File name: | 81189195fbce17284b30f36888945f04a332333f9bcd537d23ed7a49b1af8134 |
Full analysis: | https://app.any.run/tasks/fc53e6d5-87c2-45c7-8c62-ac250c113383 |
Verdict: | Malicious activity |
Analysis date: | December 06, 2019, 14:28:20 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive |
MD5: | 4301A568B394F99A59D48462F07F77C5 |
SHA1: | 6785DF87500B8BF43CC5690E3643BA2FEB69707F |
SHA256: | 81189195FBCE17284B30F36888945F04A332333F9BCD537D23ED7A49B1AF8134 |
SSDEEP: | 98304:fFgjiEKlwM+V7zffvrioMD1HgUsctxkM0Tc54vqLg3WWunJoazTma5:fFb4V7L6D1TdCc2qLNWXa375 |
.exe | | | Win32 Executable MS Visual C++ (generic) (67.4) |
---|---|---|
.dll | | | Win32 Dynamic Link Library (generic) (14.2) |
.exe | | | Win32 Executable (generic) (9.7) |
.exe | | | Generic Win/DOS Executable (4.3) |
.exe | | | DOS Executable Generic (4.3) |
ProductName: | UKEY-MS |
---|---|
LegalCopyright: | NMGCA |
FileVersion: | 3.2.1.7 |
FileDescription: | 内蒙古CA证书管理工具 |
CompanyName: | 内蒙古CA证书管理工具 |
Comments: | For NMGCA |
CharacterSet: | Windows, Chinese (Simplified) |
LanguageCode: | Chinese (Simplified) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Win32 |
FileFlags: | (none) |
FileFlagsMask: | 0x0000 |
ProductVersionNumber: | 3.2.1.7 |
FileVersionNumber: | 3.2.1.7 |
Subsystem: | Windows GUI |
SubsystemVersion: | 4 |
ImageVersion: | 6 |
OSVersion: | 4 |
EntryPoint: | 0x320c |
UninitializedDataSize: | 1024 |
InitializedDataSize: | 162816 |
CodeSize: | 25600 |
LinkerVersion: | 6 |
PEType: | PE32 |
TimeStamp: | 2018:01:30 04:57:45+01:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 30-Jan-2018 03:57:45 |
Detected languages: |
|
Comments: | For NMGCA |
CompanyName: | 内蒙古CA证书管理工具 |
FileDescription: | 内蒙古CA证书管理工具 |
FileVersion: | 3.2.1.7 |
LegalCopyright: | NMGCA |
ProductName: | UKEY-MS |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x000000D8 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 5 |
Time date stamp: | 30-Jan-2018 03:57:45 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x0000628F | 0x00006400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.4422 |
.rdata | 0x00008000 | 0x00001354 | 0x00001400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.23627 |
.data | 0x0000A000 | 0x00025518 | 0x00000600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 4.04938 |
.ndata | 0x00030000 | 0x00009000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0 |
.rsrc | 0x00039000 | 0x00001490 | 0x00001600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.86939 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.28813 | 1070 | UNKNOWN | English - United States | RT_MANIFEST |
103 | 1.5789 | 20 | UNKNOWN | English - United States | RT_GROUP_ICON |
105 | 2.68733 | 494 | UNKNOWN | English - United States | RT_DIALOG |
106 | 2.86626 | 228 | UNKNOWN | English - United States | RT_DIALOG |
111 | 2.9304 | 218 | UNKNOWN | English - United States | RT_DIALOG |
ADVAPI32.dll |
COMCTL32.dll |
GDI32.dll |
KERNEL32.dll |
SHELL32.dll |
USER32.dll |
ole32.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2668 | "C:\Users\admin\AppData\Local\Temp\81189195fbce17284b30f36888945f04a332333f9bcd537d23ed7a49b1af8134.exe" | C:\Users\admin\AppData\Local\Temp\81189195fbce17284b30f36888945f04a332333f9bcd537d23ed7a49b1af8134.exe | — | explorer.exe |
User: admin Company: 内蒙古CA证书管理工具 Integrity Level: MEDIUM Description: 内蒙古CA证书管理工具 Exit code: 3221226540 Version: 3.2.1.7 | ||||
1796 | "C:\Users\admin\AppData\Local\Temp\81189195fbce17284b30f36888945f04a332333f9bcd537d23ed7a49b1af8134.exe" | C:\Users\admin\AppData\Local\Temp\81189195fbce17284b30f36888945f04a332333f9bcd537d23ed7a49b1af8134.exe | explorer.exe | |
User: admin Company: 内蒙古CA证书管理工具 Integrity Level: HIGH Description: 内蒙古CA证书管理工具 Exit code: 0 Version: 3.2.1.7 | ||||
3328 | regsvr32 /s "C:\Program Files\UKey Tools\SDZF\CspFullApi.dll" | C:\Windows\system32\regsvr32.exe | — | 81189195fbce17284b30f36888945f04a332333f9bcd537d23ed7a49b1af8134.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft(C) Register Server Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3092 | "C:\Program Files\UKey Tools\SDZF\MangerCertReg.exe" | C:\Program Files\UKey Tools\SDZF\MangerCertReg.exe | — | 81189195fbce17284b30f36888945f04a332333f9bcd537d23ed7a49b1af8134.exe |
User: admin Integrity Level: HIGH Description: regist cert sm2&rsa Version: 2, 0, 0, 3 | ||||
3844 | "C:\Program Files\UKey Tools\SDZF\wmControl.exe" | C:\Program Files\UKey Tools\SDZF\wmControl.exe | — | 81189195fbce17284b30f36888945f04a332333f9bcd537d23ed7a49b1af8134.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
2716 | "C:\Program Files\UKey Tools\SDZF\AXSecurity.exe" | C:\Program Files\UKey Tools\SDZF\AXSecurity.exe | 81189195fbce17284b30f36888945f04a332333f9bcd537d23ed7a49b1af8134.exe | |
User: admin Integrity Level: HIGH Exit code: 0 Version: 1,0,0,1 | ||||
3980 | cmd /c ""C:\Program Files\UKey Tools\SDZF\run.bat" " | C:\Windows\system32\cmd.exe | AXSecurity.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 2 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1252 | "C:\Program Files\UKey Tools\SDZF\KeyMonitor.exe" | C:\Program Files\UKey Tools\SDZF\KeyMonitor.exe | — | MangerCertReg.exe |
User: admin Integrity Level: HIGH Description: key monitor build2017070501 Version: 3, 1, 1, 8 | ||||
3984 | regsvr32 axsecurity.ocx -s | C:\Windows\system32\regsvr32.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft(C) Register Server Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2256 | "C:\Program Files\UKey Tools\SDZF\Init_IE_Env.exe" | C:\Program Files\UKey Tools\SDZF\Init_IE_Env.exe | — | 81189195fbce17284b30f36888945f04a332333f9bcd537d23ed7a49b1af8134.exe |
User: admin Integrity Level: HIGH Exit code: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1796 | 81189195fbce17284b30f36888945f04a332333f9bcd537d23ed7a49b1af8134.exe | C:\Users\admin\AppData\Local\Temp\nshB2E0.tmp\ioSpecial.ini | text | |
MD5:2E473B2139B960D29B6CB1E589B19C85 | SHA256:378680CED98B6A15D24A4736D7B7B1F15E98E59253F42441A39A2ADBAFE162E2 | |||
1796 | 81189195fbce17284b30f36888945f04a332333f9bcd537d23ed7a49b1af8134.exe | C:\Windows\system32\SmartCTCAPI.dll | executable | |
MD5:5806A1746502CD608F0F6A63EC1610B6 | SHA256:FF88428D1CC4546051949BDC8B7EA1BCEBF1323D239945AF93BA02E73A4449DC | |||
1796 | 81189195fbce17284b30f36888945f04a332333f9bcd537d23ed7a49b1af8134.exe | C:\Program Files\UKey Tools\SDZF\AnXin Certificate Authority Co.Ltd.cer | der | |
MD5:DFF53676936845EE11406711D75583B7 | SHA256:8792FD32E2A600015732E835FB619C9C26ADFB6F8B84A3D7E3473E5504DF3850 | |||
1796 | 81189195fbce17284b30f36888945f04a332333f9bcd537d23ed7a49b1af8134.exe | C:\Program Files\UKey Tools\SDZF\ConfigInfor.ini | text | |
MD5:6A1D3C6AC3A4A116F3B3E2C41078F6AF | SHA256:3DE121288127C78F813EBEE1826B40F97C312ED9E867EE7F960368868C1316D9 | |||
1796 | 81189195fbce17284b30f36888945f04a332333f9bcd537d23ed7a49b1af8134.exe | C:\Program Files\UKey Tools\SDZF\CertOperApi.dll | executable | |
MD5:75E3DC3AAE97738F26EDE284CAF87797 | SHA256:D129F2A3CC5032FDD734580155C7BEC76040C185E55D3DFD383C9C4DA6D266E4 | |||
1796 | 81189195fbce17284b30f36888945f04a332333f9bcd537d23ed7a49b1af8134.exe | C:\Program Files\UKey Tools\SDZF\Init_IE_Env.exe | executable | |
MD5:D2078C764C852A6CCE8004A96FE4554C | SHA256:E76512090ECEF38BC33A85E6DCCB618E954EB0B751A3C603AE439687F12966D2 | |||
1796 | 81189195fbce17284b30f36888945f04a332333f9bcd537d23ed7a49b1af8134.exe | C:\Program Files\UKey Tools\SDZF\KeyToolVersion.ini | text | |
MD5:71CDC7EC0546AB0754446B6045C5B04F | SHA256:EE7BD19B150E722B27931969E667FE7BD23AF1D22DC23B59DDE5221C651EBB2A | |||
1796 | 81189195fbce17284b30f36888945f04a332333f9bcd537d23ed7a49b1af8134.exe | C:\Program Files\UKey Tools\SDZF\CspFullApi.sig | binary | |
MD5:0621610EC8525F941B72499713D4CBC3 | SHA256:A959D86A90A72AC25FCEC9C10E137F2F6A6F9F17FEBA42EE9F2DE2F1D28E500C | |||
1796 | 81189195fbce17284b30f36888945f04a332333f9bcd537d23ed7a49b1af8134.exe | C:\Program Files\UKey Tools\SDZF\DispalyMessageAPI.dll | executable | |
MD5:0618FDA79C33918AF3C0885959F5F1C2 | SHA256:746928C3CE65E02198FF537E9DF54EC8B3D4F8297FD9167631E6B90D20906B0A | |||
1796 | 81189195fbce17284b30f36888945f04a332333f9bcd537d23ed7a49b1af8134.exe | C:\Program Files\UKey Tools\SDZF\CspFullApi.dll | executable | |
MD5:61DF91359403BD69C7F9C51907FD44BF | SHA256:2229913DEB921AB3C04EA37D7124F02019C9F62DD44E51C9720224CF570AB6A7 |