1834990c2d4640e7997761aee4a2aeb2898421aa2c9d1555b84a3ae3421f077f

Sharing

Copy URL

Twitter E-mail

General

Target

1834990c2d4640e7997761aee4a2aeb2898421aa2c9d1555b84a3ae3421f077f
Size

514KB
MD5

5dd6d6ee05f289bafb66adcab4866550
SHA1

593370ca057a78886aa11880acbab39e669c50ff
SHA256

1834990c2d4640e7997761aee4a2aeb2898421aa2c9d1555b84a3ae3421f077f
SHA512

a2263c21512d87efb191e66e839b9403a0a48a628979482858b5d91c9f18a052361765502a7089594d06a96513e1da9c72547fc4ee8ea2c88ced77637051ffe6
SSDEEP

6144:odvk9XtTH7xHA3LNLsDpXj2rKmpj+4uuZmBZO/DNOdMQyyWZOKIQ:oWXtTHdgBgDpKrKmpBiBqD/NP

Score

1^/10

Malware Config

Signatures

Files

1834990c2d4640e7997761aee4a2aeb2898421aa2c9d1555b84a3ae3421f077f
.dll windows:4 windows x64 arch:x64

d9e1a8bf2668976722209732dd44d9f7

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

cc:31:84:83:81:c9:a0:c5:2f:13:6f:2b:2f:60:17:fc
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

29/10/2007, 00:00

Not After

28/10/2008, 23:59

Subject

CN=深圳市世强电脑科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=深圳市世强电脑科技有限公司,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

91:28:97:6d:77:15:1b:3a:7f:60:d2:85:8f:37:ef:cc:48:da:42:15
Signer

Actual PE Digest

91:28:97:6d:77:15:1b:3a:7f:60:d2:85:8f:37:ef:cc:48:da:42:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
WriteFile
ReadFile
GetFileSize
CloseHandle
GetLocalTime
OpenFileMappingA
GetPrivateProfileIntA
SetFilePointer
GetPrivateProfileStringA
WideCharToMultiByte
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetLastError
HeapFree
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
LCMapStringA
LCMapStringW
GetCPInfo
GetProcAddress
GetModuleHandleA
ExitProcess
RtlVirtualUnwind
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
HeapSize
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetACP
GetOEMCP
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
HeapReAlloc
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW

user32

MessageBoxA

advapi32

RegQueryValueExA
RegOpenKeyExA

Exports

Exports

ClearData_Ex
ConverYD_Ex
GetAllReSult_Ex
GetBm
GetList2Result_Ex
GetWords
Index2String_Ex
InitQuery_Ex
PyCodingUser_Clear
PyCodingUser_Close
PyCodingUser_File2Mem
PyCodingUser_Insert
PyCodingUser_Mem2File
PyNewUserLib_Insert
PyNewUserLib_Load
SP2Comp_Ex
SetBlurRule_Ex
SetLog
SetPYMode_Ex

Sections

.text
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9e1a8bf2668976722209732dd44d9f7

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

cc:31:84:83:81:c9:a0:c5:2f:13:6f:2b:2f:60:17:fcCertificate

Extended Key Usages

Key Usages

91:28:97:6d:77:15:1b:3a:7f:60:d2:85:8f:37:ef:cc:48:da:42:15Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 340KB - Virtual size: 339KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 70KB - Virtual size: 83KB

.pdata Size: 20KB - Virtual size: 20KB

.rsrc Size: 1024B - Virtual size: 964B

.reloc Size: 7KB - Virtual size: 7KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

cc:31:84:83:81:c9:a0:c5:2f:13:6f:2b:2f:60:17:fc
Certificate

91:28:97:6d:77:15:1b:3a:7f:60:d2:85:8f:37:ef:cc:48:da:42:15
Signer

.text
Size: 340KB - Virtual size: 339KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 70KB - Virtual size: 83KB

.pdata
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 964B

.reloc
Size: 7KB - Virtual size: 7KB