aac3034f4a13d6fa2a19505c0647e691

Sharing

Copy URL

Twitter E-mail

General

Target

aac3034f4a13d6fa2a19505c0647e691
Size

2.0MB
MD5

aac3034f4a13d6fa2a19505c0647e691
SHA1

29a7d56370d56a0bbf384fd19afbee6bd18675a7
SHA256

da853f70bfcb9abb49a7f1e12d5f390700e1360974a964defe7e5fdb2f96a800
SHA512

d5be7151d5b2cde51ea98a1b57e5c3f74fa2d96801194dbd537b7129f10bd5e2b8ed85562336926e826982d0491526fde2d12f8462535f6e27241e92910838f2
SSDEEP

49152:qei9pYZmyrnyMhTrTvIn4Ej5BHYDXTYPQnRxlP2RvTA7V0RZO+:E5yr764UHYDjYkh0vTA5EZO+

Score

1^/10

Malware Config

Signatures

Files

aac3034f4a13d6fa2a19505c0647e691
.exe windows:5 windows x86 arch:x86

eab658a48f25f1e3131581c83a97734e

Code Sign

6f:02:3a:c9:37:a0:54:12:fb:47:0a:7d:d5:28:3f:fa
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

14-04-2016 07:40

Not After

14-04-2017 07:40

Subject

CN=北京丰余科技有限公司,O=北京丰余科技有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-11-2014 00:58

Not After

08-11-2029 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2024 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8e:d4:a0:21:23:5a:34:e2:84:8c:5b:39:ec:5d:80:98:3b:e8:c0:58
Signer

Actual PE Digest

8e:d4:a0:21:23:5a:34:e2:84:8c:5b:39:ec:5d:80:98:3b:e8:c0:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DecodePointer
InterlockedIncrement
InterlockedDecrement
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
lstrcmpiW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
WideCharToMultiByte
MultiByteToWideChar
GetTempFileNameW
QueryPerformanceFrequency
GetTempPathW
WritePrivateProfileStringW
FindResourceExW
FindResourceW
FindResourceA
GetCommandLineW
GetStartupInfoW
CreateProcessW
CreateMutexA
CloseHandle
SizeofResource
LoadResource
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ResumeThread
GetLastError
SetThreadPriority
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GlobalFree
FreeLibrary
LockResource
LocalFree
lstrlenA
lstrcmpiA
lstrcmpA
SetEndOfFile
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetOEMCP
GetACP
FreeResource
IsValidCodePage
ExitProcess
WriteConsoleW
GetModuleHandleExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CreateThread
CreateFileW
WriteFile
DeleteFileW
CreateEventW
ResetEvent
SetEvent
GetSystemInfo
GetPrivateProfileStringW
Sleep
GetVolumeInformationW
lstrcpyW
FindFirstFileW
FindClose
FindNextFileW
LoadLibraryW
ReadFile
SetFilePointer
GetStdHandle
GetModuleFileNameA
GlobalAlloc
CreateFileA
IsDebuggerPresent
OutputDebugStringW
GetStringTypeW
EncodePointer
MoveFileExW
CreateDirectoryW
GetFileAttributesW
SetLastError
MoveFileW
RemoveDirectoryW
SetFileAttributesW
GetDriveTypeW
GetLogicalDriveStringsW
DeviceIoControl
GetDiskFreeSpaceExW
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
UnmapViewOfFile
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
VirtualAlloc
VirtualProtect
VirtualQuery
ExitThread
RtlUnwind
AreFileApisANSI
GetSystemTimeAsFileTime
GetFileType
SetEnvironmentVariableA
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW

user32

DestroyWindow
DefWindowProcW
RemovePropA
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
RegisterWindowMessageW
CharNextW
IsWindow

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHFileOperationW
SHCreateDirectoryExW
SHGetSpecialFolderLocation
CommandLineToArgvW

ole32

CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CreateBindCtx
CoUninitialize

oleaut32

VarUI4FromStr

shlwapi

PathIsUNCW
PathIsNetworkPathW
PathIsDirectoryW
PathFileExistsW
StrCpyW
PathIsRelativeW
PathFindFileNameW
PathRemoveFileSpecW
PathAddBackslashW
PathIsRootW
PathCombineW
SHGetValueA
PathAppendW
PathIsNetworkPathA
SHSetValueA

comctl32

InitCommonControlsEx

ws2_32

freeaddrinfo
getaddrinfo
WSASocketW
closesocket
WSAStartup
WSASetEvent
WSACleanup
WSASetLastError
WSAGetLastError
WSACloseEvent
WSAConnect
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetOverlappedResult
WSARecv
WSAResetEvent
WSASend

winmm

timeBeginPeriod
timeEndPeriod

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

iphlpapi

GetAdaptersInfo

urlmon

RegisterBindStatusCallback
CreateURLMoniker

netapi32

Netbios

Sections

.text
Size: 570KB - Virtual size: 569KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eab658a48f25f1e3131581c83a97734e

Code Sign

6f:02:3a:c9:37:a0:54:12:fb:47:0a:7d:d5:28:3f:faCertificate

Extended Key Usages

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

8e:d4:a0:21:23:5a:34:e2:84:8c:5b:39:ec:5d:80:98:3b:e8:c0:58Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

winmm

version

iphlpapi

urlmon

netapi32

Sections

.text Size: 570KB - Virtual size: 569KB

.rdata Size: 203KB - Virtual size: 203KB

.data Size: 16KB - Virtual size: 224KB

.tls Size: 512B - Virtual size: 5B

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 24KB - Virtual size: 24KB

6f:02:3a:c9:37:a0:54:12:fb:47:0a:7d:d5:28:3f:fa
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

8e:d4:a0:21:23:5a:34:e2:84:8c:5b:39:ec:5d:80:98:3b:e8:c0:58
Signer

.text
Size: 570KB - Virtual size: 569KB

.rdata
Size: 203KB - Virtual size: 203KB

.data
Size: 16KB - Virtual size: 224KB

.tls
Size: 512B - Virtual size: 5B

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 24KB - Virtual size: 24KB