c6ce92a2c0ac63290ffe844fa7daf37971e7793ef08d98c068e1e939c0ab525d

Sharing

Copy URL Twitter E-mail

General

Target

c6ce92a2c0ac63290ffe844fa7daf37971e7793ef08d98c068e1e939c0ab525d
Size

1.1MB
MD5

409b2c46d18d50395bc2aaf763da7240
SHA1

37d18d446f3539217a19703131ffd7235f25866c
SHA256

c6ce92a2c0ac63290ffe844fa7daf37971e7793ef08d98c068e1e939c0ab525d
SHA512

bc7b1c9e3ddba58e764bdd958944cf4837c4e8b39ae6573f773eb3f3263c6023de1a6406db5c1a9a3daa60085b1beb25ec8c5a536abd502ac722155de2516a4f
SSDEEP

24576:ihFFSxGphY4JTaLs7CUmdm0ot4ETiMWrJ7qU+:ihFFyGbYS7CU+m0ot4ETLKN

Score

N/A

Malware Config

Signatures

Files

c6ce92a2c0ac63290ffe844fa7daf37971e7793ef08d98c068e1e939c0ab525d
.exe windows x86

836be73c802cb3f7dbe058a1cba5d613

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

bdnetdll

?StopTask@BdHttp@@YAJH@Z
?CreateWorker@BdHttp@@YAJPAH@Z
?DownloadInFile@BdHttp@@YAJPAUtagDefHttpPar@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@P6GHHKW4DOWNLOAD_ERRORCODE@@PAUtagDataOut@@@ZIPAHKH_N@Z
?Uninit@BdHttp@@YAJXZ
?Init@BdHttp@@YAJXZ

imezlib

ord62
ord65
ord64
ord67
ord68
ord66
ord72
ord75
ord129
ord63

imepng

png_create_read_struct
png_set_error_fn
png_get_error_ptr
png_create_info_struct
png_set_read_fn
png_read_png
png_destroy_read_struct
png_set_longjmp_fn
png_read_info
png_sig_cmp
png_read_end
png_free
png_read_image
png_malloc
png_get_IHDR
png_get_image_height
png_get_image_width
png_get_next_frame_fcTL
png_read_frame_head
png_get_num_frames
png_get_valid

kernel32

ReleaseSemaphore
CreateSemaphoreW
IsProcessorFeaturePresent
VirtualQuery
GlobalSize
WaitForMultipleObjects
HeapFree
GetProcessHeap
HeapAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnmapViewOfFile
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
DecodePointer
HeapSize
HeapReAlloc
HeapDestroy
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OpenFileMappingW
MapViewOfFile
CreateFileMappingW
InterlockedExchange
InterlockedCompareExchange
LockResource
FreeLibrary
GetProcAddress
FlushInstructionCache
GetCurrentProcess
GetExitCodeProcess
RaiseException
GetCurrentThreadId
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
LoadResource
SizeofResource
FindClose
CloseHandle
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
CreateProcessW
FindResourceW
FindResourceExW
FindFirstFileW
FindNextFileW
CopyFileW
GetVersionExW
InterlockedIncrement
InterlockedDecrement
LocalAlloc
LocalFree
GetLastError
InitializeCriticalSectionAndSpinCount
Sleep
lstrcmpiW
CreateMutexW
GetModuleHandleW
MultiByteToWideChar
GetTempPathW
SetErrorMode
ReleaseMutex
LoadLibraryW
MulDiv
GlobalReAlloc
GlobalFree
GlobalUnlock
FreeResource
GlobalLock
GlobalAlloc
WriteFile
CreateDirectoryW
ReadFile
GetFileSize
RemoveDirectoryW
SetFileAttributesW
DeleteFileW
GetFileAttributesW
ExpandEnvironmentStringsW
WideCharToMultiByte
GetTickCount
CreateThread
FreeLibraryAndExitThread
WaitNamedPipeW
CreateFileW
WriteFileEx
ReadFileEx
DisconnectNamedPipe
CancelIo
ConnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
ResetEvent
CreateEventW
OpenThread
GetCurrentProcessId
SetEvent

user32

DefWindowProcW
SendMessageW
PostQuitMessage
CallWindowProcW
GetSysColor
PtInRect
CloseDesktop
OpenDesktopW
PostThreadMessageW
GetCursorPos
DrawTextW
IsRectEmpty
IntersectRect
MoveWindow
InvalidateRect
UpdateWindow
UnregisterClassW
MsgWaitForMultipleObjects
RegisterClassW
GetClassInfoW
MsgWaitForMultipleObjectsEx
RegisterWindowMessageW
SendMessageTimeoutW
GetWindowThreadProcessId
FindWindowExW
SetWindowRgn
EndPaint
BeginPaint
InflateRect
SetRect
SetCursor
ReleaseCapture
SetCapture
IsIconic
UpdateLayeredWindow
PostMessageW
TrackMouseEvent
ReleaseDC
GetDC
IsWindow
WaitForInputIdle
LoadCursorW
FindWindowW
SetForegroundWindow
CharNextW
IsZoomed
BringWindowToTop
CreateWindowExW
GetClassInfoExW
RegisterClassExW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetMonitorInfoW
MonitorFromWindow
MonitorFromPoint
LoadImageW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
OffsetRect
MapWindowPoints
ClientToScreen
MessageBoxW
GetWindowRect
GetClientRect
GetSystemMetrics
KillTimer
SetTimer
GetActiveWindow
IsWindowVisible
SetWindowPos
ShowWindow
DestroyWindow

gdi32

GetCharABCWidthsW
GetCharWidth32W
GetGlyphIndicesW
GetGlyphOutlineW
GetTextExtentPointI
GetFontLanguageInfo
CreateFontW
GetFontData
GetTextCharacterExtra
EnumFontFamiliesExW
EnumFontFamiliesW
GetKerningPairsW
GetOutlineTextMetricsW
GetTextFaceW
OffsetRgn
ExtSelectClipRgn
IntersectClipRect
RectVisible
SetDIBColorTable
GetTextExtentExPointW
StretchBlt
ExtTextOutW
GetClipBox
SetBkColor
TextOutW
GetTextExtentPoint32W
GetCurrentObject
ExtCreateRegion
GetDIBits
SetStretchBltMode
SetBkMode
GetTextColor
SetTextColor
CreateFontIndirectW
RestoreDC
SaveDC
CreateCompatibleBitmap
BitBlt
GetObjectW
GetTextMetricsW
GetStockObject
GetDeviceCaps
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateDIBSection

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
GetTokenInformation
RegEnumValueW
RegQueryValueExW

shell32

SHGetFolderPathW
ord165
SHFileOperationW
ShellExecuteW

ole32

CoInitialize
CoCreateGuid
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
StgOpenStorageOnILockBytes

oleaut32

VarUI4FromStr

shlwapi

PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathQuoteSpacesW
PathAppendW
PathRelativePathToW
StrStrIW
StrCmpIW
PathRemoveFileSpecW

comctl32

InitCommonControlsEx

msimg32

AlphaBlend

msvcp110

??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?uncaught_exception@std@@YA_NXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Add_vtordisp1@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xbad_function_call@std@@YAXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_BADOFF@std@@3_JB

gdiplus

GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree

msvcr110

_invoke_watson
__crtSetUnhandledExceptionFilter
wcsnlen
wcsncpy_s
wcsrchr
wcstok_s
_wcsicmp
_wcslwr_s
vswprintf_s
_vscwprintf
wmemcpy_s
_beginthreadex
_CxxThrowException
__CxxFrameHandler3
__RTDynamicCast
memcpy
towlower
iswdigit
calloc
realloc
sscanf
memset
free
malloc
_recalloc
_wtoi
_commode
_fmode
_local_unwind4
_libm_sse2_pow_precise
__CxxLongjmpUnwind
strpbrk
_wsplitpath_s
strncmp
strchr
isalnum
isalpha
isspace
_vsnprintf_s
fprintf
_setjmp3
longjmp
_resetstkoflw
tolower
isupper
sprintf_s
strtod
_strtoui64
_strtoi64
strtol
memchr
wcsspn
_vsnprintf
??0exception@std@@QAE@XZ
_waccess_s
floor
?what@exception@std@@UBEPBDXZ
??8type_info@@QBE_NABV0@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
ceil
swscanf_s
_vsnwprintf
_wcsnicmp
_stricmp
_wcsupr_s
swprintf_s
wcsstr
exit
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
?terminate@@YAXXZ
_except_handler4_common
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_wcmdln
wcschr
wcscpy_s
memmove
memmove_s
memcpy_s
??3@YAXPAX@Z
_purecall
??2@YAPAXI@Z
??_V@YAXPAX@Z
_controlfp_s

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

imm32

ImmDisableIME

imefreetype

FTC_ImageCache_Lookup
FT_OpenType_Validate
FT_OpenType_Free
FT_Select_Charmap
FT_Open_Face
FT_Load_Sfnt_Table
FT_Done_FreeType
FTC_Manager_Done
FT_Library_SetLcdFilter
FTC_ImageCache_New
FTC_CMapCache_New
FTC_Manager_New
FT_Init_FreeType
FT_Vector_From_Polar
FT_DivFix
FT_Cos
FT_Angle_Diff
FT_Atan2
FT_Outline_Get_Orientation
FT_Outline_Embolden
FT_RoundFix
FT_Glyph_To_Bitmap
FT_Outline_Transform
FT_Glyph_Copy
FT_Face_GetVariantSelectors
FT_Get_Kerning
FT_Set_Pixel_Sizes
FT_Load_Char
FT_Get_Glyph
FT_Done_Glyph
FT_Done_Face
FTC_Manager_LookupFace
FT_Get_Charmap_Index
FT_Get_Sfnt_Table
FT_MulDiv
FTC_Manager_LookupSize
FTC_CMapCache_Lookup

Sections

.text
Size: 667KB - Virtual size: 666KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

836be73c802cb3f7dbe058a1cba5d613

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45Certificate

Extended Key Usages

Key Usages

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

bdnetdll

imezlib

imepng

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

msvcp110

gdiplus

msvcr110

version

imm32

imefreetype

Sections

.text Size: 667KB - Virtual size: 666KB

.rdata Size: 150KB - Virtual size: 150KB

.data Size: 31KB - Virtual size: 36KB

_RDATA Size: 27KB - Virtual size: 26KB

.rsrc Size: 165KB - Virtual size: 165KB

.reloc Size: 112KB - Virtual size: 112KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 667KB - Virtual size: 666KB

.rdata
Size: 150KB - Virtual size: 150KB

.data
Size: 31KB - Virtual size: 36KB

_RDATA
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 165KB - Virtual size: 165KB

.reloc
Size: 112KB - Virtual size: 112KB