278ed472e21a97ec93326d9f155b8a61b9fc648f13a5d43f2702d098b0f68c50

Sharing

Copy URL Twitter E-mail

General

Target

278ed472e21a97ec93326d9f155b8a61b9fc648f13a5d43f2702d098b0f68c50
Size

544KB
MD5

015bfa98370944eeaeca193d0ddb75c0
SHA1

4269f8a861c783a58ff9dfae46e33ecf25b2d6fa
SHA256

278ed472e21a97ec93326d9f155b8a61b9fc648f13a5d43f2702d098b0f68c50
SHA512

5bcd99fa5b920aa841b6da9c5522ec9491617a94d388fd78b1d52bb37d2daf9c6f5cc90c2fd4466206a160b09e00fdbd98399558a71ef2f4e0be31f243527c80
SSDEEP

12288:6WDeybB0jYkRPE/9ARrU+eGeXLwMRGM4h/qofip:bDeMB0MeEqRneG0LwMRGJ/qof2

Score

N/A

Malware Config

Signatures

Files

278ed472e21a97ec93326d9f155b8a61b9fc648f13a5d43f2702d098b0f68c50
.dll windows x86

94fbc30b7cf7a0a7fda8aa8a223b6979

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:bc:3a:51:b5:89:e5:af:43:29:1d:f8:4e:a4:c5:71
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/12/2011, 00:00

Not After

25/12/2014, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Kingsoft Security software Co.\,Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b3:8f:9f:b3:28:b9:fd:3e:3c:91:4c:80:16:49:e2:ea:b0:90:01:80
Signer

Actual PE Digest

b3:8f:9f:b3:28:b9:fd:3e:3c:91:4c:80:16:49:e2:ea:b0:90:01:80

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Kingsoft Security software Co.\,Ltd,L=beijing,ST=beijing,C=CN

24/06/2014, 01:43
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDriveStringsW
GetDriveTypeW
GetCurrentThreadId
WaitForMultipleObjects
CreateProcessW
FreeLibrary
GetLogicalDrives
GetLocalTime
LoadLibraryW
GlobalDeleteAtom
TerminateThread
GlobalGetAtomNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
LocalFree
DeleteFileW
MoveFileExW
SetEndOfFile
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateFileA
SetFileAttributesA
DeleteFileA
MoveFileA
GetModuleFileNameA
GetPrivateProfileIntA
CreateDirectoryA
ProcessIdToSessionId
OpenProcess
SetFilePointer
FindFirstFileW
FindNextFileW
FindClose
GetFileTime
FileTimeToSystemTime
GetCurrentDirectoryW
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
UnmapViewOfFile
SetLastError
Sleep
CompareFileTime
GetPrivateProfileStringW
WritePrivateProfileStringW
VirtualProtect
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetCurrentProcess
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
GetCurrentDirectoryA
GetFullPathNameA
FlushFileBuffers
GetStringTypeW
GetProcAddress
GetModuleHandleW
GetSystemInfo
GetVersionExW
WriteFile
CreateDirectoryW
ReadFile
GetFileSize
SetEvent
WaitForSingleObject
OpenEventW
lstrlenA
GetLastError
lstrlenW
GetSystemTime
CloseHandle
DeviceIoControl
CreateFileW
GetCurrentProcessId
GetTickCount
CreateThread
WideCharToMultiByte
CreateEventW
MultiByteToWideChar
DisableThreadLibraryCalls
SizeofResource
FindResourceW
RaiseException
GetFileAttributesW
GetModuleFileNameW
FindResourceExW
LoadResource
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStdHandle
ExitProcess
TlsFree
TlsSetValue
VirtualQuery
TlsAlloc
TlsGetValue
GetModuleHandleA
IsValidCodePage
GetOEMCP
VirtualAlloc
VirtualFree
HeapCreate
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ExitThread
GetSystemTimeAsFileTime
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
InterlockedDecrement
InterlockedIncrement
GetThreadLocale
GetLocaleInfoA
GetACP
WriteConsoleW
LockResource
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA

user32

GetCursorPos
GetLastInputInfo
RegisterWindowMessageW
wsprintfW
wsprintfA
UnregisterClassA
GetSystemMetrics
DefWindowProcW
LoadCursorW
LoadIconW
RegisterClassW
CreateWindowExW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
FindWindowW
IsWindow
SendMessageW
GetWindowThreadProcessId
WindowFromPoint

gdi32

GetStockObject

advapi32

RegDeleteValueW
GetTokenInformation
RevertToSelf
OpenProcessToken
RegSetValueExW
RegQueryValueExA
RegEnumKeyExW
CreateProcessAsUserW
ImpersonateLoggedOnUser
DuplicateTokenEx
CloseServiceHandle
EnumServicesStatusExW
OpenSCManagerW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyW
RegOpenKeyExA

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantTimeToSystemTime
SysFreeString
SystemTimeToVariantTime

shlwapi

PathRemoveFileSpecW
StrToIntW
PathFileExistsW
PathFindFileNameA
PathRemoveExtensionA
PathRemoveFileSpecA
SHEnumKeyExW
PathIsDirectoryW
PathAppendW
PathAddBackslashW

ws2_32

htons
WSAEventSelect
WSASetEvent
ioctlsocket
select
__WSAFDIsSet
getaddrinfo
freeaddrinfo
WSASetLastError
socket
connect
setsockopt
getpeername
WSACleanup
WSAStartup
getsockopt
WSAGetLastError
recv
send
getsockname
closesocket
WSACreateEvent
WSARecv
WSAGetOverlappedResult
ntohs
bind
WSACloseEvent
WSASocketW
gethostname
WSAConnect
gethostbyname
WSAEnumNetworkEvents
WSAResetEvent
WSASend

iphlpapi

GetAdaptersInfo

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo

userenv

CreateEnvironmentBlock

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

KCYGetClassObject

Sections

.text
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94fbc30b7cf7a0a7fda8aa8a223b6979

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

07:bc:3a:51:b5:89:e5:af:43:29:1d:f8:4e:a4:c5:71Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

b3:8f:9f:b3:28:b9:fd:3e:3c:91:4c:80:16:49:e2:ea:b0:90:01:80Signer

Signature Validations

Verification

24/06/2014, 01:43 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

iphlpapi

setupapi

userenv

version

Exports

Exports

Sections

.text Size: 356KB - Virtual size: 355KB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 10KB - Virtual size: 19KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 20KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

07:bc:3a:51:b5:89:e5:af:43:29:1d:f8:4e:a4:c5:71
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

b3:8f:9f:b3:28:b9:fd:3e:3c:91:4c:80:16:49:e2:ea:b0:90:01:80
Signer

24/06/2014, 01:43
Valid: false

.text
Size: 356KB - Virtual size: 355KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 10KB - Virtual size: 19KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 20KB