cef06193b5c165d899ef561762ab25a3a7a135be3c228c0f351efb3a060d636e

Sharing

Copy URL

Twitter E-mail

General

Target

cef06193b5c165d899ef561762ab25a3a7a135be3c228c0f351efb3a060d636e
Size

63KB
MD5

a9e112d4376253da6e945108567c510e
SHA1

c044045d0e62740a7ce5bfacb662c740cfdda104
SHA256

cef06193b5c165d899ef561762ab25a3a7a135be3c228c0f351efb3a060d636e
SHA512

219b03bc1ea9ddb2aa736224315a97fe1ecf94013a23ff558c81dda6a78d7f5fc1039f96b6f3c1fe0b3e7a56327d5f2a00459985c895ed5853d78198840e62e3
SSDEEP

768:WfVAz+HXZqTv4AJf6WEJqB6F6iy3v5ym/N5MF0HNZyjokt5+7au:Dz+H0v4AJf7rL/dPMoS5mau

Score

1^/10

Malware Config

Signatures

Files

cef06193b5c165d899ef561762ab25a3a7a135be3c228c0f351efb3a060d636e
.exe windows x86

f9f861393515c42e43cd69d830052b2b

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:12:e5:82:ce:e6:34:f6:e2:f6:0f:d0:6a:94:f4:3d
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

09-02-2018 00:00

Not After

10-03-2020 23:59

Subject

CN=Kingdee Software(China) Co.\,Ltd,OU=K/3 WISE Dept.,O=Kingdee Software(China) Co.\,Ltd,L=ShenZhen,ST=GuangDong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:a0:34:85:da:4f:e1:3d:0b:95:aa:3d:10:35:19:f7:0c:f2:52:d1
Signer

Actual PE Digest

77:a0:34:85:da:4f:e1:3d:0b:95:aa:3d:10:35:19:f7:0c:f2:52:d1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringA
ReadFile
GetFileSize
SetFilePointer
LockFile
GetLastError
WaitForSingleObject
UnlockFile
WriteFile
CreateEventA
Sleep
GetCurrentProcess
InterlockedDecrement
SetEvent
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
GetSystemInfo
CreateProcessA
GetComputerNameA
WritePrivateProfileStringA
EnterCriticalSection
GetStartupInfoA
ExitProcess
HeapReAlloc
GetSystemDirectoryA
DeleteFileA
GetCurrentThreadId
lstrcmpiA
HeapCreate
CreateFileA
GetModuleHandleA
GetVersionExA
LoadLibraryA
GetProcAddress
HeapFree
GetProcessHeap
HeapAlloc
OpenProcess
CloseHandle
TerminateProcess
FreeLibrary
lstrlenA
CreateThread
GetModuleFileNameA
lstrcatA
lstrlenW
LeaveCriticalSection
GetCommandLineA
lstrcpyA
HeapSize
IsBadReadPtr
FlushFileBuffers
GetOEMCP
GetACP
GetCPInfo
SetStdHandle
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
IsBadCodePtr
GetStdHandle
LCMapStringW
SetUnhandledExceptionFilter
IsBadWritePtr
WideCharToMultiByte
LocalFree
GetLocalTime
RtlUnwind
RaiseException
LCMapStringA

user32

DispatchMessageA
GetMessageA
CharNextA
PostThreadMessageA

advapi32

RegDeleteValueA
OpenProcessToken
AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA

ole32

CoInitialize
CoUninitialize

oleaut32

SysAllocString
SysFreeString
LoadRegTypeLi
SysStringLen
VariantClear

ws2_32

WSAStartup
closesocket
listen
gethostname
inet_ntoa
shutdown
WSACleanup
gethostbyname
socket
bind

mpr

WNetGetUserA

atl

ord23
ord20
ord17
ord32
ord16
ord58
ord30
ord18
ord57
ord21

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f9f861393515c42e43cd69d830052b2b

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

7c:12:e5:82:ce:e6:34:f6:e2:f6:0f:d0:6a:94:f4:3dCertificate

Extended Key Usages

Key Usages

77:a0:34:85:da:4f:e1:3d:0b:95:aa:3d:10:35:19:f7:0c:f2:52:d1Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

mpr

atl

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 8KB - Virtual size: 8KB

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

7c:12:e5:82:ce:e6:34:f6:e2:f6:0f:d0:6a:94:f4:3d
Certificate

77:a0:34:85:da:4f:e1:3d:0b:95:aa:3d:10:35:19:f7:0c:f2:52:d1
Signer

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 8KB - Virtual size: 8KB