General

Malware Config

Signatures

Files

• MDE_File_Sample_a96982e8c7c60161303db9df2235268a7be9a2dac2fd5fdd12ba317cd7259cb0.zip

  .zip

  Password: infected

• ??_4429373294.exe

  .exe windows:5 windows x86

  5701c0418b05d37abfa293149fc3f125

  
  

  Code Sign

  04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2013 12:00

  Not After

  22-10-2028 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  05:de:6c:1e:6d:cb:34:df:98:69:ae:dc:15:7f:07:25

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  25-05-2021 00:00

  Not After

  28-05-2024 23:59

  Subject

  CN=Chengdu Qilu Technology Co. Ltd.,O=Chengdu Qilu Technology Co. Ltd.,L=成都市,ST=四川省,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12

  Certificate

  Issuer

  CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  12-01-2016 00:00

  Not After

  11-01-2031 23:59

  Subject

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12

  Certificate

  Issuer

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  23-12-2017 00:00

  Not After

  22-03-2029 23:59

  Subject

  CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  ab:2c:a4:bd:b8:51:b8:40:96:46:91:b7:62:11:20:16:7a:b4:e5:44:ce:f7:8f:b7:36:47:36:df:2e:13:8c:da

  Signer

  Actual PE Digest

  ab:2c:a4:bd:b8:51:b8:40:96:46:91:b7:62:11:20:16:7a:b4:e5:44:ce:f7:8f:b7:36:47:36:df:2e:13:8c:da

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetVersionExW

  VirtualQuery

  LocalAlloc

  LocalFree

  GetModuleFileNameW

  GetProcessAffinityMask

  SetProcessAffinityMask

  SetThreadAffinityMask

  Sleep

  ExitProcess

  FreeLibrary

  LoadLibraryA

  GetModuleHandleA

  GetProcAddress

  user32

  GetCursorPos

  GetUserObjectInformationW

  GetProcessWindowStation

  GetUserObjectInformationW

  oleaut32

  VarUI4FromStr

  dbghelp

  MakeSureDirectoryPathExists

  wtsapi32

  WTSSendMessageW

  Exports

  Exports

  _Start@12

  Sections

  .text

  Size: - Virtual size: 654KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: - Virtual size: 152KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: - Virtual size: 182KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .upx0

  Size: - Virtual size: 2.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .upx1

  Size: 4.5MB - Virtual size: 4.5MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 425KB - Virtual size: 425KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ