7947a1eca3cbcd3a5f2723ccfc09fe4b3891d28974ce3f1ce40c614939c90dc9

Sharing

Copy URL Twitter E-mail

General

Target

7947a1eca3cbcd3a5f2723ccfc09fe4b3891d28974ce3f1ce40c614939c90dc9
Size

1.3MB
MD5

fc8be285deaff1c7af9fba1d891c8b71
SHA1

89592a89231fa933c48074890edf75a0c6661490
SHA256

7947a1eca3cbcd3a5f2723ccfc09fe4b3891d28974ce3f1ce40c614939c90dc9
SHA512

7207b283e125712352da61b290cccac30f734263e8ddcb0a8330a01eacbc0391ad0ef8c73478f9a2681abb4c162b6635c11e4236f4db42e973684f8a323b0629
SSDEEP

24576:v9PnrdyHOzIx9exuOmR4dhPxEq+pJYcQ8oJxPEmBDGNEQgI0g:v9PgHOz2OZdxxEbtoJx8ODOEK0g

Score

1^/10

Malware Config

Signatures

Files

7947a1eca3cbcd3a5f2723ccfc09fe4b3891d28974ce3f1ce40c614939c90dc9
.exe windows:5 windows x64 arch:x64

e9f83c307736f6e0d5d8043da5f43370

Code Sign

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

24/08/2022, 00:00

Not After

29/08/2025, 23:59

Subject

CN=深圳市联软科技股份有限公司,O=深圳市联软科技股份有限公司,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

24/08/2022, 00:00

Not After

29/08/2025, 23:59

Subject

CN=深圳市联软科技股份有限公司,O=深圳市联软科技股份有限公司,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d1:f9:e5:4b:09:aa:ca:51:a6:96:85:1d:13:90:fe:8d:82:ef:bb:63:6d:ef:57:33:b0:26:65:c6:94:b1:27:96
Signer

Actual PE Digest

d1:f9:e5:4b:09:aa:ca:51:a6:96:85:1d:13:90:fe:8d:82:ef:bb:63:6d:ef:57:33:b0:26:65:c6:94:b1:27:96

Digest Algorithm

sha256

PE Digest Matches

true

a5:76:31:ef:73:b8:3b:9a:fc:72:1a:c5:59:f5:9f:9b:48:67:2a:b3
Signer

Actual PE Digest

a5:76:31:ef:73:b8:3b:9a:fc:72:1a:c5:59:f5:9f:9b:48:67:2a:b3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\SDP_HW_08_TR23_feature\UniSDPAccess3_1\模块设计与源代码\UniAccessAgent\AgentCoreExe\Focaccino\x64\Release\Focaccino.pdb

Imports

kernel32

HeapAlloc
GetProcessHeap
GetLocalTime
EnumResourceLanguagesW
GetSystemDefaultLangID
LoadLibraryExW
SizeofResource
LockResource
LoadResource
FindResourceExW
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
GetVersionExW
CreateMutexA
ReleaseMutex
lstrcmpiA
TerminateProcess
GetExitCodeProcess
CreateProcessW
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
lstrlenW
SetLastError
WideCharToMultiByte
MultiByteToWideChar
HeapFree
GetLocaleInfoA
IsValidLocale
GetUserDefaultLCID
GetLongPathNameW
GetShortPathNameW
ExpandEnvironmentStringsW
MoveFileW
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetLocalTime
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapReAlloc
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeA
EnumSystemLocalesA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
HeapCreate
HeapSetInformation
GetStartupInfoA
FlushFileBuffers
IsValidCodePage
CopyFileW
DeleteFileW
MoveFileExW
GetFileSize
GetDiskFreeSpaceW
VirtualAlloc
VirtualFree
GetFileAttributesW
GetLastError
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
SetFileTime
GetFileAttributesExW
LocalAlloc
GetFileSizeEx
ReadFile
WriteFile
SetFilePointerEx
SetEndOfFile
CreateFileW
GetFullPathNameW
SetEvent
WaitForSingleObject
ResetEvent
CreateEventA
OpenEventA
IsBadReadPtr
GetModuleHandleW
ReadProcessMemory
GetTempPathW
GetEnvironmentVariableW
GetSystemWindowsDirectoryW
GetSystemDirectoryW
FormatMessageW
Sleep
GetSystemDefaultUILanguage
GetLocaleInfoW
GetUserDefaultUILanguage
SetCurrentDirectoryW
GetCurrentDirectoryW
LocalFree
GetCurrentProcess
QueryDosDeviceW
GetTickCount
LoadLibraryA
FreeLibrary
LoadLibraryW
GetProcAddress
FindNextFileW
FindFirstFileW
FindClose
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
GetConsoleMode
GetConsoleCP
GetOEMCP
GetACP
HeapSize
FlsAlloc
FlsFree
FlsSetValue
GetModuleFileNameW
GetCommandLineW
GetCurrentProcessId
GetCurrentThreadId
UnmapViewOfFile
ProcessIdToSessionId
OpenProcess
CloseHandle
FileTimeToSystemTime
FlsGetValue
DecodePointer
EncodePointer
CompareStringW
CompareStringA
GetStringTypeW
RtlLookupFunctionEntry
RtlUnwindEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
RaiseException
RtlPcToFileHeader
GetSystemTimeAsFileTime
MoveFileA
DeleteFileA
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
ExitProcess
GetStartupInfoW
LCMapStringA
LCMapStringW
GetCPInfo
SetEnvironmentVariableA

user32

GetThreadDesktop
GetSystemMetrics
GetUserObjectInformationW
PostMessageW
GetDC
CloseDesktop
RegisterClassW
CreateWindowExW
SetWindowLongPtrW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
GetWindowLongPtrW
DefWindowProcW
SendMessageW
OpenInputDesktop

gdi32

EnumFontFamiliesExW
AddFontResourceW

advapi32

GetNamedSecurityInfoW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
GetUserNameW
SetNamedSecurityInfoW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
AllocateAndInitializeSid
FreeSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
LogonUserW
CreateProcessWithLogonW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExW
IsValidSid
AddAccessAllowedAce
ConvertStringSidToSidW
SetEntriesInAclW
SetSecurityInfo
RevertToSelf
ImpersonateLoggedOnUser
LookupAccountNameW
InitializeSecurityDescriptor
GetFileSecurityW
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAce
AddAccessAllowedAceEx
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetSecurityDescriptorControl
SetFileSecurityW
OpenProcessToken

shell32

ShellExecuteW
ord680

oleaut32

SysAllocString
SysFreeString

netapi32

NetUserAdd
NetLocalGroupAddMembers
NetUserDel

wtsapi32

WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSFreeMemory

crypt32

CertCloseStore
CertFreeCertificateContext
CertVerifyTimeValidity
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CryptMsgClose

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

Sections

.text
Size: 933KB - Virtual size: 933KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Shared
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9f83c307736f6e0d5d8043da5f43370

Code Sign

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0Certificate

Extended Key Usages

Key Usages

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0Certificate

Extended Key Usages

Key Usages

d1:f9:e5:4b:09:aa:ca:51:a6:96:85:1d:13:90:fe:8d:82:ef:bb:63:6d:ef:57:33:b0:26:65:c6:94:b1:27:96Signer

a5:76:31:ef:73:b8:3b:9a:fc:72:1a:c5:59:f5:9f:9b:48:67:2a:b3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

oleaut32

netapi32

wtsapi32

crypt32

userenv

rpcrt4

Sections

.text Size: 933KB - Virtual size: 933KB

.rdata Size: 264KB - Virtual size: 264KB

.data Size: 12KB - Virtual size: 41KB

.pdata Size: 75KB - Virtual size: 75KB

Shared Size: 512B - Virtual size: 1B

.rsrc Size: 1KB - Virtual size: 1KB

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0
Certificate

02:d1:42:b3:35:7b:a8:f2:44:9c:69:72:a9:90:27:f0
Certificate

d1:f9:e5:4b:09:aa:ca:51:a6:96:85:1d:13:90:fe:8d:82:ef:bb:63:6d:ef:57:33:b0:26:65:c6:94:b1:27:96
Signer

a5:76:31:ef:73:b8:3b:9a:fc:72:1a:c5:59:f5:9f:9b:48:67:2a:b3
Signer

.text
Size: 933KB - Virtual size: 933KB

.rdata
Size: 264KB - Virtual size: 264KB

.data
Size: 12KB - Virtual size: 41KB

.pdata
Size: 75KB - Virtual size: 75KB

Shared
Size: 512B - Virtual size: 1B

.rsrc
Size: 1KB - Virtual size: 1KB