124a5f4d2e3aab9fe4be721ab1a94d445d78c8eddb3fafaa6283f414e2ccd373

Sharing

Copy URL

Twitter E-mail

General

Target

124a5f4d2e3aab9fe4be721ab1a94d445d78c8eddb3fafaa6283f414e2ccd373
Size

518KB
MD5

66216f189bf6138fc7d669112fcf9f40
SHA1

ef755dcca3f2dde43918c34c9f999dff6339b8be
SHA256

124a5f4d2e3aab9fe4be721ab1a94d445d78c8eddb3fafaa6283f414e2ccd373
SHA512

feefc9172e4bd4d0700f5285ccbde60026a2b2de4ed6b46c76e8412bd0f985645250ce413d4686517257cddabc99d33803e708fe3d4bc892543bbd4a2691116e
SSDEEP

12288:mqgWzlDUNiZgXrnPI0k9Fz4Ylainiq7phzKUqJ0u9cvOV+hSOO:dlDUNhQ0kM3Miq7bKUeyOVASOO

Score

N/A

Malware Config

Signatures

Files

124a5f4d2e3aab9fe4be721ab1a94d445d78c8eddb3fafaa6283f414e2ccd373
.exe windows x86

85924ced70baadf1a9f5145fe6d448f1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-01-2013 00:00

Not After

16-02-2016 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

97:18:91:02:87:e8:87:a4:ec:40:24:44:81:87:16:59:98:cf:3e:fb
Signer

Actual PE Digest

97:18:91:02:87:e8:87:a4:ec:40:24:44:81:87:16:59:98:cf:3e:fb

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

15-10-2014 04:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExW
EnumProcessModules

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

recv
WSAStartup
gethostbyname
send
inet_addr
connect
closesocket
WSACleanup
socket
htons
inet_ntoa

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
VirtualAlloc
VirtualFree
HeapCreate
CreateDirectoryW
WriteFile
FindResourceW
CloseHandle
LoadResource
GetFileAttributesW
GetTickCount
SizeofResource
CreateFileW
RemoveDirectoryW
MoveFileExW
MoveFileW
GetLastError
CreateMutexW
LoadLibraryW
GetProcAddress
WideCharToMultiByte
GetVersionExW
CreateProcessW
WaitForSingleObject
Process32FirstW
OpenProcess
Process32NextW
lstrcmpiW
CreateToolhelp32Snapshot
TerminateProcess
InterlockedCompareExchange
GetModuleHandleW
GetNativeSystemInfo
GetCurrentProcess
GetCurrentProcessId
ReleaseMutex
SetLastError
DeleteFileW
GetModuleFileNameW
SetFilePointer
OutputDebugStringA
GetModuleHandleA
GetFileAttributesExW
FindClose
FindNextFileW
FindFirstFileW
GetTempPathW
GetCurrentDirectoryW
ReadFile
LocalFree
GetCommandLineW
ExpandEnvironmentStringsW
CreateEventW
InterlockedExchangeAdd
SetUnhandledExceptionFilter
LoadLibraryA
ResumeThread
AssignProcessToJobObject
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
RaiseException
CreateThread
GetCurrentThreadId
Sleep
SetEndOfFile
FlushFileBuffers
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemDirectoryW
GetWindowsDirectoryW
SetEnvironmentVariableA
TlsFree
TlsSetValue
TlsAlloc
InterlockedExchange
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
InterlockedIncrement
SetEvent
ExitProcess
HeapDestroy
GetStartupInfoA
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
IsValidCodePage
GetOEMCP
GetACP
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
HeapReAlloc
GetFileType
SetStdHandle
GetFullPathNameW
GetConsoleMode
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
CreateFileA
GetCurrentDirectoryA
GetDriveTypeA
CompareStringA
CompareStringW
GetStdHandle
TlsGetValue
GetConsoleCP
GetStartupInfoW
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
UnhandledExceptionFilter
MultiByteToWideChar
InitializeCriticalSection
InterlockedDecrement

user32

MessageBoxW
PostMessageW
SetTimer
KillTimer
RegisterClassExW
CreateWindowExW
DefWindowProcW
DestroyWindow
UnregisterClassW
PostQuitMessage
CallMsgFilterW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjectsEx
GetQueueStatus
PeekMessageW
WaitMessage

advapi32

CreateProcessAsUserW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW

shell32

SHChangeNotify
SHGetFolderPathW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHFileOperationW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

Sections

.text
Size: 396KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

85924ced70baadf1a9f5145fe6d448f1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

97:18:91:02:87:e8:87:a4:ec:40:24:44:81:87:16:59:98:cf:3e:fbSigner

Signature Validations

Verification

15-10-2014 04:54 Valid: false

Headers

File Characteristics

Imports

psapi

version

ws2_32

kernel32

user32

advapi32

shell32

ole32

userenv

winmm

Sections

.text Size: 396KB - Virtual size: 394KB

.rdata Size: 64KB - Virtual size: 60KB

.data Size: 12KB - Virtual size: 22KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 38KB - Virtual size: 38KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

97:18:91:02:87:e8:87:a4:ec:40:24:44:81:87:16:59:98:cf:3e:fb
Signer

15-10-2014 04:54
Valid: false

.text
Size: 396KB - Virtual size: 394KB

.rdata
Size: 64KB - Virtual size: 60KB

.data
Size: 12KB - Virtual size: 22KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 38KB - Virtual size: 38KB