3c1a89d1027f2c255492340ac358996a517b8c93fd65991bd2aad3c889a894b6

Sharing

Copy URL Twitter E-mail

General

Target

3c1a89d1027f2c255492340ac358996a517b8c93fd65991bd2aad3c889a894b6
Size

1.4MB
MD5

9b855bc55c0ccd8e27fc8fdb0ca43e9d
SHA1

61cec07c2dc8e487a8dd2a68b3598d621b2b6fe9
SHA256

3c1a89d1027f2c255492340ac358996a517b8c93fd65991bd2aad3c889a894b6
SHA512

5de22b85a63a2773ef2afb0ad863eaaa9e0fbbad5c855b2bd65fdfeacfe285cba7bed011997323ca7196ab7beb5c937cf213c59fcd9fe09c380e678632e7871d
SSDEEP

24576:zeoxuL11nXixjworZ4FFuz9cF18Em3PJ6DtpFyMXLD34z//xQ3lMt4+U:Cl1nM9470Gyj3x0XXH3y//xQVMC

Score

N/A

Malware Config

Signatures

Files

3c1a89d1027f2c255492340ac358996a517b8c93fd65991bd2aad3c889a894b6
.exe windows x64

ce555e3a7dbc6890c3e764d4f1827b93

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:3a:9f:12:d7:27:bb:f0:11:99:e7:4e:0a:5c:7d:8a
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2019, 00:00

Not After

03/11/2020, 12:00

Subject

CN=Chengdu Qilu Technology Co. Ltd.,O=Chengdu Qilu Technology Co. Ltd.,L=Chengdu,ST=Sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/03/2020, 17:47

Not After

05/03/2021, 17:47

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:58:e0:2f:52:f2:fe:33:8f:c5:33:de:44:e1:c5:a7:98:8f:48:e0:46:44:f3:b7:92:a7:66:69:ba:b1:cc:1f
Signer

Actual PE Digest

0e:58:e0:2f:52:f2:fe:33:8f:c5:33:de:44:e1:c5:a7:98:8f:48:e0:46:44:f3:b7:92:a7:66:69:ba:b1:cc:1f

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

01/12/2022, 14:34
Valid: false

35:4d:d6:9e:df:81:1e:7d:a7:b0:4a:3e:77:2a:17:c0:38:26:33:bb
Signer

Actual PE Digest

35:4d:d6:9e:df:81:1e:7d:a7:b0:4a:3e:77:2a:17:c0:38:26:33:bb

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Chengdu Qilu Technology Co. Ltd.,O=Chengdu Qilu Technology Co. Ltd.,L=Chengdu,ST=Sichuan,C=CN

21/05/2020, 11:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

PsGetProcessImageFileName
PsLookupProcessByProcessId
RtlInitUnicodeString
RtlCheckRegistryKey
RtlQueryRegistryValues
RtlUnicodeStringToAnsiString
tolower
KeDelayExecutionThread
ZwCreateFile
PsCreateSystemThread
ZwQueryValueKey
PsTerminateSystemThread
RtlRandomEx
KeQueryTimeIncrement
ZwClose
RtlAppendUnicodeStringToString
RtlFreeAnsiString
RtlCopyUnicodeString
ObfDereferenceObject
ZwOpenFile
ZwEnumerateKey
ZwQueryKey
ZwOpenKey
RtlGetVersion
ExAllocatePoolWithTag
ExFreePoolWithTag
IoRegisterShutdownNotification
RtlAnsiStringToUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
ZwSetValueKey
PsSetCreateProcessNotifyRoutine
IoUnregisterShutdownNotification
IofCompleteRequest
RtlWriteRegistryValue
IoCreateSymbolicLink
IoCreateDevice
_strnicmp
ZwCreateKey
_wcsnicmp
ZwReadFile
ZwDeleteValueKey
ZwQueryInformationFile
ZwQuerySystemInformation
KeUnstackDetachProcess
KeDetachProcess
ZwWaitForSingleObject
RtlImageNtHeader
KeStackAttachProcess
ZwAllocateVirtualMemory
KeBugCheckEx
ProbeForRead
IoDeleteSymbolicLink
towlower
__C_specific_handler

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 48.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

W0
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce555e3a7dbc6890c3e764d4f1827b93

Code Sign

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

0a:3a:9f:12:d7:27:bb:f0:11:99:e7:4e:0a:5c:7d:8aCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

0e:58:e0:2f:52:f2:fe:33:8f:c5:33:de:44:e1:c5:a7:98:8f:48:e0:46:44:f3:b7:92:a7:66:69:ba:b1:cc:1fSigner

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

35:4d:d6:9e:df:81:1e:7d:a7:b0:4a:3e:77:2a:17:c0:38:26:33:bbSigner

Signature Validations

Verification

21/05/2020, 11:52 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 5KB - Virtual size: 48.2MB

.pdata Size: 1024B - Virtual size: 792B

INIT Size: 2KB - Virtual size: 1KB

W0 Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 512B - Virtual size: 192B

.rsrc Size: 1KB - Virtual size: 1KB

61:1c:b2:8a:00:00:00:00:00:26
Certificate

0a:3a:9f:12:d7:27:bb:f0:11:99:e7:4e:0a:5c:7d:8a
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

33:00:00:00:97:d7:9f:85:90:6e:a3:18:a4:00:00:00:00:00:97
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

0e:58:e0:2f:52:f2:fe:33:8f:c5:33:de:44:e1:c5:a7:98:8f:48:e0:46:44:f3:b7:92:a7:66:69:ba:b1:cc:1f
Signer

01/12/2022, 14:34
Valid: false

35:4d:d6:9e:df:81:1e:7d:a7:b0:4a:3e:77:2a:17:c0:38:26:33:bb
Signer

21/05/2020, 11:52
Valid: false

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 5KB - Virtual size: 48.2MB

.pdata
Size: 1024B - Virtual size: 792B

INIT
Size: 2KB - Virtual size: 1KB

W0
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 512B - Virtual size: 192B

.rsrc
Size: 1KB - Virtual size: 1KB