flashcentersvc[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

flashcentersvc.exe
Size

2.1MB
MD5

528a9e08eac0d761f84deda1e65da591
SHA1

688ae8d0442139f0bc01e568cc96b7807e7f4ea2
SHA256

2099887938b0d5371e08511fbf075526301e64440ac7780260f751af10235ffe
SHA512

1ee9c434a852132727a1cfd12eafa3a3011c99548d4c38afdf2b448293c7726218090669d87febe6a25ebc869959d9e0ff37565b3f7e37112aed9a5f3d18fa1e
SSDEEP

49152:iUPmvtATmdoBufgneIp3O4F3sU4pNp/tB1rNOEpRWTUp:ItAuoEfNIp3O4F3Ef1r

Score

1^/10

Malware Config

Signatures

Files

flashcentersvc.exe
.exe windows x86

e739b5b4474816cc72fdc09f15893cfb

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:88:61:06:2e:3b:97:5a:b7:6d:a2:89:80:c5:b9:5e
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17-03-2023 00:00

Not After

20-03-2025 23:59

Subject

CN=Chongqing Zhongcheng Network Technology Co. Ltd.,O=Chongqing Zhongcheng Network Technology Co. Ltd.,ST=重庆市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

aa:aa:88:bf:34:26:be:65:88:7b:a7:fa:ab:de:91:48:cf:31:02:f2:c0:48:9c:c9:e6:ce:d2:df:27:96:b2:ac
Signer

Actual PE Digest

aa:aa:88:bf:34:26:be:65:88:7b:a7:fa:ab:de:91:48:cf:31:02:f2:c0:48:9c:c9:e6:ce:d2:df:27:96:b2:ac

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

ws2_32

closesocket
WSARecv
WSASend
getpeername
WSAStringToAddressW
socket
gethostbyname
getservbyname
getsockopt
htonl
shutdown
gethostname
ioctlsocket
listen
accept
htons
WSAGetOverlappedResult
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
WSAAddressToStringW
recvfrom
sendto
getaddrinfo
freeaddrinfo
connect

wldap32

ord211
ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26
ord50
ord143
ord22
ord45

crypt32

CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CryptDecodeObject
CryptMsgClose

flashsettingsservice

?SynchronizeWithRemoteSettings@@YAHPAUSettingsManager@@PB_W1N@Z
?SetSetting@@YA_NPAUSettingsManager@@PBD1N@Z
?CreateSettingsManagerEx@@YAPAUSettingsManager@@PBD@Z
?ReleaseSettingsManager@@YAXPAUSettingsManager@@@Z

kernel32

GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
SizeofResource
CloseHandle
lstrcmpiW
lstrcpyW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
GetCommandLineW
FindResourceW
DeleteFileW
ProcessIdToSessionId
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Sleep
WaitForSingleObject
CreateEventW
CreateThread
ReadFile
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
WideCharToMultiByte
DecodePointer
CreateFileA
GetFileSize
MapViewOfFile
UnmapViewOfFile
SetUnhandledExceptionFilter
GetLogicalDriveStringsW
CreateDirectoryW
GetTickCount
GetSystemDirectoryW
LoadLibraryW
GetLocaleInfoW
GetSystemWow64DirectoryW
GetVersionExW
WriteConsoleW
TerminateProcess
FileTimeToSystemTime
CreateFileW
lstrlenW
GetStdHandle
FindClose
GetLocalTime
LocalAlloc
CreateFileMappingW
QueryDosDeviceW
GetSystemInfo
GetWindowsDirectoryW
GetCurrentProcessId
LocalFree
CreateMutexW
SetConsoleMode
OpenMutexW
OpenFileMappingW
OpenEventW
ReleaseMutex
HeapAlloc
HeapFree
GetProcessHeap
FindFirstFileW
SystemTimeToTzSpecificLocalTime
WriteFile
GetFileAttributesW
FindNextFileW
GetModuleHandleExW
OutputDebugStringW
FormatMessageW
GetCurrentThreadId
lstrcmpA
FileTimeToLocalFileTime
GetModuleHandleA
GetVersion
GetFileType
InitializeCriticalSection
SleepEx
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
HeapCreate
HeapDestroy
HeapSize
HeapReAlloc
GetExitCodeThread
PostQueuedCompletionStatus
GetQueuedCompletionStatus
SwitchToThread
CreateIoCompletionPort
MapViewOfFileEx
GetNativeSystemInfo
CreateSemaphoreW
ReleaseSemaphore
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
GetSystemTimeAsFileTime
DuplicateHandle
GetCurrentThread
EncodePointer
GetStringTypeW
RtlUnwind
FindFirstFileExW
ExitProcess
AreFileApisANSI
SetConsoleCtrlHandler
ExitThread
GetFileInformationByHandle
SetFilePointerEx
GetTimeZoneInformation
GetConsoleMode
CreateTimerQueue
WaitForSingleObjectEx
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RaiseException
GetCurrentProcess
OpenProcess
FlushInstructionCache
GetProcAddress
FreeLibrary
InterlockedCompareExchange
InterlockedExchange
InterlockedDecrement
ReadConsoleInputA
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCPInfo
UnhandledExceptionFilter
GetStartupInfoW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
VirtualProtect
GetThreadTimes
FreeLibraryAndExitThread
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
GetDriveTypeW
SetEnvironmentVariableA
GetFullPathNameW
GetCurrentDirectoryW
SetEndOfFile
lstrlenA
VirtualQuery
SetEvent

user32

KillTimer
CharNextW
SetWindowLongW
wsprintfW
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
GetDesktopWindow
GetWindow
LoadStringW
SetTimer
CharUpperW
CreateDialogParamW
GetSystemMetrics
GetPropW
IsWindow
UnregisterClassW
PostThreadMessageW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
MessageBoxW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptHashData
ConvertSidToStringSidW
CryptDestroyHash
CryptCreateHash
RegOpenKeyExA
LookupAccountNameW
CryptReleaseContext
RegQueryValueExA
GetUserNameW
CryptAcquireContextW
CryptGetHashParam
RegOpenKeyW
RegCreateKeyW
ImpersonateLoggedOnUser
RevertToSelf
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
DuplicateTokenEx
CreateProcessAsUserW
LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegisterEventSourceA
ReportEventA

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance
CoInitialize
CoUninitialize
CoReleaseServerProcess
CoAddRefServerProcess
CoInitializeSecurity

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString
VarUI4FromStr

shlwapi

StrChrW
PathFileExistsW
PathFileExistsA
StrPBrkW

psapi

EnumProcesses
GetProcessImageFileNameW

wininet

InternetGetConnectedState

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
GetUserProfileDirectoryW

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
WinVerifyTrust
CryptCATAdminAcquireContext

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e739b5b4474816cc72fdc09f15893cfb

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0f:88:61:06:2e:3b:97:5a:b7:6d:a2:89:80:c5:b9:5eCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

aa:aa:88:bf:34:26:be:65:88:7b:a7:fa:ab:de:91:48:cf:31:02:f2:c0:48:9c:c9:e6:ce:d2:df:27:96:b2:acSigner

Headers

DLL Characteristics

File Characteristics

Imports

winmm

ws2_32

wldap32

crypt32

flashsettingsservice

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

wininet

version

userenv

wintrust

wtsapi32

iphlpapi

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 394KB - Virtual size: 394KB

.data Size: 48KB - Virtual size: 77KB

Shared Size: 512B - Virtual size: 4B

.rsrc Size: 49KB - Virtual size: 48KB

.reloc Size: 74KB - Virtual size: 74KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:88:61:06:2e:3b:97:5a:b7:6d:a2:89:80:c5:b9:5e
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

aa:aa:88:bf:34:26:be:65:88:7b:a7:fa:ab:de:91:48:cf:31:02:f2:c0:48:9c:c9:e6:ce:d2:df:27:96:b2:ac
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 394KB - Virtual size: 394KB

.data
Size: 48KB - Virtual size: 77KB

Shared
Size: 512B - Virtual size: 4B

.rsrc
Size: 49KB - Virtual size: 48KB

.reloc
Size: 74KB - Virtual size: 74KB