300ddf94a52502a99c09cad65fbe15a12e7e34743ccac8e15006aa1a7fa52e30

Sharing

Copy URL Twitter E-mail

General

Target

300ddf94a52502a99c09cad65fbe15a12e7e34743ccac8e15006aa1a7fa52e30
Size

432KB
MD5

3c8eb709c31993dda792d10ea51fb3f0
SHA1

462c8d461136d55c83fe8d566be8e15f6709d5fe
SHA256

300ddf94a52502a99c09cad65fbe15a12e7e34743ccac8e15006aa1a7fa52e30
SHA512

bf3ad5fcefa6bcfdbf1dab65735dddb88f5ed0b8598c0c63647ae37a8740961ccdaf0216cdc25f6d2603d939a935918583fc9b5bdb3ff8befaadcd9ce06fe83d
SSDEEP

12288:Gv6JdRr2eYmxXsR1QJrp3pkWJtbZU8JFtrymB:Gv6fRrmmxX7Fp3SKtb/JFwE

Score

N/A

Malware Config

Signatures

Files

300ddf94a52502a99c09cad65fbe15a12e7e34743ccac8e15006aa1a7fa52e30
.exe windows x86

cf54d88e7a2b747e1fd1b4902470014f

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:90:52:79:e0:05:2e:27:92:4a:79:bd:23:c0:0e:50
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/05/2012, 00:00

Not After

23/06/2015, 23:59

Subject

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operate,O=ShenZhen Thunder Networking Technologies Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:bc:07:21:a4:19:67:a8:e9:fe:67:a7:c9:7f:31:67:82:11:ae:af
Signer

Actual PE Digest

76:bc:07:21:a4:19:67:a8:e9:fe:67:a7:c9:7f:31:67:82:11:ae:af

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operate,O=ShenZhen Thunder Networking Technologies Ltd.,L=Shenzhen,ST=Guangdong,C=CN

22/10/2012, 08:10
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

MiniDumpReadDumpStream

ws2_32

closesocket
setsockopt
socket
connect
htons
gethostbyname
inet_addr
send
recv
WSAStartup
WSACleanup

minizip

zipClose
zipOpen
zipCloseFileInZip
zipWriteInFileInZip
zipOpenNewFileInZip

kernel32

CopyFileW
FindClose
FindNextFileW
FindFirstFileW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetProcAddress
GetModuleHandleW
InitializeCriticalSection
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
SetLastError
InterlockedIncrement
GlobalUnlock
GlobalLock
GlobalAlloc
OutputDebugStringW
SetErrorMode
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
FileTimeToLocalFileTime
ReadFile
FileTimeToDosDateTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetLastError
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
Sleep
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
InterlockedCompareExchange
WideCharToMultiByte
RaiseException
MultiByteToWideChar
lstrlenW
CloseHandle
MapViewOfFile
lstrlenA
InterlockedDecrement
CreateFileW
CreateFileMappingW

user32

LoadStringW
wsprintfW
UnregisterClassA
EndPaint
GetActiveWindow
MessageBeep
GetSystemMetrics
LoadImageW
LoadBitmapW
GetDlgItem
GetWindowTextW
EndDialog
EmptyClipboard
SetClipboardData
CloseClipboard
GetWindow
MonitorFromWindow
GetMonitorInfoW
OpenClipboard
MessageBoxW
SetDlgItemTextW
KillTimer
SetTimer
GetWindowTextLengthW
SetWindowTextW
SetCursor
ShowCursor
GetParent
MapWindowPoints
SendMessageW
IsWindowEnabled
GetCursorPos
SystemParametersInfoW
ShowWindow
GetWindowRect
SetWindowPos
GetDC
DrawTextW
ReleaseDC
CharNextW
BeginPaint
CallWindowProcW
GetClientRect
GetWindowLongW
InflateRect
GetSysColor
DestroyWindow
DefWindowProcW
DialogBoxParamW
IsWindow
InvalidateRect
SetWindowLongW
RegisterClassExW
RegisterClassExA
UnregisterClassW
LoadCursorW
GetClassInfoExW
LoadCursorA
GetClassInfoExA

gdi32

ExtSelectClipRgn
CreateRectRgnIndirect
GetWindowOrgEx
BitBlt
CreateCompatibleDC
OffsetWindowOrgEx
SetWindowOrgEx
SetTextColor
SetBkMode
GetStockObject
SelectObject
CreateFontIndirectW
DeleteObject
GetObjectW
ExtTextOutW
Rectangle
DeleteDC
SetBkColor

shell32

ShellExecuteW
SHCreateDirectoryExW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

RegisterTypeLi
UnRegisterTypeLi
SysStringLen
SysAllocString
SysAllocStringLen
VariantClear
SysFreeString

atl90

ord64
ord56
ord61
ord23
ord68
ord44
ord43
ord49

comctl32

InitCommonControlsEx
_TrackMouseEvent

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z

msvcr90

wcscpy
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
__CxxFrameHandler3
wcsftime
memset
??_V@YAXPAX@Z
strlen
tolower
fclose
_atoi64
wcslen
_snwprintf
_localtime64
free
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??3@YAXPAX@Z
fread
_wfopen
sprintf
atoi
strncmp
memcpy
_wstat64i32
memcmp
sprintf_s
swprintf_s
_recalloc
_purecall
_vswprintf
fwrite
_time64
wcsrchr
memmove_s
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_except_handler4_common
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
wcsncpy_s
_strupr
??0exception@std@@QAE@ABQBD@Z

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

\B�
Size: 238KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cf54d88e7a2b747e1fd1b4902470014f

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

40:90:52:79:e0:05:2e:27:92:4a:79:bd:23:c0:0e:50Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

76:bc:07:21:a4:19:67:a8:e9:fe:67:a7:c9:7f:31:67:82:11:ae:afSigner

Signature Validations

Verification

22/10/2012, 08:10 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

ws2_32

minizip

kernel32

user32

gdi32

shell32

ole32

oleaut32

atl90

comctl32

msvcp90

msvcr90

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 89KB - Virtual size: 89KB

\B� Size: 238KB - Virtual size: 240KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

40:90:52:79:e0:05:2e:27:92:4a:79:bd:23:c0:0e:50
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

76:bc:07:21:a4:19:67:a8:e9:fe:67:a7:c9:7f:31:67:82:11:ae:af
Signer

22/10/2012, 08:10
Valid: false

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 89KB - Virtual size: 89KB

\B�
Size: 238KB - Virtual size: 240KB