PsService[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

PsService.exe
Size

184KB
MD5

02fe68328f96fee688da5885eb4c3cf0
SHA1

0db6b656ab0505903bc47f47e63e3451a93f41e1
SHA256

9454ba56bcb470d330559573afbc10f6989ba46f3e656c20979de6f92e051752
SHA512

1b64f0246c539b72d7f8b0098ea8647de58bdd985bb2d646cbb45ba33f80cb3deb8a7421e9801e2da1cc2d55819e5db7e527c7d996997f245ce494db3d25b0f3
SSDEEP

3072:Ubk+b/Lx7nourckixvwRzDW/ZUFiasDkLsIJxw0umJPFpWE0XoK:9CtRXWiJiTm56oK

Score

1^/10

Malware Config

Signatures

Files

PsService.exe
.exe windows:5 windows x86

c0aec3871d899cfe05e4110234641e7f

Code Sign

33:00:00:00:98:04:58:cb:7f:23:09:b0:9e:00:00:00:00:00:98
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/03/2016, 19:21

Not After

30/06/2017, 19:21

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7AFA-E41C-E142,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:2b:47:ab:05:f8:ea:c1:c7:35:c4:cf:d7:74:03:5e:32:ba:0d:fb:69:76:12:03:1b:ea:6f:6b:8c:be:aa:44
Signer

Actual PE Digest

a6:2b:47:ab:05:f8:ea:c1:c7:35:c4:cf:d7:74:03:5e:32:ba:0d:fb:69:76:12:03:1b:ea:6f:6b:8c:be:aa:44

Digest Algorithm

sha256

PE Digest Matches

true

39:69:62:56:44:62:fb:c5:94:3d:8d:2d:e8:46:56:04:6d:c8:dd:46
Signer

Actual PE Digest

39:69:62:56:44:62:fb:c5:94:3d:8d:2d:e8:46:56:04:6d:c8:dd:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

NetApiBufferFree
NetServerEnum

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

FormatMessageA
LoadLibraryExW
CreateFileW
GetComputerNameW
MultiByteToWideChar
GetConsoleScreenBufferInfo
GetVersion
lstrlenW
WriteFile
CloseHandle
Sleep
SetLastError
GetLastError
GetCurrentProcess
FreeLibrary
GetModuleFileNameW
GetCommandLineW
GetModuleHandleW
LoadLibraryW
GetStdHandle
GetFileType
LocalFree
LocalAlloc
GetProcAddress
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
LCMapStringW
OutputDebugStringW
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
RaiseException
LoadLibraryExA
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
ReadFile
RtlUnwind
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW

comdlg32

PrintDlgW

advapi32

MapGenericMask
QueryServiceObjectSecurity
QueryServiceConfigW
EnumServicesStatusExW
EnumDependentServicesW
ChangeServiceConfigW
LookupAccountSidW
GetSecurityDescriptorDacl
GetAce
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
IsValidSid
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0aec3871d899cfe05e4110234641e7f

Code Sign

33:00:00:00:98:04:58:cb:7f:23:09:b0:9e:00:00:00:00:00:98Certificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

a6:2b:47:ab:05:f8:ea:c1:c7:35:c4:cf:d7:74:03:5e:32:ba:0d:fb:69:76:12:03:1b:ea:6f:6b:8c:be:aa:44Signer

39:69:62:56:44:62:fb:c5:94:3d:8d:2d:e8:46:56:04:6d:c8:dd:46Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

netapi32

mpr

kernel32

comdlg32

advapi32

Sections

.text Size: 97KB - Virtual size: 97KB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 1KB - Virtual size: 1KB

33:00:00:00:98:04:58:cb:7f:23:09:b0:9e:00:00:00:00:00:98
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

a6:2b:47:ab:05:f8:ea:c1:c7:35:c4:cf:d7:74:03:5e:32:ba:0d:fb:69:76:12:03:1b:ea:6f:6b:8c:be:aa:44
Signer

39:69:62:56:44:62:fb:c5:94:3d:8d:2d:e8:46:56:04:6d:c8:dd:46
Signer

.text
Size: 97KB - Virtual size: 97KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 1KB