d58400f5710d15398e9759fe90131a099967286863ac4fdd380b48b83fd65ddc

Sharing

Copy URL Twitter E-mail

General

Target

d58400f5710d15398e9759fe90131a099967286863ac4fdd380b48b83fd65ddc
Size

232KB
MD5

71628a61e0e0e15d8fd936e3fde2c405
SHA1

a9c6a4c01331091f44851022fc32f04b7f5c0723
SHA256

d58400f5710d15398e9759fe90131a099967286863ac4fdd380b48b83fd65ddc
SHA512

492df748f7fb7f8bdfc73ddd0b84b09ffdf43820588370d6b9ead800cfe436e6b538b4226faea04bad3c55400939e1126d4b8d19bf9020222c2ddf4e54772739
SSDEEP

6144:CDKh6kHVj8HNoUWsIO02uJJdqN+aBeAAUOZLbe:CDaPjgoU4ZFlK

Score

N/A

Malware Config

Signatures

Files

d58400f5710d15398e9759fe90131a099967286863ac4fdd380b48b83fd65ddc
.exe windows x86

ab2ca53c912affbe7fd5c9e86f014d2d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2008, 00:00

Not After

03/07/2009, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Research,O=Zhuhai Kingsoft Software Co.\,Ltd,L=ZHUHAI,ST=GUANGDONG,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

00:bb:b4:83:5a:a1:68:18:a5:3d:52:9e:3d:ae:9c:a8:d1:9c:db:ca
Signer

Actual PE Digest

00:bb:b4:83:5a:a1:68:18:a5:3d:52:9e:3d:ae:9c:a8:d1:9c:db:ca

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Research,O=Zhuhai Kingsoft Software Co.\,Ltd,L=ZHUHAI,ST=GUANGDONG,C=CN

17/03/2009, 03:15
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetCloseHandle
InternetOpenW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

mfc80u

ord1297
ord2164
ord4101
ord5201
ord5398
ord4179
ord6271
ord6140
ord5067
ord5161
ord1899
ord2260
ord4259
ord1271
ord5144
ord4098
ord1058
ord4238
ord1393
ord6133
ord3939
ord3642
ord1608
ord1086
ord1611
ord1555
ord5911
ord900
ord6721
ord1548
ord6751
ord2418
ord395
ord2419
ord5705
ord635
ord2986
ord5352
ord4480
ord940
ord2444
ord562
ord2856
ord4898
ord1472
ord751
ord5196
ord2933
ord416
ord1590
ord4129
ord651
ord1118
ord1646
ord4303
ord6700
ord1647
ord5006
ord1955
ord5003
ord1353
ord2609
ord4961
ord1904
ord3339
ord2237
ord6749
ord1921
ord6275
ord3796
ord3249
ord1513
ord2163
ord2310
ord2169
ord2399
ord1925
ord4244
ord2381
ord282
ord1178
ord578
ord300
ord287
ord777
ord304
ord3174
ord5715
ord5917
ord3281
ord5397
ord5410
ord5584
ord5519
ord5643
ord5638
ord5723
ord6033
ord5884
ord6053
ord4155
ord6050
ord5604
ord6056
ord5607
ord2521
ord3157
ord3198
ord347
ord602
ord2362
ord1270
ord2224
ord2263
ord3995
ord860
ord326
ord330
ord589
ord3494
ord4089
ord3079
ord3493
ord5633
ord6013
ord2255
ord2366
ord3435
ord5727
ord4117
ord4078
ord894
ord784
ord310
ord2313
ord5485
ord5487
ord3844
ord903
ord781
ord6279
ord5558
ord2460
ord6061
ord4388
ord3397
ord4716
ord5327
ord4642
ord4271
ord261
ord1591
ord6293
ord5956
ord5231
ord4588
ord5229
ord1571
ord920
ord3586
ord925
ord3946
ord3460
ord929
ord4293
ord927
ord931
ord2365
ord4112
ord2384
ord5316
ord2404
ord1172
ord3155
ord1252
ord2388
ord6282
ord2394
ord2392
ord2390
ord1176
ord2407
ord2340
ord2402
ord4439
ord2386
ord4013
ord1479
ord2409
ord2397
ord2379
ord1894
ord3204
ord5414
ord4074
ord2321
ord5484
ord2239
ord4032
ord4008
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord6086
ord1007
ord757
ord5096
ord566
ord6215
ord5378
ord3826
ord1911
ord762
ord2925
ord3824
ord3677
ord5220
ord5222
ord3942
ord4562
ord5226
ord5209
ord5562
ord2531
ord2725
ord2829
ord4301
ord1121
ord2708
ord2832
ord280
ord2534
ord2640
ord2527
ord3712
ord3713
ord1476
ord3703
ord2638
ord3943
ord2261
ord4475
ord4255
ord3327
ord5524
ord3990
ord266
ord774
ord265
ord1079
ord6161
ord2121
ord2311
ord776
ord283
ord293
ord896
ord899
ord577
ord764
ord1198
ord6273

msvcr80

_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
isspace
tolower
strncmp
isalnum
fseek
fread
fopen
fclose
ftell
_vsnprintf_s
fprintf
_CxxThrowException
wcsncmp
printf
_wtol
_time64
toupper
vsprintf
strcat_s
sscanf
strchr
_wcsicmp
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
memmove_s
strcpy_s
vsprintf_s
strncpy
memcpy_s
_beginthreadex
vswprintf_s
_endthreadex
_vswprintf_c_l
wcsncpy
free
malloc
_vswprintf
_wtoi
wcscat_s
wcscpy_s
_invalid_parameter_noinfo
wcsrchr
wcsncat
_purecall
isalpha
_stricmp
__CxxFrameHandler3
memset

kernel32

CreateThread
TerminateThread
WaitForSingleObject
CloseHandle
CreateFileW
CreateDirectoryA
GetWindowsDirectoryA
GetPrivateProfileStringA
GetSystemDefaultLangID
lstrcmpA
MultiByteToWideChar
GetVersionExW
IsBadReadPtr
WriteFile
ProcessIdToSessionId
lstrlenA
GetCurrentProcessId
CreateFileMappingW
MapViewOfFile
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetFileAttributesW
GetModuleFileNameW
lstrcpyW
lstrcatW
OutputDebugStringW
LoadLibraryW
GetLocalTime
GetProcAddress
FreeLibrary
Sleep
GetSystemDirectoryW
OpenProcess
GetLastError
CreateProcessW
GetPrivateProfileIntW
GetCommandLineW
GetVersion
LocalFree
InterlockedExchange
GetModuleHandleW
CreateMutexW
ExitProcess
CreateEventW
SetEvent
lstrlenW
SetFileAttributesW
DeleteFileW
GlobalFindAtomA
GlobalAddAtomA
GetTickCount
EnterCriticalSection
GetCurrentThreadId
OpenEventW
WaitForMultipleObjects
WideCharToMultiByte
SetProcessWorkingSetSize
GetCurrentProcess
LeaveCriticalSection
SetLastError
InitializeCriticalSection
DeleteCriticalSection
UnmapViewOfFile
ReleaseMutex
OpenMutexW
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA

user32

GetMenuItemRect
ClientToScreen
CopyRect
InflateRect
SendMessageW
GetMenuItemInfoW
GetSystemMetrics
LoadStringW
GetClassNameW
SetMenuItemInfoW
GetDesktopWindow
GetWindowRect
WindowFromPoint
MessageBoxW
UpdateWindow
PostMessageW
RegisterHotKey
RegisterWindowMessageW
GetCursorPos
GetSubMenu
VkKeyScanW
UnregisterHotKey
SetForegroundWindow
SetRectEmpty
GetSysColor
GetSystemMenu
DrawStateW
GetMenuItemCount
OffsetRect
IsMenu
GetMenu
GetPropW
SetPropW
SystemParametersInfoW
GrayStringW
IsRectEmpty
DrawTextExW
DrawTextW
ReleaseDC
TabbedTextOutW
GetDC
KillTimer
DestroyIcon
ReplyMessage
LoadBitmapW
SetTimer
ModifyMenuW
SetMenuDefaultItem
LoadIconW
DeleteMenu

gdi32

RectVisible
TextOutW
CreatePen
GetStockObject
CreateFontIndirectW
GetCurrentObject
CreateCompatibleDC
CreateCompatibleBitmap
ExtTextOutW
SelectObject
BitBlt
CreateSolidBrush
GetClipBox
DeleteObject
Escape
SetTextColor
GetObjectW
GetPixel
SetPixel
GetTextExtentPoint32W
Ellipse
CreateFontW
GetTextMetricsW
Rectangle
StretchBlt
PtVisible
GetDeviceCaps

advapi32

RegQueryValueExW
RegCloseKey
RegSetValueExW
SetSecurityDescriptorDacl
RegCreateKeyExW
RegOpenKeyExW
CloseEventLog
ReadEventLogW
GetOldestEventLogRecord
GetNumberOfEventLogRecords
OpenEventLogW
FreeSid
OpenProcessToken
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
InitializeSecurityDescriptor

shell32

CommandLineToArgvW
Shell_NotifyIconW
SHGetSpecialFolderPathA
ShellExecuteW

comctl32

ImageList_Draw
ImageList_GetIcon

shlwapi

PathRemoveFileSpecW
PathFileExistsW

kis

kisCFGQueryValueIEx
kisCFGQueryValueEx
kisCFGQueryValueI
kisIsInfocEnable
kisTerminate
kisIsVistaOrLater
kisQueryOEMInfo
kisGetPath
kisCFGSetValueI
kisCreateInfocAction
kisCFGQueryValue
kisCreateKSLangInstance

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

M7cY001
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ab2ca53c912affbe7fd5c9e86f014d2d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6bCertificate

Extended Key Usages

Key Usages

00:bb:b4:83:5a:a1:68:18:a5:3d:52:9e:3d:ae:9c:a8:d1:9c:db:caSigner

Signature Validations

Verification

17/03/2009, 03:15 Valid: false

Headers

File Characteristics

Imports

wininet

version

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

kis

msvcp80

Sections

.text Size: 122KB - Virtual size: 121KB

.rdata Size: 50KB - Virtual size: 50KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 49KB - Virtual size: 49KB

M7cY001 Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6b
Certificate

00:bb:b4:83:5a:a1:68:18:a5:3d:52:9e:3d:ae:9c:a8:d1:9c:db:ca
Signer

17/03/2009, 03:15
Valid: false

.text
Size: 122KB - Virtual size: 121KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 49KB - Virtual size: 49KB

M7cY001
Size: 1KB - Virtual size: 1KB