1e7b7c7e490353028e55a707bd0970a0bacaeec434f86c45ea05d476aae1b7d0

Sharing

Copy URL Twitter E-mail

General

Target

1e7b7c7e490353028e55a707bd0970a0bacaeec434f86c45ea05d476aae1b7d0
Size

547KB
MD5

6b1d0029f1d61dc6f5f7b28c17433c00
SHA1

e3453361cdf9784af1b32e39842488fc11f88ade
SHA256

1e7b7c7e490353028e55a707bd0970a0bacaeec434f86c45ea05d476aae1b7d0
SHA512

94360ba3fa2a42220f8b4e58222b1885bd2e125be2c804699eb407ac247ad48858aa762292f704818fe0444e4ad923e9b32e4181519697ecc0082b7b89111e9f
SSDEEP

6144:tt6RauC/QAGD1EI9dtLjBEY4eIohgxeKg/zpBsu5+Q48eMAs2dpg/DcX433kj6DO:t4MoJEUBBEYLX9V+95pKz47z6w

Score

N/A

Malware Config

Signatures

Files

1e7b7c7e490353028e55a707bd0970a0bacaeec434f86c45ea05d476aae1b7d0
.exe windows x64

6a40dda8b217017285ff56f67b39f13e

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:c4:33:d7:d6:66:a1:0b:89:12:64:3d:c0:d6:29:50
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/09/2012, 00:00

Not After

23/12/2013, 23:59

Subject

CN=Industrial and Commercial Bank of China Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software Development Center,O=Industrial and Commercial Bank of China Limited,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:5a:22:7c:d8:0b:ff:80:21:13:2d:01:c7:67:02:8d:29:7c:87:7d
Signer

Actual PE Digest

04:5a:22:7c:d8:0b:ff:80:21:13:2d:01:c7:67:02:8d:29:7c:87:7d

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Industrial and Commercial Bank of China Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software Development Center,O=Industrial and Commercial Bank of China Limited,L=BEIJING,ST=BEIJING,C=CN

20/11/2012, 09:05
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Sleep
CreateFileA
GetFileSize
CreateFileW
ReadFile
SetFilePointer
WriteFile
OutputDebugStringW
OpenProcess
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
CreateDirectoryW
SetFileTime
GetTickCount
SetLastError
FileTimeToSystemTime
GetFileInformationByHandle
CreateFileMappingW
CloseHandle
UnmapViewOfFile
GetLocalTime
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
WriteConsoleA
FlushFileBuffers
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
Process32NextW
lstrcmpiW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryExW
SetErrorMode
TerminateProcess
GetVersionExW
GetFileAttributesW
SearchPathW
ExpandEnvironmentStringsW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
GetModuleFileNameW
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
UnhandledExceptionFilter
GetCurrentProcess
MapViewOfFile
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetLocaleInfoW
LoadLibraryA
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
MoveFileW
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
GetTimeFormatA
GetDateFormatA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
HeapCreate
HeapSetInformation
GetModuleFileNameA
GetStdHandle
FlsAlloc
GetCurrentThreadId
FlsFree

user32

wsprintfW
GetSystemMetrics
GetDesktopWindow

advapi32

CryptHashData
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
QueryServiceStatus
DeleteService
ControlService
RegCreateKeyW
StartServiceW
CreateServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
DeregisterEventSource
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
LookupAccountSidW
GetTokenInformation
OpenProcessToken
LookupAccountNameW
CryptDecrypt
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptDestroyHash
CryptDeriveKey
CryptCreateHash
CryptAcquireContextW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

ole32

OleUninitialize
OleInitialize
CoCreateInstance
CoInitialize

shell32

SHGetFolderPathW
ShellExecuteExW

oleaut32

VariantCopy
SysAllocStringLen
VarUdateFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
VariantChangeType
VariantClear
SysStringByteLen
SysAllocString
SysStringLen
SysFreeString
SysAllocStringByteLen

shlwapi

PathFindFileNameW
SHCopyKeyW
SHDeleteKeyW
SHDeleteValueW

wininet

InternetOpenW
InternetCloseHandle
InternetReadFile
InternetOpenUrlW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSOpenServerW
WTSQuerySessionInformationW

Sections

.text
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

i�
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a40dda8b217017285ff56f67b39f13e

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

37:c4:33:d7:d6:66:a1:0b:89:12:64:3d:c0:d6:29:50Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

04:5a:22:7c:d8:0b:ff:80:21:13:2d:01:c7:67:02:8d:29:7c:87:7dSigner

Signature Validations

Verification

20/11/2012, 09:05 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

wininet

wtsapi32

Sections

.text Size: 364KB - Virtual size: 364KB

.rdata Size: 138KB - Virtual size: 137KB

.data Size: 11KB - Virtual size: 19KB

.pdata Size: 19KB - Virtual size: 18KB

i� Size: 512B - Virtual size: 448B

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

37:c4:33:d7:d6:66:a1:0b:89:12:64:3d:c0:d6:29:50
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

04:5a:22:7c:d8:0b:ff:80:21:13:2d:01:c7:67:02:8d:29:7c:87:7d
Signer

20/11/2012, 09:05
Valid: false

.text
Size: 364KB - Virtual size: 364KB

.rdata
Size: 138KB - Virtual size: 137KB

.data
Size: 11KB - Virtual size: 19KB

.pdata
Size: 19KB - Virtual size: 18KB

i�
Size: 512B - Virtual size: 448B