8719467326ae08e270854cdef37e5ca93f33a7411002b5f61f9796659e91c8e4[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

8719467326ae08e270854cdef37e5ca93f33a7411002b5f61f9796659e91c8e4.exe
Size

804KB
MD5

5adea3ab683a21d39d75b6aab6f9cd10
SHA1

ca614a981a394a88a42d43492b0a737527bff171
SHA256

8719467326ae08e270854cdef37e5ca93f33a7411002b5f61f9796659e91c8e4
SHA512

85825cd5d64018177b66fcaa3506687af49a958d401e2865875233b04b53694c4a973c458965a97db47ec6cbc545c1671135214cdbb8d4fdc705965be69d954b
SSDEEP

12288:9HjaxBmJ3owhLHLHXQbKODmKvg0HTLbCf7cKSyfIxF6YUx6tcJza1:lqBw31LbQbLmKBjCf7cZL6hx6GJG

Score

1^/10

Malware Config

Signatures

Files

8719467326ae08e270854cdef37e5ca93f33a7411002b5f61f9796659e91c8e4.exe
.exe windows:6 windows x64 arch:x64

e0f22ad3c983aa9c9ce4afda13b27307

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:9e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:69:0a:76:fb:97:7e
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

28/06/2013, 06:37

Not After

29/06/2014, 18:56

Subject

CN=沈阳芝麻开门科技有限公司,O=沈阳芝麻开门科技有限公司,L=沈阳市,ST=辽宁省,C=CN,1.2.840.113549.1.9.1=#0c12627573696e65737340356b626f782e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:42:61:f3:3a:45:2a:0d:36:5d:6e:ad:fa:c8:b1:d2:f9:ac:1f:6a
Signer

Actual PE Digest

03:42:61:f3:3a:45:2a:0d:36:5d:6e:ad:fa:c8:b1:d2:f9:ac:1f:6a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LocalAlloc
HeapAlloc
GetProcessHeap
LocalReAlloc
GetModuleFileNameA
GetCurrentProcess
WriteFile
VirtualAlloc
CreateMutexW
GetCurrentThreadId
EnumSystemLocalesA
GetTempPathA
HeapFree
DeleteFileA
ExitProcess
WinExec
Sleep
LoadLibraryW
GetProcAddress
SetEndOfFile
WriteConsoleW
CreateFileW
SetStdHandle
SetEnvironmentVariableW
DeleteCriticalSection
DecodePointer
RaiseException
CloseHandle
GetLastError
FindClose
GetEnvironmentVariableA
InitializeCriticalSectionEx
FindNextFileA
CreateFileA
FindFirstFileA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
HeapSize
HeapReAlloc
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
RtlUnwind
IsValidLocale
GetFileType
SetFilePointerEx
GetFileSizeEx
GetCommandLineW
GetCommandLineA
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
MultiByteToWideChar
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
LocalFree
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
TerminateProcess
RtlUnwindEx
RtlPcToFileHeader
FreeLibrary
LoadLibraryExW

user32

MessageBoxA

advapi32

RegSetValueExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExW

shell32

FindExecutableA
ord680

oleaut32

VariantClear

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 545KB - Virtual size: 550KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0f22ad3c983aa9c9ce4afda13b27307

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:9d:f8:9eCertificate

Key Usages

09:69:0a:76:fb:97:7eCertificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

03:42:61:f3:3a:45:2a:0d:36:5d:6e:ad:fa:c8:b1:d2:f9:ac:1f:6aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

oleaut32

ntdll

Sections

.text Size: 149KB - Virtual size: 148KB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 545KB - Virtual size: 550KB

.pdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 3KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:9d:f8:9e
Certificate

09:69:0a:76:fb:97:7e
Certificate

3d
Certificate

03:42:61:f3:3a:45:2a:0d:36:5d:6e:ad:fa:c8:b1:d2:f9:ac:1f:6a
Signer

.text
Size: 149KB - Virtual size: 148KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 545KB - Virtual size: 550KB

.pdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 3KB - Virtual size: 3KB