32882949ea084434a376451ff8364243a50485a3b4af2f2240bb5f20c164543d[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

32882949ea084434a376451ff8364243a50485a3b4af2f2240bb5f20c164543d.exe
Size

1.2MB
MD5

2ec877e425bd7eddb663627216e3491e
SHA1

d4f5323da704ff2f25d6b97f38763c147f2a0e6f
SHA256

32882949ea084434a376451ff8364243a50485a3b4af2f2240bb5f20c164543d
SHA512

289ac582d125c093d0043c61a74a00ae781e1a7231b702eb163227f228d5e9cce663fa424a37b83fb615baae9028736f803f6fe80a1cf54633bab4408e59ca28
SSDEEP

24576:/Ba8eYFtU1Djmd1Hpc+rTn/tDIniw7tfPBLhlBFQ+ZVoDI9F/wXKbKDnLt9:/A8eYFtU1/MHSOn/tDIx7tPNBFXVYI9k

Score

1^/10

Malware Config

Signatures

Files

32882949ea084434a376451ff8364243a50485a3b4af2f2240bb5f20c164543d.exe
.exe windows x64

63fd1582ac2edee50f7ec7eedde38ee8

Code Sign

5d:11:78:4f:b8:17:65:02:3f:89:a4:f4:24:3f:e1:a9
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

17/01/2014, 00:00

Not After

17/01/2016, 23:59

Subject

CN=Binzhoushi Yongyu Feed Co.\,LTd.,O=Binzhoushi Yongyu Feed Co.\,LTd.,L=Binzhou,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:1f:b0:a4:00:00:00:00:00:1d
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:31

Not After

22/02/2021, 19:41

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1c:cd:8b:c3:10:4f:e1:65:48:06:75:2e:1e:67:30:d3:ee:0b:4e:e4
Signer

Actual PE Digest

1c:cd:8b:c3:10:4f:e1:65:48:06:75:2e:1e:67:30:d3:ee:0b:4e:e4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Binzhoushi Yongyu Feed Co.\,LTd.,O=Binzhoushi Yongyu Feed Co.\,LTd.,L=Binzhou,ST=Shandong,C=CN

11/05/2023, 10:09
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
PsProcessType
IoGetLowerDeviceObject
ExFreePoolWithTag
IoRegisterShutdownNotification
IoAttachDeviceToDeviceStackSafe
PsLookupProcessByProcessId
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
IoDetachDevice
KeDelayExecutionThread
IoUnregisterShutdownNotification
ZwClose
IoGetAttachedDeviceReference
PsGetCurrentProcessId
ObfDereferenceObject
IoCreateDevice
IoEnumerateDeviceObjectList
IoUnregisterFsRegistrationChange
ObOpenObjectByPointer
IoRegisterFsRegistrationChange
IofCallDriver
MmUnmapLockedPages
_wcsicmp
PsGetProcessPeb
ZwCreateKey
RtlCreateUnicodeString
MmMapLockedPages
PsSetLoadImageNotifyRoutine
_wcsnicmp
ZwReadFile
IoCreateFile
ZwDeleteValueKey
ZwSetValueKey
RtlEqualUnicodeString
MmBuildMdlForNonPagedPool
IoFreeMdl
RtlFreeUnicodeString
ObQueryNameString
ZwQueryValueKey
_vsnwprintf
RtlRandom
PsRemoveLoadImageNotifyRoutine
ZwFlushKey
MmCreateMdl
ZwDeleteFile
PsGetVersion
CmRegisterCallback
RtlCopyUnicodeString
MmIsAddressValid
CmUnRegisterCallback
ZwQueryInformationFile
ZwWriteFile
ZwDeleteKey
ZwEnumerateKey
ZwAllocateVirtualMemory
ZwOpenKey
KeUnstackDetachProcess
ZwWaitForSingleObject
ZwFreeVirtualMemory
PsGetProcessSessionId
ZwDuplicateObject
ObReferenceObjectByName
KeStackAttachProcess
RtlSubAuthoritySid
_strnicmp
KeSetEvent
KeInitializeEvent
ZwOpenProcessTokenEx
PsCreateSystemThread
PsTerminateSystemThread
ObReferenceObjectByHandle
KeWaitForSingleObject
PsThreadType
RtlSubAuthorityCountSid
ZwQueryInformationToken
KeBugCheckEx
strncmp
strstr
strchr
strncpy
_vsnprintf
rand
_stricmp
ExAllocatePool
IoBuildDeviceIoControlRequest
IoGetRelatedDeviceObject
ZwCreateFile
IoFreeIrp
MmProbeAndLockPages
IoAllocateMdl
__C_specific_handler

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63fd1582ac2edee50f7ec7eedde38ee8

Code Sign

5d:11:78:4f:b8:17:65:02:3f:89:a4:f4:24:3f:e1:a9Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

61:1f:b0:a4:00:00:00:00:00:1dCertificate

Key Usages

1c:cd:8b:c3:10:4f:e1:65:48:06:75:2e:1e:67:30:d3:ee:0b:4e:e4Signer

Signature Validations

Verification

11/05/2023, 10:09 Valid: false

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 1024B - Virtual size: 9KB

.pdata Size: 2KB - Virtual size: 1KB

INIT Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 512B - Virtual size: 372B

5d:11:78:4f:b8:17:65:02:3f:89:a4:f4:24:3f:e1:a9
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

61:1f:b0:a4:00:00:00:00:00:1d
Certificate

1c:cd:8b:c3:10:4f:e1:65:48:06:75:2e:1e:67:30:d3:ee:0b:4e:e4
Signer

11/05/2023, 10:09
Valid: false

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 1024B - Virtual size: 9KB

.pdata
Size: 2KB - Virtual size: 1KB

INIT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 512B - Virtual size: 372B