0de4e5d91e4bdba10120b0643361975e6d2c2c0903ea72ea2c1d63d292a6e07f

Sharing

Copy URL Twitter E-mail

General

Target

0de4e5d91e4bdba10120b0643361975e6d2c2c0903ea72ea2c1d63d292a6e07f
Size

619KB
MD5

6442c1229a51717d1a9fe84cded3d4f0
SHA1

fc1c5be911453c86e36e513011fc9801668f8f73
SHA256

0de4e5d91e4bdba10120b0643361975e6d2c2c0903ea72ea2c1d63d292a6e07f
SHA512

514eb735fb797ae426c92bf09d2329160ba4b4eb95adbb232456c0a7a698faefa0984cc3e3dfc5af6fc8bd2d2bae19e52aa61c77e3f0c151a8dbda05dadf8bdb
SSDEEP

6144:LOHhaKUTP0YrIOXOASGClzCw9ncG/z0X0enxQX/9qLhfCaha0H6J:pKg0yIlv9ncG/z0kenxQX/eZLt6

Score

N/A

Malware Config

Signatures

Files

0de4e5d91e4bdba10120b0643361975e6d2c2c0903ea72ea2c1d63d292a6e07f
.exe windows x86

5fc5c6007a228e33393adc823665b2da

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:6a:b7:0c:91:3f:23:09:1f:0b:21:b7:41:6c:52:42
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/04/2012, 00:00

Not After

22/06/2014, 23:59

Subject

CN=TaoBao(china) Software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TaoBao(china) Software Co.\, Ltd,L=HangZhou,ST=ZheJiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dc:87:71:14:93:58:03:cc:69:66:a7:fe:a1:53:a9:a9:29:a8:7a:77
Signer

Actual PE Digest

dc:87:71:14:93:58:03:cc:69:66:a7:fe:a1:53:a9:a9:29:a8:7a:77

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=TaoBao(china) Software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TaoBao(china) Software Co.\, Ltd,L=HangZhou,ST=ZheJiang,C=CN

21/01/2013, 10:01
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wwutils

?Decrypt@DesUtil@@SA_NPBDPAE1JPAJ@Z

kernel32

InterlockedIncrement
LeaveCriticalSection
GetCurrentProcess
FlushInstructionCache
InitializeCriticalSection
SetLastError
SetFileAttributesW
MoveFileExW
DeleteFileW
CreateFileW
GetFileSize
ReadFile
SetFilePointer
WriteFile
SetEndOfFile
GetLastError
GetFileAttributesW
EnterCriticalSection
GetCurrentProcessId
TerminateProcess
GetStartupInfoW
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetModuleFileNameW
WaitForSingleObject
GetCommandLineW
SetEvent
GetCurrentThreadId
InterlockedDecrement
DeleteCriticalSection
FindResourceExW
GlobalUnlock
Sleep
GetModuleHandleW
GlobalLock
lstrlenW
GlobalFree
GlobalAlloc
CloseHandle
LoadResource
CreateThread
LockResource
CreateEventW
SizeofResource
FindResourceW
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

user32

GetSystemMetrics
DialogBoxParamW
SetCapture
SystemParametersInfoW
DestroyIcon
SetTimer
SendMessageW
GetMessageW
GetDlgCtrlID
GetCapture
TranslateMessage
DispatchMessageW
SetWindowLongW
OffsetRect
IsWindow
GetMenu
CallWindowProcW
CreateWindowExW
ClientToScreen
KillTimer
GetClientRect
AdjustWindowRectEx
DefWindowProcW
GetClassInfoExW
PostThreadMessageW
InvalidateRect
GetParent
UpdateWindow
GetDlgItem
DestroyWindow
GetWindowRect
SetWindowPos
DrawTextW
UnregisterClassA
ReleaseCapture
BringWindowToTop
EndDialog
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetWindowTextW
SetDlgItemTextW
GetWindow
MapWindowPoints
DrawIconEx
LoadIconW
EndPaint
GetActiveWindow
GetWindowTextW
BeginPaint
PtInRect
LoadCursorW
CharUpperW
IsWindowEnabled
CharNextW
RegisterClassExW
PostMessageW
ScreenToClient
GetWindowLongW
SetWindowRgn

gdi32

CreateRoundRectRgn
GetStockObject
CreateCompatibleBitmap
DeleteDC
DeleteObject
SetTextColor
CreateCompatibleDC
SetBkMode
BitBlt
SelectObject
SetViewportOrgEx

advapi32

RegSetValueExW
RegCreateKeyExW
RegCloseKey

shell32

SHFileOperationW
CommandLineToArgvW

ole32

CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CoInitialize

atl80

ord23
ord44
ord64
ord43
ord18
ord22
ord61
ord17
ord20

shlwapi

PathFileExistsW
PathIsDirectoryW

comctl32

_TrackMouseEvent
ImageList_GetIconSize
ImageList_Destroy

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

gdiplus

GdipDeleteStringFormat
GdipAlloc
GdipDisposeImage
GdipDrawImageRectRectI
GdipCreateSolidFill
GdipStringFormatGetGenericTypographic
GdipCloneBrush
GdipDrawImageI
GdipDeleteBrush
GdipDeleteFont
GdipSetStringFormatTrimming
GdipCreateFont
GdipMeasureString
GdipDrawString
GdipGetStringFormatFlags
GdipSetStringFormatFlags
GdipDeleteFontFamily
GdipCloneStringFormat
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdiplusShutdown
GdiplusStartup
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipLoadImageFromStream
GdipFree

msvcr80

vswprintf_s
_vscwprintf
??0exception@std@@QAE@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??0exception@std@@QAE@XZ
??2@YAPAXI@Z
??_V@YAXPAX@Z
_recalloc
swprintf_s
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
memset
_invalid_parameter_noinfo
memmove_s
wcsrchr
memcmp
_wsplitpath_s
free
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
wcsstr
memcpy_s
wcscmp
memcpy
_CxxThrowException
wcslen
_purecall
?what@exception@std@@UBEPBDXZ
??3@YAXPAX@Z
_cexit
_exit
_XcptFilter
exit
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
__CxxFrameHandler3
_wcmdln

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 532KB - Virtual size: 529KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5fc5c6007a228e33393adc823665b2da

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

47:6a:b7:0c:91:3f:23:09:1f:0b:21:b7:41:6c:52:42Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

dc:87:71:14:93:58:03:cc:69:66:a7:fe:a1:53:a9:a9:29:a8:7a:77Signer

Signature Validations

Verification

21/01/2013, 10:01 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

wwutils

kernel32

user32

gdi32

advapi32

shell32

ole32

atl80

shlwapi

comctl32

msvcp80

gdiplus

msvcr80

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 532KB - Virtual size: 529KB

.reloc Size: 26KB - Virtual size: 26KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

47:6a:b7:0c:91:3f:23:09:1f:0b:21:b7:41:6c:52:42
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

dc:87:71:14:93:58:03:cc:69:66:a7:fe:a1:53:a9:a9:29:a8:7a:77
Signer

21/01/2013, 10:01
Valid: false

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 532KB - Virtual size: 529KB

.reloc
Size: 26KB - Virtual size: 26KB