a9718ddd7b00adbf1727e7928ea0df41521a5f0fb19d27dab0771e6e2bc50ba8

Sharing

Copy URL Twitter E-mail

General

Target

a9718ddd7b00adbf1727e7928ea0df41521a5f0fb19d27dab0771e6e2bc50ba8
Size

644KB
MD5

692d4bc7ac335e79791ebc90abf44c1e
SHA1

2515a06cc824f20e882deae77b7436cca14c1ee3
SHA256

a9718ddd7b00adbf1727e7928ea0df41521a5f0fb19d27dab0771e6e2bc50ba8
SHA512

520d4167f459a2e10e7b69344d062720df5c613bde43b70cbec7191230c48b581346f6e9edc315ce221e2937c828b3037a5aa2a98d9174e907bd72448b7f7ff0
SSDEEP

6144:UPhHRVC/qOJhWjafYXcPVNWVeR8dCa6a9lc5GIdGnxFdSqT4XofYSbscTdJUTXTW:U5xVWcUXyDsWdJujbTAmps4dwv

Score

N/A

Malware Config

Signatures

Files

a9718ddd7b00adbf1727e7928ea0df41521a5f0fb19d27dab0771e6e2bc50ba8
.exe windows x86

5a2c95700e5eb22b0cab7efbd36d8c3c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:01:fb:34:d5:06:90:99:5e:6f:42:c0:77:1c:e8:7f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/03/2009, 00:00

Not After

02/06/2012, 23:59

Subject

CN=Lenovo Information Products (Shenzhen) Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Lenovo Information Products (Shenzhen) Co.\,Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b8:85:08:3d:c1:b4:6d:83:cc:7c:56:6d:2f:96:6f:6a:14:71:7a:ad
Signer

Actual PE Digest

b8:85:08:3d:c1:b4:6d:83:cc:7c:56:6d:2f:96:6f:6a:14:71:7a:ad

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Lenovo Information Products (Shenzhen) Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Lenovo Information Products (Shenzhen) Co.\,Ltd,L=Shenzhen,ST=Guangdong,C=CN

14/09/2009, 08:14
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

utils

?AmIAdministrator@rec_utils@@YAHXZ
?GetModulePath@rec_utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PAUHINSTANCE__@@@Z
?MessageBoxW@rec_utils@@YAHPAUHINSTANCE__@@ABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@HI@Z
?open@CLog@rec_utils@@QAEHXZ
??1ThreadPool@@UAE@XZ
?activate@ThreadPool@@QAEHIPAKPAPAX@Z
?wait@ThreadPool@@QAEXXZ
??0CTraceFunc@@QAE@PB_W@Z
??1CTraceFunc@@QAE@XZ
?log@rec_utils@@YAXPB_WZZ
?MessageBoxW@rec_utils@@YAHPAUHINSTANCE__@@HI@Z
?SetIcon@rec_utils@@YAXPAUHINSTANCE__@@AAVCWindow@ATL@@@Z
?r_element@Config@@QAEHPA_W0H@Z
?get_service_mark_file@rec_utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_W@Z
??0DriverMgr@@QAE@XZ
??1DriverMgr@@QAE@XZ
?get_q_driver@DriverMgr@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?close_q_driver@DriverMgr@@QAEXXZ
?GetInst@CLog@rec_utils@@SAAAV12@XZ
??0Config@@QAE@PB_W@Z
??1Config@@QAE@XZ

burn

?start@BurnSchedule@@QAEHXZ
?uninit@BurnSchedule@@QAEXXZ
?init@BurnSchedule@@QAEXPAUHINSTANCE__@@0@Z
??1BurnSchedule@@QAE@XZ
??0BurnSchedule@@QAE@XZ
?stop@BurnSchedule@@QAEXXZ

kernel32

GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
GetVersionExW
FindResourceExW
FindResourceW
LoadResource
GetCurrentProcess
SizeofResource
LeaveCriticalSection
FlushInstructionCache
RaiseException
SetLastError
EnterCriticalSection
LockResource
GetCurrentThreadId
CreateMutexW
LoadLibraryA
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
GetUserDefaultLangID
InitializeCriticalSection
LoadLibraryW
GetExitCodeProcess
GetModuleFileNameW
MultiByteToWideChar
lstrlenW
InterlockedExchange
GetLastError
GetProcessId
lstrcmpiW
DeleteCriticalSection
ReleaseMutex
CloseHandle
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
Sleep
HeapSize
HeapReAlloc
HeapDestroy
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
FreeLibrary

user32

GetWindow
EnableWindow
MapWindowPoints
SendMessageW
UnregisterClassA
SetWindowTextW
GetMonitorInfoW
DestroyWindow
CharNextW
SetForegroundWindow
EnumWindows
DefWindowProcW
GetWindowThreadProcessId
PostMessageW
BringWindowToTop
EnableMenuItem
ShowWindow
GetSystemMenu
GetWindowRect
FillRect
DialogBoxParamW
GetParent
GetClientRect
GetDC
GetWindowLongW
MonitorFromWindow
GetDlgItem
SetWindowLongW
EndDialog
SetWindowPos
LoadBitmapW
GetActiveWindow
GetMenuItemCount
InsertMenuW
SetDlgItemTextW

gdi32

StretchBlt
DeleteObject
SelectObject
CreateCompatibleDC
GetObjectW
DeleteDC
CreateSolidBrush

advapi32

RegDeleteKeyW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW

shell32

ShellExecuteExW

ole32

CoTaskMemFree
CoInitialize
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
CoTaskMemAlloc

oleaut32

VarUI4FromStr

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z

comctl32

InitCommonControlsEx

msvcr90

wcsstr
_invalid_parameter_noinfo
malloc
free
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
wcsncpy_s
memcpy_s
wcslen
_recalloc
??2@YAPAXI@Z
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_CxxThrowException
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
??_V@YAXPAX@Z
memset
??3@YAXPAX@Z
_wcmdln
_initterm
_initterm_e
_configthreadlocale
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__CxxFrameHandler3
__setusermatherr

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 415KB - Virtual size: 414KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a2c95700e5eb22b0cab7efbd36d8c3c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

7f:01:fb:34:d5:06:90:99:5e:6f:42:c0:77:1c:e8:7fCertificate

Extended Key Usages

Key Usages

b8:85:08:3d:c1:b4:6d:83:cc:7c:56:6d:2f:96:6f:6a:14:71:7a:adSigner

Signature Validations

Verification

14/09/2009, 08:14 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

utils

burn

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp90

comctl32

msvcr90

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 415KB - Virtual size: 414KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7f:01:fb:34:d5:06:90:99:5e:6f:42:c0:77:1c:e8:7f
Certificate

b8:85:08:3d:c1:b4:6d:83:cc:7c:56:6d:2f:96:6f:6a:14:71:7a:ad
Signer

14/09/2009, 08:14
Valid: false

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 415KB - Virtual size: 414KB