ESBeforeInstall[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ESBeforeInstall.exe
Size

23KB
MD5

c8ee48b1edab577ed53e4583c4e9ef21
SHA1

9d0730c8fa91e4b2a2b32d63fd899e67f4778345
SHA256

8200b071397c53b31d21af5b0dcc988e7feb1ce36b3f6ad896ad90a1697f45cf
SHA512

20f262a6135edb1713600393a8974e97b8589868daa1a04078d5f517429a980380f44019bf23b9406918bf69a2cc168b2983f58c1571f1a227d2fdd30ca36337
SSDEEP

384:RvzFNWC1YZW6/+Y2SNu5EBP7S+RH1OxMThO663MSoEdKeMDSG:xWC1pKNyEBOw8khO33X3G

Score

1^/10

Malware Config

Signatures

Files

ESBeforeInstall.exe
.exe windows:4 windows x86

61ff6849141cefcaa9104a5186b6b6be

Code Sign

36:40:57:49:5f:96:fd:d8:0d:fa:18:0f:df:c7:78:ab
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/05/2013, 00:00

Not After

23/05/2016, 23:59

Subject

CN=北京勤哲软件技术有限责任公司,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=北京勤哲软件技术有限责任公司,L=北京,ST=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:dc:0c:4a:7b:f8:fc:30:b6:13:4d:1b:56:ef:37:9b:4e:d7:ec:03
Signer

Actual PE Digest

12:dc:0c:4a:7b:f8:fc:30:b6:13:4d:1b:56:ef:37:9b:4e:d7:ec:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetCurrentProcess
GetLastError
Sleep
TerminateProcess
CloseHandle
OpenProcess
InterlockedCompareExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedExchange

advapi32

LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges

msvcp80

?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z

msvcr80

_invalid_parameter_noinfo
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
_invoke_watson
_controlfp_s
wcstod
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@XZ
_wcslwr
??1exception@std@@UAE@XZ
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
_wtoi
??3@YAXPAX@Z
__CxxFrameHandler3
_CxxThrowException

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61ff6849141cefcaa9104a5186b6b6be

Code Sign

36:40:57:49:5f:96:fd:d8:0d:fa:18:0f:df:c7:78:abCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

12:dc:0c:4a:7b:f8:fc:30:b6:13:4d:1b:56:ef:37:9b:4e:d7:ec:03Signer

Headers

File Characteristics

Imports

kernel32

advapi32

msvcp80

msvcr80

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 428B

36:40:57:49:5f:96:fd:d8:0d:fa:18:0f:df:c7:78:ab
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

12:dc:0c:4a:7b:f8:fc:30:b6:13:4d:1b:56:ef:37:9b:4e:d7:ec:03
Signer

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 428B