fb5586235469f0f40fa3e730c14cc4b79db4a2883a3528d16173d754eff05de8

Sharing

Copy URL Twitter E-mail

General

Target

fb5586235469f0f40fa3e730c14cc4b79db4a2883a3528d16173d754eff05de8
Size

365KB
MD5

db8e88032a664d821d41e6745f37692e
SHA1

7b13085ea40873310108a0c89b8903b7e651174f
SHA256

fb5586235469f0f40fa3e730c14cc4b79db4a2883a3528d16173d754eff05de8
SHA512

ebe5655654b519870b87d85714e869e4a8d1272ba8b80d3f88e520fe77b41dcbe21fccd3536c091bf17c9ad2b4e246de0a5b3b8d9ead3525d6e4512363f8025d
SSDEEP

6144:HDSjpojVdEt4SNfzht7C76R2BajI1TyBXO/71niHeQ+1IrLNVlb8TSmOlYH04:HDSjpojVdE6SNfzht7C76kBaI/71i+PZ

Score

1^/10

Malware Config

Signatures

Files

fb5586235469f0f40fa3e730c14cc4b79db4a2883a3528d16173d754eff05de8
.dll windows:6 windows x86 arch:x86

5ed9aa931aa9519cccdb3e46bf49968f

Code Sign

32:16:4f:47:01:87:9c:b6:c1:a8:77:54:49:39:ae:6b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/04/2020, 00:00

Not After

02/05/2022, 23:59

Subject

CN=Fasoo Co.\, Ltd.,O=Fasoo Co.\, Ltd.,L=Mapo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

82:b5:7f:57:ad:ce:49:c2:e3:a6:6e:cd:55:25:f2:7e:a1:e8:0f:91
Signer

Actual PE Digest

82:b5:7f:57:ad:ce:49:c2:e3:a6:6e:cd:55:25:f2:7e:a1:e8:0f:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\DRM_Client_Build\workspace\f_logcore\label\DRM_Client_Slave\NX\logger\f_logcore\Release\f_logcore.pdb

Imports

kernel32

DeleteCriticalSection
Sleep
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WaitNamedPipeW
GetLastError
FlushFileBuffers
DisconnectNamedPipe
CloseHandle
WriteFile
ReadFile
SetLastError
GetCurrentProcess
UnmapViewOfFile
GetCurrentThreadId
LoadLibraryW
FreeLibrary
GetProcAddress
CreateFileW
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
IsBadReadPtr
IsBadStringPtrW
GetModuleHandleW
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
FindFirstFileExW
FindClose
FindNextFileW
RemoveDirectoryW
DeleteFileW
IsBadCodePtr
DuplicateHandle
CreateDirectoryW
CreateFileMappingW
MapViewOfFile
GetCurrentProcessId
ProcessIdToSessionId
CreateNamedPipeW
CreateEventW
ConnectNamedPipe
ResumeThread
TerminateThread
SetEvent
WaitForMultipleObjects
WaitForSingleObject
ResetEvent
CancelIo
GetOverlappedResult
LocalFree
VirtualAlloc
CreateWaitableTimerW
GetModuleFileNameW
SetWaitableTimer
CancelWaitableTimer
GetExitCodeThread
VirtualFree
OutputDebugStringA
QueryPerformanceCounter
MultiByteToWideChar
OutputDebugStringW
WaitForMultipleObjectsEx
SuspendThread
GetCurrentThread
FindResourceExW
LoadResource
LockResource
SizeofResource
CompareFileTime
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
WTSGetActiveConsoleSessionId
Process32NextW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
SetNamedPipeHandleState
CreateIoCompletionPort
PeekNamedPipe
WideCharToMultiByte
OpenThread
CreateProcessW
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
GetSystemInfo
ExitProcess
SetHandleInformation
LoadLibraryA
GetTickCount
VirtualProtect
VirtualQuery
CreateThread
GetModuleHandleA
IsBadWritePtr
SetFilePointer
OpenFileMappingW
CreateFileA
GetFileSize
OpenFile
SetStdHandle
GetConsoleMode
GetConsoleCP
RaiseException
LoadLibraryExA
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
ExitThread
LoadLibraryExW
GetSystemTimeAsFileTime
GetCommandLineA
RtlUnwind
HeapFree
HeapAlloc
GetModuleHandleExW
HeapSize
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetProcessHeap
GetStdHandle
GetFileType
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
LCMapStringW
WriteConsoleW

Exports

Exports

Proc01

Sections

.text
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ed9aa931aa9519cccdb3e46bf49968f

Code Sign

32:16:4f:47:01:87:9c:b6:c1:a8:77:54:49:39:ae:6bCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

82:b5:7f:57:ad:ce:49:c2:e3:a6:6e:cd:55:25:f2:7e:a1:e8:0f:91Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 236KB - Virtual size: 236KB

.rdata Size: 93KB - Virtual size: 92KB

.data Size: 11KB - Virtual size: 23KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 14KB

32:16:4f:47:01:87:9c:b6:c1:a8:77:54:49:39:ae:6b
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

82:b5:7f:57:ad:ce:49:c2:e3:a6:6e:cd:55:25:f2:7e:a1:e8:0f:91
Signer

.text
Size: 236KB - Virtual size: 236KB

.rdata
Size: 93KB - Virtual size: 92KB

.data
Size: 11KB - Virtual size: 23KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 14KB