CNCEMgmtService[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

CNCEMgmtService.exe
Size

341KB
MD5

cb6d2f4d67dd3332279802848615d8d8
SHA1

59b7d7569162d3cf53529c0262b428b7a4655f88
SHA256

4dc8c45a83555db6bd417279c866aeb1b3deeedd3f03d911afc48a761ef5d07e
SHA512

37d866fa7d67121d949e4d0c655470cc7947bb380bbb40c0a272b05b9eda1621cf52cc384926750790af68796f2cc036372e620421462d75dd3e811ba73b919d
SSDEEP

6144:3CwRXyztE9o5MoJSExxdwx/L0ee0+cYj2zD/pRpvN:3CwRCztE99U1xxdwx/he0+cYCD/pRRN

Score

1^/10

Malware Config

Signatures

Files

CNCEMgmtService.exe
.exe windows x86

262992dfacaa0e41f24b60053991aa23

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:7a:91:1e:ff:5e:e2:7c:6c:d9:2a:85:ed:a3:a0:40
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/02/2020, 00:00

Not After

10/02/2023, 12:00

Subject

CN=China Financial Certification Authority Co. Ltd,O=China Financial Certification Authority Co. Ltd,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

eb:55:6c:47:47:73:b5:e7:56:24:40:ba:0b:4d:0d:21:67:a0:22:ab
Signer

Actual PE Digest

eb:55:6c:47:47:73:b5:e7:56:24:40:ba:0b:4d:0d:21:67:a0:22:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
SetFilePointer
GetCurrentProcessId
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
OpenProcess
WTSGetActiveConsoleSessionId
GetFileSizeEx
WriteFile
ReadFile
FreeResource
LoadResource
SizeofResource
FindResourceW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
HeapSize
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
GetNativeSystemInfo
GetVersionExW
GetSystemDirectoryW
Sleep
GetTickCount
SetLastError
GetModuleHandleW
WaitForMultipleObjects
WaitForSingleObject
CreateThread
GetCurrentProcess
GetModuleFileNameW
CreateEventW
CloseHandle
ResetEvent
SetEvent
OpenEventW
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
LocalFree
LocalAlloc
HeapCreate
DeleteCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
RtlUnwind
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW

user32

GetProcessWindowStation
CloseDesktop
GetUserObjectSecurity
OpenDesktopW
SetProcessWindowStation
SetUserObjectSecurity
OpenWindowStationW
CloseWindowStation

advapi32

QueryServiceStatusEx
GetTokenInformation
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetServiceStatus
StartServiceCtrlDispatcherW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ControlTraceW
TraceEvent
OpenSCManagerW
CreateServiceW
CloseServiceHandle
OpenServiceW
DeleteService
StartServiceW
EnumDependentServicesW
ControlService
RevertToSelf
CreateProcessAsUserW
SetTokenInformation
FreeSid
AllocateLocallyUniqueId
AllocateAndInitializeSid
EqualSid
LookupAccountSidW
ImpersonateLoggedOnUser
DuplicateTokenEx
AddAccessAllowedAce
AddAce
GetAce
InitializeAcl
GetAclInformation
CopySid
GetLengthSid
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetSecurityDescriptorDacl
AdjustTokenPrivileges
LookupPrivilegeValueW
QueryServiceStatus
ChangeServiceConfig2W
RegisterServiceCtrlHandlerW

shell32

ShellExecuteExW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString

shlwapi

PathRemoveFileSpecW
PathCombineW

crypt32

CertOpenStore
CertFindCertificateInStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertOpenSystemStoreW
CertAddCertificateContextToStore
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertNameToStrW
CertDuplicateCertificateContext
CertCreateCertificateContext
CryptQueryObject
CryptMsgGetParam
CryptMsgClose
CertCloseStore

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
UnloadUserProfile
LoadUserProfileW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

secur32

LsaFreeReturnBuffer
LsaEnumerateLogonSessions
LsaGetLogonSessionData

Sections

.text
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

262992dfacaa0e41f24b60053991aa23

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0f:7a:91:1e:ff:5e:e2:7c:6c:d9:2a:85:ed:a3:a0:40Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

eb:55:6c:47:47:73:b5:e7:56:24:40:ba:0b:4d:0d:21:67:a0:22:abSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

version

wintrust

userenv

wtsapi32

secur32

Sections

.text Size: 217KB - Virtual size: 216KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 36KB - Virtual size: 36KB

.reloc Size: 24KB - Virtual size: 23KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0f:7a:91:1e:ff:5e:e2:7c:6c:d9:2a:85:ed:a3:a0:40
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

eb:55:6c:47:47:73:b5:e7:56:24:40:ba:0b:4d:0d:21:67:a0:22:ab
Signer

.text
Size: 217KB - Virtual size: 216KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 36KB - Virtual size: 36KB

.reloc
Size: 24KB - Virtual size: 23KB