71080bb63e88da70b1a09b7f1e72aa2ebe262e173316c2e4c0cbc1164c28a252

Sharing

Copy URL

Twitter E-mail

General

Target

71080bb63e88da70b1a09b7f1e72aa2ebe262e173316c2e4c0cbc1164c28a252
Size

3.1MB
MD5

5a967094da7e27b53e240b054fa46255
SHA1

802600f888419847e910f3f375ed87d45f6c8677
SHA256

71080bb63e88da70b1a09b7f1e72aa2ebe262e173316c2e4c0cbc1164c28a252
SHA512

e4e4ca332c25ad4d487962760dd1f1b2630d6b911f1abaacf71e46d8321028455954a37d33dfa405e39f7bc950d2d1752162cafc3bf4426ac1aede702bbba111
SSDEEP

49152:Jq7i/PnDDvXdDm3JqIuIMDPyghyJim7URIj+32p2dzZwST1bFSM+:IiXnDDvXksFUi+NcdI

Score

1^/10

Malware Config

Signatures

Files

71080bb63e88da70b1a09b7f1e72aa2ebe262e173316c2e4c0cbc1164c28a252
.exe windows:6 windows x86 arch:x86

a93f8feb2e6d00b4c526142fbd1b1c19

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:64:96:2e:44:67:ed:cc:15:79:64:6b:73:37:ec:8c
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/04/2019, 00:00

Not After

11/01/2022, 12:00

Subject

SERIALNUMBER=23638777,CN=ASUSTeK Computer Inc.,O=ASUSTeK Computer Inc.,L=Taipei City,C=TW,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025457

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:f3:60:82:88:10:bb:ee:3d:a1:d4:e3:5f:86:50:d0:ba:9e:12:48
Signer

Actual PE Digest

1a:f3:60:82:88:10:bb:ee:3d:a1:d4:e3:5f:86:50:d0:ba:9e:12:48

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\workspace\AURAServiceSetup\Release\LightingService.pdb

Imports

powrprof

CallNtPowerInformation

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

avrt

AvRevertMmThreadCharacteristics
AvSetMmThreadCharacteristicsW

winmm

timeEndPeriod
timeBeginPeriod
timeGetDevCaps
timeSetEvent
timeKillEvent

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

PeekNamedPipe
DecodePointer
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentDirectoryW
CreateThread
SetThreadPriority
TerminateThread
GetExitCodeThread
ResumeThread
LoadLibraryA
GetCommandLineW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetModuleHandleW
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
SetDllDirectoryW
LocalFree
FormatMessageW
CreateDirectoryW
GetFileAttributesW
GetSystemTimes
FormatMessageA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
SetThreadExecutionState
SetWaitableTimer
CancelWaitableTimer
WaitForMultipleObjects
CreateWaitableTimerW
GetSystemDirectoryA
OutputDebugStringW
GetTickCount64
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
SetStdHandle
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
ReadConsoleW
GetConsoleMode
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameA
CreateEventW
ResetEvent
SetEvent
lstrcmpiW
GetCurrentThread
TerminateProcess
DuplicateHandle
CreateMutexW
WaitForSingleObject
ReleaseMutex
GetModuleFileNameW
FreeLibrary
GetCurrentProcessId
DeviceIoControl
GetLastError
CloseHandle
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleA
GetTickCount
GetSystemInfo
GetCurrentProcess
LoadLibraryW
GetProcAddress
Sleep
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
ExitProcess
SetEnvironmentVariableW
GetFullPathNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
VirtualQuery
GetModuleHandleExW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
VerSetConditionMask
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
SleepEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
EncodePointer
SwitchToThread
WaitForSingleObjectEx
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SignalObjectAndWait
CreateTimerQueue
WriteFile
ReadFile
FlushFileBuffers
CreateFileA
SetThreadAffinityMask
TryEnterCriticalSection
GetStringTypeW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
GetFileSizeEx

user32

LoadStringW
wsprintfW
GetMessageW
TranslateMessage
RegisterPowerSettingNotification
PostThreadMessageW
DefWindowProcW
PostQuitMessage
RegisterClassExW
CreateWindowExW
DestroyWindow
ShowWindow
CharUpperW
CharNextW
UpdateWindow
MessageBoxW
LoadCursorW
LoadIconW
RegisterDeviceNotificationW
UnregisterDeviceNotification
MessageBoxA
DispatchMessageW

gdi32

GetObjectW
DeleteObject

advapi32

CryptGenRandom
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
CreateProcessAsUserW
StartServiceW
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfigW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
CryptHashData

ole32

CLSIDFromString
StringFromCLSID
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoInitializeSecurity
CoReleaseServerProcess
CoAddRefServerProcess
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
CoInitializeEx
CoInitialize
CLSIDFromProgID
CoCreateInstance
CoTaskMemFree

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
VariantCopy
VariantInit
SysAllocStringByteLen
SysStringByteLen
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SafeArrayGetElement
SysAllocString
SysStringLen
SysFreeString
VariantClear
VarUI4FromStr
GetErrorInfo

ws2_32

send
recv
htons
__WSAFDIsSet
select
WSASetLastError
bind
getpeername
getsockname
getsockopt
ntohs
WSAIoctl
connect
freeaddrinfo
recvfrom
sendto
accept
listen
ioctlsocket
gethostname
htonl
ntohl
closesocket
socket
WSAStartup
WSACleanup
WSAGetLastError
inet_pton
setsockopt
getaddrinfo
inet_addr

shlwapi

PathFileExistsA
PathFileExistsW

hid

HidD_FreePreparsedData
HidD_GetPreparsedData
HidD_GetHidGuid
HidD_GetAttributes
HidP_GetCaps

wldap32

ord211
ord60
ord50
ord301
ord200
ord30
ord79
ord35
ord143
ord22
ord46
ord26
ord41
ord32
ord45
ord217
ord27
ord33

crypt32

CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CertOpenStore
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertGetNameStringA

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 539KB - Virtual size: 538KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a93f8feb2e6d00b4c526142fbd1b1c19

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

0c:64:96:2e:44:67:ed:cc:15:79:64:6b:73:37:ec:8cCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

1a:f3:60:82:88:10:bb:ee:3d:a1:d4:e3:5f:86:50:d0:ba:9e:12:48Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

powrprof

setupapi

avrt

winmm

wtsapi32

userenv

kernel32

user32

gdi32

advapi32

ole32

oleaut32

ws2_32

shlwapi

hid

wldap32

crypt32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 539KB - Virtual size: 538KB

.data Size: 40KB - Virtual size: 114KB

_RDATA Size: 512B - Virtual size: 32B

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 123KB - Virtual size: 122KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

0c:64:96:2e:44:67:ed:cc:15:79:64:6b:73:37:ec:8c
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

1a:f3:60:82:88:10:bb:ee:3d:a1:d4:e3:5f:86:50:d0:ba:9e:12:48
Signer

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 539KB - Virtual size: 538KB

.data
Size: 40KB - Virtual size: 114KB

_RDATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 123KB - Virtual size: 122KB