eb6eb75887394ef9f5e26943c0a91018f0ea0c63355b2a12c6aaba81e374980b

Sharing

Copy URL

Twitter E-mail

General

Target

eb6eb75887394ef9f5e26943c0a91018f0ea0c63355b2a12c6aaba81e374980b
Size

1.4MB
MD5

3c915a1fe15ae557e106e7d1b53f2a1b
SHA1

82b73ba52df92799027bdef8f6203cefd89551df
SHA256

eb6eb75887394ef9f5e26943c0a91018f0ea0c63355b2a12c6aaba81e374980b
SHA512

823e64b47ffb16c558c5af0401746d97e8444f299d89d84f295d433db70a33fe39813a9919650db71356a6eb4914d615b8591ff0de017902cc7a802f7be1cc5b
SSDEEP

24576:7C84elG2PDg/fQfYoQhISBQTvJzDHsqXucW8snZaz08sZRLmAvbnwQITNfZwNGv+:7C83QPofYokB0uXbU1sZRCMncTtZwNa+

Score

1^/10

Malware Config

Signatures

Files

eb6eb75887394ef9f5e26943c0a91018f0ea0c63355b2a12c6aaba81e374980b
.exe windows:5 windows x86 arch:x86

d36d094d08c8b1be69330dfd38d77bf5

Code Sign

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

24-08-2022 00:00

Not After

29-08-2025 23:59

Subject

CN=深圳市联软科技股份有限公司,O=深圳市联软科技股份有限公司,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

24-08-2022 00:00

Not After

29-08-2025 23:59

Subject

CN=深圳市联软科技股份有限公司,O=深圳市联软科技股份有限公司,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:8e:66:4d:8b:ab:73:98:13:de:ed:fc:bd:69:cf:a9:4f:ca:d8:b5:82:36:79:a8:47:e3:ba:e7:19:29:d5:ca
Signer

Actual PE Digest

01:8e:66:4d:8b:ab:73:98:13:de:ed:fc:bd:69:cf:a9:4f:ca:d8:b5:82:36:79:a8:47:e3:ba:e7:19:29:d5:ca

Digest Algorithm

sha256

PE Digest Matches

false

28:50:8a:48:4f:02:e6:98:8d:b8:49:50:a6:a1:09:f9:32:ba:56:c7
Signer

Actual PE Digest

28:50:8a:48:4f:02:e6:98:8d:b8:49:50:a6:a1:09:f9:32:ba:56:c7

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\works\10820\UniAccess3_1\src\UniAccessAgent\Prometheus2\lva_setup_net\Release\lva_setup_net.pdb

Imports

kernel32

TryEnterCriticalSection
InterlockedDecrement
DuplicateHandle
GetCurrentThread
GetVersionExW
lstrcmpiA
GetDiskFreeSpaceExW
GetSystemTimeAsFileTime
GetExitCodeProcess
TerminateProcess
CreateProcessW
GetLongPathNameW
ExpandEnvironmentStringsW
GetLocaleInfoA
IsValidCodePage
OutputDebugStringW
GetUserDefaultLCID
IsValidLocale
LocalFileTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
CreateMutexA
CreateEventW
FindFirstFileA
FindNextFileA
CreateThread
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
GlobalFree
WriteConsoleW
ReleaseSemaphore
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
FindFirstFileExW
HeapReAlloc
SetStdHandle
EnumSystemLocalesW
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
GetStdHandle
ExitProcess
GetTimeZoneInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
RaiseException
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
FindResourceExW
GetSystemDefaultLangID
OpenFileMappingW
FlushFileBuffers
MoveFileW
MapViewOfFile
CreateFileMappingW
CopyFileW
GetProcessHeap
SetFilePointerEx
HeapAlloc
DeleteFileW
GetFileAttributesExW
SetFileAttributesW
UnmapViewOfFile
GetFileAttributesW
LocalAlloc
SetEndOfFile
SetFileTime
WriteFile
GetFullPathNameW
HeapFree
CreateDirectoryW
CreateEventA
ResetEvent
SetEvent
GetSystemWindowsDirectoryW
GetCurrentProcessId
LocalFree
GetCurrentDirectoryW
GetCurrentThreadId
GetLocaleInfoW
GetTempPathW
GetUserDefaultUILanguage
GetModuleFileNameW
GetCurrentProcess
EnterCriticalSection
LoadLibraryA
FindClose
FindNextFileW
FindFirstFileW
CreateFileW
GetFileSizeEx
ReadFile
LoadLibraryExW
IsBadReadPtr
FindResourceW
LoadResource
EnumResourceLanguagesW
LockResource
SizeofResource
InterlockedIncrement
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
CompareStringW
DecodePointer
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
GetStringTypeW
CreateMutexW
VerifyVersionInfoW
VerSetConditionMask
GetModuleHandleA
GetTickCount
QueryPerformanceCounter
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
QueryPerformanceFrequency
GetSystemDirectoryW
GetLastError
FormatMessageW
SetLastError
MoveFileExW
Sleep
CreateSemaphoreW
GetEnvironmentVariableA
CloseHandle
WaitForSingleObject
WideCharToMultiByte
MultiByteToWideChar
SleepEx
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
SetEnvironmentVariableA
HeapSize

user32

MessageBoxW
ScreenToClient
RegisterClassExW
ShowWindow
SetTimer
ClientToScreen
LoadIconW
LoadCursorW
SetCursor
GetClientRect
UpdateLayeredWindow
KillTimer
PostQuitMessage
SystemParametersInfoW
SetWindowPos
UpdateWindow
InvalidateRect
ReleaseDC
BeginPaint
EndPaint
GetCursorPos
GetMessageW
DefWindowProcW
PostMessageW
GetDC
PeekMessageW
DestroyWindow
PtInRect
wsprintfW
SetWindowLongW
TranslateMessage
DispatchMessageW
SendMessageW
CreateWindowExW

gdi32

DeleteObject
SetBkMode
DeleteDC
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateSolidBrush

advapi32

GetUserNameW
OpenProcessToken
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
SetSecurityInfo
AddAccessAllowedAce
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
CreateProcessWithLogonW
SetTokenInformation
ConvertStringSidToSidW
IsValidSid
LogonUserW
CreateProcessAsUserW
DuplicateTokenEx
RegQueryValueExA
RegCloseKey

shell32

ord171
SHCreateDirectoryExW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysStringLen
SysAllocString

crypt32

CertCreateCertificateContext
CertOpenStore
CertAddCertificateContextToStore
CryptMsgClose
CertFreeCertificateContext
CryptQueryObject
CertCloseStore
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CryptStringToBinaryA

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

ws2_32

htonl
listen
accept
connect
WSAStartup
WSACleanup
WSAGetLastError
send
closesocket
__WSAFDIsSet
htons
getsockopt
recv
ntohl
WSAStringToAddressA
shutdown
inet_addr
select
WSAEnumNetworkEvents
gethostname
getaddrinfo
freeaddrinfo
ioctlsocket
WSACloseEvent
WSACreateEvent
WSAEventSelect
WSAResetEvent
setsockopt
WSAWaitForMultipleEvents
bind
WSAIoctl
WSASetLastError
getpeername
getsockname
socket
ntohs
inet_ntoa

iphlpapi

GetIfEntry

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

dnsapi

DnsFree
DnsQuery_W

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAppendW

gdiplus

GdipFillPath
GdiplusStartup
GdiplusShutdown
GdipCreateStringFormat
GdipDeleteFontFamily
GdipGetImageHeight
GdipGetFamily
GdipCreateFontFamilyFromName
GdipDrawImageRectRect
GdipCloneImage
GdipDeleteBrush
GdipAlloc
GdipDisposeImageAttributes
GdipDeletePath
GdipDisposeImage
GdipSetSmoothingMode
GdipCreatePath
GdipCreateFont
GdipCreateSolidFill
GdipGetFontStyle
GdipSetStringFormatLineAlign
GdipAddPathStringI
GdipCreateImageAttributes
GdipFree
GdipDrawPath
GdipSetImageAttributesWrapMode
GdipSetPenLineJoin
GdipCreateFromHDC
GdipCloneBrush
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDeleteStringFormat
GdipGetFontSize
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipDeletePen
GdipCreateBitmapFromScan0
GdipDrawImageI
GdipCreatePen1
GdipSetStringFormatAlign

comctl32

_TrackMouseEvent

wininet

InternetGetConnectedState
HttpQueryInfoW
InternetOpenW
InternetOpenUrlW
DeleteUrlCacheEntryW
InternetReadFile
InternetCloseHandle

netapi32

NetApiBufferFree
NetGetJoinInformation

Sections

.text
Size: 1014KB - Virtual size: 1013KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 658KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

lva.ini
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d36d094d08c8b1be69330dfd38d77bf5

Code Sign

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0Certificate

Extended Key Usages

Key Usages

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0Certificate

Extended Key Usages

Key Usages

01:8e:66:4d:8b:ab:73:98:13:de:ed:fc:bd:69:cf:a9:4f:ca:d8:b5:82:36:79:a8:47:e3:ba:e7:19:29:d5:caSigner

28:50:8a:48:4f:02:e6:98:8d:b8:49:50:a6:a1:09:f9:32:ba:56:c7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

crypt32

rpcrt4

ws2_32

iphlpapi

userenv

dnsapi

shlwapi

gdiplus

comctl32

wininet

netapi32

Sections

.text Size: 1014KB - Virtual size: 1013KB

.rdata Size: 237KB - Virtual size: 237KB

.data Size: 20KB - Virtual size: 658KB

Shared Size: 512B - Virtual size: 1B

.rsrc Size: 74KB - Virtual size: 73KB

.reloc Size: 41KB - Virtual size: 40KB

lva.ini Size: 3KB - Virtual size: 2KB

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0
Certificate

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0
Certificate

01:8e:66:4d:8b:ab:73:98:13:de:ed:fc:bd:69:cf:a9:4f:ca:d8:b5:82:36:79:a8:47:e3:ba:e7:19:29:d5:ca
Signer

28:50:8a:48:4f:02:e6:98:8d:b8:49:50:a6:a1:09:f9:32:ba:56:c7
Signer

.text
Size: 1014KB - Virtual size: 1013KB

.rdata
Size: 237KB - Virtual size: 237KB

.data
Size: 20KB - Virtual size: 658KB

Shared
Size: 512B - Virtual size: 1B

.rsrc
Size: 74KB - Virtual size: 73KB

.reloc
Size: 41KB - Virtual size: 40KB

lva.ini
Size: 3KB - Virtual size: 2KB