98d3da844c4cf1c8fd98ab48b15c9585dbe011dda7bb205e6fea13aa7d1a9fb0

Sharing

Copy URL Twitter E-mail

General

Target

98d3da844c4cf1c8fd98ab48b15c9585dbe011dda7bb205e6fea13aa7d1a9fb0
Size

1.4MB
MD5

605640cb9b235216489bd0e91fc97b56
SHA1

126310cedf0812f9aea05a2075a22714b42bac55
SHA256

98d3da844c4cf1c8fd98ab48b15c9585dbe011dda7bb205e6fea13aa7d1a9fb0
SHA512

6c2cf470883a242ab7ea387f34f90e18f4e3e7c8a12f654346aad332ccd408fe578fbc16b0953b4631b98f251fb2f1ffa2d1744467b565fec71ec4f2593a23d0
SSDEEP

24576:x1Cmb4Uh4/3SM/HH5w8NY8xkUDd85lpVNx5ygVDQObM6H23v8qW2w0ArEH7+F:7COMP5oOH8FVNnTHbM6W3v8qo02

Score

1^/10

Malware Config

Signatures

Files

98d3da844c4cf1c8fd98ab48b15c9585dbe011dda7bb205e6fea13aa7d1a9fb0
.exe windows:6 windows x86 arch:x86

89f5336bdcd5b254f9ca48b33fd8fd7f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:be:02:c8:83:8f:bf:02:ab:56:ed:ab:b1:e3:4c:19
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

22/10/2021, 00:00

Not After

22/10/2024, 23:59

Subject

SERIALNUMBER=23638777,CN=ASUSTeK COMPUTER INC.,O=ASUSTeK COMPUTER INC.,L=Beitou District,ST=Taipei City,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:eb:9b:fb:68:91:da:77:58:b2:c1:cb:f4:90:7c:88:45:8d:18:c8:46:73:87:60:3c:ce:b1:84:7b:3d:8e:2e
Signer

Actual PE Digest

c2:eb:9b:fb:68:91:da:77:58:b2:c1:cb:f4:90:7c:88:45:8d:18:c8:46:73:87:60:3c:ce:b1:84:7b:3d:8e:2e

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Program Files (x86)\ASUS\AsusFanControlService\2.01.04\AsusFanControlService.pdb

Imports

wtsapi32

WTSSendMessageW

kernel32

ResetEvent
CreateEventW
CreateThread
GetCurrentThreadId
GetModuleHandleW
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
lstrcmpiW
WTSGetActiveConsoleSessionId
ReleaseMutex
CreateMutexW
OpenMutexW
OpenEventW
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryW
CreateFileW
ReadFile
WriteFile
CreateFileA
DeleteFileA
SetFileAttributesA
GetCurrentDirectoryW
InitializeCriticalSection
TryEnterCriticalSection
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetLogicalProcessorInformation
WriteConsoleW
DeleteCriticalSection
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
HeapReAlloc
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
InitializeCriticalSectionEx
RaiseException
DecodePointer
GetCommandLineW
GetVersionExW
GetCurrentProcess
WaitForSingleObject
ResumeThread
GetCurrentThread
SetLastError
GetLastError
CloseHandle
GetThreadPriority
GetModuleFileNameA
OutputDebugStringW
OutputDebugStringA
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleA
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
GetTickCount
LoadLibraryW
GetProcAddress
Sleep
SetEndOfFile
CreateTimerQueueTimer
ChangeTimerQueueTimer
GetFileType
HeapAlloc
HeapFree
GetProcessHeap
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetStdHandle
VirtualQuery
GetSystemInfo
ExitThread
GetModuleHandleExW
ExitProcess
HeapSize
RtlUnwind
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
SetThreadPriority
SignalObjectAndWait
LocalFree
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
SetEvent
DeleteTimerQueueTimer
SetStdHandle
VirtualAlloc
VirtualProtect
VirtualFree
DuplicateHandle
ReleaseSemaphore
GetNumaHighestNodeNumber

user32

RegisterClassExW
CreateWindowExW
ShowWindow
MessageBoxA
wsprintfW
MessageBoxW
ExitWindowsEx
LoadStringW
RegisterWindowMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
PostThreadMessageW
CharUpperW
DefWindowProcW
CharNextW
LoadIconW
LoadCursorW
FindWindowW
UpdateWindow
PostQuitMessage

advapi32

RegisterEventSourceW
RegOpenKeyExW
RegQueryValueExW
RegNotifyChangeKeyValue
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfigW
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
ReportEventW
DeregisterEventSource
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExA
RegCreateKeyExA
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey

ole32

CoInitialize
CoUninitialize
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoResumeClassObjects
CoAddRefServerProcess
CoReleaseServerProcess
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CLSIDFromProgID

oleaut32

VariantInit
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
VariantCopy
SysStringLen
SysFreeString
SysAllocString
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
VarUI4FromStr
LoadRegTypeLi

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAppendW
PathAddBackslashW

hid

HidD_GetHidGuid
HidD_GetAttributes

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

Exports

Exports

_AcpiCallMethod@12
_AcpiGGrp@12
_AcpiGetItem@8
_AcpiGetItemBuffer@16
_AcpiGetItemEx@12
_AcpiInit@0
_AcpiMbif@8
_AcpiSetItem@12
_AcpiSetItemBuffer@16

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89f5336bdcd5b254f9ca48b33fd8fd7f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:be:02:c8:83:8f:bf:02:ab:56:ed:ab:b1:e3:4c:19Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

c2:eb:9b:fb:68:91:da:77:58:b2:c1:cb:f4:90:7c:88:45:8d:18:c8:46:73:87:60:3c:ce:b1:84:7b:3d:8e:2eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wtsapi32

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

hid

setupapi

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 221KB - Virtual size: 221KB

.data Size: 26KB - Virtual size: 99KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 56KB - Virtual size: 56KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:be:02:c8:83:8f:bf:02:ab:56:ed:ab:b1:e3:4c:19
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

c2:eb:9b:fb:68:91:da:77:58:b2:c1:cb:f4:90:7c:88:45:8d:18:c8:46:73:87:60:3c:ce:b1:84:7b:3d:8e:2e
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 221KB - Virtual size: 221KB

.data
Size: 26KB - Virtual size: 99KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 56KB - Virtual size: 56KB