e91339b0b318876a2c0eaf01c91dda546362d70922936c5d1d36b0c8da03b3b2

Sharing

Copy URL Twitter E-mail

General

Target

e91339b0b318876a2c0eaf01c91dda546362d70922936c5d1d36b0c8da03b3b2
Size

6.0MB
MD5

c99c717ccb2767eec7890e999bc085a5
SHA1

56fc538c7ea03c813a16ea3cc34b0260c3720c91
SHA256

e91339b0b318876a2c0eaf01c91dda546362d70922936c5d1d36b0c8da03b3b2
SHA512

933beee919dff3666ff48675edbd27bb6e9a9367c3dae50b5864aced6c5bd5652fac7c53f335c32e5a11e38da859cd52ef3698ca34406a4d8a98508015bb1a66
SSDEEP

98304:a1K7UMQuseNuREbSz9zeh9EONbc3K4K3yoIEd5kWCzrT/8X:a07BQnCu2bShBiYPGxnUn/

Score

1^/10

Malware Config

Signatures

Files

e91339b0b318876a2c0eaf01c91dda546362d70922936c5d1d36b0c8da03b3b2
.dll windows:6 windows x64

b9310dc2010ed59c8380f5097f2881b0

Code Sign

29:ef:ff:ee:3f:ea:4a:46
Certificate

Issuer

CN=TrustAsia SHA2 Code Signing CA,O=TrustAsia Technologies\, Inc.,C=CN

Not Before

21/02/2022, 00:00

Not After

20/02/2024, 23:59

Subject

CN=亚洲诚信代码签名测试证书SHA2,O=亚数信息科技（上海）有限公司,L=上海市,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06
Certificate

Issuer

CN=TrustAsia Root CA,O=TrustAsia Technologies\, Inc.,C=CN

Not Before

01/01/2015, 07:48

Not After

30/12/2025, 07:48

Subject

CN=TrustAsia SHA2 Code Signing CA,O=TrustAsia Technologies\, Inc.,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:b1:32:d5:7e:79:68:96:0d:f2:6e:85:4e:b0:dd:a6
Certificate

Issuer

CN=JemmyLoveJenny SHA1 TimeStamping Services CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Not Before

01/01/2000, 00:00

Not After

31/12/2099, 23:59

Subject

CN=Fake TimeStamp Responder,OU=timestamp.pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1e:b1:32:d5:7e:79:68:96
Certificate

Issuer

CN=JemmyLoveJenny EV Root CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Not Before

01/01/2000, 00:00

Not After

31/12/2099, 23:59

Subject

CN=JemmyLoveJenny SHA1 TimeStamping Services CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:ef:ff:ee:3f:ea:4a:46
Certificate

Issuer

CN=TrustAsia SHA2 Code Signing CA,O=TrustAsia Technologies\, Inc.,C=CN

Not Before

21/02/2022, 00:00

Not After

20/02/2024, 23:59

Subject

CN=亚洲诚信代码签名测试证书SHA2,O=亚数信息科技（上海）有限公司,L=上海市,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06
Certificate

Issuer

CN=TrustAsia Root CA,O=TrustAsia Technologies\, Inc.,C=CN

Not Before

01/01/2015, 07:48

Not After

30/12/2025, 07:48

Subject

CN=TrustAsia SHA2 Code Signing CA,O=TrustAsia Technologies\, Inc.,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:b1:32:d5:7e:79:68:96:0d:f2:6e:85:4e:b0:dd:a6
Certificate

Issuer

CN=JemmyLoveJenny SHA1 TimeStamping Services CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Not Before

01/01/2000, 00:00

Not After

31/12/2099, 23:59

Subject

CN=Fake TimeStamp Responder,OU=timestamp.pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1e:b1:32:d5:7e:79:68:96
Certificate

Issuer

CN=JemmyLoveJenny EV Root CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Not Before

01/01/2000, 00:00

Not After

31/12/2099, 23:59

Subject

CN=JemmyLoveJenny SHA1 TimeStamping Services CA,OU=pki.jemmylovejenny.tk,O=JemmyLoveJenny PKI Service,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:84:c5:5b:6b:d7:3f:1d:2c:9f:31:06:c1:11:ed:40:f5:83:0f:1a:f3:d2:59:6b:4e:39:7b:19:fb:52:c2:22
Signer

Actual PE Digest

67:84:c5:5b:6b:d7:3f:1d:2c:9f:31:06:c1:11:ed:40:f5:83:0f:1a:f3:d2:59:6b:4e:39:7b:19:fb:52:c2:22

Digest Algorithm

sha256

PE Digest Matches

true

51:f9:69:03:23:34:9b:a1:ff:97:c1:20:cd:7b:2d:64:7f:14:41:61
Signer

Actual PE Digest

51:f9:69:03:23:34:9b:a1:ff:97:c1:20:cd:7b:2d:64:7f:14:41:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize

oleaut32

SysAllocStringLen
SysFreeString
SysAllocString
SysStringLen
VariantClear
VariantInit

dhcpcsvc

DhcpRequestParams

userenv

GetProfilesDirectoryA

shlwapi

PathRemoveBackslashW

shell32

ord680

ws2_32

htonl
freeaddrinfo
getaddrinfo
getnameinfo
inet_ntoa
htons
inet_addr
getsockopt
__WSAFDIsSet
select
connect
socket
WSAGetLastError
closesocket
WSAStartup
recv
WSACleanup
ioctlsocket
send
setsockopt

kernel32

DeleteFiber
CreateSemaphoreA
SearchPathA
QueryPerformanceFrequency
DuplicateHandle
FlushFileBuffers
FileTimeToSystemTime
HeapReAlloc
HeapAlloc
TlsSetValue
DefineDosDeviceA
CreateProcessW
HeapFree
UnmapViewOfFile
GetSystemTime
MapViewOfFile
OpenSemaphoreA
ConvertFiberToThread
OpenMutexA
FindClose
FindNextFileA
FindFirstFileA
GetSystemWindowsDirectoryA
FreeEnvironmentStringsA
lstrlenA
GetEnvironmentStrings
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
GetTickCount
GetVersion
SetErrorMode
SetHandleInformation
GetModuleHandleA
CloseHandle
ReleaseMutex
WaitForSingleObject
GetLastError
CreateMutexA
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineW
GetEnvironmentVariableA
TlsAlloc
GetLocalTime
GetTimeZoneInformation
FormatMessageA
GetProcessTimes
GetCurrentProcess
FindFirstFileW
FindNextFileW
Sleep
ResetEvent
CreateEventA
SetEvent
SetLastError
GetVolumeInformationA
GetDriveTypeA
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryExA
SetNamedPipeHandleState
WaitNamedPipeA
CreateFileA
SleepEx
WriteFile
ReadFile
DeviceIoControl
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
CreateFiberEx
GetFileSize
TerminateThread
GetSystemInfo
LocalFree
GetModuleFileNameA
GetLogicalDrives
LocalAlloc
SetThreadPriority
GetComputerNameW
QueryDosDeviceA
ReleaseSemaphore
CreateFileMappingA
GetProcessHeap
GetModuleFileNameW
TlsGetValue
GetComputerNameExW
SwitchToFiber
ResumeThread
ConvertThreadToFiber
SetFileAttributesW
GetFileInformationByHandle
OpenProcess
SwitchToThread
CreateFileW
GetEnvironmentVariableW
SystemTimeToFileTime
OutputDebugStringA

vcruntime140

strstr
memmove
memcmp
memchr
strrchr
strchr
memset
__CxxDetectRethrow
__CxxUnregisterExceptionObject
wcsstr
__C_specific_handler
__std_type_info_destroy_list
__current_exception
__current_exception_context
__CxxRegisterExceptionObject
memcpy
__FrameUnwindFilter
__CxxExceptionFilter
__CxxQueryExceptionSize
_CxxThrowException
__std_exception_copy
__std_exception_destroy

api-ms-win-crt-string-l1-1-0

isalpha
_strdup
strtok
strpbrk
strcspn
strspn
strncmp
strncpy
strcpy
iscntrl
isdigit
isalnum
islower
_stricmp
isprint
ispunct
isupper
isxdigit
strcmp
toupper
isspace
wcscmp
strlen
strcpy_s
isgraph
strncpy_s
strcat
tolower
_strnicmp

api-ms-win-crt-time-l1-1-0

_localtime64
_gmtime64
_mktime32
_mktime64
_time64

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_s
__stdio_common_vswprintf
__stdio_common_vfwscanf
__stdio_common_vfwprintf_p
__stdio_common_vfwprintf_s
__stdio_common_vfwprintf
__acrt_iob_func
__stdio_common_vswprintf_p
fwrite
_write
ferror
__stdio_common_vsscanf
ftell
fread
fflush
__stdio_common_vswscanf
__stdio_common_vfprintf
fgetc
fgets
ungetc
__stdio_common_vfprintf_s
clearerr
__stdio_common_vfprintf_p
fopen_s
_lseek
feof
fclose
_open
fopen
getchar
_getcwd
__stdio_common_vsprintf_p
__stdio_common_vsnprintf_s
__stdio_common_vsprintf_s
__stdio_common_vfscanf
_read
_chsize
_close
_wopen
_wfreopen
freopen
_wfopen
_fileno
__stdio_common_vsprintf
fseek

api-ms-win-crt-runtime-l1-1-0

perror
_errno
_getpid
terminate
_cexit
_crt_at_quick_exit
_beginthreadex
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
strerror
__sys_errlist
__sys_nerr
exit
_crt_atexit
abort
_exit
_endthread
_beginthread

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh
realloc
calloc

api-ms-win-crt-utility-l1-1-0

abs
rand_s
qsort
srand
rand

api-ms-win-crt-convert-l1-1-0

strtoul
atof
strtod
strtol
atoi

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
_wstat64i32
rename
_wrename
_waccess
remove
_wremove
_wfindfirst64
_findclose
_findnext64i32
_access
_unlink
_findfirst64i32
_wrmdir
_wfindnext64
_wstat32
_wunlink
_fstat32
_wmkdir

api-ms-win-crt-environment-l1-1-0

getenv
_putenv

user32

DialogBoxIndirectParamA
EnableWindow
GetWindowRect
GetDlgItem
SendMessageA
GetActiveWindow
MessageBoxA
CreateDialogIndirectParamA
wsprintfA
GetSystemMetrics
GetClientRect
ScreenToClient
MoveWindow
ShowWindow
SetWindowTextA
SetFocus
GetFocus
GetParent
EndDialog
GetDlgItemTextA
GetDlgItemTextW
SetDlgItemTextA
MessageBeep
GetWindowLongA

netapi32

Netbios

advapi32

RegCloseKey
RegDeleteValueA
RegEnumValueA
StartServiceA
RegOpenKeyExA
QueryServiceStatus
RegCreateKeyExA
RegQueryValueExA
RegQueryValueExW
OpenSCManagerA
RegSetValueExA
RegSetValueExW
GetUserNameA
GetUserNameW
RegEnumKeyExA
RegQueryInfoKeyA
CloseServiceHandle
OpenServiceA

comdlg32

GetOpenFileNameA

comctl32

ord17

mscoree

_CorDllMain

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 186KB - Virtual size: 567KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9310dc2010ed59c8380f5097f2881b0

Code Sign

29:ef:ff:ee:3f:ea:4a:46Certificate

Extended Key Usages

Key Usages

06Certificate

Extended Key Usages

Key Usages

1e:b1:32:d5:7e:79:68:96:0d:f2:6e:85:4e:b0:dd:a6Certificate

Extended Key Usages

Key Usages

1e:b1:32:d5:7e:79:68:96Certificate

Extended Key Usages

Key Usages

29:ef:ff:ee:3f:ea:4a:46Certificate

Extended Key Usages

Key Usages

06Certificate

Extended Key Usages

Key Usages

1e:b1:32:d5:7e:79:68:96:0d:f2:6e:85:4e:b0:dd:a6Certificate

Extended Key Usages

Key Usages

1e:b1:32:d5:7e:79:68:96Certificate

Extended Key Usages

Key Usages

67:84:c5:5b:6b:d7:3f:1d:2c:9f:31:06:c1:11:ed:40:f5:83:0f:1a:f3:d2:59:6b:4e:39:7b:19:fb:52:c2:22Signer

51:f9:69:03:23:34:9b:a1:ff:97:c1:20:cd:7b:2d:64:7f:14:41:61Signer

Headers

DLL Characteristics

File Characteristics

Imports

ole32

oleaut32

dhcpcsvc

userenv

shlwapi

shell32

ws2_32

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

user32

netapi32

advapi32

comdlg32

comctl32

mscoree

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.nep Size: 1KB - Virtual size: 1KB

.textidx Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 186KB - Virtual size: 567KB

.pdata Size: 28KB - Virtual size: 27KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

29:ef:ff:ee:3f:ea:4a:46
Certificate

06
Certificate

1e:b1:32:d5:7e:79:68:96:0d:f2:6e:85:4e:b0:dd:a6
Certificate

1e:b1:32:d5:7e:79:68:96
Certificate

29:ef:ff:ee:3f:ea:4a:46
Certificate

06
Certificate

1e:b1:32:d5:7e:79:68:96:0d:f2:6e:85:4e:b0:dd:a6
Certificate

1e:b1:32:d5:7e:79:68:96
Certificate

67:84:c5:5b:6b:d7:3f:1d:2c:9f:31:06:c1:11:ed:40:f5:83:0f:1a:f3:d2:59:6b:4e:39:7b:19:fb:52:c2:22
Signer

51:f9:69:03:23:34:9b:a1:ff:97:c1:20:cd:7b:2d:64:7f:14:41:61
Signer

.text
Size: 3.3MB - Virtual size: 3.3MB

.nep
Size: 1KB - Virtual size: 1KB

.textidx
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 186KB - Virtual size: 567KB

.pdata
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB