8388a950350d89ddeaa80fa88d7dae7f991e6e9c5ae389ec0ab0240b55d340d0

Sharing

Copy URL Twitter E-mail

General

Target

8388a950350d89ddeaa80fa88d7dae7f991e6e9c5ae389ec0ab0240b55d340d0
Size

2.4MB
MD5

12063cd2ca892eb76d6756637097917e
SHA1

39dd0f7da45523f6a687a46e6557a6780e4d932d
SHA256

8388a950350d89ddeaa80fa88d7dae7f991e6e9c5ae389ec0ab0240b55d340d0
SHA512

576d5450d38b3226d0bd04d186d7316a8a8d95dab940ced56cd00c7193af637f754ce9d0179fba92dd0f4b05beae818e3a6bc3c9e246748f236ed7862b5b7043
SSDEEP

49152:4QIh3EcJLg96lSs8yukCZ4znqHrRu4jzp/ZPtOYpW141KcmjEZ2:m3EWgkvokCZ4zqHr1ZlOYpW1t

Score

1^/10

Malware Config

Signatures

Files

8388a950350d89ddeaa80fa88d7dae7f991e6e9c5ae389ec0ab0240b55d340d0
.exe windows:5 windows x86 arch:x86

e739b5b4474816cc72fdc09f15893cfb

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:88:61:06:2e:3b:97:5a:b7:6d:a2:89:80:c5:b9:5e
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/03/2023, 00:00

Not After

20/03/2025, 23:59

Subject

CN=Chongqing Zhongcheng Network Technology Co. Ltd.,O=Chongqing Zhongcheng Network Technology Co. Ltd.,ST=重庆市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f6:7c:70:93:f7:78:f2:02:ce:c9:c2:c1:5c:f7:de:99:54:d4:ae:0f:ca:a8:62:4c:34:a6:30:4c:fb:09:48:4d
Signer

Actual PE Digest

f6:7c:70:93:f7:78:f2:02:ce:c9:c2:c1:5c:f7:de:99:54:d4:ae:0f:ca:a8:62:4c:34:a6:30:4c:fb:09:48:4d

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\code\FlashCenterSvc\Build\Release\FlashCenterSvc.pdb

Imports

winmm

timeGetTime

ws2_32

closesocket
WSARecv
WSASend
getpeername
WSAStringToAddressW
socket
gethostbyname
getservbyname
getsockopt
htonl
shutdown
gethostname
ioctlsocket
listen
accept
htons
WSAGetOverlappedResult
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
WSAAddressToStringW
recvfrom
sendto
getaddrinfo
freeaddrinfo
connect

wldap32

ord211
ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26
ord50
ord143
ord22
ord45

crypt32

CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CryptDecodeObject
CryptMsgClose

flashsettingsservice

?SynchronizeWithRemoteSettings@@YAHPAUSettingsManager@@PB_W1N@Z
?SetSetting@@YA_NPAUSettingsManager@@PBD1N@Z
?CreateSettingsManagerEx@@YAPAUSettingsManager@@PBD@Z
?ReleaseSettingsManager@@YAXPAUSettingsManager@@@Z

kernel32

GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
SizeofResource
CloseHandle
lstrcmpiW
lstrcpyW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
GetCommandLineW
FindResourceW
DeleteFileW
ProcessIdToSessionId
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Sleep
WaitForSingleObject
CreateEventW
CreateThread
ReadFile
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
WideCharToMultiByte
DecodePointer
CreateFileA
GetFileSize
MapViewOfFile
UnmapViewOfFile
SetUnhandledExceptionFilter
GetLogicalDriveStringsW
CreateDirectoryW
GetTickCount
GetSystemDirectoryW
LoadLibraryW
GetLocaleInfoW
GetSystemWow64DirectoryW
GetVersionExW
WriteConsoleW
TerminateProcess
FileTimeToSystemTime
CreateFileW
lstrlenW
GetStdHandle
FindClose
GetLocalTime
LocalAlloc
CreateFileMappingW
QueryDosDeviceW
GetSystemInfo
GetWindowsDirectoryW
GetCurrentProcessId
LocalFree
CreateMutexW
SetConsoleMode
OpenMutexW
OpenFileMappingW
OpenEventW
ReleaseMutex
HeapAlloc
HeapFree
GetProcessHeap
FindFirstFileW
SystemTimeToTzSpecificLocalTime
WriteFile
GetFileAttributesW
FindNextFileW
GetModuleHandleExW
OutputDebugStringW
FormatMessageW
GetCurrentThreadId
lstrcmpA
FileTimeToLocalFileTime
GetModuleHandleA
GetVersion
GetFileType
InitializeCriticalSection
SleepEx
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
HeapCreate
HeapDestroy
HeapSize
HeapReAlloc
GetExitCodeThread
PostQueuedCompletionStatus
GetQueuedCompletionStatus
SwitchToThread
CreateIoCompletionPort
MapViewOfFileEx
GetNativeSystemInfo
CreateSemaphoreW
ReleaseSemaphore
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
GetSystemTimeAsFileTime
DuplicateHandle
GetCurrentThread
EncodePointer
GetStringTypeW
RtlUnwind
FindFirstFileExW
ExitProcess
AreFileApisANSI
SetConsoleCtrlHandler
ExitThread
GetFileInformationByHandle
SetFilePointerEx
GetTimeZoneInformation
GetConsoleMode
CreateTimerQueue
WaitForSingleObjectEx
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RaiseException
GetCurrentProcess
OpenProcess
FlushInstructionCache
GetProcAddress
FreeLibrary
InterlockedCompareExchange
InterlockedExchange
InterlockedDecrement
ReadConsoleInputA
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCPInfo
UnhandledExceptionFilter
GetStartupInfoW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
VirtualProtect
GetThreadTimes
FreeLibraryAndExitThread
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
GetDriveTypeW
SetEnvironmentVariableA
GetFullPathNameW
GetCurrentDirectoryW
SetEndOfFile
lstrlenA
VirtualQuery
SetEvent

user32

KillTimer
CharNextW
SetWindowLongW
wsprintfW
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
GetDesktopWindow
GetWindow
LoadStringW
SetTimer
CharUpperW
CreateDialogParamW
GetSystemMetrics
GetPropW
IsWindow
UnregisterClassW
PostThreadMessageW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
MessageBoxW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptHashData
ConvertSidToStringSidW
CryptDestroyHash
CryptCreateHash
RegOpenKeyExA
LookupAccountNameW
CryptReleaseContext
RegQueryValueExA
GetUserNameW
CryptAcquireContextW
CryptGetHashParam
RegOpenKeyW
RegCreateKeyW
ImpersonateLoggedOnUser
RevertToSelf
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
DuplicateTokenEx
CreateProcessAsUserW
LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegisterEventSourceA
ReportEventA

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance
CoInitialize
CoUninitialize
CoReleaseServerProcess
CoAddRefServerProcess
CoInitializeSecurity

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString
VarUI4FromStr

shlwapi

StrChrW
PathFileExistsW
PathFileExistsA
StrPBrkW

psapi

EnumProcesses
GetProcessImageFileNameW

wininet

InternetGetConnectedState

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
GetUserProfileDirectoryW

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
WinVerifyTrust
CryptCATAdminAcquireContext

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 396KB - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 383KB - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e739b5b4474816cc72fdc09f15893cfb

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0f:88:61:06:2e:3b:97:5a:b7:6d:a2:89:80:c5:b9:5eCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

f6:7c:70:93:f7:78:f2:02:ce:c9:c2:c1:5c:f7:de:99:54:d4:ae:0f:ca:a8:62:4c:34:a6:30:4c:fb:09:48:4dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

ws2_32

wldap32

crypt32

flashsettingsservice

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

wininet

version

userenv

wintrust

wtsapi32

iphlpapi

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 396KB - Virtual size: 395KB

.data Size: 48KB - Virtual size: 77KB

Shared Size: 512B - Virtual size: 4B

.rsrc Size: 49KB - Virtual size: 48KB

.reloc Size: 383KB - Virtual size: 383KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:88:61:06:2e:3b:97:5a:b7:6d:a2:89:80:c5:b9:5e
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

f6:7c:70:93:f7:78:f2:02:ce:c9:c2:c1:5c:f7:de:99:54:d4:ae:0f:ca:a8:62:4c:34:a6:30:4c:fb:09:48:4d
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 396KB - Virtual size: 395KB

.data
Size: 48KB - Virtual size: 77KB

Shared
Size: 512B - Virtual size: 4B

.rsrc
Size: 49KB - Virtual size: 48KB

.reloc
Size: 383KB - Virtual size: 383KB