General

Malware Config

Signatures

Files

• cab86b4fbff51c70b60dd3c5a22ae24eb76c43e47d52ed71e206278783ab19a8

  .dll windows x86

  
  

  Code Sign

  23:a3:18:c1:da:ae:6c:2f:62:01:45:f5:59:84:96:85

  Certificate

  Issuer

  CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

  Not Before

  01-03-2016 08:06

  Not After

  01-06-2019 08:06

  Subject

  CN=恒生电子股份有限公司,O=恒生电子股份有限公司,L=杭州市,ST=浙江省,C=CN,1.2.840.113549.1.9.1=#0c1768736e775f77696e6e65724068756e6473756e2e636f6d

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageMicrosoftKernelCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c

  Certificate

  Issuer

  CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

  Not Before

  08-08-2009 01:00

  Not After

  08-08-2024 01:00

  Subject

  CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79

  Certificate

  Issuer

  CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

  Not Before

  08-08-2009 01:00

  Not After

  08-08-2024 01:00

  Subject

  CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageMicrosoftCommercialCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  61:1a:00:94:8d:c5:be:3d:c4:94:75:69:95:0f:85:97:40:09:87:fa

  Signer

  Actual PE Digest

  61:1a:00:94:8d:c5:be:3d:c4:94:75:69:95:0f:85:97:40:09:87:fa

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=恒生电子股份有限公司,O=恒生电子股份有限公司,L=杭州市,ST=浙江省,C=CN,1.2.840.113549.1.9.1=#0c1768736e775f77696e6e65724068756e6473756e2e636f6d

  26-06-2018 07:56

  Valid: false

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Exports

  Exports

  GetBatchTransferState

  GetBatchValidState

  GetTransferState

  GetValidState

  SendTransferCmd

  UpdateExecuteFlag

  Sections

  CODE

  Size: 180KB - Virtual size: 456KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  DATA

  Size: 2KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  BSS

  Size: - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 3KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .edata

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 20KB - Virtual size: 36KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 7KB - Virtual size: 24KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .aspack

  Size: 5KB - Virtual size: 8KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .adata

  Size: - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE