e97a069a2ca8b86b10894eaad203fc2d57e9dcfe7db0a20b9ca09fcb64dcd391

Sharing

Copy URL Twitter E-mail

General

Target

e97a069a2ca8b86b10894eaad203fc2d57e9dcfe7db0a20b9ca09fcb64dcd391
Size

3.7MB
MD5

e0fc94cf8bac862abf26a51401df5512
SHA1

9ecfb0c9c4c36b595af4de13789d04632a1de179
SHA256

e97a069a2ca8b86b10894eaad203fc2d57e9dcfe7db0a20b9ca09fcb64dcd391
SHA512

96e6f7f76e8d3d6e1d95cda27c443b7d731f1bef0822e7a825c8cf4e6233ba02891b28c0a60b4443feca5b057fc40133e47ca8b58c0adc90e2a49e3a5bd8a881
SSDEEP

98304:1Y+y8UDASzt4GzSLeTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE:uP8U9Jle9Tkb

Score

N/A

Malware Config

Signatures

Files

e97a069a2ca8b86b10894eaad203fc2d57e9dcfe7db0a20b9ca09fcb64dcd391
.exe windows x86

f83206a4788c04fc39772a1fde8245f3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

29:0e:9c:c9:95:35:d9:de:6f:80:e9:a4:54:c7:5d:64
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23/10/2010, 00:00

Not After

26/11/2012, 23:59

Subject

CN=ALIKET SOFTWARE CO.\, LTD.,OU=Secure Application Development,O=ALIKET SOFTWARE CO.\, LTD.,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bd:87:56:c3:40:7c:cb:ee:de:06:2a:e4:8c:d9:cc:51:42:11:11:db
Signer

Actual PE Digest

bd:87:56:c3:40:7c:cb:ee:de:06:2a:e4:8c:d9:cc:51:42:11:11:db

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ALIKET SOFTWARE CO.\, LTD.,OU=Secure Application Development,O=ALIKET SOFTWARE CO.\, LTD.,L=BEIJING,ST=BEIJING,C=CN

29/07/2011, 01:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetStdHandle
GetFileType
ExitProcess
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
InterlockedIncrement
VirtualFree
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetOEMCP
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
GetDriveTypeA
CreateFileA
SetEnvironmentVariableA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
GetFileTime
GetFileAttributesW
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
LocalAlloc
InitializeCriticalSection
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
RaiseException
FormatMessageW
LocalFree
InterlockedDecrement
FindFirstFileW
FindNextFileW
FindClose
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
GetModuleHandleA
GlobalFree
FreeResource
SetFilePointer
ReadFile
lstrlenA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileInformationByHandle
GetLocalTime
GetPrivateProfileIntW
WritePrivateProfileStringW
WinExec
lstrlenW
lstrcatW
MulDiv
GetVersionExW
GetCurrentProcess
SetPriorityClass
lstrcpyW
DeviceIoControl
GetModuleFileNameW
WriteFile
GetPrivateProfileStringW
CreateMutexW
MultiByteToWideChar
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
ResetEvent
GetACP
WaitForMultipleObjects
DeleteCriticalSection
FreeLibrary
GetTickCount
CreateDirectoryW
InitializeCriticalSectionAndSpinCount
TerminateThread
Sleep
GetExitCodeThread
CreateThread
GlobalUnlock
GlobalLock
GlobalAlloc
CloseHandle
GetFileSize
CreateFileW
DeleteFileW
RemoveDirectoryW
WaitForSingleObject
CreateEventW
SetEvent
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetLastError
FindResourceW
LoadResource
LockResource
HeapCreate
SizeofResource

user32

PostThreadMessageW
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
CharUpperW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuState
DestroyMenu
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
RegisterClipboardFormatW
DefWindowProcW
CallWindowProcW
IntersectRect
SystemParametersInfoA
GetWindowPlacement
SetWindowPos
ShowWindow
MoveWindow
GetDlgCtrlID
IsDialogMessageW
SendDlgItemMessageW
GetDlgItemInt
GetWindowTextLengthW
GetWindowTextW
GetWindow
SetFocus
EndPaint
BeginPaint
ScreenToClient
GrayStringW
DrawTextExW
TabbedTextOutW
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
WindowFromPoint
GetWindowRgn
IsWindow
IsWindowVisible
DrawFocusRect
DrawTextW
GetKeyState
AppendMenuW
GetMenuItemID
GetMenuItemInfoW
GetSubMenu
GetMenuItemCount
OffsetRect
DrawIconEx
DrawEdge
SystemParametersInfoW
MessageBeep
LoadCursorW
SetCursor
InflateRect
GetWindowDC
GetSysColor
LoadImageW
GetWindowLongW
GetNextDlgGroupItem
CharNextW
InvalidateRgn
IsRectEmpty
SetWindowLongW
SetWindowRgn
SetWindowTextW
CopyAcceleratorTableW
UnregisterClassW
GetSysColorBrush
GetWindowThreadProcessId
GetMessageW
PostQuitMessage
MessageBoxW
GetClipboardData
SendMessageTimeoutW
PostMessageW
FindWindowW
GetParent
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetFocus
UpdateWindow
ReleaseDC
GetDC
EnableWindow
FillRect
CopyRect
LoadBitmapW
GetCursorPos
KillTimer
ReleaseCapture
SetTimer
PtInRect
GetWindowRect
SetCapture
ClientToScreen
SetForegroundWindow
CreatePopupMenu
DrawIcon
GetSystemMetrics
SendMessageW
IsIconic
InvalidateRect
GetClientRect
SetRect
LoadIconW
DestroyIcon
UnregisterClassA

gdi32

RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
PtVisible
GetDeviceCaps
CreatePen
CreateRectRgnIndirect
GetMapMode
GetRgnBox
GetBkColor
GetClipBox
SetMapMode
GetWindowExtEx
GetViewportExtEx
MoveToEx
LineTo
GetObjectW
SetStretchBltMode
SetBkMode
RestoreDC
SaveDC
FrameRgn
FillRgn
PathToRegion
EndPath
Polygon
BeginPath
OffsetRgn
CreateRoundRectRgn
DeleteDC
SetTextColor
SetBkColor
CreateDIBitmap
PatBlt
CreateBitmap
GetTextColor
DeleteObject
Rectangle
SelectObject
CreateFontW
GetStockObject
SetPixel
GetNearestColor
CombineRgn
GetPixel
CreateRectRgn
GetTextExtentPoint32W
StretchBlt
CreateFontIndirectW
CreateSolidBrush
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegSetValueExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathIsUNCW
PathFindExtensionW
UrlUnescapeW
PathFileExistsW
PathStripToRootW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

OleFlushClipboard
CoRevokeClassObject
OleIsCurrentClipboard
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter

oleaut32

OleCreateFontIndirect
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
SystemTimeToVariantTime
VariantTimeToSystemTime
LoadRegTypeLi
DispCallFunc
VariantCopy
SysStringLen
VariantChangeType
SysAllocStringLen
SysAllocString
SysFreeString
OleCreatePictureIndirect
VariantClear
VariantInit

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetCloseHandle
HttpOpenRequestW
InternetConnectW
FtpOpenFileW
HttpSendRequestW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
HttpQueryInfoW
InternetQueryDataAvailable
InternetSetOptionExW
InternetCrackUrlW
InternetReadFile
InternetOpenUrlW
InternetCanonicalizeUrlW
InternetGetConnectedState
InternetOpenW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 916KB - Virtual size: 912KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f83206a4788c04fc39772a1fde8245f3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

29:0e:9c:c9:95:35:d9:de:6f:80:e9:a4:54:c7:5d:64Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

bd:87:56:c3:40:7c:cb:ee:de:06:2a:e4:8c:d9:cc:51:42:11:11:dbSigner

Signature Validations

Verification

29/07/2011, 01:54 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

version

wininet

iphlpapi

Sections

.text Size: 916KB - Virtual size: 912KB

.rdata Size: 220KB - Virtual size: 219KB

.data Size: 16KB - Virtual size: 36KB

.rsrc Size: 2.6MB - Virtual size: 2.6MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

29:0e:9c:c9:95:35:d9:de:6f:80:e9:a4:54:c7:5d:64
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

bd:87:56:c3:40:7c:cb:ee:de:06:2a:e4:8c:d9:cc:51:42:11:11:db
Signer

29/07/2011, 01:54
Valid: false

.text
Size: 916KB - Virtual size: 912KB

.rdata
Size: 220KB - Virtual size: 219KB

.data
Size: 16KB - Virtual size: 36KB

.rsrc
Size: 2.6MB - Virtual size: 2.6MB