24c900024d213549502301c366d18c318887630f04c96bf0a3d6ba74e0df164f[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

24c900024d213549502301c366d18c318887630f04c96bf0a3d6ba74e0df164f.exe
Size

31KB
MD5

072ba2309b825ce1dba37d8d924ea8ed
SHA1

89a74d0e9fd03129082c5b868f5ad62558ca34fd
SHA256

24c900024d213549502301c366d18c318887630f04c96bf0a3d6ba74e0df164f
SHA512

d1d2af4e7b59b3be6525b8ed7674a57d69b74a312cb55b1edecb0d9a858ec54a18c1e42bba0c2406679470ccc6b8a862328df43fd108c857c8ee94f8a431e554
SSDEEP

384:RCAVCbxg12u6MXhhZY/cpnjB7Vs3jbnNQ1QsTQyZMdbUNFcVeMrR6:b1rNhhZY/cVBxsi1Qs88M0c6

Score

1^/10

Malware Config

Signatures

Files

24c900024d213549502301c366d18c318887630f04c96bf0a3d6ba74e0df164f.exe
.exe windows x64

5ccbcafb8f4d6f672c61fdc0b2d12a95

Code Sign

0a:00:5d:2e:2b:cd:41:37:16:82:17:d8:c7:27:74:7c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16/05/2014, 00:00

Not After

16/05/2015, 23:59

Subject

CN=Beijing JoinHope Image Technology Ltd.,O=Beijing JoinHope Image Technology Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:b1:32:d5:7e:79:68:96:0d:f2:6e:85:4e:b0:dd:a6
Certificate

Issuer

CN=JemmyLoveJenny SHA1 TimeStamping Services CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Not Before

01/01/2000, 00:00

Not After

31/12/2099, 23:59

Subject

CN=Fake TimeStamp Responder,OU=timestamp.pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:b1:32:d5:7e:79:68:96
Certificate

Issuer

CN=JemmyLoveJenny EV Root CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Not Before

01/01/2000, 00:00

Not After

31/12/2099, 23:59

Subject

CN=JemmyLoveJenny SHA1 TimeStamping Services CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:e7:9b:a1:81:f2:a6:46:bb:aa:9e:28:ce:2c:4c:49:00:74:fd:a2
Signer

Actual PE Digest

d8:e7:9b:a1:81:f2:a6:46:bb:aa:9e:28:ce:2c:4c:49:00:74:fd:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ExFreePoolWithTag
PsCreateSystemThread
ZwClose
ZwOpenProcess
ZwWaitForSingleObject
RtlIpv4AddressToStringA
ZwCreateFile
ZwWriteFile
ZwDeleteFile
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
RtlUnicodeStringToAnsiString
ExAllocatePool
RtlFreeAnsiString
_vsnprintf
_vsnwprintf
KeInitializeEvent
KeWaitForSingleObject
RtlRandomEx
RtlCopyUnicodeString
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExInitializeResourceLite
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
KeBugCheckEx
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock
_strlwr
IoWMIRegistrationControl
MmGetSystemRoutineAddress
RtlCompareMemory
ExSystemTimeToLocalTime
RtlTimeToTimeFields
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlInitUnicodeString

fwpkclnt.sys

FwpsAcquireWritableLayerDataPointer0
FwpsReleaseClassifyHandle0
FwpsAcquireClassifyHandle0
FwpsCalloutRegister1
FwpsApplyModifiedLayerData0

wdfldr.sys

WdfVersionBindClass
WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ccbcafb8f4d6f672c61fdc0b2d12a95

Code Sign

0a:00:5d:2e:2b:cd:41:37:16:82:17:d8:c7:27:74:7cCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

1e:b1:32:d5:7e:79:68:96:0d:f2:6e:85:4e:b0:dd:a6Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

1e:b1:32:d5:7e:79:68:96Certificate

Extended Key Usages

Key Usages

d8:e7:9b:a1:81:f2:a6:46:bb:aa:9e:28:ce:2c:4c:49:00:74:fd:a2Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

fwpkclnt.sys

wdfldr.sys

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 5KB

.pdata Size: 1024B - Virtual size: 804B

.gfids Size: 512B - Virtual size: 4B

PAGE Size: 1KB - Virtual size: 1KB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 320B

.reloc Size: 512B - Virtual size: 88B

0a:00:5d:2e:2b:cd:41:37:16:82:17:d8:c7:27:74:7c
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

1e:b1:32:d5:7e:79:68:96:0d:f2:6e:85:4e:b0:dd:a6
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1e:b1:32:d5:7e:79:68:96
Certificate

d8:e7:9b:a1:81:f2:a6:46:bb:aa:9e:28:ce:2c:4c:49:00:74:fd:a2
Signer

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 5KB

.pdata
Size: 1024B - Virtual size: 804B

.gfids
Size: 512B - Virtual size: 4B

PAGE
Size: 1KB - Virtual size: 1KB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 320B

.reloc
Size: 512B - Virtual size: 88B