dc51850eeedad6516bf556035870d760f1eb0d7c29e6cdd0c178c51f0810def1

Sharing

Copy URL Twitter E-mail

General

Target

dc51850eeedad6516bf556035870d760f1eb0d7c29e6cdd0c178c51f0810def1
Size

192KB
MD5

1705f3ccd9c9a569f00a6e63b588d3f0
SHA1

f30ffb875f8b3f86e41b6324f079b1b5f9250015
SHA256

dc51850eeedad6516bf556035870d760f1eb0d7c29e6cdd0c178c51f0810def1
SHA512

128ae96c0565fa7b486acb680be748ea77df1adfbb6291f274625bb6fd567dcdce0478c0f6d5382ea6c441c22006bdc76654aad9c19f1da07a5cdecf38acc295
SSDEEP

3072:xiULt2ABkPm97ff1+jnXs+zPMnGQlHUdWyNmsQhjWcmMU:ht2EkPm97f9+jnVzghsGNhjwB

Score

N/A

Malware Config

Signatures

Files

dc51850eeedad6516bf556035870d760f1eb0d7c29e6cdd0c178c51f0810def1
.exe windows x86

243530e35f55b6aca0e79b08305a9ad0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

70:d9:a6:4c:ff:b3:e1:f6:49:29:ef:fd:88:f4:7e:db
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/10/2012, 00:00

Not After

09/01/2016, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:ee:2e:5e:f2:2d:be:46:18:f3:1d:32:6c:94:a8:9b:09:a5:dc:50
Signer

Actual PE Digest

48:ee:2e:5e:f2:2d:be:46:18:f3:1d:32:6c:94:a8:9b:09:a5:dc:50

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

14/08/2013, 07:19
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord860
ord2822
ord927
ord2606
ord925
ord535
ord940
ord942
ord858
ord2910
ord5568
ord861
ord538
ord540
ord2810
ord800
ord823
ord825

msvcrt

wcslen
wcsncpy
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
memset
free
malloc
_wcsicmp
wcstoul
wcscpy
wcscmp
memcmp
_wtol
_wcsnicmp
wcsspn
wcscspn
_ftol
_wtoi
__CxxFrameHandler
strstr
sprintf
strlen
strcmp
memcpy
_initterm
_controlfp
__getmainargs
isspace
isalnum
_wcsdup
rand
iswdigit
strcpy
_acmdln
exit
_XcptFilter
strcat
strrchr
strncpy
__dllonexit
_onexit
_exit

kernel32

CreateThread
CloseHandle
MultiByteToWideChar
GetLastError
CreateFileW
WriteFile
GetTempFileNameW
GetTempPathW
WaitForSingleObject
CreateProcessW
OpenEventW
GetEnvironmentVariableW
CreateFileMappingW
CreateEventW
SetEvent
MapViewOfFile
UnmapViewOfFile
lstrlenA
lstrlenW
GetStartupInfoA
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
CreateFileA
DeviceIoControl
GetFileSize
DebugBreak
InterlockedDecrement
GetModuleFileNameW
OutputDebugStringW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CopyFileW
GetCurrentProcess
FlushInstructionCache
EnterCriticalSection
LeaveCriticalSection
DeleteFileW
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
WideCharToMultiByte
GetVersionExW
GetTickCount
GetCurrentThreadId
LoadLibraryW
GetProcAddress
FreeLibrary
SetLastError
CreateMutexW
OpenFileMappingW
ResetEvent

user32

FindWindowW
CharNextW
RegisterClassExW
LoadCursorW
UpdateWindow
ShowWindow
CreateWindowExW
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
wvsprintfW
IsWindow
GetClassInfoExW
wsprintfW
CallWindowProcW
GetWindowLongW
SetWindowLongW
PostMessageW
SetTimer
SendMessageW
KillTimer
DestroyWindow
PostQuitMessage
DefWindowProcW

advapi32

RegOpenKeyExW
RegEnumValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW

shell32

ShellExecuteExW
SHGetFolderPathW

ole32

CoTaskMemFree
CoInitialize
CreateBindCtx
CoUninitialize
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString

urlmon

RevokeBindStatusCallback
RegisterBindStatusCallback
CreateURLMoniker
URLDownloadToFileW

msvcp60

?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1_Winit@std@@QAE@XZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

wintrust

WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

wininet

HttpOpenRequestW
InternetOpenUrlW
InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle

shlwapi

StrStrIW
PathFileExistsW
StrCmpW
PathFindFileNameW
PathAppendW
PathRemoveFileSpecW

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

243530e35f55b6aca0e79b08305a9ad0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

70:d9:a6:4c:ff:b3:e1:f6:49:29:ef:fd:88:f4:7e:dbCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

48:ee:2e:5e:f2:2d:be:46:18:f3:1d:32:6c:94:a8:9b:09:a5:dc:50Signer

Signature Validations

Verification

14/08/2013, 07:19 Valid: false

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

urlmon

msvcp60

wintrust

crypt32

wininet

shlwapi

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 88KB - Virtual size: 88KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

70:d9:a6:4c:ff:b3:e1:f6:49:29:ef:fd:88:f4:7e:db
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

48:ee:2e:5e:f2:2d:be:46:18:f3:1d:32:6c:94:a8:9b:09:a5:dc:50
Signer

14/08/2013, 07:19
Valid: false

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 88KB - Virtual size: 88KB