db3b29c5a843e0de4f8a4a7e692efec7e2127568d76eb01a874e6e30c3b4742c

Sharing

Copy URL Twitter E-mail

General

Target

db3b29c5a843e0de4f8a4a7e692efec7e2127568d76eb01a874e6e30c3b4742c
Size

889KB
MD5

0a7d68d0b04e18f98c4fd79ab285919b
SHA1

753feae7263cbb554e202061f3768810b8e8eab2
SHA256

db3b29c5a843e0de4f8a4a7e692efec7e2127568d76eb01a874e6e30c3b4742c
SHA512

c93362a3b1b39055e2222f644c0b4dd280f85f31c0558317c439f0eb4a4b0af2c37fe257e5c5e2a6809a20d682eab0cf258741f919bf3c32f670eac040177f21
SSDEEP

24576:yS8uPBCRJqPkmU5gdRyyvkNp5CFjAT4YoF:HtBWhIyyvs5CFNF

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Files

db3b29c5a843e0de4f8a4a7e692efec7e2127568d76eb01a874e6e30c3b4742c
.exe windows:4 windows x86 arch:x86

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/03/2016, 00:00

Not After

16/03/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

62:60:ca:a0:df:d6:e5:dd:9d:99:e2:ac
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Not Before

25/03/2019, 08:28

Not After

01/01/2021, 08:01

Subject

CN=安徽省刀锋网络科技有限公司,O=安徽省刀锋网络科技有限公司,L=亳州,ST=安徽,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:43:ad:5a:f1:e6:13:9e:5f:38:99:5e
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

05/03/2019, 07:58

Not After

01/01/2021, 08:01

Subject

CN=安徽省刀锋网络科技有限公司,O=安徽省刀锋网络科技有限公司,L=亳州,ST=安徽,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:c1:95:4c:bd:ec:b4:ba:aa:ed:05:91:45:14:98:1e:fc:87:61:a1:d7:64:21:03:eb:b6:0e:d8:97:9b:13:e6
Signer

Actual PE Digest

77:c1:95:4c:bd:ec:b4:ba:aa:ed:05:91:45:14:98:1e:fc:87:61:a1:d7:64:21:03:eb:b6:0e:d8:97:9b:13:e6

Digest Algorithm

sha256

PE Digest Matches

true

da:bb:00:65:3a:82:cc:16:eb:57:c0:55:4f:b4:9d:c5:51:24:98:69
Signer

Actual PE Digest

da:bb:00:65:3a:82:cc:16:eb:57:c0:55:4f:b4:9d:c5:51:24:98:69

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 664KB - Virtual size: 664KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 210KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51Certificate

Extended Key Usages

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

62:60:ca:a0:df:d6:e5:dd:9d:99:e2:acCertificate

Extended Key Usages

Key Usages

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

4b:43:ad:5a:f1:e6:13:9e:5f:38:99:5eCertificate

Extended Key Usages

Key Usages

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

77:c1:95:4c:bd:ec:b4:ba:aa:ed:05:91:45:14:98:1e:fc:87:61:a1:d7:64:21:03:eb:b6:0e:d8:97:9b:13:e6Signer

da:bb:00:65:3a:82:cc:16:eb:57:c0:55:4f:b4:9d:c5:51:24:98:69Signer

Headers

File Characteristics

Sections

Size: - Virtual size: 1.2MB

Size: 664KB - Virtual size: 664KB

.rsrc Size: 210KB - Virtual size: 212KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

62:60:ca:a0:df:d6:e5:dd:9d:99:e2:ac
Certificate

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

4b:43:ad:5a:f1:e6:13:9e:5f:38:99:5e
Certificate

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

77:c1:95:4c:bd:ec:b4:ba:aa:ed:05:91:45:14:98:1e:fc:87:61:a1:d7:64:21:03:eb:b6:0e:d8:97:9b:13:e6
Signer

da:bb:00:65:3a:82:cc:16:eb:57:c0:55:4f:b4:9d:c5:51:24:98:69
Signer

.rsrc
Size: 210KB - Virtual size: 212KB