a1f609dc7214b9e5e11179e3bb8c220e37f2fc321b2b25ee2d4b290ae370a22fN

Sharing

Copy URL

Twitter E-mail

General

Target

a1f609dc7214b9e5e11179e3bb8c220e37f2fc321b2b25ee2d4b290ae370a22fN
Size

208KB
MD5

76d4141493af91115a13553de521db50
SHA1

a7dd27dc49f754dd85ec72e9e13cc79011fc3588
SHA256

a1f609dc7214b9e5e11179e3bb8c220e37f2fc321b2b25ee2d4b290ae370a22f
SHA512

41d08370a4a2405a85e582a5c990aeaeb7a91e509ecc0a3b294b3bdfdd16dbd2594ccb58c69056f41cc2508b23f54d366258c0063886c8fa1788fffd9abce007
SSDEEP

6144:FxIh7aEX1PdbGSGyBV+UdvrEFp7hKACI8G:PIflPcvyBjvrEH7VCI8G

Score

1^/10

Malware Config

Signatures

Files

a1f609dc7214b9e5e11179e3bb8c220e37f2fc321b2b25ee2d4b290ae370a22fN
.exe windows:4 windows x86 arch:x86

24c825aa8f7dbc19a1fba3fa848fab94

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e0:4f:3f:5b:78:ca:4d:71:0f:15:8a:bf:fe:05:0f:97
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

03-11-2022 00:00

Not After

02-11-2025 23:59

Subject

CN=AOMEI International Network Limited,O=AOMEI International Network Limited,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e0:4f:3f:5b:78:ca:4d:71:0f:15:8a:bf:fe:05:0f:97
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

03-11-2022 00:00

Not After

02-11-2025 23:59

Subject

CN=AOMEI International Network Limited,O=AOMEI International Network Limited,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

84:33:74:77:f7:d6:a9:fb:f3:44:6d:6b:2c:89:18:c2:b9:ad:b6:2a:ec:87:ad:92:d6:55:1c:7b:31:a6:61:52
Signer

Actual PE Digest

84:33:74:77:f7:d6:a9:fb:f3:44:6d:6b:2c:89:18:c2:b9:ad:b6:2a:ec:87:ad:92:d6:55:1c:7b:31:a6:61:52

Digest Algorithm

sha256

PE Digest Matches

false

a6:9d:b1:7a:c9:05:63:84:4d:83:04:be:03:c2:55:3c:f8:9b:14:1d
Signer

Actual PE Digest

a6:9d:b1:7a:c9:05:63:84:4d:83:04:be:03:c2:55:3c:f8:9b:14:1d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\svn\BRCloudv2\trunk\output\win32\release\LoadDrv_Win32.pdb

Imports

kernel32

WinExec
GetFullPathNameW
Process32FirstW
Process32NextW
lstrcmpiW
HeapAlloc
GetProcessHeap
DefineDosDeviceW
LoadLibraryW
CreateToolhelp32Snapshot
GetLogicalDrives
OpenProcess
DeviceIoControl
DeleteFileA
GetSystemWindowsDirectoryW
GetSystemInfo
WideCharToMultiByte
SetFilePointer
GetModuleHandleW
GetProcAddress
GetVersionExW
GetCurrentProcess
LoadLibraryA
OutputDebugStringW
GetLastError
DeleteFileW
FreeLibrary
SetErrorMode
GetWindowsDirectoryW
GetLogicalDriveStringsA
GetModuleFileNameW
Sleep
GetCommandLineW
WriteFile
GetFileSizeEx
SetFileAttributesW
CloseHandle
CreateFileW
ReadFile
GetFileAttributesW
CreateDirectoryW
HeapFree
CreateFileA
WriteConsoleW
GetCommandLineA
GetVersionExA
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
VirtualAlloc
HeapReAlloc
RtlUnwind
GetConsoleCP
GetConsoleMode
InitializeCriticalSection
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

wsprintfW

advapi32

DuplicateTokenEx
GetSecurityDescriptorDacl
RevertToSelf
SetEntriesInAclW
SetKernelObjectSecurity
OpenProcessToken
MakeAbsoluteSD
GetKernelObjectSecurity
BuildExplicitAccessWithNameW
LookupPrivilegeValueW
GetUserNameW
ImpersonateLoggedOnUser
SetSecurityDescriptorDacl
AdjustTokenPrivileges
RegCreateKeyExW
StartServiceW
OpenSCManagerW
RegOpenKeyW
OpenServiceW
RegQueryValueExW
DeleteService
RegDeleteValueW
CloseServiceHandle
RegSetValueExW
RegCloseKey
QueryServiceStatus
RegOpenKeyExW
ControlService
CreateServiceW

shell32

CommandLineToArgvW
SHChangeNotify

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24c825aa8f7dbc19a1fba3fa848fab94

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

e0:4f:3f:5b:78:ca:4d:71:0f:15:8a:bf:fe:05:0f:97Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

e0:4f:3f:5b:78:ca:4d:71:0f:15:8a:bf:fe:05:0f:97Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

84:33:74:77:f7:d6:a9:fb:f3:44:6d:6b:2c:89:18:c2:b9:ad:b6:2a:ec:87:ad:92:d6:55:1c:7b:31:a6:61:52Signer

a6:9d:b1:7a:c9:05:63:84:4d:83:04:be:03:c2:55:3c:f8:9b:14:1dSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 76KB - Virtual size: 72KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 424B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

e0:4f:3f:5b:78:ca:4d:71:0f:15:8a:bf:fe:05:0f:97
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

e0:4f:3f:5b:78:ca:4d:71:0f:15:8a:bf:fe:05:0f:97
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

84:33:74:77:f7:d6:a9:fb:f3:44:6d:6b:2c:89:18:c2:b9:ad:b6:2a:ec:87:ad:92:d6:55:1c:7b:31:a6:61:52
Signer

a6:9d:b1:7a:c9:05:63:84:4d:83:04:be:03:c2:55:3c:f8:9b:14:1d
Signer

.text
Size: 76KB - Virtual size: 72KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 424B