aee3d2a6ebecac4429852e34bc514ea6b4dcc30c559e1f9393f9b1d1206dc321

Sharing

Copy URL Twitter E-mail

General

Target

aee3d2a6ebecac4429852e34bc514ea6b4dcc30c559e1f9393f9b1d1206dc321
Size

4.2MB
MD5

e5b383c9d5c4dddfd7330c8afb9451c9
SHA1

531e11aad7f2274d4ef3e52888ee9f3b01e5c3a6
SHA256

aee3d2a6ebecac4429852e34bc514ea6b4dcc30c559e1f9393f9b1d1206dc321
SHA512

b46c6ff342835c7d200534d51d8c11b27ef61db3d0b367f5986539f3f5c1376cea836907f093ad8b4cdf9826b91e6a78a8f9d18864abf44c5b3291bd41f6c431
SSDEEP

98304:Zy+SMVu0VLGMb5Cx0taAUgLdpq+Xvna9k7VoiX996Kc2Q:DSMVu0VLGMb5Cx0taAUgLdpq+Xvna9kK

Score

1^/10

Malware Config

Signatures

Files

aee3d2a6ebecac4429852e34bc514ea6b4dcc30c559e1f9393f9b1d1206dc321
.exe windows:6 windows x64 arch:x64

7ad80f584127f9a7c5303adb03a604ad

Code Sign

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:1b:ab:e5:8a:11:09:b9:91:2b:35:96:f8:f8:dc:32
Certificate

Issuer

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19/07/2024, 08:19

Not After

19/07/2025, 08:19

Subject

SERIALNUMBER=91220700MA0Y47UL1G,CN=Songyuan Meiying Electronic Products Co.\, Ltd.,O=Songyuan Meiying Electronic Products Co.\, Ltd.,L=Songyuan,ST=Jilin,C=CN,1.3.6.1.4.1.311.60.2.1.1=#1308536f6e677975616e,1.3.6.1.4.1.311.60.2.1.2=#13054a696c696e,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:64:26:dc:9e:44:00:f8:d0:29:ba:1f:04:31:a6:a8:87:95:6e:45:4d:ee:42:c3:a8:12:de:8c:b4:47:09:f3
Signer

Actual PE Digest

2c:64:26:dc:9e:44:00:f8:d0:29:ba:1f:04:31:a6:a8:87:95:6e:45:4d:ee:42:c3:a8:12:de:8c:b4:47:09:f3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SophosFS.pdb

Imports

advapi32

QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegNotifyChangeKeyValue
LsaNtStatusToWinError
RegDeleteValueW
RegGetValueW
RegSetValueExW
RegDeleteTreeW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyExW
GetTokenInformation
OpenProcessToken
IsWellKnownSid
ConvertSidToStringSidA
RegEnumValueW

shell32

SHGetFolderPathW
SHGetKnownFolderPath

ole32

CoTaskMemFree

bcrypt

BCryptHashData
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

WSAStartup
WSACleanup

kernel32

GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
GetConsoleOutputCP
HeapSize
GetTimeZoneInformation
HeapReAlloc
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
RtlUnwindEx
OutputDebugStringW
GetCPInfo
CompareStringEx
LCMapStringEx
OutputDebugStringA
FormatMessageW
LocalFree
WideCharToMultiByte
FormatMessageA
Sleep
GetTickCount64
GetLastError
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
CreateFileW
GetCurrentProcess
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
InitializeCriticalSectionEx
WaitForSingleObject
GetCurrentThreadId
CreateEventW
SetEvent
RaiseException
DecodePointer
DeleteCriticalSection
WaitForMultipleObjects
CloseHandle
ReadFile
SetFilePointer
QueryDosDeviceW
GetWindowsDirectoryW
GetFileSizeEx
GetHandleInformation
WriteFile
QueryPerformanceFrequency
QueryPerformanceCounter
ResumeThread
CreateProcessW
DeleteProcThreadAttributeList
VerSetConditionMask
VerifyVersionInfoW
OpenProcess
QueryFullProcessImageNameW
GetProcessTimes
GetExitCodeProcess
DuplicateHandle
TerminateProcess
SetEnvironmentVariableW
SetSearchPathMode
HeapSetInformation
GetProcessHeap
SetDllDirectoryW
ExpandEnvironmentStringsW
ResetEvent
SetWaitableTimer
CancelWaitableTimer
GetFileInformationByHandleEx
GetStdHandle
DeviceIoControl
SetEndOfFile
UnlockFileEx
GetConsoleMode
GetFileInformationByHandle
CancelIoEx
GetOverlappedResult
WriteConsoleW
MoveFileExW
GetOverlappedResultEx
ReplaceFileW
LockFileEx
FlushFileBuffers
GetModuleHandleExW
CreateWaitableTimerW
FindClose
FreeEnvironmentStringsW
FreeLibrary
MultiByteToWideChar
TlsSetValue
SetLastError
RegisterWaitForSingleObject
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
PostQueuedCompletionStatus
TerminateThread
TlsAlloc
GetSystemInfo
QueueUserAPC
SetFilePointerEx
UnregisterWaitEx
SleepEx
TlsGetValue
GetSystemTimeAsFileTime
TlsFree
CreateIoCompletionPort
VirtualProtect
VirtualQuery
LoadLibraryA
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFileInformationByHandle
AreFileApisANSI
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
GetExitCodeThread
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
GetStringTypeW
ReleaseSRWLockShared
AcquireSRWLockShared
RtlPcToFileHeader
EncodePointer
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree

Sections

.text
Size: 741KB - Virtual size: 740KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/Bm
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_MEM_READ

/tm
Size: 1024KB - Virtual size: 1024KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ad80f584127f9a7c5303adb03a604ad

Code Sign

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89Certificate

Extended Key Usages

Key Usages

39:1b:ab:e5:8a:11:09:b9:91:2b:35:96:f8:f8:dc:32Certificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

2c:64:26:dc:9e:44:00:f8:d0:29:ba:1f:04:31:a6:a8:87:95:6e:45:4d:ee:42:c3:a8:12:de:8c:b4:47:09:f3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

shell32

ole32

bcrypt

version

ws2_32

kernel32

Sections

.text Size: 741KB - Virtual size: 740KB

.rdata Size: 220KB - Virtual size: 219KB

.data Size: 24KB - Virtual size: 31KB

.pdata Size: 35KB - Virtual size: 35KB

.didat Size: 512B - Virtual size: 48B

_RDATA Size: 512B - Virtual size: 384B

.rsrc Size: 232KB - Virtual size: 231KB

.reloc Size: 5KB - Virtual size: 4KB

/Bm Size: 2.0MB - Virtual size: 2.0MB

/tm Size: 1024KB - Virtual size: 1024KB

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

39:1b:ab:e5:8a:11:09:b9:91:2b:35:96:f8:f8:dc:32
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

2c:64:26:dc:9e:44:00:f8:d0:29:ba:1f:04:31:a6:a8:87:95:6e:45:4d:ee:42:c3:a8:12:de:8c:b4:47:09:f3
Signer

.text
Size: 741KB - Virtual size: 740KB

.rdata
Size: 220KB - Virtual size: 219KB

.data
Size: 24KB - Virtual size: 31KB

.pdata
Size: 35KB - Virtual size: 35KB

.didat
Size: 512B - Virtual size: 48B

_RDATA
Size: 512B - Virtual size: 384B

.rsrc
Size: 232KB - Virtual size: 231KB

.reloc
Size: 5KB - Virtual size: 4KB

/Bm
Size: 2.0MB - Virtual size: 2.0MB

/tm
Size: 1024KB - Virtual size: 1024KB