General

Malware Config

Signatures

Files

• bingdu.rar

  .rar
• bingdu/爱比较抬棺_TMDprotected from thrretbook.exe

  .exe windows x86

  
  

  Code Sign

  1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78

  Certificate

  Issuer

  OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

  Not Before

  08-11-2006 00:00

  Not After

  07-11-2021 23:59

  Subject

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  5f:78:14:9e:b4:f7:5e:b1:74:04:a8:14:3a:ae:ae:d7

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Not Before

  23-03-2011 00:00

  Not After

  22-03-2012 23:59

  Subject

  CN=上海域联软件技术有限公司,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=上海域联软件技术有限公司,L=Shanghai,ST=Shanghai,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  1e:b1:32:d5:7e:79:68:96:0d:f2:6e:85:4e:b0:dd:a6

  Certificate

  Issuer

  CN=JemmyLoveJenny SHA1 TimeStamping Services CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

  Not Before

  01-01-2000 00:00

  Not After

  31-12-2099 23:59

  Subject

  CN=Fake TimeStamp Responder,OU=timestamp.pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  1e:b1:32:d5

  Certificate

  Issuer

  CN=JemmyLoveJenny EV Root CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

  Not Before

  01-01-2000 00:00

  Not After

  31-12-2099 23:59

  Subject

  CN=JemmyLoveJenny EV Root CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  1e:b1:32:d5:7e:79:68:96

  Certificate

  Issuer

  CN=JemmyLoveJenny EV Root CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

  Not Before

  01-01-2000 00:00

  Not After

  31-12-2099 23:59

  Subject

  CN=JemmyLoveJenny SHA1 TimeStamping Services CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  ae:5e:28:89:0a:52:93:f3:75:6f:71:df:bd:2d:5e:0c:6e:42:87:91

  Signer

  Actual PE Digest

  ae:5e:28:89:0a:52:93:f3:75:6f:71:df:bd:2d:5e:0c:6e:42:87:91

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=上海域联软件技术有限公司,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=上海域联软件技术有限公司,L=Shanghai,ST=Shanghai,C=CN

  01-04-2011 00:00

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Sections

  Size: 363KB - Virtual size: 743KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  Size: 26.3MB - Virtual size: 26.3MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 29KB - Virtual size: 389KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 7KB - Virtual size: 21KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .imports

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .themida

  Size: - Virtual size: 3.9MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .boot

  Size: 2.3MB - Virtual size: 2.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .taggant

  Size: 8KB - Virtual size: 12KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ