0a52e056f6688f715a4e88caefa4a944

Sharing

Copy URL Twitter E-mail

General

Target

0a52e056f6688f715a4e88caefa4a944
Size

911KB
MD5

0a52e056f6688f715a4e88caefa4a944
SHA1

f59564fe608d289bb2e6d69611b1694f7b8176f3
SHA256

95e983554e1c68301dadf2213fd2657402ec461ac5075c61adb6832eec9edfa0
SHA512

6417b41607ab651e8037de273f550a5fa4c240f84adc8035b76990885e195426a5a52f75161e44c30fcd5a730f6aef00edf38a0dc25e481ff3f6d85f36d0c385
SSDEEP

24576:6ZhsBbMyzaWOSM5lOF/dQns7KB3xBZu7djC6rbTBTD:qyMyz1YOF/dQns7KDnulC6X1

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Autoruns/Autoruns.exe
unpack001/Autoruns/soft2cn汉化说明.exe

Files

0a52e056f6688f715a4e88caefa4a944
.rar
Autoruns/Autoruns.JPG
.jpg
Autoruns/Autoruns.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 154KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 34KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 6KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

heatray
Size: 439KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Autoruns/Autoruns.url
Autoruns/Eula.txt
Autoruns/autoruns.chm
.chm
Autoruns/autorunsc.exe
.exe windows:5 windows x86 arch:x86

3780ca98593f814f3bfa59f1cfe6a796

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:33:cc:74:a1:e8:6b:dd:c2:cc:60:a2:d9:80:48:8c:5f:99:72:b0
Signer

Actual PE Digest

52:33:cc:74:a1:e8:6b:dd:c2:cc:60:a2:d9:80:48:8c:5f:99:72:b0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ImageList_Add
ImageList_GetIcon
ImageList_ReplaceIcon

kernel32

LeaveCriticalSection
EnterCriticalSection
CreateProcessA
MultiByteToWideChar
ExitThread
SetErrorMode
InitializeCriticalSection
TlsAlloc
SearchPathA
GetCommandLineW
GetPrivateProfileStringA
FreeLibrary
LoadLibraryExA
WritePrivateProfileStringA
FindClose
FindNextFileA
FindFirstFileA
CompareStringA
SetEndOfFile
GetTimeZoneInformation
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
InterlockedExchange
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileSize
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetFileAttributesA
lstrcpyA
GetVersion
GetModuleHandleA
LocalAlloc
lstrcmpA
lstrlenA
FormatMessageA
GetStdHandle
WriteFile
LocalFree
IsValidCodePage
CreateFileA
ReadFile
SetFilePointer
GetWindowsDirectoryA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
LoadLibraryA
GetProcAddress
GetLocaleInfoA
GetNumberFormatA
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
TlsSetValue
GetCurrentProcess
GetLastError
CloseHandle
WideCharToMultiByte
TlsGetValue
CompareStringW
GetOEMCP
GetACP
FlushFileBuffers
HeapSize
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
GetCPInfo
GetCurrentThread
GetCurrentThreadId
SetLastError
TlsFree
ExitProcess
Sleep
GetModuleHandleW
HeapDestroy
SetHandleCount
LCMapStringW
HeapFree
GetProcessHeap
lstrlenW
HeapAlloc
HeapReAlloc
RaiseException
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapCreate
LCMapStringA

user32

LoadCursorA
LoadIconA
DestroyIcon
SetCursor
SendMessageA
LoadStringA
DialogBoxIndirectParamA
GetSysColorBrush
EndDialog
InflateRect
TrackPopupMenu
EnableMenuItem
GetDlgItem
SetDlgItemTextA
ShowWindow
GetMenu
DeleteMenu
GetSubMenu
InsertMenuA
SetWindowTextA
CheckMenuItem

gdi32

DeleteObject
GetDeviceCaps
SetMapMode
StartDocA
StartPage
EndPage
EndDoc

comdlg32

PrintDlgA

advapi32

RegOpenKeyA
OpenSCManagerA
OpenServiceA
RegCloseKey
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
CloseServiceHandle
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegQueryInfoKeyA
RegEnumKeyA
RegQueryValueA
RegLoadKeyA
RegUnLoadKeyA
RegCreateKeyA
RegEnumValueA
RegSetValueExA
RegDeleteKeyA
LookupAccountSidA
RegQueryValueExA
RegSetKeySecurity
RegGetKeySecurity
AllocateAndInitializeSid
GetTokenInformation
EqualSid
FreeSid
OpenProcessToken

shell32

SHGetFileInfoA
ShellExecuteA

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantChangeType
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysAllocString
SysFreeString
SetErrorInfo
GetErrorInfo
CreateErrorInfo

shlwapi

UrlUnescapeA

Sections

.text
Size: 345KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Autoruns/soft2cn汉化说明.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

HH_By_Soft2CN
RefreshDesktop

Sections

.Ray
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Ray
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Ray
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Autoruns/新云软件.url
.url
Autoruns/汉化说明.txt

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 154KB - Virtual size: 432KB

Size: 34KB - Virtual size: 80KB

Size: 6KB - Virtual size: 28KB

.rsrc Size: 11KB - Virtual size: 100KB

Size: 512B - Virtual size: 4KB

heatray Size: 439KB - Virtual size: 440KB

.adata Size: - Virtual size: 4KB

3780ca98593f814f3bfa59f1cfe6a796

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:0f:78:4d:00:00:00:00:00:03Certificate

Extended Key Usages

Key Usages

61:49:7c:ed:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

52:33:cc:74:a1:e8:6b:dd:c2:cc:60:a2:d9:80:48:8c:5f:99:72:b0Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 345KB - Virtual size: 344KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 6KB - Virtual size: 15KB

.rsrc Size: 99KB - Virtual size: 98KB

Headers

File Characteristics

Exports

Exports

Sections

.Ray Size: - Virtual size: 104KB

.Ray Size: 38KB - Virtual size: 40KB

.Ray Size: 15KB - Virtual size: 16KB

.rsrc
Size: 11KB - Virtual size: 100KB

heatray
Size: 439KB - Virtual size: 440KB

.adata
Size: - Virtual size: 4KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:0f:78:4d:00:00:00:00:00:03
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

52:33:cc:74:a1:e8:6b:dd:c2:cc:60:a2:d9:80:48:8c:5f:99:72:b0
Signer

.text
Size: 345KB - Virtual size: 344KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 6KB - Virtual size: 15KB

.rsrc
Size: 99KB - Virtual size: 98KB

.Ray
Size: - Virtual size: 104KB

.Ray
Size: 38KB - Virtual size: 40KB

.Ray
Size: 15KB - Virtual size: 16KB