3cfc43958b5152d71432589f16d1c2979405287c5333bdb040a4a6acd84e7651

Sharing

Copy URL Twitter E-mail

General

Target

3cfc43958b5152d71432589f16d1c2979405287c5333bdb040a4a6acd84e7651
Size

63KB
MD5

1085fd59dd40d087bbff664ed6eeb153
SHA1

d7cac3b069df28b2960522296701e4ae3ceec246
SHA256

3cfc43958b5152d71432589f16d1c2979405287c5333bdb040a4a6acd84e7651
SHA512

dcc815393d30ef1cb6797982bd28d33fb749e4db635fee817866e301424de091a6a86648eadbf7fd8f13549fbae432aafb4af7e0c19050d1eac67882c239a886
SSDEEP

768:zfVAz+HXZqTv4AJf6WEJqB6F6iy3v5ym/N5MF0HNZyjokt5+7au:ez+H0v4AJf7rL/dPMoS5mau

Score

1^/10

Malware Config

Signatures

Files

3cfc43958b5152d71432589f16d1c2979405287c5333bdb040a4a6acd84e7651
.exe windows x86

f9f861393515c42e43cd69d830052b2b

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:12:e5:82:ce:e6:34:f6:e2:f6:0f:d0:6a:94:f4:3d
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

09/02/2018, 00:00

Not After

10/03/2020, 23:59

Subject

CN=Kingdee Software(China) Co.\,Ltd,OU=K/3 WISE Dept.,O=Kingdee Software(China) Co.\,Ltd,L=ShenZhen,ST=GuangDong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

84:7a:2d:9e:60:07:37:ff:08:63:00:33:e5:9f:0b:10:63:59:a9:c5
Signer

Actual PE Digest

84:7a:2d:9e:60:07:37:ff:08:63:00:33:e5:9f:0b:10:63:59:a9:c5

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringA
ReadFile
GetFileSize
SetFilePointer
LockFile
GetLastError
WaitForSingleObject
UnlockFile
WriteFile
CreateEventA
Sleep
GetCurrentProcess
InterlockedDecrement
SetEvent
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
GetSystemInfo
CreateProcessA
GetComputerNameA
WritePrivateProfileStringA
EnterCriticalSection
GetStartupInfoA
ExitProcess
HeapReAlloc
GetSystemDirectoryA
DeleteFileA
GetCurrentThreadId
lstrcmpiA
HeapCreate
CreateFileA
GetModuleHandleA
GetVersionExA
LoadLibraryA
GetProcAddress
HeapFree
GetProcessHeap
HeapAlloc
OpenProcess
CloseHandle
TerminateProcess
FreeLibrary
lstrlenA
CreateThread
GetModuleFileNameA
lstrcatA
lstrlenW
LeaveCriticalSection
GetCommandLineA
lstrcpyA
HeapSize
IsBadReadPtr
FlushFileBuffers
GetOEMCP
GetACP
GetCPInfo
SetStdHandle
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
IsBadCodePtr
GetStdHandle
LCMapStringW
SetUnhandledExceptionFilter
IsBadWritePtr
WideCharToMultiByte
LocalFree
GetLocalTime
RtlUnwind
RaiseException
LCMapStringA

user32

DispatchMessageA
GetMessageA
CharNextA
PostThreadMessageA

advapi32

RegDeleteValueA
OpenProcessToken
AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA

ole32

CoInitialize
CoUninitialize

oleaut32

SysAllocString
SysFreeString
LoadRegTypeLi
SysStringLen
VariantClear

ws2_32

WSAStartup
closesocket
listen
gethostname
inet_ntoa
shutdown
WSACleanup
gethostbyname
socket
bind

mpr

WNetGetUserA

atl

ord23
ord20
ord17
ord32
ord16
ord58
ord30
ord18
ord57
ord21

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f9f861393515c42e43cd69d830052b2b

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

7c:12:e5:82:ce:e6:34:f6:e2:f6:0f:d0:6a:94:f4:3dCertificate

Extended Key Usages

Key Usages

84:7a:2d:9e:60:07:37:ff:08:63:00:33:e5:9f:0b:10:63:59:a9:c5Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

mpr

atl

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 8KB - Virtual size: 8KB

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

7c:12:e5:82:ce:e6:34:f6:e2:f6:0f:d0:6a:94:f4:3d
Certificate

84:7a:2d:9e:60:07:37:ff:08:63:00:33:e5:9f:0b:10:63:59:a9:c5
Signer

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 8KB - Virtual size: 8KB