50c386d8ad900208670041d0591eae303aa80f158c1b4c74fe01987594f16158

Sharing

Copy URL

Twitter E-mail

General

Target

50c386d8ad900208670041d0591eae303aa80f158c1b4c74fe01987594f16158
Size

1.0MB
MD5

31d5f481153ccd2829558720f8d90d81
SHA1

386e3ed949e9be17b0b715e8b1f54aea134f1172
SHA256

50c386d8ad900208670041d0591eae303aa80f158c1b4c74fe01987594f16158
SHA512

4a1f8a84dbf3c15fdd2290be7c285a8ee774b42171268a5d646eee3dc0524bcd846c82dd30061c5ea022c033b3312ef0871c36d2c3b2acf8bf94f5eccd5cec9d
SSDEEP

24576:V2OR/EjKlew4Kmzx6d9G4DJcahFVpdCX/xXuu:8wuKlkKmzx6d3JcEVdCX/xv

Score

N/A

Malware Config

Signatures

Files

50c386d8ad900208670041d0591eae303aa80f158c1b4c74fe01987594f16158
.exe windows x86

857ba8f203a605f3e39e674041e41b08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

44:36:73:f6:2c:8d:81:95:2b:12:36:8e:02:d3:c6:b7
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

05-11-2015 08:59

Not After

05-02-2017 08:59

Subject

CN=浙江齐聚科技有限公司,O=浙江齐聚科技有限公司,L=金华市,ST=浙江省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2024 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:c2:85:30:e9:3b:36
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17-09-2006 22:46

Not After

31-12-2019 23:59

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c1:66:56:e7:e9:85:3b:47:aa:8d:6f:1a:9e:e5:b1:51:89:7f:eb:69
Signer

Actual PE Digest

c1:66:56:e7:e9:85:3b:47:aa:8d:6f:1a:9e:e5:b1:51:89:7f:eb:69

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=浙江齐聚科技有限公司,O=浙江齐聚科技有限公司,L=金华市,ST=浙江省,C=CN

23-05-2016 05:56
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockFile
UnlockFile
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
GetFileAttributesA
GetFileTime
SetErrorMode
HeapAlloc
RtlUnwind
HeapFree
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
FlushFileBuffers
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
GetTimeZoneInformation
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
GlobalFlags
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringA
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
InterlockedDecrement
GlobalAlloc
FormatMessageA
LocalFree
MulDiv
SetLastError
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
lstrcpynA
GetModuleHandleA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
OutputDebugStringA
FatalExit
DebugBreak
SystemTimeToFileTime
SetFileTime
WaitForMultipleObjects
MoveFileA
ReadFile
GetFileSize
SetFilePointer
SetEndOfFile
OpenProcess
TerminateProcess
Sleep
FindNextFileA
RemoveDirectoryA
Module32First
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateDirectoryA
RaiseException
lstrlenA
lstrcmpiA
CompareStringA
CompareStringW
GetVersion
CreateProcessA
WaitForSingleObject
DeleteFileA
GetTickCount
CreateMutexA
GetLastError
MultiByteToWideChar
WriteFile
GetLogicalDrives
GetDriveTypeA
GetDiskFreeSpaceExA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
FindFirstFileA
FindClose
GetLocalTime
GetModuleFileNameA
CreateFileA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
ExitProcess
SetUnhandledExceptionFilter
FreeLibrary
LoadLibraryA
GetProcAddress
CloseHandle

user32

CharNextA
ReleaseCapture
SetCapture
GetSysColorBrush
DestroyMenu
SetWindowContextHelpId
MapDialogRect
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
wsprintfA
GetCursorPos
WindowFromPoint
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
SetPropA
IsRectEmpty
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetDesktopWindow
SetRect
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PostThreadMessageA
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
MessageBoxA
ReleaseDC
GetDC
RegisterClipboardFormatA
GetPropA
LoadCursorA
SetCursor
UnregisterClassA
CharUpperA
LoadIconA
KillTimer
SetTimer
UpdateWindow
ScreenToClient
GetSystemMenu
EnableMenuItem
DrawIcon
PtInRect
GetSystemMetrics
IsIconic
InvalidateRect
GetWindowRect
CopyRect
SetLayeredWindowAttributes
EnableWindow
GetParent
GetClientRect
PostMessageA
SendMessageA
GetClassNameA

gdi32

GetDeviceCaps
CreateRectRgnIndirect
GetBkColor
GetTextColor
GetRgnBox
GetWindowExtEx
GetViewportExtEx
DeleteObject
PtVisible
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
CreateBitmap
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetTextExtentPoint32A
SetBkMode
CreateFontA
SetPixel
GetPixel
Rectangle
BitBlt
DPtoLP
GetMapMode
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
RectVisible

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteExA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA

comctl32

ord17
_TrackMouseEvent

shlwapi

PathFileExistsA
PathRemoveBackslashA
PathAddBackslashA
PathQuoteSpacesA
PathCanonicalizeA
PathFindFileNameA
PathRemoveFileSpecA
PathFindExtensionA
UrlUnescapeA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoInitialize
CreateStreamOnHGlobal
CoFreeUnusedLibraries
OleUninitialize

oleaut32

OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
VariantCopy
SysAllocStringByteLen
SysStringLen
VariantChangeType
VariantClear
SafeArrayCopy
SafeArrayGetVartype
VariantInit
SafeArrayLock
SafeArrayUnlock
SafeArrayCreate
SafeArrayRedim
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringLen
SysFreeString

wininet

InternetSetOptionExA
InternetCrackUrlA
HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
HttpAddRequestHeadersA
InternetQueryDataAvailable
InternetCanonicalizeUrlA
InternetGetCookieExA

gdiplus

GdiplusStartup
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipAlloc
GdipFree
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetImageAttributesColorKeys
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdiplusShutdown

ws2_32

WSAStartup

Sections

.text
Size: 320KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 616KB - Virtual size: 612KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

857ba8f203a605f3e39e674041e41b08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

44:36:73:f6:2c:8d:81:95:2b:12:36:8e:02:d3:c6:b7Certificate

Extended Key Usages

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

19:c2:85:30:e9:3b:36Certificate

Key Usages

c1:66:56:e7:e9:85:3b:47:aa:8d:6f:1a:9e:e5:b1:51:89:7f:eb:69Signer

Signature Validations

Verification

23-05-2016 05:56 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

gdiplus

ws2_32

Sections

.text Size: 320KB - Virtual size: 317KB

.rdata Size: 84KB - Virtual size: 80KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 616KB - Virtual size: 612KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

44:36:73:f6:2c:8d:81:95:2b:12:36:8e:02:d3:c6:b7
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

19:c2:85:30:e9:3b:36
Certificate

c1:66:56:e7:e9:85:3b:47:aa:8d:6f:1a:9e:e5:b1:51:89:7f:eb:69
Signer

23-05-2016 05:56
Valid: false

.text
Size: 320KB - Virtual size: 317KB

.rdata
Size: 84KB - Virtual size: 80KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 616KB - Virtual size: 612KB