028e87966ee77eb1da3eb0f90952f0337435105d772fd9e329209d845bb4f71a

Sharing

Copy URL Twitter E-mail

General

Target

028e87966ee77eb1da3eb0f90952f0337435105d772fd9e329209d845bb4f71a
Size

5.4MB
MD5

06559a54d28c356576bb956d01000688
SHA1

ff1a13d304d2be67e9c4d866c556abd4649b3304
SHA256

028e87966ee77eb1da3eb0f90952f0337435105d772fd9e329209d845bb4f71a
SHA512

f54e3a8e3736776ff9b2aba41b46dc1c43a7af1264a0117ceca4af2e3d8d98f10705e07a159c160224f77af67503de5ad8c091333dd308b1eec1e863fb89f0e1
SSDEEP

98304:Q3ZjDcBIgp9aVpZ6VvniIau+p3eZQNhsebc/C8IMJweU3:uPcBIgpO6Xkb+ueo

Score

1^/10

Malware Config

Signatures

Files

028e87966ee77eb1da3eb0f90952f0337435105d772fd9e329209d845bb4f71a
.exe windows x86

f29db3f1077e297531e3a72d72cd26b0

Code Sign

17:01:8c:bb:00:00:00:35:f2:1f
Certificate

Issuer

CN=HWIT Enterprise CA 1

Not Before

18/09/2019, 03:11

Not After

16/09/2024, 03:11

Subject

CN=Huawei Technologies Co.\, Ltd.,OU=BP&IT,O=Huawei Technologies Co.\, Ltd.,L=ShenZhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:09:d5:2e:00:00:00:00:00:02
Certificate

Issuer

CN=Huawei IT Root CA,O=Huawei IT

Not Before

19/10/2013, 16:46

Not After

19/10/2029, 16:56

Subject

CN=HWIT Enterprise CA 1

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

12:fc:0c:0e:3b:b0:6b:8a:e5:46:d5:ab:b2:df:88:bc:a0:3d:bb:34
Signer

Actual PE Digest

12:fc:0c:0e:3b:b0:6b:8a:e5:46:d5:ab:b2:df:88:bc:a0:3d:bb:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAPoll
WSASendTo
WSARecvFrom
WSARecv
socket
sendto
recvfrom
getsockopt
getsockname
getpeername
ntohs
ntohl
htons
htonl
freeaddrinfo
getaddrinfo
WSASocketW
WSASend
inet_addr
select
__WSAFDIsSet
inet_pton
accept
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
gethostname
shutdown
setsockopt
send
recv
listen
ioctlsocket
connect
closesocket
bind

advapi32

RegCreateKeyExA
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
ReportEventW
RegisterEventSourceW
OpenProcessToken
CopySid
GetLengthSid
GetTokenInformation
DeregisterEventSource
RegisterEventSourceA
ReportEventA
RegCloseKey
RegSetValueExA
CreateProcessAsUserA
RegOpenKeyExA
RegSetValueExW
RegSetKeyValueA
RegEnumValueA
RegDeleteKeyValueA
RegQueryInfoKeyA
DuplicateTokenEx
LookupAccountSidA
CreateServiceA
DeleteService
AdjustTokenPrivileges
LookupPrivilegeValueA
RegQueryValueExA
QueryServiceStatus
CloseServiceHandle
OpenSCManagerA
ControlService
StartServiceA
OpenServiceA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegNotifyChangeKeyValue

kernel32

Sleep
SwitchToThread
CloseHandle
GetStdHandle
GetFileType
WriteFile
AllocConsole
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
EnterCriticalSection
LeaveCriticalSection
CreateFileA
SetEvent
WaitForSingleObject
VerSetConditionMask
CreateEventA
ResetEvent
Process32First
LocalAlloc
CreateToolhelp32Snapshot
Process32Next
LocalFree
CreateEventExA
CreateProcessA
IsWow64Process
GetExitCodeProcess
GetProcAddress
CreateDirectoryA
GetDriveTypeA
OpenProcess
Process32NextW
Process32FirstW
ReadProcessMemory
GetLogicalDrives
DeviceIoControl
SetLastError
FindClose
GetFileAttributesA
CreateMutexA
ReleaseMutex
UnmapViewOfFile
OpenMutexA
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
ReadFile
OpenEventA
FormatMessageA
QueryFullProcessImageNameA
K32EnumProcesses
UnlockFile
LockFileEx
GetCurrentDirectoryA
lstrcmpiA
WideCharToMultiByte
MultiByteToWideChar
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleW
IsDebuggerPresent
FlsFree
FlsSetValue
FlsAlloc
GetLastError
OutputDebugStringA
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThreadId
SetFilePointer
SetEndOfFile
RemoveDirectoryW
GetFileAttributesExW
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
CreateEventW
SetThreadPriority
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateDirectoryW
CreateFileW
DeleteFileW
VerifyVersionInfoA
GetSystemDirectoryA
MoveFileExW
GetCurrentDirectoryW
GetLongPathNameW
GetTempPathW
InitializeCriticalSectionEx
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetModuleHandleExW
SetThreadContext
GetThreadContext
SuspendThread
ResumeThread
WriteConsoleW
WTSGetActiveConsoleSessionId
GetVersionExA
GetFileAttributesW
GetTickCount64
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
GetModuleFileNameW
InitializeCriticalSection
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
GetFileSize
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
GetSystemTime
CreateFileMappingW
FlushFileBuffers
AreFileApisANSI
HeapCreate
HeapFree
GetFullPathNameW
GetDiskFreeSpaceW
LockFile
GetFullPathNameA
UnlockFileEx
HeapValidate
HeapSize
GetTempPathA
GetDiskFreeSpaceA
OutputDebugStringW
FlushViewOfFile
LoadLibraryA
DeleteFileA
HeapReAlloc
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTickCount
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
GetCurrentThread
WaitForSingleObjectEx
DuplicateHandle
RaiseException
DecodePointer
EncodePointer
FormatMessageW
WaitForMultipleObjects
CreateMutexW
GetTimeZoneInformation
GetComputerNameW
GetVersionExW
GetSystemInfo
GetEnvironmentVariableW
QueryPerformanceFrequency
FindNextFileW
FindFirstFileW
GetSystemDirectoryW

shell32

SHGetSpecialFolderPathA

vcruntime140

__std_exception_destroy
__std_exception_copy
__std_terminate
_CxxThrowException
memcpy
memmove
wcsstr
__CxxFrameHandler3
_purecall
memchr
strrchr
__RTDynamicCast
memcmp
__AdjustPointer
__processing_throw
__current_exception
__uncaught_exception
__RTtypeid
strchr
strstr
__std_type_info_name
__std_type_info_compare
_except_handler4_common
memset
_local_unwind4

api-ms-win-crt-stdio-l1-1-0

setvbuf
__stdio_common_vsprintf
_getdcwd
fwrite
_fseeki64
fsetpos
fread
fputc
fgetpos
fgetc
fflush
fclose
_get_stream_buffer_pointers
__stdio_common_vfprintf
_close
_get_osfhandle
__p__commode
_sopen_s
__stdio_common_vsscanf
feof
fgets
_set_fmode
fopen
ferror
__stdio_common_vswprintf
_fsopen
fseek
__acrt_iob_func
fputs
_fileno
ftell
_setmode
_wfopen
ungetc
__stdio_common_vsprintf_s
__stdio_common_vsnprintf_s

api-ms-win-crt-runtime-l1-1-0

__p___argc
_exit
_beginthreadex
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
exit
signal
_cexit
abort
_wassert
_errno
_c_exit
strerror_s
_get_initial_narrow_environment
raise
_crt_atexit
_initterm
_register_onexit_function
_endthreadex
_initialize_onexit_table
__p___argv
_invalid_parameter_noinfo
terminate
_initialize_narrow_environment
_controlfp_s
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_initterm_e

api-ms-win-crt-heap-l1-1-0

free
_msize
_get_heap_handle
calloc
_callnewh
malloc
_set_new_mode
realloc

api-ms-win-crt-string-l1-1-0

strcat_s
wcsnlen
wcscpy_s
strncpy
strcmp
_strdup
_strnicmp
__strncnt
islower
toupper
tolower
_wcsdup
isupper
strcspn
isspace
iscntrl
strncmp
strtok_s
strcpy_s
_stricmp
strncpy_s
strspn
strnlen

api-ms-win-crt-locale-l1-1-0

___lc_collate_cp_func
setlocale
_lock_locales
_configthreadlocale
localeconv
_unlock_locales
___mb_cur_max_func
___lc_codepage_func
___lc_locale_name_func
__pctype_func

api-ms-win-crt-math-l1-1-0

_except1
ldexp
_libm_sse2_pow_precise
frexp
_copysign
ceil
_isnan
_finite
floor
_CIfmod
__setusermatherr
_CIexp
_CIsqrt

api-ms-win-crt-convert-l1-1-0

strtoul
atoi
strtod
strtof
strtol
strtoll

api-ms-win-crt-filesystem-l1-1-0

_mkdir
_lock_file
_unlock_file
remove
rename
_stat64i32

api-ms-win-crt-environment-l1-1-0

_dupenv_s
getenv

api-ms-win-crt-time-l1-1-0

clock
_time64
strftime
_Wcsftime
_mktime64
_Gettnames
_localtime64_s
_gmtime64_s
_Strftime
_Getdays
_Getmonths
_W_Getdays
_W_Getmonths
_W_Gettnames

api-ms-win-crt-utility-l1-1-0

qsort
srand

dbghelp

MiniDumpWriteDump

shlwapi

PathFileExistsA
PathFindExtensionA

setupapi

InstallHinfSectionW
InstallHinfSectionA

mpr

WNetGetConnectionA

iphlpapi

GetAdaptersInfo

user32

GetProcessWindowStation
GetSystemMetrics
GetUserObjectInformationW
MessageBoxW

oleaut32

VariantClear

api-ms-win-crt-multibyte-l1-1-0

_mbsnbcat_s

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsA
WTSQuerySessionInformationA
WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

bcrypt

BCryptGenRandom

Exports

Exports

?AddProcessIntoPCSCSpace@@YAHIHAAUERROR_INFO_PCSC@@@Z
?CleanPCSCSpace@@YAHHAAUERROR_INFO_PCSC@@@Z
?ClearPCSCDomainData@@YAHPA_WAAUERROR_INFO_PCSC@@@Z
?CreatePCSCLink@@YAHHPA_W00AAUERROR_INFO_PCSC@@@Z
?CreateProcessInPCSC@@YAHAAUPROCESS_INFO@@AAUERROR_INFO_PCSC@@W4LAUNCH_PRIVILEGE_PCSC@@@Z
?CreateProcessInPCSCSpaceSync@@YAHAAUPROCESS_INFO@@HAAHAAUERROR_INFO_PCSC@@W4LAUNCH_PRIVILEGE_PCSC@@@Z
?ExpandPCSCSpace@@YAHHAAUERROR_INFO_PCSC@@@Z
?GetPCSCDiskInformation@@YAHHAAUDISK_INFO_PCSC@@AAUERROR_INFO_PCSC@@@Z
?GetPCSCInformation@@YAHAAUPCSC_INFO@@AAUERROR_INFO_PCSC@@@Z
?GetPCSCSDKInformation@@YAHAAUSDK_INFO_PCSC@@AAUERROR_INFO_PCSC@@@Z
?GetPCSCSpaceInformation@@YAHPAUSPACE_INFO_PCSC@@HPAHAAUERROR_INFO_PCSC@@@Z
?GetPCSCUserName@@YAHAAUUSER_INFO_PCSC@@AAUERROR_INFO_PCSC@@@Z
?GetPCSCVCDInformation@@YAHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAIAAUERROR_INFO_PCSC@@@Z
?GetProcessPCSCSpaceInformation@@YAHAAUSPACE_INFO_PCSC@@HAAUERROR_INFO_PCSC@@@Z
?HidePCSCWnd@@YAHAAUERROR_INFO_PCSC@@@Z
?HidePCSCWndSingle@@YAHHAAUERROR_INFO_PCSC@@@Z
?InitDLL@@YAHXZ
?InstallPCSC@@YAHPA_WHHAAUERROR_INFO_PCSC@@@Z
?IsPCSCInstalled@@YAHAAUERROR_INFO_PCSC@@@Z
?LoginPCSC4Cluster@@YAHW4LOGIN_TYPE_PCSC@@IIAAUERROR_INFO_PCSC@@@Z
?PCSCGetRedirectGateWayType@@YAHHHAAW4GATEWAY_TYPE_PCSC@@AAUERROR_INFO_PCSC@@@Z
?PCSCIsSpaceWndShow@@YAHHAAUERROR_INFO_PCSC@@@Z
?PCSCLogOut@@YAHAAUERROR_INFO_PCSC@@@Z
?PCSCLoginIn@@YAHAAUERROR_INFO_PCSC@@@Z
?PCSCSetNCRuleConfigPath@@YAHPA_WAAUEXE_INFO_PCSC@@HAAUERROR_INFO_PCSC@@@Z
?PCSCTrayContextMenuCmd@@YAHW4MENU_CMD_PCSC@@AAUERROR_INFO_PCSC@@@Z
?QueryPCSCRunningStatus@@YA?AW4PCSC_RUNNING_STATUS@@AAUERROR_INFO_PCSC@@@Z
?QueryPCSCSetupStatus@@YA?AW4SETUP_STATUS_PCSC@@AAUERROR_INFO_PCSC@@@Z
?QuerySpaceProcessByNetInfo@@YAHAAUNET_INFO@@AAUSPACE_PROCESS@@AAUERROR_INFO_PCSC@@@Z
?RegisterPCSCNotify@@YAHP6GXPAUNOTIFY_INFO_PCSC@@@ZAAUERROR_INFO_PCSC@@@Z
?SetPCSCVCDInformation@@YAHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAAUERROR_INFO_PCSC@@@Z
?ShowPCSCWnd@@YAHAAUERROR_INFO_PCSC@@@Z
?ShowPCSCWndSingle@@YAHHAAUERROR_INFO_PCSC@@@Z
?UnRegisterPCSCNotify@@YAHP6GXPAUNOTIFY_INFO_PCSC@@@ZAAUERROR_INFO_PCSC@@@Z
?UninstallPCSC@@YAHHHAAUERROR_INFO_PCSC@@@Z
?UpdatePCSCSpaceWnd@@YAHHW4DCDESKTOP_STATUS_PCSC@@AAUERROR_INFO_PCSC@@@Z

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1004KB - Virtual size: 1003KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f29db3f1077e297531e3a72d72cd26b0

Code Sign

17:01:8c:bb:00:00:00:35:f2:1fCertificate

Extended Key Usages

Key Usages

11:09:d5:2e:00:00:00:00:00:02Certificate

Key Usages

12:fc:0c:0e:3b:b0:6b:8a:e5:46:d5:ab:b2:df:88:bc:a0:3d:bb:34Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

kernel32

shell32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

dbghelp

shlwapi

setupapi

mpr

iphlpapi

user32

oleaut32

api-ms-win-crt-multibyte-l1-1-0

wtsapi32

userenv

bcrypt

Exports

Exports

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 1004KB - Virtual size: 1003KB

.data Size: 145KB - Virtual size: 167KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 235KB - Virtual size: 234KB

17:01:8c:bb:00:00:00:35:f2:1f
Certificate

11:09:d5:2e:00:00:00:00:00:02
Certificate

12:fc:0c:0e:3b:b0:6b:8a:e5:46:d5:ab:b2:df:88:bc:a0:3d:bb:34
Signer

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 1004KB - Virtual size: 1003KB

.data
Size: 145KB - Virtual size: 167KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 235KB - Virtual size: 234KB