302d72ca937d07ae5448c7ebddca802c2bdf5d5adf2d609932ad2c350b438bf0

Sharing

Copy URL

Twitter E-mail

General

Target

302d72ca937d07ae5448c7ebddca802c2bdf5d5adf2d609932ad2c350b438bf0
Size

2.9MB
MD5

046f0244c98b51db070de4d4aa8728f9
SHA1

6384d56550414a6031e1d547fd03c72c768d61ed
SHA256

302d72ca937d07ae5448c7ebddca802c2bdf5d5adf2d609932ad2c350b438bf0
SHA512

ffc9e270e7b5497eccb863dc79596161ab2051a3a9ee78d26de9a1c6a49bfa24a574a7c29e637ab56138e5153214d7b6e8120ae6986206f671232b2d11caee75
SSDEEP

49152:d8v1jmUCEUIQrhDKK5rAIf7gHN1Km5jzWP6xmZfN/GldAZizS:d8vFPQlj77eN1fRzRxG

Score

1^/10

Malware Config

Signatures

Files

302d72ca937d07ae5448c7ebddca802c2bdf5d5adf2d609932ad2c350b438bf0
.exe windows:5 windows x86 arch:x86

5413d599698bc1438b659d445bba609e

Code Sign

0e:27:6c:65:ca:c0:a8:4d:c4:d1:49:2b:f9:10:6b:60
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03-09-2019 00:00

Not After

18-10-2022 12:00

Subject

CN=ShenZhen LeagSoft Technology Co.\,Ltd.,O=ShenZhen LeagSoft Technology Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

0e:09:d7:0a:75:71:54:40:c1:a4:3c:a8:11:fc:dc:b8
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03-09-2019 00:00

Not After

18-10-2022 12:00

Subject

CN=ShenZhen LeagSoft Technology Co.\,Ltd.,O=ShenZhen LeagSoft Technology Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

c7:e4:5e:af:cd:5b:8f:34:e0:b1:8a:63:ef:8e:8d:d7:83:dc:52:4e:42:db:3b:f4:3d:fc:ad:50:f6:e6:9e:9b
Signer

Actual PE Digest

c7:e4:5e:af:cd:5b:8f:34:e0:b1:8a:63:ef:8e:8d:d7:83:dc:52:4e:42:db:3b:f4:3d:fc:ad:50:f6:e6:9e:9b

Digest Algorithm

sha256

PE Digest Matches

false

ee:34:cc:13:47:ee:d4:15:9f:d0:ec:ad:f6:23:ff:ad:68:10:4f:73
Signer

Actual PE Digest

ee:34:cc:13:47:ee:d4:15:9f:d0:ec:ad:f6:23:ff:ad:68:10:4f:73

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\works\10780\UniAccess3_1\src\UniAccessAgent\Prometheus2\lva_setup_net\Release\lva_setup_net.pdb

Imports

wldap32

ord26
ord117
ord145
ord127
ord216
ord14
ord46
ord27
ord167
ord142
ord79
ord133
ord147
ord208
ord301
ord219
ord41

kernel32

GetCurrentThread
InterlockedIncrement
WideCharToMultiByte
GetVersionExW
lstrcmpiA
GetDiskFreeSpaceExW
GetSystemTimeAsFileTime
GetExitCodeProcess
SetLastError
TerminateProcess
CreateProcessW
GetLongPathNameW
ExpandEnvironmentStringsW
GetLocaleInfoA
IsValidCodePage
MultiByteToWideChar
OutputDebugStringW
GetUserDefaultLCID
IsValidLocale
LocalFileTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
CreateMutexA
CreateEventW
CreateThread
WaitForMultipleObjects
DuplicateHandle
GlobalFree
SleepEx
QueryPerformanceFrequency
QueryPerformanceCounter
CompareFileTime
GetEnvironmentVariableA
GetFileType
GetStdHandle
PeekNamedPipe
VerSetConditionMask
VerifyVersionInfoW
GetSystemTime
LeaveCriticalSection
GetStringTypeW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
RaiseException
ExitThread
FreeLibraryAndExitThread
ReleaseSemaphore
GetTimeZoneInformation
EnterCriticalSection
FindResourceExW
GetSystemDefaultLangID
InterlockedDecrement
TryEnterCriticalSection
CreateSemaphoreW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ExitProcess
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
OpenFileMappingW
FlushFileBuffers
HeapFree
MoveFileW
MapViewOfFile
CreateFileMappingW
CopyFileW
InitializeCriticalSection
CreateDirectoryW
CreateEventA
ResetEvent
SetEvent
WaitForSingleObject
GetTickCount
GetSystemWindowsDirectoryW
GetModuleHandleW
GetCurrentProcessId
LocalFree
GetCurrentDirectoryW
FormatMessageW
Sleep
GetSystemDirectoryW
GetCurrentThreadId
GetLocaleInfoW
GetTempPathW
GetEnvironmentVariableW
GetUserDefaultUILanguage
GetModuleFileNameW
GetCurrentProcess
LoadLibraryA
GetProcAddress
LoadLibraryW
FindClose
FindNextFileW
FindFirstFileW
CreateFileW
GetFileSizeEx
ReadFile
LoadLibraryExW
IsBadReadPtr
FreeLibrary
GetACP
FindResourceW
LoadResource
EnumResourceLanguagesW
LockResource
SizeofResource
CloseHandle
GetLastError
CreateMutexW
GetProcessHeap
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetDateFormatW
GetTimeFormatW
EnumSystemLocalesW
SetConsoleCtrlHandler
HeapReAlloc
SetStdHandle
FindFirstFileExW
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
MoveFileExW
SetFilePointerEx
HeapAlloc
DeleteFileW
GetFileAttributesExW
SetFileAttributesW
UnmapViewOfFile
GetFileAttributesW
LocalAlloc
SetEndOfFile
SetFileTime
WriteFile
GetFullPathNameW
GetModuleHandleExW
HeapSize
SetConsoleMode
ReadConsoleA
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber

user32

DestroyWindow
PeekMessageW
GetDC
SetWindowPos
MessageBoxW
ScreenToClient
RegisterClassExW
ShowWindow
SetTimer
ClientToScreen
LoadIconW
LoadCursorW
SetCursor
CreateWindowExW
SendMessageW
DispatchMessageW
TranslateMessage
SetWindowLongW
wsprintfW
GetProcessWindowStation
DefWindowProcW
GetMessageW
GetClientRect
UpdateLayeredWindow
KillTimer
GetUserObjectInformationW
PostMessageW
PostQuitMessage
SystemParametersInfoW
PtInRect
UpdateWindow
InvalidateRect
ReleaseDC
BeginPaint
EndPaint
GetCursorPos

gdi32

CreateSolidBrush
CreateCompatibleDC
SelectObject
DeleteObject
DeleteDC
SetBkMode
CreateCompatibleBitmap

advapi32

SetTokenInformation
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
GetUserNameW
SetSecurityInfo
AddAccessAllowedAce
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
CreateProcessWithLogonW
ConvertStringSidToSidW
IsValidSid
LogonUserW
CreateProcessAsUserW
DuplicateTokenEx
RegQueryValueExA
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetLengthSid
OpenProcessToken

shell32

ord171
SHCreateDirectoryExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysStringLen
SysFreeString

crypt32

CertOpenSystemStoreW
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertEnumCertificatesInStore
CertOpenStore
CertAddCertificateContextToStore
CryptStringToBinaryA
CertCreateCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CertCloseStore
CryptQueryObject
CertFreeCertificateContext
CryptMsgClose
CertDuplicateCertificateContext
CertGetCertificateContextProperty

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

ws2_32

getnameinfo
WSAEnumNetworkEvents
htonl
ntohl
htons
inet_ntoa
ntohs
inet_addr
getsockname
freeaddrinfo
gethostname
WSAStartup
getaddrinfo
WSACleanup
WSAGetLastError
recv
closesocket
setsockopt
ioctlsocket
send
shutdown
WSAStringToAddressA
__WSAFDIsSet
getsockopt
connect
socket
select
listen
bind
accept
getpeername
WSASetLastError
WSAIoctl
WSACloseEvent
WSACreateEvent
WSAEventSelect
recvfrom
sendto

iphlpapi

GetIfEntry

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

dnsapi

DnsQuery_W
DnsFree

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathAppendW

gdiplus

GdipDeletePen
GdipCreateBitmapFromFile
GdipGetImageWidth
GdipGetFontSize
GdipDeleteStringFormat
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCloneBrush
GdipCreateFromHDC
GdipSetPenLineJoin
GdipSetImageAttributesWrapMode
GdipDrawPath
GdipFree
GdipCreateImageAttributes
GdipAddPathStringI
GdipDrawImageI
GdipGetFontStyle
GdipCreateSolidFill
GdipCreateFont
GdipSetStringFormatLineAlign
GdipCreatePath
GdipSetSmoothingMode
GdipDisposeImage
GdipDeletePath
GdipDisposeImageAttributes
GdipAlloc
GdipDeleteBrush
GdipCloneImage
GdipDrawImageRectRect
GdipCreateFontFamilyFromName
GdipGetFamily
GdipGetImageHeight
GdipDeleteFontFamily
GdipCreateStringFormat
GdipCreateBitmapFromScan0
GdipCreatePen1
GdipFillPath
GdipSetStringFormatAlign
GdiplusStartup
GdiplusShutdown

comctl32

_TrackMouseEvent

wininet

DeleteUrlCacheEntryW
InternetOpenW
HttpQueryInfoW
InternetCloseHandle
InternetGetConnectedState
InternetReadFile
InternetOpenUrlW

netapi32

NetGetJoinInformation
NetApiBufferFree

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 577KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

lva.ini
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5413d599698bc1438b659d445bba609e

Code Sign

0e:27:6c:65:ca:c0:a8:4d:c4:d1:49:2b:f9:10:6b:60Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

0e:09:d7:0a:75:71:54:40:c1:a4:3c:a8:11:fc:dc:b8Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

c7:e4:5e:af:cd:5b:8f:34:e0:b1:8a:63:ef:8e:8d:d7:83:dc:52:4e:42:db:3b:f4:3d:fc:ad:50:f6:e6:9e:9bSigner

ee:34:cc:13:47:ee:d4:15:9f:d0:ec:ad:f6:23:ff:ad:68:10:4f:73Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wldap32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

crypt32

rpcrt4

ws2_32

iphlpapi

userenv

dnsapi

shlwapi

gdiplus

comctl32

wininet

netapi32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 577KB - Virtual size: 576KB

.data Size: 30KB - Virtual size: 50KB

Shared Size: 512B - Virtual size: 1B

.rsrc Size: 74KB - Virtual size: 73KB

.reloc Size: 88KB - Virtual size: 88KB

lva.ini Size: 2KB - Virtual size: 2KB

0e:27:6c:65:ca:c0:a8:4d:c4:d1:49:2b:f9:10:6b:60
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

0e:09:d7:0a:75:71:54:40:c1:a4:3c:a8:11:fc:dc:b8
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

c7:e4:5e:af:cd:5b:8f:34:e0:b1:8a:63:ef:8e:8d:d7:83:dc:52:4e:42:db:3b:f4:3d:fc:ad:50:f6:e6:9e:9b
Signer

ee:34:cc:13:47:ee:d4:15:9f:d0:ec:ad:f6:23:ff:ad:68:10:4f:73
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 577KB - Virtual size: 576KB

.data
Size: 30KB - Virtual size: 50KB

Shared
Size: 512B - Virtual size: 1B

.rsrc
Size: 74KB - Virtual size: 73KB

.reloc
Size: 88KB - Virtual size: 88KB

lva.ini
Size: 2KB - Virtual size: 2KB