ef9431f3ebc70e2951911c7bb8427e7ff96b595320c052b2419d9314d4c354bf

Sharing

Copy URL Twitter E-mail

General

Target

ef9431f3ebc70e2951911c7bb8427e7ff96b595320c052b2419d9314d4c354bf
Size

58KB
MD5

dd474cd1ad98902303bfaadf35301734
SHA1

c350fbd38a8e135b84c2ee63402751e5e91b7fb0
SHA256

ef9431f3ebc70e2951911c7bb8427e7ff96b595320c052b2419d9314d4c354bf
SHA512

54407d0bd75fb891e734c8919ed43e2d10e41e1e1ee315af64a98687f214b6cd264607574d08f2573e74d7454dbc18c82e6ca80dbf713073ea9013442a884f15
SSDEEP

768:TTLYWJHGLibjTkDTwxdXq1rhPb0lY47/n3KOHU0n1AWe1WP/QxgYz:TTULibjTkD07oOlvn3b00CWe1WP/QmYz

Score

N/A

Malware Config

Signatures

Files

ef9431f3ebc70e2951911c7bb8427e7ff96b595320c052b2419d9314d4c354bf
.exe windows x86

5223e28720965f508f0f5a7c2ecee7dc

Code Sign

01:a5
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

13/08/1998, 00:29

Not After

13/08/2018, 23:59

Subject

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

65:c8:08:10
Certificate

Issuer

CN=TaiCA Secure CA,OU=SSL Certification Service Provider,O=TAIWAN-CA.COM Inc.,C=TW

Not Before

02/07/2010, 06:34

Not After

17/07/2011, 15:59

Subject

CN=www.esupplychain.com.tw,OU=TRADE-VAN,O=TRADE-VAN,L=Taipei,ST=Taipei,C=TW

07:27:4e:79
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

07/10/2009, 16:59

Not After

30/09/2016, 16:58

Subject

CN=TaiCA Secure CA,OU=SSL Certification Service Provider,O=TAIWAN-CA.COM Inc.,C=TW

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b9:9a:f2:79:ed:1a:e4:75:83:32:03:cf:26:c1:e9:e1:e3:5c:3a:d6
Signer

Actual PE Digest

b9:9a:f2:79:ed:1a:e4:75:83:32:03:cf:26:c1:e9:e1:e3:5c:3a:d6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=www.esupplychain.com.tw,OU=TRADE-VAN,O=TRADE-VAN,L=Taipei,ST=Taipei,C=TW

01/12/2022, 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
SetThreadContext
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
FreeLibrary
GetProcAddress
LoadLibraryA
ReadProcessMemory
TerminateProcess
GetThreadContext
CreateProcessA
GetModuleFileNameA
GetModuleHandleA
ReadFile
CloseHandle
GetFileSize
CreateFileA
OpenProcess
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
RtlUnwind
WriteFile
GetCPInfo
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5223e28720965f508f0f5a7c2ecee7dc

Code Sign

01:a5Certificate

65:c8:08:10Certificate

07:27:4e:79Certificate

Key Usages

b9:9a:f2:79:ed:1a:e4:75:83:32:03:cf:26:c1:e9:e1:e3:5c:3a:d6Signer

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

File Characteristics

Imports

kernel32

psapi

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 32KB - Virtual size: 30KB

01:a5
Certificate

65:c8:08:10
Certificate

07:27:4e:79
Certificate

b9:9a:f2:79:ed:1a:e4:75:83:32:03:cf:26:c1:e9:e1:e3:5c:3a:d6
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 32KB - Virtual size: 30KB