c70689f87038abcec05d39867962548de8dadf53505d2ddac5e292ec1485b0c0

Sharing

Copy URL Twitter E-mail

General

Target

c70689f87038abcec05d39867962548de8dadf53505d2ddac5e292ec1485b0c0
Size

342KB
MD5

e91ef55aed401989e6817b01287aada5
SHA1

5be79c87bd4060205c0487e0058d24925ec0c7b1
SHA256

c70689f87038abcec05d39867962548de8dadf53505d2ddac5e292ec1485b0c0
SHA512

f4638bebb585a5c65c49f634010599884c0bdffcf3414d5da045044ad2ae14960ffc3c9e3ae2f6bd47ac3a14281a42f5576653a95c80c778d6734cafc79e88ac
SSDEEP

6144:wLc6gjiesvobXM1GL6HuPKPHbjy7DOq8mSPkuhXHOlPcwtKyDvDcol38LT9p:mc6+580L6HuPKwysekuhXOl0iQolML/

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
static1/unpack001/新建文件夹 (2)/ProduKey.exe	Nirsoft

Files

c70689f87038abcec05d39867962548de8dadf53505d2ddac5e292ec1485b0c0
.zip
新建文件夹 (2)/ProduKey.exe
.exe windows:4 windows x86 arch:x86

b22f52b58111e5f43d78f743605ccfc5

Code Sign

16:e6:34:d5:15:d6:35:66:7a:4e:8e:b6:c9:ea:77:5a
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

01/04/2015, 08:50

Not After

30/12/2016, 09:50

Subject

CN=Hangzhou Infogo Tech Co.\, Ltd.,O=Hangzhou Infogo Tech Co.\, Ltd.,L=Hangzhou,ST=Zhejiang,C=CN,1.2.840.113549.1.9.1=#0c1176697040696e666f676f2e636f6d2e636e

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:6d:f8:a7
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2012, 01:00

Not After

08/08/2027, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cb:ef:1f:c4:2f:e0:dd:f4:45:07:82:87:d0:45:dd:fc:ff:74:e4:2a
Signer

Actual PE Digest

cb:ef:1f:c4:2f:e0:dd:f4:45:07:82:87:d0:45:dd:fc:ff:74:e4:2a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetCloseEnum
WNetOpenEnumA
WNetEnumResourceA

msvcrt

_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_purecall
qsort
_strlwr
_itoa
_XcptFilter
strtoul
strchr
_memicmp
malloc
free
??3@YAXPAX@Z
??2@YAPAXI@Z
atoi
_exit
__dllonexit
_c_exit
_onexit
strcmp
_strnicmp
_mbsicmp
_stricmp
memcpy
_strcmpi
strlen
strrchr
memcmp
atof
strcpy
memset
strcat
strncat
sprintf
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3

comctl32

CreateToolbarEx
ord6
ImageList_Create
ImageList_AddMasked
ImageList_SetImageCount
ord17
ImageList_ReplaceIcon

ws2_32

gethostbyname
WSAStartup
WSACleanup
gethostbyaddr
closesocket
WSASetLastError
htons
WSAGetLastError
connect
WSAAsyncSelect

kernel32

OpenProcess
ResumeThread
ReadProcessMemory
ExitProcess
GetCurrentProcessId
SetErrorMode
DeleteFileA
GetStdHandle
GetPrivateProfileIntA
EnumResourceNamesA
WritePrivateProfileStringA
GetStartupInfoA
LocalFree
CreateThread
GlobalLock
GetFileAttributesA
GetTempPathA
MultiByteToWideChar
WriteFile
GetDateFormatA
GlobalUnlock
GetWindowsDirectoryA
LoadLibraryExA
GetFileSize
FormatMessageA
CreateFileA
GetModuleHandleA
FindNextFileA
GetSystemDirectoryA
ReadFile
GetModuleFileNameA
GetTimeFormatA
GetPrivateProfileStringA
WideCharToMultiByte
Sleep
GetCurrentProcess
CompareFileTime
FileTimeToLocalFileTime
GetLogicalDrives
GetComputerNameA
GetDriveTypeA
GetProcAddress
LoadLibraryA
FreeLibrary
FileTimeToSystemTime
FindFirstFileA
GlobalAlloc
GetLastError
GetVersionExA
CloseHandle
GetTempFileNameA
FindClose

user32

DeferWindowPos
GetMenuItemInfoA
EnumChildWindows
DestroyMenu
GetDlgCtrlID
DispatchMessageA
DestroyWindow
ModifyMenuA
CreateDialogParamA
LoadStringA
LoadMenuA
GetWindowTextA
RegisterWindowMessageA
GetFocus
KillTimer
EndDeferWindowPos
TrackPopupMenu
DialogBoxParamA
GetSubMenu
GetMessageA
IsDialogMessageA
BeginDeferWindowPos
TranslateMessage
SetTimer
SetCursor
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
LoadCursorA
EndDialog
GetDlgItem
CreateWindowExA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemInt
SetDlgItemTextA
GetDlgItemTextA
SetWindowTextA
MessageBoxA
GetWindowPlacement
SendMessageA
GetWindowRect
RegisterClassA
UpdateWindow
GetSystemMetrics
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
LoadImageA
LoadIconA
GetWindowLongA
SetWindowLongA
InvalidateRect
SetFocus
SetClipboardData
EnableWindow
MapWindowPoints
EmptyClipboard
EnableMenuItem
GetClientRect
GetClassNameA
ReleaseDC
CloseClipboard
OpenClipboard
GetParent
GetMenuItemCount
GetMenuStringA
GetMenu
MoveWindow
GetCursorPos
GetDC
CheckMenuItem
GetSysColor
PostQuitMessage

gdi32

GetTextExtentPoint32A
SetBkColor
GetStockObject
SetTextColor
CreateFontIndirectA
SetBkMode
DeleteObject
GetDeviceCaps

comdlg32

GetOpenFileNameA
FindTextA
GetSaveFileNameA

advapi32

RegEnumValueA
RegLoadKeyA
RegCloseKey
RegQueryInfoKeyA
RegOpenKeyExA
RegConnectRegistryA
RegEnumKeyExA
RegQueryValueExA
RegDeleteKeyA
RegUnLoadKeyA

shell32

ShellExecuteA
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新建文件夹 (2)/edge.jpg
.jpg

Sharing

General

Malware Config

Signatures

Files

b22f52b58111e5f43d78f743605ccfc5

Code Sign

16:e6:34:d5:15:d6:35:66:7a:4e:8e:b6:c9:ea:77:5aCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

19:6d:f8:a7Certificate

Key Usages

3dCertificate

Key Usages

cb:ef:1f:c4:2f:e0:dd:f4:45:07:82:87:d0:45:dd:fc:ff:74:e4:2aSigner

Headers

File Characteristics

Imports

mpr

msvcrt

comctl32

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 13KB - Virtual size: 13KB

16:e6:34:d5:15:d6:35:66:7a:4e:8e:b6:c9:ea:77:5a
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

19:6d:f8:a7
Certificate

3d
Certificate

cb:ef:1f:c4:2f:e0:dd:f4:45:07:82:87:d0:45:dd:fc:ff:74:e4:2a
Signer

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 13KB - Virtual size: 13KB