57a28ea1b8603f98885c54f342f958b068f42a29e395886e1db1b60124aa89b5

Sharing

Copy URL Twitter E-mail

General

Target

57a28ea1b8603f98885c54f342f958b068f42a29e395886e1db1b60124aa89b5
Size

1.3MB
MD5

5d610b4cbf33738639ec6148953f180a
SHA1

ddafdb31668148c563f4c9d02c17991e0d0bf354
SHA256

57a28ea1b8603f98885c54f342f958b068f42a29e395886e1db1b60124aa89b5
SHA512

af257d2d210c287d5e78ebf26fe5a1e21e9e5537c193fce2c1ce5cbdeb3fe2d1d21f79bc2997a7e2dfe5253d9f603d6bfabfaed28b1b282a65824058e568849f
SSDEEP

24576:Od8Ul4IloSJNPw7cGfjuwvRGLVwCP1ulf:OKSQ75JoLVN9ulf

Score

N/A

Malware Config

Signatures

Files

57a28ea1b8603f98885c54f342f958b068f42a29e395886e1db1b60124aa89b5
.dll windows x86

f4ed1ed4fdb751db79f267cff5dbc9b7

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13/08/2010, 00:00

Not After

12/08/2013, 23:59

Subject

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

98:5e:ab:8e:1c:b3:44:8d:71:30:8d:75:2c:4a:84:0f:c5:ac:77:47
Signer

Actual PE Digest

98:5e:ab:8e:1c:b3:44:8d:71:30:8d:75:2c:4a:84:0f:c5:ac:77:47

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=T.E.C Solutions (G.Z.)Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=T.E.C Solutions (G.Z.)Limited,L=Guangzhou,ST=Guangdong,C=CN

25/10/2012, 10:46
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleacc

AccessibleObjectFromWindow
ObjectFromLresult

imm32

ImmGetCompositionStringW
ImmGetContext

kernel32

GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
lstrcatW
GetVersion
CreateSemaphoreW
ReleaseSemaphore
CreateEventW
WaitForMultipleObjects
lstrcmpA
ResumeThread
SetThreadPriority
SuspendThread
SetLastError
GetCurrentThread
lstrcmpiA
GlobalAlloc
GetFileSize
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
MulDiv
GlobalFlags
SizeofResource
GetProcessVersion
GetPrivateProfileIntW
WritePrivateProfileStringW
RtlUnwind
GetShortPathNameW
HeapFree
HeapAlloc
GetCommandLineA
GetTimeZoneInformation
GetSystemTime
ExitThread
ExitProcess
HeapSize
HeapReAlloc
FatalAppExitA
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
GetStringTypeA
GetStringTypeW
GetOEMCP
SetConsoleCtrlHandler
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrcmpiW
GetThreadLocale
GetStringTypeExW
GetFullPathNameW
lstrcpynW
GetVolumeInformationW
lstrcpyW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
DuplicateHandle
GlobalFree
QueryPerformanceCounter
AllocConsole
GetStdHandle
WriteConsoleW
FreeConsole
SetFilePointer
WriteFile
CreateFileW
GetProfileStringW
GetVersionExW
GetACP
FindResourceExW
FormatMessageA
lstrlenA
InterlockedIncrement
TerminateProcess
GetPriorityClass
SetPriorityClass
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
FlushInstructionCache
lstrlenW
GetExitCodeProcess
GetWindowsDirectoryW
GetPrivateProfileStringW
InterlockedDecrement
GlobalSize
LoadLibraryA
OpenEventW
SetEvent
GetLocaleInfoW
IsBadWritePtr
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
GlobalLock
GlobalUnlock
IsDBCSLeadByte
FreeLibrary
OutputDebugStringW
MoveFileW
CopyFileW
SetFileAttributesW
RemoveDirectoryW
DeleteFileW
GetSystemInfo
FindFirstFileA
FindNextFileA
LoadLibraryW
LocalFree
OpenProcess
GetCurrentProcess
CreateThread
GetModuleHandleA
CreateFileA
GetFileInformationByHandle
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
WaitForSingleObject
TerminateThread
HeapDestroy
GetCurrentThreadId
ReleaseMutex
OpenMutexW
Sleep
CreateMutexW
GetTickCount
GetFileAttributesW
CreateDirectoryW
GetLocalTime
FindFirstFileW
lstrcmpW
FindNextFileW
FindClose
FormatMessageW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentDirectoryW
GetCurrentProcessId
GetModuleFileNameW
GetModuleFileNameA
GetSystemDirectoryW
GetLastError
FileTimeToLocalFileTime
WriteProcessMemory
FileTimeToSystemTime
RaiseException

user32

GetSysColorBrush
DestroyMenu
InsertMenuW
AppendMenuW
GetMenuStringW
RemoveMenu
wvsprintfW
DeleteMenu
TabbedTextOutW
EndPaint
BeginPaint
GetWindowDC
GetDC
GetDialogBaseUnits
ReleaseDC
ClientToScreen
PtInRect
LoadStringW
UnregisterClassW
SetCursor
ShowOwnedPopups
PostQuitMessage
GetMessageW
TranslateMessage
ValidateRect
GetCursorPos
MsgWaitForMultipleObjects
GetMenuCheckMarkDimensions
LoadBitmapW
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
LoadIconW
UpdateWindow
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageW
DispatchMessageW
AdjustWindowRectEx
ScreenToClient
LoadCursorW
DeferWindowPos
GetClientRect
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
GetCapture
WinHelpW
GetClassInfoW
RegisterClassW
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
TrackPopupMenu
FindWindowExW
GetClassNameW
GetParent
GetWindowTextW
GetWindow
GetWindowLongW
GetWindowTextLengthW
GetKeyState
DefWindowProcW
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
RemovePropW
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoW
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
GetSystemMetrics
CharUpperW
wsprintfW
GrayStringW
EqualRect
DrawTextW
GetDlgCtrlID
EnumChildWindows
GetWindowThreadProcessId
EnumWindows
GetDesktopWindow
SendMessageW
GetDlgItem
RegisterWindowMessageW
CallWindowProcW
SetClipboardViewer
MessageBoxA
GetProcessWindowStation
ChangeClipboardChain
SetWindowLongW
IsWindow
SetTimer
KillTimer
GetWindowRect
IsChild
EnableWindow
PostMessageW
SetActiveWindow
AttachThreadInput
GetCaretPos
GetFocus
GetInputState
MapVirtualKeyW
SendInput
SetFocus
SetCaretPos
OpenClipboard
GetClipboardData
CloseClipboard
SendMessageA
CharNextW
GetWindowTextA
IsWindowVisible
EnumDesktopWindows
MessageBoxW
OpenWindowStationW
SetProcessWindowStation
CloseWindowStation
GetUserObjectInformationW
OpenInputDesktop
OpenDesktopW
GetThreadDesktop
SetThreadDesktop
CloseDesktop
IsWindowEnabled
GetActiveWindow
SetWindowPlacement

gdi32

CreateDCW
CopyMetaFileW
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateDIBPatternBrushPt
CreatePatternBrush
CreateHatchBrush
CreateSolidBrush
CreatePen
GetWindowExtEx
GetViewportExtEx
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
ExtSelectClipRgn
SelectClipPath
CreateRectRgn
GetClipRgn
PolyBezierTo
ExtCreatePen
ArcTo
GetCurrentPositionEx
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
RestoreDC
SaveDC
StartDocW
DeleteDC
GetStockObject
GetDeviceCaps
CreateFontIndirectW
SelectObject
GetTextMetricsW
GetTextExtentPoint32W
DeleteObject
CreateBitmap
GetBitmapBits
BitBlt
GetObjectA
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
SetColorAdjustment
PolylineTo
PolyDraw
SetTextColor
GetClipBox
GetDCOrgEx
GetObjectW
SetBkColor
SetArcDirection

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegCreateKeyExW
ReportEventA
DeregisterEventSource
RegEnumValueW
RegSetValueExA
RegQueryValueExA
RegSetValueW
RegDeleteValueW
RegDeleteKeyW
RegisterEventSourceA
RegConnectRegistryW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyW
GetUserNameA
GetTokenInformation
LookupAccountSidW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
RegQueryValueExW
RegCreateKeyW
RegOpenKeyW
RegSetValueExW
RegCloseKey
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
LookupAccountNameW
SetSecurityDescriptorDacl

shell32

SHGetFileInfoW
DragAcceptFiles

comctl32

ord17

ole32

ReleaseStgMedium
CoDisconnectObject
WriteFmtUserTypeStg
CoTreatAsClass
CoTaskMemFree
CreateBindCtx
CoTaskMemAlloc
OleDuplicateData
CoCreateGuid
CoUninitialize
CoInitialize
CoCreateInstance
OleRun
StringFromCLSID
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
SetConvertStg
ReadClassStg

oleaut32

SysStringLen
VariantCopy
SysAllocString
SysAllocStringLen
SysAllocStringByteLen
VariantClear
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantChangeType
SysStringByteLen
VariantInit
VarBstrFromCy
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysReAllocStringLen
GetErrorInfo
SetErrorInfo
SysFreeString
VarCyFromStr
CreateErrorInfo

ws2_32

WSACleanup
inet_ntoa
gethostbyname
gethostname
WSAStartup

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

GetDealDlgWnd
GetIMCtrlDataFromCD
SetAgentInfo
SetNotRecordContentFlag
SetNotRecordFlag
SetPhotoWarningInfo
SetUseCtrlAFlag
StartDeal
StopDeal

Sections

.text
Size: 964KB - Virtual size: 962KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.IMHOOKS
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4ed1ed4fdb751db79f267cff5dbc9b7

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4aCertificate

Extended Key Usages

Key Usages

98:5e:ab:8e:1c:b3:44:8d:71:30:8d:75:2c:4a:84:0f:c5:ac:77:47Signer

Signature Validations

Verification

25/10/2012, 10:46 Valid: false

Headers

File Characteristics

Imports

oleacc

imm32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

ws2_32

version

Exports

Exports

Sections

.text Size: 964KB - Virtual size: 962KB

.rdata Size: 128KB - Virtual size: 125KB

.data Size: 80KB - Virtual size: 140KB

.IMHOOKS Size: 32KB - Virtual size: 30KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 60KB - Virtual size: 57KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

56:f5:1b:61:d9:7d:b2:8c:df:fd:e6:ba:2d:15:90:4a
Certificate

98:5e:ab:8e:1c:b3:44:8d:71:30:8d:75:2c:4a:84:0f:c5:ac:77:47
Signer

25/10/2012, 10:46
Valid: false

.text
Size: 964KB - Virtual size: 962KB

.rdata
Size: 128KB - Virtual size: 125KB

.data
Size: 80KB - Virtual size: 140KB

.IMHOOKS
Size: 32KB - Virtual size: 30KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 60KB - Virtual size: 57KB