b46284d272f243661a597269d893bf03

Sharing

Copy URL Twitter E-mail

General

Target

b46284d272f243661a597269d893bf03
Size

386KB
MD5

b46284d272f243661a597269d893bf03
SHA1

dd44bce9b769a3485a7af8b0790d450402441bff
SHA256

23ec280bb9abceba875a1fd8aae614c169336fa719f108384174d16585fd4392
SHA512

8755758bd7ee66faad5d53619560325dffe6ca3a82e52f5fc690e098f4a76ca6e41e1ce7a57ac735991286ac612ad1ca9da62d3f5925437baec5d91f49eff1f2
SSDEEP

6144:tfm8GjYDU2TTRVmYte0RRrnhXBiv8lICWVMQE6VHTo0mWJA:tfmGTTPNU0rrnhX4UlICWPE6c0mWe

Score

1^/10

Malware Config

Signatures

Files

b46284d272f243661a597269d893bf03
.exe windows:4 windows x86 arch:x86

f9d6d546d0f312d7412e9b2d7222a993

Code Sign

1b:92:1c:54:66:b6:22:82:4b:3c:42:fa:b2:b0:e8:85
Certificate

Issuer

CN=VirSCAN.org

Not Before

25/07/2011, 19:45

Not After

31/12/2039, 23:59

Subject

CN=virscan.org Corporation Root CA,OU=CA Center,O=计算机网络与信息安全技术研究中心+O=virscan.org Corporation,1.2.840.113549.1.9.1=#0c107363616e407669727363616e2e6f7267

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:60:fc:ee:f5:15:45:a8:6c:8f:b2:f9:02:20:08:40:b0:5a:95:17
Signer

Actual PE Digest

19:60:fc:ee:f5:15:45:a8:6c:8f:b2:f9:02:20:08:40:b0:5a:95:17

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
SetFileAttributesA
SetPriorityClass
CreateProcessA
GetShortPathNameA
GetEnvironmentVariableA
MoveFileA
MultiByteToWideChar
lstrcatA
CopyFileA
FindFirstFileA
WritePrivateProfileStringA
GetWindowsDirectoryA
GetCurrentThreadId
CompareStringW
CompareStringA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
FindNextFileA
FindClose
Sleep
GetLastError
lstrcpyA
GetTempPathA
GetTickCount
GetCurrentProcess
FindResourceA
LoadResource
HeapFree
SystemTimeToFileTime
GlobalFree
FreeResource
GetModuleFileNameA
CreateFileA
SetFilePointer
ExitProcess
WriteFile
lstrlenA
CloseHandle
LoadLibraryA
GetProcAddress
GetVersionExA
HeapReAlloc
HeapAlloc
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
VirtualFree
VirtualAlloc
IsBadWritePtr
HeapDestroy
HeapCreate
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
LCMapStringA
SetEnvironmentVariableA

user32

PostThreadMessageA
GetMessageA
IsCharAlphaNumericA
wsprintfA
GetInputState

advapi32

RegEnumValueA
RegCreateKeyA
ControlService
StartServiceA
OpenServiceA
ChangeServiceConfigA
OpenSCManagerA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegCloseKey
FreeSid

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9d6d546d0f312d7412e9b2d7222a993

Code Sign

1b:92:1c:54:66:b6:22:82:4b:3c:42:fa:b2:b0:e8:85Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

19:60:fc:ee:f5:15:45:a8:6c:8f:b2:f9:02:20:08:40:b0:5a:95:17Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 80KB - Virtual size: 78KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 56KB - Virtual size: 62KB

.rsrc Size: 224KB - Virtual size: 221KB

1b:92:1c:54:66:b6:22:82:4b:3c:42:fa:b2:b0:e8:85
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

19:60:fc:ee:f5:15:45:a8:6c:8f:b2:f9:02:20:08:40:b0:5a:95:17
Signer

.text
Size: 80KB - Virtual size: 78KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 56KB - Virtual size: 62KB

.rsrc
Size: 224KB - Virtual size: 221KB