7d4d565cdc624df9a027451e986d55504d9b74a2b6d4674ab4a90afedc06f90d

Sharing

Copy URL Twitter E-mail

General

Target

7d4d565cdc624df9a027451e986d55504d9b74a2b6d4674ab4a90afedc06f90d
Size

1.0MB
MD5

69069ecbd2201f49f63e32183ec133ef
SHA1

190040cae57bf0536893e81c3d1f6dc06aaad328
SHA256

7d4d565cdc624df9a027451e986d55504d9b74a2b6d4674ab4a90afedc06f90d
SHA512

02b7d94b528670c35b609492e016299d501a25628aacd9c07b5941b7f4f357c47b9e871f2904acac175658f1fecc9dfdec0a8822dd7ffc25fec3f60ba50deffb
SSDEEP

24576:c7yhsfWlq7lfYOeDwEmmnKP5/OfxNF35Yw:UCwaUkb1N

Score

N/A

Malware Config

Signatures

Files

7d4d565cdc624df9a027451e986d55504d9b74a2b6d4674ab4a90afedc06f90d
.exe windows x86

a4bbc36245c35d7e9cd7148c80713af5

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadReadPtr
GlobalUnlock
GlobalLock
TerminateProcess
CopyFileW
lstrcpyW
lstrcmpiW
CompareStringW
GetExitCodeThread
GetFileAttributesExW
GlobalFindAtomW
GetFileTime
FileTimeToSystemTime
WritePrivateProfileStringW
GetModuleHandleW
TlsGetValue
OpenThread
TlsSetValue
GetEnvironmentVariableW
GetProcessHeap
HeapAlloc
TlsAlloc
SetEnvironmentVariableW
TlsFree
HeapFree
ReleaseMutex
VirtualAlloc
VirtualFree
GetACP
SetFilePointerEx
FormatMessageW
GetSystemTime
lstrcmpA
SetLastError
GetFileType
LocalFree
GetLongPathNameW
GetPrivateProfileIntW
GetFileSizeEx
SetEndOfFile
WriteFile
ReadFile
GetFileSize
SetFilePointer
CreateFileW
lstrcpynW
WideCharToMultiByte
MultiByteToWideChar
CreateThread
GetStartupInfoW
Sleep
SetEvent
LoadLibraryA
GetSystemDirectoryW
GetPrivateProfileStringW
GetPrivateProfileStructW
GetModuleHandleA
GetSystemInfo
GetCurrentProcessId
OpenProcess
SetProcessWorkingSetSize
GetWindowsDirectoryW
GetCommandLineW
GlobalAlloc
GlobalFree
WaitForSingleObject
FindFirstFileW
FindClose
GetVersionExW
FindResourceW
SizeofResource
LoadResource
LockResource
CreateProcessW
MulDiv
GetCurrentProcess
FlushInstructionCache
GetTempPathW
GetTempFileNameW
DeleteFileW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
InterlockedDecrement
OutputDebugStringW
DebugBreak
lstrlenA
InterlockedIncrement
lstrlenW
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
CloseHandle
CreateMutexW
GetLastError
GetVersion

user32

GetFocus
DrawFocusRect
IsWindowEnabled
ScreenToClient
IsRectEmpty
DrawFrameControl
DrawIconEx
LoadBitmapW
GetSysColor
WaitForInputIdle
BeginPaint
EndPaint
CallWindowProcW
IsDialogMessageW
LoadImageW
LoadIconW
FindWindowExW
ExitWindowsEx
PostQuitMessage
SetCursor
DialogBoxParamW
GetActiveWindow
LoadCursorW
EnableWindow
SetDlgItemTextW
GetDlgItemTextW
KillTimer
SetTimer
SetFocus
MessageBeep
FillRect
GetDlgCtrlID
RedrawWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
EnumChildWindows
SetDlgItemInt
DrawTextW
GetDlgItemInt
IsWindowVisible
CopyRect
InvalidateRect
MessageBoxW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CreateWindowExW
IsWindow
GetWindowPlacement
SetRectEmpty
DestroyIcon
DestroyCursor
UpdateWindow
ReleaseCapture
GetCapture
SetCapture
PtInRect
GetCursorPos
CreateCursor
GetClassNameW
ReleaseDC
GetWindowDC
PostMessageW
SendMessageW
SetForegroundWindow
ShowWindow
FindWindowW
GetDC
RegisterClassW
GetClassInfoW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
DefWindowProcW
DestroyWindow
wvsprintfW
CharNextW
GetSystemMetrics
SendMessageTimeoutW
GetDlgItem
OffsetRect
GetWindowLongW
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
EndDialog
GetParent
SetWindowLongW
CreateDialogParamW
LoadStringW
ClientToScreen

gdi32

GetStockObject
GetObjectType
GetTextColor
CreateDIBSection
CreateRectRgnIndirect
SetViewportOrgEx
GetDIBits
SetStretchBltMode
StretchBlt
CreateBitmap
CreatePen
CreateSolidBrush
MoveToEx
SetBkMode
SetTextColor
TextOutW
GetTextMetricsW
GetTextExtentPoint32W
GetDeviceCaps
CreateFontW
SetBkColor
ExtTextOutW
DeleteDC
BitBlt
GetObjectW
CreateCompatibleDC
LineTo
CreateFontIndirectW
GetPixel
CreateRectRgn
SelectClipRgn
CreateCompatibleBitmap
SelectObject
DeleteObject
CombineRgn
EnumFontFamiliesW

comdlg32

GetFileTitleW
GetSaveFileNameW
GetOpenFileNameW

advapi32

RegQueryValueExW
RegFlushKey
RegCreateKeyExW
RegSetValueExW
CreateServiceW
StartServiceW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
ChangeServiceConfigW
ControlService
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

ExtractIconExW
SHGetFolderPathW
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
ord680
CommandLineToArgvW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysStringLen
VariantInit
VariantClear
SysFreeString
SysAllocString

comctl32

ImageList_GetImageInfo
_TrackMouseEvent
ImageList_Create
InitCommonControlsEx
ImageList_Draw

shlwapi

PathFindFileNameW
PathIsDirectoryW
StrCpyNW
UrlGetPartW
PathRemoveFileSpecW
PathCombineW
SHGetValueW
PathIsRelativeW
PathFileExistsW
SHSetValueW
PathAppendW
StrChrW
StrCmpIW
PathCanonicalizeW
StrCmpNW
StrCmpNIW
PathRemoveBackslashW
StrRChrA
StrCmpNA
StrCmpW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

msvcrt

memmove
wcscat
tolower
memchr
qsort
_snwprintf
strerror
wcstok
_errno
wcsncmp
_controlfp
_iob
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
calloc
strtod
_CIpow
fprintf
longjmp
strncpy
_setjmp3
sprintf
abort
wcschr
fread
fseek
sscanf
_wcslwr
wcsrchr
wcsstr
mktime
_ftol
swprintf
localtime
wcsftime
_wcsicmp
_CxxThrowException
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
time
_vsnwprintf
_vsnprintf
strlen
memcmp
_wtol
_except_handler3
swscanf
_wsplitpath
_wmakepath
_purecall
wcsncpy
malloc
_wfopen
fwrite
fclose
free
iswdigit
?terminate@@YAXXZ
realloc
wcslen
wcscpy
memset
wcsncat
memcpy
??2@YAPAXI@Z
__CxxFrameHandler
wcscmp
_wtoi

iphlpapi

GetIpNetTable
DeleteIpNetEntry
GetNetworkParams
SendARP

wininet

InternetGetConnectedState

urlmon

URLDownloadToCacheFileW

ws2_32

htonl
gethostbyname
ntohl
gethostname
inet_addr
inet_ntoa

Sections

.text
Size: 384KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

q&
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a4bbc36245c35d7e9cd7148c80713af5

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:ddCertificate

Extended Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

version

msvcrt

iphlpapi

wininet

urlmon

ws2_32

Sections

.text Size: 384KB - Virtual size: 382KB

.rdata Size: 48KB - Virtual size: 46KB

.data Size: 60KB - Virtual size: 68KB

.rsrc Size: 288KB - Virtual size: 287KB

q& Size: 244KB - Virtual size: 244KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

.text
Size: 384KB - Virtual size: 382KB

.rdata
Size: 48KB - Virtual size: 46KB

.data
Size: 60KB - Virtual size: 68KB

.rsrc
Size: 288KB - Virtual size: 287KB

q&
Size: 244KB - Virtual size: 244KB