0c665c2ba2ab0b09033f43b5e9cae8ab

Sharing

Copy URL

Twitter E-mail

General

Target

0c665c2ba2ab0b09033f43b5e9cae8ab
Size

2.0MB
MD5

0c665c2ba2ab0b09033f43b5e9cae8ab
SHA1

0c1cb4ff5368f483782b373d276fa8370bce7c65
SHA256

26397a5c47c453d097c313fab6fea0a97b5299580b91d640b03587ba761a4335
SHA512

c524623b5a76547ea2e1b3088cc5c95bb5bb723b8f8a14b72c641f57d1d1ec1cd5bf4b1f69495db3195f3ff79c94c9c3378b011a9df1bebd5b1a05008ffa682c
SSDEEP

49152:u7uhklIKMDAokRv3Ql5FbyjZaP744tnshic1AH:lk4DAzRve5ktbW

Score

1^/10

Malware Config

Signatures

Files

0c665c2ba2ab0b09033f43b5e9cae8ab
.exe windows:5 windows x86 arch:x86

edc6851bd631c64a6a3fb3dc7db0425f

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:8f:d2:aa:62:4a:49:67:62:8d:a4:85:af:b1:d9:b3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

16-10-2018 00:00

Not After

16-10-2019 23:59

Subject

CN=杭州诸相网络科技有限公司,OU=产品部,O=杭州诸相网络科技有限公司,L=武汉,ST=湖北,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

60:31:d2:30:8b:e7:52:ca:09:d9:38:3d:19:b5:28:45:db:84:68:a4
Signer

Actual PE Digest

60:31:d2:30:8b:e7:52:ca:09:d9:38:3d:19:b5:28:45:db:84:68:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

bind
send
recv
WSASetLastError
WSAStartup
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
ntohl
htonl
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
socket
closesocket
shutdown
gethostbyname
getservbyname

wldap32

ord60
ord41
ord50
ord45
ord22
ord211
ord46
ord143
ord26
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27

normaliz

IdnToAscii

kernel32

WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetProcessHeap
GetTimeZoneInformation
SetEndOfFile
GetFileAttributesExW
FlushFileBuffers
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
ReadConsoleW
GetACP
GetModuleFileNameW
HeapFree
HeapReAlloc
HeapAlloc
EnterCriticalSection
OutputDebugStringA
LeaveCriticalSection
InitializeCriticalSection
Sleep
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetTickCount64
InitializeCriticalSectionEx
FreeLibrary
GetProcAddress
SleepEx
CloseHandle
WaitForSingleObjectEx
VerSetConditionMask
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
ReadFile
GetLastError
PeekNamedPipe
WaitForMultipleObjects
SetLastError
FormatMessageA
WriteFile
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount
GlobalMemoryStatus
FlushConsoleInputBuffer
GetSystemTime
SystemTimeToFileTime
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
ExitProcess
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
HeapSize
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
CreateFileW
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RaiseException
RtlUnwind
LoadLibraryExW

user32

GetUserObjectInformationW
MessageBoxA
GetProcessWindowStation

advapi32

ReportEventA
RegisterEventSourceA
DeregisterEventSource

shell32

ShellExecuteA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 359KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edc6851bd631c64a6a3fb3dc7db0425f

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

5e:8f:d2:aa:62:4a:49:67:62:8d:a4:85:af:b1:d9:b3Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

60:31:d2:30:8b:e7:52:ca:09:d9:38:3d:19:b5:28:45:db:84:68:a4Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

normaliz

kernel32

user32

advapi32

shell32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 359KB - Virtual size: 359KB

.data Size: 38KB - Virtual size: 50KB

.gfids Size: 1024B - Virtual size: 572B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 347KB - Virtual size: 346KB

.reloc Size: 60KB - Virtual size: 60KB

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

5e:8f:d2:aa:62:4a:49:67:62:8d:a4:85:af:b1:d9:b3
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

60:31:d2:30:8b:e7:52:ca:09:d9:38:3d:19:b5:28:45:db:84:68:a4
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 359KB - Virtual size: 359KB

.data
Size: 38KB - Virtual size: 50KB

.gfids
Size: 1024B - Virtual size: 572B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 347KB - Virtual size: 346KB

.reloc
Size: 60KB - Virtual size: 60KB