749eb46058433e060b9b9f62c723649a890a72a31911a9116e5c4af759ceb3bc

Sharing

Copy URL

Twitter E-mail

General

Target

749eb46058433e060b9b9f62c723649a890a72a31911a9116e5c4af759ceb3bc
Size

1.5MB
MD5

d577e1dc003244e4ab467ed235f326c3
SHA1

18451db0b3043fafaa79bfbc1b5f82ad1947149d
SHA256

749eb46058433e060b9b9f62c723649a890a72a31911a9116e5c4af759ceb3bc
SHA512

dbab222650d770e6483230363d0d636bae067a64109c5e5a462d766741980cbee6e330417a568c83130147305482dafae40f3bcf367b279fbba136dbe57de32d
SSDEEP

24576:/k6XLqo4ez+Bgh+QevKouFkEYXqOK8mcqkNhLfRuA1F837PVa/UYJ1dZwkRAHtmE:/k6XeovzjAvBuhcqAJ5uOF8DVsfZLA91

Score

1^/10

Malware Config

Signatures

Files

749eb46058433e060b9b9f62c723649a890a72a31911a9116e5c4af759ceb3bc
.exe windows x64

ea8b2cd388fc47e0feb0921ce15c391b

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:fb:60:03:f3:0c:b2:fe:25:16:b5:ee:e3:f0:c4:99
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/08/2019, 00:00

Not After

21/08/2022, 23:59

Subject

SERIALNUMBER=91510100394487762T,CN=成都奇鲁科技有限公司,OU=IT Dept,O=成都奇鲁科技有限公司,L=成都,ST=四川,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13074368656e676475,1.3.6.1.4.1.311.60.2.1.2=#13075369636875616e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:50:21:ba:6e:d8:5a:72:ad:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17/06/2021, 17:55

Not After

16/06/2022, 17:55

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a5:4c:3d:28:e6:e2:47:15:28:11:e3:dc:33:51:e1:3f:82:31:df:b0:e6:d0:12:d2:34:0b:62:0c:e5:d8:a8:5f
Signer

Actual PE Digest

a5:4c:3d:28:e6:e2:47:15:28:11:e3:dc:33:51:e1:3f:82:31:df:b0:e6:d0:12:d2:34:0b:62:0c:e5:d8:a8:5f

Digest Algorithm

sha256

PE Digest Matches

false

a5:4c:3d:28:e6:e2:47:15:28:11:e3:dc:33:51:e1:3f:82:31:df:b0:e6:d0:12:d2:34:0b:62:0c:e5:d8:a8:5f
Signer

Actual PE Digest

a5:4c:3d:28:e6:e2:47:15:28:11:e3:dc:33:51:e1:3f:82:31:df:b0:e6:d0:12:d2:34:0b:62:0c:e5:d8:a8:5f

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExSystemTimeToLocalTime
ZwQueryValueKey
PsTerminateSystemThread
RtlRandomEx
KeQueryTimeIncrement
ZwClose
RtlAppendUnicodeStringToString
KeWaitForSingleObject
RtlTimeToTimeFields
RtlFreeAnsiString
ZwOpenProcess
ZwQueryInformationProcess
RtlCopyUnicodeString
MmIsAddressValid
ObfDereferenceObject
ZwOpenFile
ZwEnumerateKey
ZwQueryKey
ZwOpenKey
RtlGetVersion
IoDeleteSymbolicLink
IoRegisterShutdownNotification
IoDeleteDevice
MmGetSystemRoutineAddress
PsSetCreateProcessNotifyRoutine
KeUnstackDetachProcess
IoUnregisterShutdownNotification
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
wcsncmp
KeStackAttachProcess
PsSetCreateThreadNotifyRoutine
ZwQuerySystemInformation
IoFreeMdl
MmProbeAndLockPages
MmUnlockPages
IoAllocateMdl
ZwCreateKey
_vsnwprintf
_strnicmp
_wcsnicmp
ZwReadFile
RtlCheckRegistryKey
ZwDeleteValueKey
wcsncat
RtlWriteRegistryValue
ZwQueryInformationFile
RtlAnsiStringToUnicodeString
_stricmp
IoCreateFile
KeDetachProcess
ZwWaitForSingleObject
RtlImageNtHeader
ZwAllocateVirtualMemory
RtlInitAnsiString
RtlFreeUnicodeString
IoReuseIrp
KeResetEvent
KeSetEvent
KeInitializeEvent
IoFreeIrp
IoAllocateIrp
_vsnprintf
ObReferenceObjectByHandle
PsThreadType
ExInterlockedInsertTailList
ExInterlockedRemoveHeadList
KeBugCheckEx
PsCreateSystemThread
ZwCreateFile
KeDelayExecutionThread
tolower
ZwSetValueKey
RtlUnicodeStringToAnsiString
RtlQueryRegistryValues
RtlInitUnicodeString
PsLookupProcessByProcessId
PsGetProcessImageFileName
ExFreePoolWithTag
ProbeForRead
ExAllocatePoolWithTag
ExAllocatePool
towlower
PsGetVersion
__C_specific_handler

fltmgr.sys

FltUnregisterFilter
FltCloseCommunicationPort

netio.sys

WskCaptureProviderNPI
WskDeregister
WskReleaseProviderNPI
WskRegister

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 24.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

W0
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea8b2cd388fc47e0feb0921ce15c391b

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

01:fb:60:03:f3:0c:b2:fe:25:16:b5:ee:e3:f0:c4:99Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9fCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

33:00:00:00:c4:50:21:ba:6e:d8:5a:72:ad:00:00:00:00:00:c4Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

a5:4c:3d:28:e6:e2:47:15:28:11:e3:dc:33:51:e1:3f:82:31:df:b0:e6:d0:12:d2:34:0b:62:0c:e5:d8:a8:5fSigner

a5:4c:3d:28:e6:e2:47:15:28:11:e3:dc:33:51:e1:3f:82:31:df:b0:e6:d0:12:d2:34:0b:62:0c:e5:d8:a8:5fSigner

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

fltmgr.sys

netio.sys

Sections

.text Size: 104KB - Virtual size: 103KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 6KB - Virtual size: 24.6MB

.pdata Size: 2KB - Virtual size: 1KB

INIT Size: 3KB - Virtual size: 2KB

W0 Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 512B - Virtual size: 208B

.rsrc Size: 1024B - Virtual size: 732B

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

01:fb:60:03:f3:0c:b2:fe:25:16:b5:ee:e3:f0:c4:99
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

33:00:00:00:c4:50:21:ba:6e:d8:5a:72:ad:00:00:00:00:00:c4
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

a5:4c:3d:28:e6:e2:47:15:28:11:e3:dc:33:51:e1:3f:82:31:df:b0:e6:d0:12:d2:34:0b:62:0c:e5:d8:a8:5f
Signer

a5:4c:3d:28:e6:e2:47:15:28:11:e3:dc:33:51:e1:3f:82:31:df:b0:e6:d0:12:d2:34:0b:62:0c:e5:d8:a8:5f
Signer

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 6KB - Virtual size: 24.6MB

.pdata
Size: 2KB - Virtual size: 1KB

INIT
Size: 3KB - Virtual size: 2KB

W0
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 512B - Virtual size: 208B

.rsrc
Size: 1024B - Virtual size: 732B