caa3693d86687bd74f1ce38e61567af9c57884f7185e37878bca65f708efc8be

Sharing

Copy URL Twitter E-mail

General

Target

caa3693d86687bd74f1ce38e61567af9c57884f7185e37878bca65f708efc8be
Size

102KB
MD5

099aafbf84d6ad64c4c951486b95e250
SHA1

ff02e994260fd2d2d103db6a6bfd36ae382c0737
SHA256

caa3693d86687bd74f1ce38e61567af9c57884f7185e37878bca65f708efc8be
SHA512

0f40bdb33f184accb23505509cba94b274260f371ee62be988ffc281d0de1e80c6ebba384cba08e926aa0c1eda1f7cf239664884e4bddbc8edda4ecfffbb23a2
SSDEEP

3072:IER2FH1jcgjs2SCrO3cNMWHEDJXymrq6T7wP1epx:I5hcgA25r2WkD9yGotex

Score

1^/10

Malware Config

Signatures

Files

caa3693d86687bd74f1ce38e61567af9c57884f7185e37878bca65f708efc8be
.zip
软件包安装程序.exe
.exe windows:6 windows x64 arch:x64

cbbe4f85f15c72bd3ffb8b0b71a8f77c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/05/2013, 00:00

Not After

11/07/2016, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:44:c4:50:1b:c8:73:dc:c2:3e:27:5c:d4:b2:f5:93:e1:39:01:af
Signer

Actual PE Digest

78:44:c4:50:1b:c8:73:dc:c2:3e:27:5c:d4:b2:f5:93:e1:39:01:af

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

userenv

CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

kernel32

RaiseException
GetLastError
HeapSize
Process32FirstW
ProcessIdToSessionId
LockResource
DecodePointer
Process32NextW
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
DeleteCriticalSection
CloseHandle
OutputDebugStringW
CreateFileW
LocalAlloc
InitializeCriticalSectionEx
LocalFree
SetWaitableTimer
WaitForSingleObject
CancelWaitableTimer
SetEvent
CreateEventW
WaitForMultipleObjects
CreateWaitableTimerW
QueueUserWorkItem
Sleep
GetModuleFileNameW
GetConsoleCP
LoadLibraryExW
HeapDestroy
SizeofResource
OpenProcess
GetProcessHeap
HeapFree
HeapAlloc
LoadResource
FindResourceW
FindResourceExW
HeapReAlloc
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetStringTypeW
DeviceIoControl
LCMapStringW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetCommandLineW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
MultiByteToWideChar
ExitProcess
GetModuleHandleExW
GetProcAddress
WideCharToMultiByte
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
RtlPcToFileHeader
GetStdHandle
WriteFile
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
VirtualAlloc

advapi32

DeleteService
ControlService
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
CreateServiceW
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
ReportEventW
DeregisterEventSource
RegisterEventSourceW
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueW
SetTokenInformation
CreateProcessAsUserW
OpenProcessToken

shell32

SHGetFolderPathW

ole32

CoUninitialize
CoCreateInstance
PropVariantClear
CoInitializeEx

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cbbe4f85f15c72bd3ffb8b0b71a8f77c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

78:44:c4:50:1b:c8:73:dc:c2:3e:27:5c:d4:b2:f5:93:e1:39:01:afSigner

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

userenv

wtsapi32

kernel32

advapi32

shell32

ole32

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 67KB - Virtual size: 80KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

78:44:c4:50:1b:c8:73:dc:c2:3e:27:5c:d4:b2:f5:93:e1:39:01:af
Signer

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 67KB - Virtual size: 80KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB