3c0d59750dea91f2e3d3e8e92dfaf398958face66dfcd1fba349e2a0d3df0436

Sharing

Copy URL Twitter E-mail

General

Target

3c0d59750dea91f2e3d3e8e92dfaf398958face66dfcd1fba349e2a0d3df0436
Size

3.9MB
MD5

82be06e23ecee4ddb03af9419c53b4d7
SHA1

59283a8b757086f317038e8a86a1d2897483070f
SHA256

3c0d59750dea91f2e3d3e8e92dfaf398958face66dfcd1fba349e2a0d3df0436
SHA512

7098be340eaaefd3ba63fa8ce5218adc6ecea4ede360e6a4eabc3b21db28766c72b0fbe460b10cefb01210ea0561d2cacb2172e42af64a06ab4012dcd6a9c819
SSDEEP

98304:1f6S9r/GU+cH9eMqTaIFb9s8cbeosu6/KYcVaWOwBdiY:1COr/msIFb9kzs6ajadiY

Score

1^/10

Malware Config

Signatures

Files

3c0d59750dea91f2e3d3e8e92dfaf398958face66dfcd1fba349e2a0d3df0436
.exe windows x86

ff62d0ba4f4cb394af66220fb69b07d0

Code Sign

66:d1:1f:6b:06:5c:1f:bd:1d:85:5b:e8:47:4e:2e:b7
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

29/06/2015, 00:15

Not After

29/06/2016, 00:15

Subject

CN=怀化市冰浪网络科技有限公司,O=怀化市冰浪网络科技有限公司,L=怀化市,ST=湖南省,C=CN,1.2.840.113549.1.9.1=#0c0e6868626c776a403136332e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/04/2015, 17:12

Not After

29/04/2025, 17:12

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f2:8a:22:38:20:a8:ea:cc:f2:a3:1f:a5:00:47:06:c3:86:98:4e:3a
Signer

Actual PE Digest

f2:8a:22:38:20:a8:ea:cc:f2:a3:1f:a5:00:47:06:c3:86:98:4e:3a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=怀化市冰浪网络科技有限公司,O=怀化市冰浪网络科技有限公司,L=怀化市,ST=湖南省,C=CN,1.2.840.113549.1.9.1=#0c0e6868626c776a403136332e636f6d

03/05/2023, 12:02
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_wcsnicmp
RtlIntegerToUnicodeString
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlEqualUnicodeString
RtlFreeAnsiString
KeQueryTimeIncrement
ExAllocatePool
ExAllocatePoolWithTag
ExFreePoolWithTag
PsGetVersion
IofCompleteRequest
IoCreateDevice
IoCreateFile
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoGetCurrentProcess
ObfDereferenceObject
ZwQueryInformationFile
ZwReadFile
ZwClose
PsSetLoadImageNotifyRoutine
PsRemoveLoadImageNotifyRoutine
PsLookupProcessByProcessId
PsGetProcessDebugPort
PsGetProcessPeb
_alldiv
_allmul
memcpy
memmove
memset
KeTickCount
MmGetSystemRoutineAddress
ObOpenObjectByPointer
ZwAllocateVirtualMemory
PsProcessType
_allshl
KeBugCheckEx
_stricmp
NtQuerySystemInformation
_allshl
_aullshr
memcpy
ZwClose
ZwQueryValueKey
ZwOpenKey
RtlInitUnicodeString
ZwWaitForSingleObject
ZwDeviceIoControlFile
ZwOpenFile
_wcsnicmp
ZwEnumerateKey
ZwCreateEvent
memset
MmGetSystemRoutineAddress
ZwCreateFile
_except_handler3
KeSetSystemAffinityThread
KeQueryActiveProcessors
KeQueryTimeIncrement
KeTickCount
_alldiv
_allmul
DbgBreakPointWithStatus
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IoAllocateMdl
IoFreeMdl
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
KeWaitForSingleObject
KeReleaseMutex
KeInitializeMutex
ExFreePoolWithTag
ExAllocatePool
KeRevertToUserAffinityThread
DbgPrint

hal

KeQueryPerformanceCounter

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.1Xdg0
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.1Xdg1
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.1Xdg2
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff62d0ba4f4cb394af66220fb69b07d0

Code Sign

66:d1:1f:6b:06:5c:1f:bd:1d:85:5b:e8:47:4e:2e:b7Certificate

Extended Key Usages

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39Certificate

Extended Key Usages

Key Usages

f2:8a:22:38:20:a8:ea:cc:f2:a3:1f:a5:00:47:06:c3:86:98:4e:3aSigner

Signature Validations

Verification

03/05/2023, 12:02 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 8KB

INIT Size: 1KB - Virtual size: 1KB

.1Xdg0 Size: 2.5MB - Virtual size: 2.5MB

.1Xdg1 Size: 512B - Virtual size: 512B

.1Xdg2 Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 724B

66:d1:1f:6b:06:5c:1f:bd:1d:85:5b:e8:47:4e:2e:b7
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

33:00:00:00:39:65:c4:72:e0:dc:2b:d9:65:00:00:00:00:00:39
Certificate

f2:8a:22:38:20:a8:ea:cc:f2:a3:1f:a5:00:47:06:c3:86:98:4e:3a
Signer

03/05/2023, 12:02
Valid: false

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 8KB

INIT
Size: 1KB - Virtual size: 1KB

.1Xdg0
Size: 2.5MB - Virtual size: 2.5MB

.1Xdg1
Size: 512B - Virtual size: 512B

.1Xdg2
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 724B