d8a872ee2548f4fafd5e0e9b76508d50e3124eb69378caa5e71f8ae20d087074

Sharing

Copy URL Twitter E-mail

General

Target

d8a872ee2548f4fafd5e0e9b76508d50e3124eb69378caa5e71f8ae20d087074
Size

123KB
MD5

5962704f6358702589a9d72511bc1109
SHA1

a0670a2c4a3f1bf5d2b3b62956d16f310d736ff3
SHA256

d8a872ee2548f4fafd5e0e9b76508d50e3124eb69378caa5e71f8ae20d087074
SHA512

91736c02b291c66b0571564c908938da9cc92cf329f4f311f0256d5433192e461bfb407bd73c381894121f19675eb5b59ee943a5674ff6a01a3d4449707cd23e
SSDEEP

1536:Ed8vH8nSUN2WRQklp/Lx4eGvjew0l8dWBv/wxRXtCHm2BaRX:EuvEaKVzJAew0lQWRwxRXtCGtRX

Score

N/A

Malware Config

Signatures

Files

d8a872ee2548f4fafd5e0e9b76508d50e3124eb69378caa5e71f8ae20d087074
.dll windows x86

e57edf04276b35a791c97b666546db2f

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

3a:6c:ca:bb:1c:62:f3:be:3e:b0:38:69:fa:43:dc:4a
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

01/09/2009, 00:00

Not After

01/09/2010, 23:59

Subject

CN=常州骏景通联数字科技有限公司,OU=WoSign Class 3 Code Signing,O=常州骏景通联数字科技有限公司,L=常州市,ST=江苏省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

27:86:77:d3:3a:e3:af:9b:8b:34:e6:0a:e8:c8:fb:ba:7d:65:44:fc
Signer

Actual PE Digest

27:86:77:d3:3a:e3:af:9b:8b:34:e6:0a:e8:c8:fb:ba:7d:65:44:fc

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=常州骏景通联数字科技有限公司,OU=WoSign Class 3 Code Signing,O=常州骏景通联数字科技有限公司,L=常州市,ST=江苏省,C=CN

01/12/2022, 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExA
SetSecurityDescriptorDacl
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
OpenServiceA
DeleteService
CloseServiceHandle
QueryServiceStatus
ControlService
StartServiceA
CreateServiceA
RegCreateKeyA
RegOpenKeyA
OpenProcessToken
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegEnumKeyA
RegCreateKeyExA
RegDeleteKeyA
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce

shell32

SHGetFolderPathA

kernel32

CreateProcessA
Sleep
SetLastError
WaitForSingleObject
GetVersionExA
GetModuleFileNameA
GetLastError
CreateToolhelp32Snapshot
Process32First
OpenProcess
CloseHandle
Process32Next
CreateThread
TerminateProcess
TerminateThread
OpenMutexA
CreateMutexA
ReleaseMutex
MultiByteToWideChar
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetProcAddress
GetModuleHandleA
ExitProcess
GetSystemTimeAsFileTime
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetFileAttributesA
WriteFile
GetStdHandle
LoadLibraryA
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
SetFilePointer
ReadFile
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetExitCodeProcess
CreateFileA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile

Exports

Exports

InstallService
RundllInstall
RundllUninstall
ServiceMain
UninstallService

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e57edf04276b35a791c97b666546db2f

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

3a:6c:ca:bb:1c:62:f3:be:3e:b0:38:69:fa:43:dc:4aCertificate

Extended Key Usages

Key Usages

27:86:77:d3:3a:e3:af:9b:8b:34:e6:0a:e8:c8:fb:ba:7d:65:44:fcSigner

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

File Characteristics

Imports

advapi32

shell32

kernel32

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 73KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 12KB - Virtual size: 8KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

3a:6c:ca:bb:1c:62:f3:be:3e:b0:38:69:fa:43:dc:4a
Certificate

27:86:77:d3:3a:e3:af:9b:8b:34:e6:0a:e8:c8:fb:ba:7d:65:44:fc
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 12KB - Virtual size: 8KB