7ab3326a36a3488870e4ac2d658167741f9f3f5da3890169c8f9566985a5673e

Sharing

Copy URL

Twitter E-mail

General

Target

7ab3326a36a3488870e4ac2d658167741f9f3f5da3890169c8f9566985a5673e
Size

129KB
MD5

ef3e8c6495c1eb2ba4703657ae71a610
SHA1

eab3a347c6200cdae0d6b285d800a83ab3831ba6
SHA256

7ab3326a36a3488870e4ac2d658167741f9f3f5da3890169c8f9566985a5673e
SHA512

6247e97cb23e10a9c9f3706d1383493d3f128bf0ef23ebc8ff64ac7cc1685b896a5ff827ed98596461ef6b6f2a5f40249dac40b79f272ff14265d4c2c344a3da
SSDEEP

1536:9dYsRpnC96km8tS171Uvvav6K5+lo6x2bPOmmoyKfUhUq1XIr3n:lrnC948tS17e46K8lo60ioJfU1BIDn

Score

10^/10

Malware Config

Signatures

Detects executables referencing virtualization MAC addresses 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_VM_Evasion_MACAddrComb

Files

7ab3326a36a3488870e4ac2d658167741f9f3f5da3890169c8f9566985a5673e
.dll windows:6 windows x86 arch:x86

d2ee0e2785fa5453c87a08978fbf2763

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:cd:77:9a:de:d4:6f:8f:ec:dc:2c:73
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

05/01/2023, 03:29

Not After

27/01/2026, 06:53

Subject

SERIALNUMBER=91440300761955047C,CN=Chipspoint Electronics Co.\, Ltd.,O=Chipspoint Electronics Co.\, Ltd.,STREET=福田区福田路深圳国际文化大厦0701、0702,L=Shenzhen,ST=Guangdong,C=CN,1.3.6.1.4.1.311.60.2.1.1=#13085348454e5a48454e,1.3.6.1.4.1.311.60.2.1.2=#13094755414e47444f4e47,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:7b:6d:b5:22:7a:db:42:5d:52:b7:cd:0e:22:f5:75:bd:d5:9d:36
Signer

Actual PE Digest

2b:7b:6d:b5:22:7a:db:42:5d:52:b7:cd:0e:22:f5:75:bd:d5:9d:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\NVMS_v2.1.4_SP1_USS78_winlite\CommonFile\CommonLib\Release\EMapSDK.pdb

Imports

sharelib

?SHARESDK_CreateSingleton@@YAXPAXPBD@Z
?SHARESDK_AbnormalOutput@@YAXPBD0I@Z
?SHARESDK_DestroySingleton@@YAXPAX@Z

kernel32

CloseHandle
DeleteCriticalSection
CreateDirectoryA
ReadFile
GetFileSizeEx
WriteFile
CreateFileA
DeleteFileA
TerminateProcess
GetCurrentThreadId
GetLastError
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
GetCurrentProcess
InitializeSListHead
IsDebuggerPresent
SetUnhandledExceptionFilter
LocalFree
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
UnhandledExceptionFilter

oleaut32

VariantClear

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

strchr
_purecall
__std_type_info_name
__std_type_info_destroy_list
_CxxThrowException
memset
_except_handler4_common
memcpy
memcmp
__std_exception_copy
__CxxFrameHandler3
__std_exception_destroy
memmove

api-ms-win-crt-filesystem-l1-1-0

_mkdir
_access

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_execute_onexit_table
terminate
_initterm_e
_cexit
_invalid_parameter_noinfo_noreturn
_initterm
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function

api-ms-win-crt-string-l1-1-0

strncpy
_stricmp

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-convert-l1-1-0

atof

Exports

Exports

??0CEMapFileCommonIterator@@QAE@ABV0@@Z
??0CEMapFileCommonIterator@@QAE@XZ
??0CEMapFileIterator@@QAE@ABU_GUID@@@Z
??0CEMapFileIterator@@QAE@ABV0@@Z
??0CEMapFileIterator@@QAE@I@Z
??0CEMapFileIterator@@QAE@XZ
??0CEMapFileSmartIterator@@QAE@ABV0@@Z
??0CEMapFileSmartIterator@@QAE@XZ
??0CEMapHotAreaAndSpotIterator@@QAE@ABU_GUID@@@Z
??0CEMapHotAreaAndSpotIterator@@QAE@ABV0@@Z
??0CEMapHotAreaAndSpotIterator@@QAE@I@Z
??0CEMapHotAreaIterator@@QAE@ABU_GUID@@@Z
??0CEMapHotAreaIterator@@QAE@ABV0@@Z
??0CEMapHotAreaIterator@@QAE@I@Z
??0CEMapHotSpotIterator@@QAE@ABU_GUID@@@Z
??0CEMapHotSpotIterator@@QAE@ABV0@@Z
??0CEMapHotSpotIterator@@QAE@I@Z
??0CEMapIteratorBase@@IAE@XZ
??0CEMapIteratorBase@@QAE@ABV0@@Z
??0CEMapNode@@IAE@XZ
??0CEMapNode@@QAE@ABV0@@Z
??0CEMapOneNodeIterator@@QAE@ABU_GUID@@@Z
??0CEMapOneNodeIterator@@QAE@I@Z
??0CEMapTreeLRNIterator@@QAE@ABU_GUID@@@Z
??0CEMapTreeLRNIterator@@QAE@ABV0@@Z
??0CEMapTreeLRNIterator@@QAE@I@Z
??0CEMapTreeNLRIterator@@QAE@ABU_GUID@@@Z
??0CEMapTreeNLRIterator@@QAE@ABV0@@Z
??0CEMapTreeNLRIterator@@QAE@I@Z
??0CHotAreaIterator@@QAE@ABU_GUID@@@Z
??0CHotAreaIterator@@QAE@ABV0@@Z
??0CHotAreaIterator@@QAE@I@Z
??0CHotAreaIterator@@QAE@PBD@Z
??0CHotAreaIterator@@QAE@XZ
??0CHotSpotIterator@@QAE@ABU_GUID@@@Z
??0CHotSpotIterator@@QAE@ABV0@@Z
??0CHotSpotIterator@@QAE@I@Z
??0CHotSpotIterator@@QAE@PBD@Z
??0CHotSpotIterator@@QAE@XZ
??0CRHotAreaIterator@@QAE@ABU_GUID@@@Z
??0CRHotAreaIterator@@QAE@ABV0@@Z
??0CRHotSpotIterator@@QAE@ABU_GUID@@@Z
??0CRHotSpotIterator@@QAE@ABV0@@Z
??1CEMapFileCommonIterator@@UAE@XZ
??1CEMapFileIterator@@UAE@XZ
??1CEMapFileSmartIterator@@UAE@XZ
??1CEMapHotAreaAndSpotIterator@@UAE@XZ
??1CEMapHotAreaIterator@@UAE@XZ
??1CEMapHotSpotIterator@@UAE@XZ
??1CEMapIteratorBase@@MAE@XZ
??1CEMapNode@@MAE@XZ
??1CEMapOneNodeIterator@@QAE@XZ
??1CEMapTreeLRNIterator@@UAE@XZ
??1CEMapTreeNLRIterator@@UAE@XZ
??1CHotAreaIterator@@UAE@XZ
??1CHotSpotIterator@@UAE@XZ
??1CRHotAreaIterator@@UAE@XZ
??1CRHotSpotIterator@@UAE@XZ
??4CEMapFileCommonIterator@@QAEAAV0@ABV0@@Z
??4CEMapFileIterator@@QAEAAV0@ABV0@@Z
??4CEMapFileSmartIterator@@QAEAAV0@ABV0@@Z
??4CEMapHotAreaAndSpotIterator@@QAEAAV0@ABV0@@Z
??4CEMapHotAreaIterator@@QAEAAV0@ABV0@@Z
??4CEMapHotSpotIterator@@QAEAAV0@ABV0@@Z
??4CEMapIteratorBase@@QAEAAV0@ABV0@@Z
??4CEMapNode@@QAEAAV0@ABV0@@Z
??4CEMapOneNodeIterator@@QAEAAV0@ABV0@@Z
??4CEMapTreeLRNIterator@@QAEAAV0@ABV0@@Z
??4CEMapTreeNLRIterator@@QAEAAV0@ABV0@@Z
??4CHotAreaIterator@@QAEAAV0@ABV0@@Z
??4CHotSpotIterator@@QAEAAV0@ABV0@@Z
??4CRHotAreaIterator@@QAEAAV0@ABV0@@Z
??4CRHotSpotIterator@@QAEAAV0@ABV0@@Z
??BCEMapOneNodeIterator@@QAEPAVCEMapNode@@XZ
??CCEMapOneNodeIterator@@QAEPAVCEMapNode@@XZ
??_7CEMapFileCommonIterator@@6B@
??_7CEMapFileIterator@@6B@
??_7CEMapFileSmartIterator@@6B@
??_7CEMapHotAreaAndSpotIterator@@6B@
??_7CEMapHotAreaIterator@@6B@
??_7CEMapHotSpotIterator@@6B@
??_7CEMapIteratorBase@@6B@
??_7CEMapNode@@6B@
??_7CEMapTreeLRNIterator@@6B@
??_7CEMapTreeNLRIterator@@6B@
??_7CHotAreaIterator@@6B@
??_7CHotSpotIterator@@6B@
??_7CRHotAreaIterator@@6B@
??_7CRHotSpotIterator@@6B@
??_FCEMapTreeLRNIterator@@QAEXXZ
??_FCEMapTreeNLRIterator@@QAEXXZ
?EMAP_AddEMAPUpdateObserver@@YAXPAVCEMapUpdateOperator@@@Z
?EMAP_DelEMAPUpdateObserver@@YAXPAVCEMapUpdateOperator@@@Z
?EMAP_GetLastError@@YAIXZ
?EMAP_Initial@@YA_NPAVInterlocked@@PBD@Z
?EMAP_Quit@@YAXXZ
?EMap_ClearAllInfo@@YAXXZ
?EMap_GetAllInfo@@YA_NAAVCConfigPack@@@Z
?EMap_UpdateInfo@@YAXABVCConfigPack@@@Z
?ExcludeHotAreaNode@CEMapHotSpotIterator@@AAEXXZ
?ExcludeHotSpotNode@CEMapHotAreaIterator@@AAEXXZ
?GetNext@CEMapIteratorBase@@UAEPAVCEMapNode@@XZ
?HasNext@CEMapIteratorBase@@UAE_NXZ

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2ee0e2785fa5453c87a08978fbf2763

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

41:cd:77:9a:de:d4:6f:8f:ec:dc:2c:73Certificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

2b:7b:6d:b5:22:7a:db:42:5d:52:b7:cd:0e:22:f5:75:bd:d5:9d:36Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sharelib

kernel32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

Exports

Exports

Sections

.text Size: 85KB - Virtual size: 85KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 3KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

41:cd:77:9a:de:d4:6f:8f:ec:dc:2c:73
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

2b:7b:6d:b5:22:7a:db:42:5d:52:b7:cd:0e:22:f5:75:bd:d5:9d:36
Signer

.text
Size: 85KB - Virtual size: 85KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB