757ece3491a92c24cbbf7d580269c4e0d81f690eeb587426cd68b0c00239bf41

Sharing

Copy URL Twitter E-mail

General

Target

757ece3491a92c24cbbf7d580269c4e0d81f690eeb587426cd68b0c00239bf41
Size

49KB
MD5

164a34a1f16b6a28c87cb4219bb14cc7
SHA1

a5bf162d5801b1ce9f2d8319960e073b626eb29d
SHA256

757ece3491a92c24cbbf7d580269c4e0d81f690eeb587426cd68b0c00239bf41
SHA512

0299bb9fef6fccd29d6c05fcb0eb3975e55a05204dd8c94864d8e200afd12fda89e7940be77fab04ce292a500bc2a79e8e8985f1daeef1c42fd9056475cd4705
SSDEEP

1536:O+K+3sdmGaQJ7/sNfBBnj2RBtH4CKA4jm9so:jKB0Ga6/sFKau4jMso

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/hwid_spoofer_gui.exe

Files

757ece3491a92c24cbbf7d580269c4e0d81f690eeb587426cd68b0c00239bf41
.zip
hwid_spoofer_gui.exe
.exe windows x64

4de3a4ab335c54fd7c454b02319c3341

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetVersionExA
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetVersion
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlCaptureContext
GetDriveTypeA
SetFilePointer
WriteFile
ReadFile
CloseHandle
CreateFileA
GetLastError
Sleep
DeviceIoControl
QueryPerformanceCounter
GetVolumeInformationA

user32

UpdateWindow
wsprintfA
ShowWindow
PostQuitMessage
GetDlgItem
LoadIconA
CreateDialogParamA
SendMessageA
TranslateMessage
MessageBoxA
GetMessageA
DispatchMessageA
GetWindowTextA
SetWindowTextA

comdlg32

GetOpenFileNameW

advapi32

QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
DeleteService
ControlService
StartServiceW
OpenServiceW
CreateServiceW

msvcp140

?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z

vcruntime140

memchr
memcmp
memset
_CxxThrowException
__std_exception_destroy
__std_exception_copy
_purecall
__CxxFrameHandler3
__C_specific_handler
memmove

api-ms-win-crt-string-l1-1-0

toupper
strncmp

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_register_thread_local_exe_atexit_callback
_crt_atexit
terminate
_c_exit
_cexit
_exit
_seh_filter_exe
_get_narrow_winmain_command_line
exit
_initterm_e
_invalid_parameter_noinfo_noreturn
_initterm
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode
_popen
_pclose
fgets

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
_callnewh
free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hwid_spoofer_kernel.sys
.exe windows x64

7801ec4919e603544fba4139c8f672da

Code Sign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:b1:32:d5:7e:79:68:96:0d:f2:6e:85:4e:b0:dd:a6
Certificate

Issuer

CN=JemmyLoveJenny SHA1 TimeStamping Services CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Not Before

01/01/2000, 00:00

Not After

31/12/2099, 23:59

Subject

CN=Fake TimeStamp Responder,OU=timestamp.pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

53:b5:e0:b2:51:75:57:d4:a0:5d:20:61:85:82:d0:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/06/2012, 00:00

Not After

18/06/2013, 23:59

Subject

CN=Beijing Chunbai Technology Development Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Chunbai Technology Development Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1e:b1:32:d5
Certificate

Issuer

CN=JemmyLoveJenny EV Root CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Not Before

01/01/2000, 00:00

Not After

31/12/2099, 23:59

Subject

CN=JemmyLoveJenny EV Root CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:b1:32:d5:7e:79:68:96
Certificate

Issuer

CN=JemmyLoveJenny EV Root CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Not Before

01/01/2000, 00:00

Not After

31/12/2099, 23:59

Subject

CN=JemmyLoveJenny SHA1 TimeStamping Services CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d9:cd:8a:10:ea:a4:23:da:22:47:ae:e6:c9:e0:86:a0:c5:91:f6:75
Signer

Actual PE Digest

d9:cd:8a:10:ea:a4:23:da:22:47:ae:e6:c9:e0:86:a0:c5:91:f6:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

strstr
RtlInitUnicodeString
vDbgPrintExWithPrefix
KeInitializeSpinLock
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeQueryTimeIncrement
ExAllocatePool
ExAllocatePoolWithTag
ExFreePoolWithTag
MmMapLockedPages
MmMapIoSpace
MmUnmapIoSpace
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoGetDeviceObjectPointer
ObfDereferenceObject
MmCopyMemory
RtlRandomEx
IoEnumerateDeviceObjectList
ZwQuerySystemInformation
ObReferenceObjectByName
_vsnwprintf
IoDriverObjectType

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4de3a4ab335c54fd7c454b02319c3341

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 42KB - Virtual size: 41KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 69KB - Virtual size: 69KB

.reloc Size: 512B - Virtual size: 112B

7801ec4919e603544fba4139c8f672da

Code Sign

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

1e:b1:32:d5:7e:79:68:96:0d:f2:6e:85:4e:b0:dd:a6Certificate

Extended Key Usages

Key Usages

53:b5:e0:b2:51:75:57:d4:a0:5d:20:61:85:82:d0:ddCertificate

Extended Key Usages

Key Usages

1e:b1:32:d5Certificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

1e:b1:32:d5:7e:79:68:96Certificate

Extended Key Usages

Key Usages

d9:cd:8a:10:ea:a4:23:da:22:47:ae:e6:c9:e0:86:a0:c5:91:f6:75Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 624B

.pdata Size: 1024B - Virtual size: 564B

INIT Size: 1024B - Virtual size: 954B

.reloc Size: 512B - Virtual size: 20B

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 69KB - Virtual size: 69KB

.reloc
Size: 512B - Virtual size: 112B

61:19:93:e4:00:00:00:00:00:1c
Certificate

1e:b1:32:d5:7e:79:68:96:0d:f2:6e:85:4e:b0:dd:a6
Certificate

53:b5:e0:b2:51:75:57:d4:a0:5d:20:61:85:82:d0:dd
Certificate

1e:b1:32:d5
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1e:b1:32:d5:7e:79:68:96
Certificate

d9:cd:8a:10:ea:a4:23:da:22:47:ae:e6:c9:e0:86:a0:c5:91:f6:75
Signer

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 624B

.pdata
Size: 1024B - Virtual size: 564B

INIT
Size: 1024B - Virtual size: 954B

.reloc
Size: 512B - Virtual size: 20B