreshPolicyEx

  gdi32

  SetDIBColorTable

  msimg32

  AlphaBlend

  comdlg32

  GetFileTitleW

  winspool.drv

  ClosePrinter

  comctl32

  ImageList_GetIconSize

  oledlg

  OleUIBusyW

  gdiplus

  GdipCreateFromHDC

  oleacc

  LresultFromObject

  imm32

  ImmGetContext

  winmm

  PlaySoundW

  version

  GetFileVersionInfoSizeW

  Sections

  .text

  Size: - Virtual size: 2.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 439KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 117KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 38KB - Virtual size: 46KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .vmp0

  Size: - Virtual size: 244KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp1

  Size: - Virtual size: 3.1MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .vmp2

  Size: 4.2MB - Virtual size: 4.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 512B - Virtual size: 200B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• 拦截并已清除伪装系统文件病毒.png

  .png