d3b9cfaca0688197473564646338acb76ffefdf57ebd154502aff71ad83b3e1b

Sharing

Copy URL

Twitter E-mail

General

Target

d3b9cfaca0688197473564646338acb76ffefdf57ebd154502aff71ad83b3e1b
Size

1.4MB
MD5

ef7e8a422a2e7ad2daa7f67d878b1719
SHA1

580fa17a49f797a2d69403ab98c5c0d41b6fe84b
SHA256

d3b9cfaca0688197473564646338acb76ffefdf57ebd154502aff71ad83b3e1b
SHA512

faad77a0d4c5a26ffcdcee55fc7a8f81b7cdb9abea0337e6448393e357e316876b31ad7d2d97725ed0e12afcfa9ac1825c75b46c4d93cfb017b313293786c122
SSDEEP

24576:CNCImV46bQc9+PKJ6T5SW+OaEzDHsqcfmhYls/IwzkMc+EvZ3znQHNl88TdfZsHF:CNCvSoMKJDWwfmacJg+EvhUHM8T9ZsHF

Score

1^/10

Malware Config

Signatures

Files

d3b9cfaca0688197473564646338acb76ffefdf57ebd154502aff71ad83b3e1b
.exe windows:5 windows x86 arch:x86

d36d094d08c8b1be69330dfd38d77bf5

Code Sign

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

24-08-2022 00:00

Not After

29-08-2025 23:59

Subject

CN=深圳市联软科技股份有限公司,O=深圳市联软科技股份有限公司,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

24-08-2022 00:00

Not After

29-08-2025 23:59

Subject

CN=深圳市联软科技股份有限公司,O=深圳市联软科技股份有限公司,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:c2:83:c1:68:cf:e9:85:07:5e:07:9a:0e:91:94:2a:85:ba:6c:bc:29:8d:35:2a:5e:bc:b0:1b:f7:a9:5f:89
Signer

Actual PE Digest

0b:c2:83:c1:68:cf:e9:85:07:5e:07:9a:0e:91:94:2a:85:ba:6c:bc:29:8d:35:2a:5e:bc:b0:1b:f7:a9:5f:89

Digest Algorithm

sha256

PE Digest Matches

false

de:ab:21:1c:03:52:f9:44:f7:16:aa:5d:11:13:cc:73:01:2e:cf:77
Signer

Actual PE Digest

de:ab:21:1c:03:52:f9:44:f7:16:aa:5d:11:13:cc:73:01:2e:cf:77

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\works\10820.6\UniAccess3_1\src\UniAccessAgent\Prometheus2\lva_setup_net\Release\lva_setup_net.pdb

Imports

kernel32

TryEnterCriticalSection
InterlockedDecrement
DuplicateHandle
GetCurrentThread
GetVersionExW
lstrcmpiA
GetDiskFreeSpaceExW
GetSystemTimeAsFileTime
GetExitCodeProcess
TerminateProcess
CreateProcessW
GetLongPathNameW
ExpandEnvironmentStringsW
GetLocaleInfoA
IsValidCodePage
OutputDebugStringW
GetUserDefaultLCID
IsValidLocale
LocalFileTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
CreateMutexA
CreateEventW
FindFirstFileA
FindNextFileA
CreateThread
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
GlobalFree
WriteConsoleW
ReleaseSemaphore
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
FindFirstFileExW
HeapReAlloc
SetStdHandle
EnumSystemLocalesW
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
GetStdHandle
ExitProcess
GetTimeZoneInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
RaiseException
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
FindResourceExW
GetSystemDefaultLangID
OpenFileMappingW
FlushFileBuffers
MoveFileW
MapViewOfFile
CreateFileMappingW
CopyFileW
GetProcessHeap
SetFilePointerEx
HeapAlloc
DeleteFileW
GetFileAttributesExW
SetFileAttributesW
UnmapViewOfFile
GetFileAttributesW
LocalAlloc
SetEndOfFile
SetFileTime
WriteFile
GetFullPathNameW
HeapFree
CreateDirectoryW
CreateEventA
ResetEvent
SetEvent
GetSystemWindowsDirectoryW
GetCurrentProcessId
LocalFree
GetCurrentDirectoryW
GetCurrentThreadId
GetLocaleInfoW
GetTempPathW
GetUserDefaultUILanguage
GetModuleFileNameW
GetCurrentProcess
EnterCriticalSection
LoadLibraryA
FindClose
FindNextFileW
FindFirstFileW
CreateFileW
GetFileSizeEx
ReadFile
LoadLibraryExW
IsBadReadPtr
FindResourceW
LoadResource
EnumResourceLanguagesW
LockResource
SizeofResource
InterlockedIncrement
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
CompareStringW
DecodePointer
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
GetStringTypeW
CreateMutexW
VerifyVersionInfoW
VerSetConditionMask
GetModuleHandleA
GetTickCount
QueryPerformanceCounter
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
QueryPerformanceFrequency
GetSystemDirectoryW
GetLastError
FormatMessageW
SetLastError
MoveFileExW
Sleep
CreateSemaphoreW
GetEnvironmentVariableA
CloseHandle
WaitForSingleObject
WideCharToMultiByte
MultiByteToWideChar
SleepEx
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
SetEnvironmentVariableA
HeapSize

user32

MessageBoxW
ScreenToClient
RegisterClassExW
ShowWindow
SetTimer
ClientToScreen
LoadIconW
LoadCursorW
SetCursor
GetClientRect
UpdateLayeredWindow
KillTimer
PostQuitMessage
SystemParametersInfoW
SetWindowPos
UpdateWindow
InvalidateRect
ReleaseDC
BeginPaint
EndPaint
GetCursorPos
GetMessageW
DefWindowProcW
PostMessageW
GetDC
PeekMessageW
DestroyWindow
PtInRect
wsprintfW
SetWindowLongW
TranslateMessage
DispatchMessageW
SendMessageW
CreateWindowExW

gdi32

DeleteObject
SetBkMode
DeleteDC
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateSolidBrush

advapi32

GetUserNameW
OpenProcessToken
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
SetSecurityInfo
AddAccessAllowedAce
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
CreateProcessWithLogonW
SetTokenInformation
ConvertStringSidToSidW
IsValidSid
LogonUserW
CreateProcessAsUserW
DuplicateTokenEx
RegQueryValueExA
RegCloseKey

shell32

ord171
SHCreateDirectoryExW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysStringLen
SysAllocString

crypt32

CertCreateCertificateContext
CertOpenStore
CertAddCertificateContextToStore
CryptMsgClose
CertFreeCertificateContext
CryptQueryObject
CertCloseStore
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CryptStringToBinaryA

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

ws2_32

htonl
listen
accept
connect
WSAStartup
WSACleanup
WSAGetLastError
send
closesocket
__WSAFDIsSet
htons
getsockopt
recv
ntohl
WSAStringToAddressA
shutdown
inet_addr
select
WSAEnumNetworkEvents
gethostname
getaddrinfo
freeaddrinfo
ioctlsocket
WSACloseEvent
WSACreateEvent
WSAEventSelect
WSAResetEvent
setsockopt
WSAWaitForMultipleEvents
bind
WSAIoctl
WSASetLastError
getpeername
getsockname
socket
ntohs
inet_ntoa

iphlpapi

GetIfEntry

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

dnsapi

DnsFree
DnsQuery_W

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAppendW

gdiplus

GdipFillPath
GdiplusStartup
GdiplusShutdown
GdipCreateStringFormat
GdipDeleteFontFamily
GdipGetImageHeight
GdipGetFamily
GdipCreateFontFamilyFromName
GdipDrawImageRectRect
GdipCloneImage
GdipDeleteBrush
GdipAlloc
GdipDisposeImageAttributes
GdipDeletePath
GdipDisposeImage
GdipSetSmoothingMode
GdipCreatePath
GdipCreateFont
GdipCreateSolidFill
GdipGetFontStyle
GdipSetStringFormatLineAlign
GdipAddPathStringI
GdipCreateImageAttributes
GdipFree
GdipDrawPath
GdipSetImageAttributesWrapMode
GdipSetPenLineJoin
GdipCreateFromHDC
GdipCloneBrush
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDeleteStringFormat
GdipGetFontSize
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipDeletePen
GdipCreateBitmapFromScan0
GdipDrawImageI
GdipCreatePen1
GdipSetStringFormatAlign

comctl32

_TrackMouseEvent

wininet

InternetGetConnectedState
HttpQueryInfoW
InternetOpenW
InternetOpenUrlW
DeleteUrlCacheEntryW
InternetReadFile
InternetCloseHandle

netapi32

NetApiBufferFree
NetGetJoinInformation

Sections

.text
Size: 1014KB - Virtual size: 1013KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 658KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

lva.ini
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d36d094d08c8b1be69330dfd38d77bf5

Code Sign

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0Certificate

Extended Key Usages

Key Usages

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0Certificate

Extended Key Usages

Key Usages

0b:c2:83:c1:68:cf:e9:85:07:5e:07:9a:0e:91:94:2a:85:ba:6c:bc:29:8d:35:2a:5e:bc:b0:1b:f7:a9:5f:89Signer

de:ab:21:1c:03:52:f9:44:f7:16:aa:5d:11:13:cc:73:01:2e:cf:77Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

crypt32

rpcrt4

ws2_32

iphlpapi

userenv

dnsapi

shlwapi

gdiplus

comctl32

wininet

netapi32

Sections

.text Size: 1014KB - Virtual size: 1013KB

.rdata Size: 237KB - Virtual size: 237KB

.data Size: 20KB - Virtual size: 658KB

Shared Size: 512B - Virtual size: 1B

.rsrc Size: 74KB - Virtual size: 73KB

.reloc Size: 41KB - Virtual size: 40KB

lva.ini Size: 10KB - Virtual size: 9KB

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0
Certificate

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0
Certificate

0b:c2:83:c1:68:cf:e9:85:07:5e:07:9a:0e:91:94:2a:85:ba:6c:bc:29:8d:35:2a:5e:bc:b0:1b:f7:a9:5f:89
Signer

de:ab:21:1c:03:52:f9:44:f7:16:aa:5d:11:13:cc:73:01:2e:cf:77
Signer

.text
Size: 1014KB - Virtual size: 1013KB

.rdata
Size: 237KB - Virtual size: 237KB

.data
Size: 20KB - Virtual size: 658KB

Shared
Size: 512B - Virtual size: 1B

.rsrc
Size: 74KB - Virtual size: 73KB

.reloc
Size: 41KB - Virtual size: 40KB

lva.ini
Size: 10KB - Virtual size: 9KB