02944936928f5822a984ce8395c21ce824dfebdc54bdfede40a01ac4779be765

Sharing

Copy URL Twitter E-mail

General

Target

02944936928f5822a984ce8395c21ce824dfebdc54bdfede40a01ac4779be765
Size

162KB
MD5

346d68b93342620c1d04fd640bfec567
SHA1

426dbe617d0876ef7d7c14e32b3f0960de93e361
SHA256

02944936928f5822a984ce8395c21ce824dfebdc54bdfede40a01ac4779be765
SHA512

125e23b835ec37c2e28a81ba4cb90ddb375c811372ebc3b75f869ec367ca0c7b486213533873afe787fded24024a914e5ff0f4ffcab841af2da2cd4aa1a21b27
SSDEEP

3072:LgCmV5Qi0SIgfVOWCKog0Jl5CN+ZTNRk15lJYL:LgCmnCQ7C/xtasnk19y

Score

1^/10

Malware Config

Signatures

Files

02944936928f5822a984ce8395c21ce824dfebdc54bdfede40a01ac4779be765
.exe windows x86

badceddc7190d7e54bf5c457634995df

Code Sign

17:01:8c:bb:00:00:00:35:f2:1f
Certificate

Issuer

CN=HWIT Enterprise CA 1

Not Before

18/09/2019, 03:11

Not After

16/09/2024, 03:11

Subject

CN=Huawei Technologies Co.\, Ltd.,OU=BP&IT,O=Huawei Technologies Co.\, Ltd.,L=ShenZhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:09:d5:2e:00:00:00:00:00:02
Certificate

Issuer

CN=Huawei IT Root CA,O=Huawei IT

Not Before

19/10/2013, 16:46

Not After

19/10/2029, 16:56

Subject

CN=HWIT Enterprise CA 1

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

4b:e7:b2:8a:5e:38:9a:c9:77:90:a1:10:98:12:65:54:32:db:31:0e
Signer

Actual PE Digest

4b:e7:b2:8a:5e:38:9a:c9:77:90:a1:10:98:12:65:54:32:db:31:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
setsockopt
ntohs
listen
connect
ioctlsocket
htonl
htons
recv
send
WSAStartup
WSACleanup
inet_ntop
getpeername
bind
accept
WSAPoll
WSAGetLastError
getsockopt
closesocket
freeaddrinfo
gethostname
getaddrinfo
ntohl

kernel32

IsDebuggerPresent
InitializeSListHead
FindClose
GetSystemTimeAsFileTime
FindNextFileA
Sleep
CreateThread
GetSystemTime
LocalFree
FormatMessageA
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
CreateEventA
WaitForMultipleObjects
GetCurrentProcessId
GetTickCount64
ExpandEnvironmentStringsA
CreateFileA
GetEnvironmentVariableA
GetModuleFileNameA
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
FindFirstFileA
GetModuleHandleW
UnhandledExceptionFilter

advapi32

CryptAcquireContextA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ReportEventA
OpenEventLogA
CloseEventLog
CryptReleaseContext
GetUserNameA
CryptGenRandom
SetEntriesInAclA
BuildExplicitAccessWithNameA
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
CloseServiceHandle
ChangeServiceConfig2A

vcruntime140

memmove
_except_handler4_common
strstr
strchr
memcpy
memset
strrchr

api-ms-win-crt-stdio-l1-1-0

fopen
__p__commode
_open_osfhandle
_close
__stdio_common_vsprintf_s
fflush
__stdio_common_vfprintf
fgets
fwrite
fseek
_getmaxstdio
feof
fread
__stdio_common_vsprintf
_setmaxstdio
__acrt_iob_func
fclose
_set_fmode

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc
realloc
calloc

api-ms-win-crt-convert-l1-1-0

atoi
atol

api-ms-win-crt-string-l1-1-0

_strdup
_stricmp
strpbrk
strncpy
strncmp
strtok_s
strspn
toupper

api-ms-win-crt-utility-l1-1-0

qsort
srand

api-ms-win-crt-runtime-l1-1-0

exit
_crt_atexit
_errno
terminate
_getpid
_initialize_onexit_table
signal
_controlfp_s
strerror
_seh_filter_exe
_set_app_type
_register_onexit_function
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-time-l1-1-0

strftime
_localtime64
_time64

api-ms-win-crt-filesystem-l1-1-0

remove
rename

api-ms-win-crt-math-l1-1-0

_fdopen
_except1
_libm_sse2_exp_precise
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

badceddc7190d7e54bf5c457634995df

Code Sign

17:01:8c:bb:00:00:00:35:f2:1fCertificate

Extended Key Usages

Key Usages

11:09:d5:2e:00:00:00:00:00:02Certificate

Key Usages

4b:e7:b2:8a:5e:38:9a:c9:77:90:a1:10:98:12:65:54:32:db:31:0eSigner

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

advapi32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 130KB - Virtual size: 130KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 4KB

17:01:8c:bb:00:00:00:35:f2:1f
Certificate

11:09:d5:2e:00:00:00:00:00:02
Certificate

4b:e7:b2:8a:5e:38:9a:c9:77:90:a1:10:98:12:65:54:32:db:31:0e
Signer

.text
Size: 130KB - Virtual size: 130KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB