e817f6e6a0a2d5ca16118e319bd0eb56dfc4f73bdf5df60565637d8066abd017

Sharing

Copy URL Twitter E-mail

General

Target

e817f6e6a0a2d5ca16118e319bd0eb56dfc4f73bdf5df60565637d8066abd017
Size

495KB
MD5

06b05b2560c8225e160de88ab3dc6bce
SHA1

c35282741fcccd44e08c860512b3153b1f3d2621
SHA256

e817f6e6a0a2d5ca16118e319bd0eb56dfc4f73bdf5df60565637d8066abd017
SHA512

b8655602aa7b01829cc2bcafe1a1276430d9e4d200216014681c422370d4b793afed099a5f8960c0af2ebf568b535c4d1ee908c9e07f17759981c8ae948b9d87
SSDEEP

12288:IA16xJvqcQ3Y8TnqeogDWf0FmfgTbpvR:IA6xJyHY8WeooW8A4TbpvR

Score

N/A

Malware Config

Signatures

Files

e817f6e6a0a2d5ca16118e319bd0eb56dfc4f73bdf5df60565637d8066abd017
.exe windows x86

17812d5e632cdf8e369b2f3cc40abba6

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:41:51:e0:cf:fa:2c:95:13:07:ae:60:87:c2:80:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07/03/2013, 00:00

Not After

05/04/2016, 23:59

Subject

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=毒霸研发部,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:eb:f2:c5:88:4d:b7:02:e5:ff:88:c4:ff:74:b5:2f:8e:f3:92:e8
Signer

Actual PE Digest

7f:eb:f2:c5:88:4d:b7:02:e5:ff:88:c4:ff:74:b5:2f:8e:f3:92:e8

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Kingsoft Security Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=毒霸研发部,O=Kingsoft Security Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

27/02/2015, 09:04
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetPrivateProfileIntW
ExpandEnvironmentStringsW
GetFileAttributesW
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
SetFilePointer
DeleteCriticalSection
WaitForSingleObject
SetEvent
ResetEvent
CreateFileA
GetFileSize
InitializeCriticalSection
CreateEventW
WritePrivateProfileStringW
IsBadReadPtr
WritePrivateProfileStringA
InitializeCriticalSectionAndSpinCount
GetProcAddress
LoadLibraryW
FreeLibrary
GetLocalTime
CreatePipe
CreateProcessA
GetTempPathA
Process32FirstW
LoadResource
LockResource
SetConsoleCtrlHandler
WriteFile
GetCurrentThreadId
GetVersion
GetFileType
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FindResourceW
SetErrorMode
CreateToolhelp32Snapshot
CloseHandle
Process32NextW
FindResourceExW
SizeofResource
GetLastError
SetHandleInformation
GetModuleFileNameA
ReadFile
GetStdHandle
Sleep
SetLastError
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
RaiseException
FlushConsoleInputBuffer
GetVersionExA
LoadLibraryA

user32

GetDesktopWindow
wsprintfW
UnregisterClassA
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegEnumKeyExW

shell32

SHGetFolderPathA

ole32

CoCreateGuid

adbwinapi

AdbOpenDefaultBulkWriteEndpoint
AdbWriteEndpointSync
AdbGetEndpointInformation
AdbCreateInterfaceByName
AdbEnumInterfaces
AdbOpenDefaultBulkReadEndpoint
AdbReadEndpointSync
AdbGetInterfaceName
AdbGetUsbInterfaceDescriptor
AdbGetUsbDeviceDescriptor
AdbGetSerialNumber
AdbCloseHandle
AdbNextInterface

ws2_32

shutdown
send
WSACleanup
recv
bind
WSAEventSelect
socket
htons
closesocket
htonl
WSAEnumNetworkEvents
WSAGetLastError
WSAStartup
gethostbyname
setsockopt
accept
connect
listen
WSACreateEvent

shlwapi

PathRemoveFileSpecA
PathRemoveFileSpecW
PathFileExistsW
StrStrIA
PathIsDirectoryW
PathFileExistsA

msvcp80

?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z

msvcr80

_read
_access
_umask
_strdup
_unlink
_getcwd
_chmod
??3@YAXPAX@Z
wcsrchr
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??2@YAPAXI@Z
??0exception@std@@QAE@XZ
printf
??0exception@std@@QAE@ABQBD@Z
memcpy_s
fopen
??0exception@std@@QAE@ABV01@@Z
__iob_func
malloc
_errno
strerror
strtol
free
fprintf
getenv
strncmp
setvbuf
vfprintf
calloc
strpbrk
fflush
atoi
memmove_s
_snprintf
_wcsicmp
sscanf
exit
strncpy
strchr
_invalid_parameter_noinfo
_mkdir
fclose
_stat64i32
sprintf
strtoul
isalpha
isdigit
fwrite
strrchr
_beginthread
strncat
perror
_findfirst64i32
_mktime64
_findnext64i32
_findclose
_chdir
wcscat_s
wcsstr
wcsncmp
iswdigit
wcsncpy
??_V@YAXPAX@Z
_wcsnicmp
_wcslwr
_wcslwr_s
wcstol
realloc
fgets
strncpy_s
strncat_s
_vscwprintf
vswprintf_s
_wassert
memmove
memcpy
memset
ferror
fread
_setmode
_fileno
ftell
feof
fseek
memchr
_vsnprintf
abort
qsort
isspace
strcmp
_time64
isxdigit
fputs
signal
_getch
tolower
isupper
strstr
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CxxFrameHandler3
_invoke_watson
_controlfp_s
_stricmp
_getpid
_CxxThrowException

iphlpapi

GetAdaptersInfo

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 316KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

17812d5e632cdf8e369b2f3cc40abba6

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

55:41:51:e0:cf:fa:2c:95:13:07:ae:60:87:c2:80:52Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7f:eb:f2:c5:88:4d:b7:02:e5:ff:88:c4:ff:74:b5:2f:8e:f3:92:e8Signer

Signature Validations

Verification

27/02/2015, 09:04 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

adbwinapi

ws2_32

shlwapi

msvcp80

msvcr80

iphlpapi

Exports

Exports

Sections

.text Size: 316KB - Virtual size: 314KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 44KB - Virtual size: 128KB

.rsrc Size: 15KB - Virtual size: 15KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

55:41:51:e0:cf:fa:2c:95:13:07:ae:60:87:c2:80:52
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7f:eb:f2:c5:88:4d:b7:02:e5:ff:88:c4:ff:74:b5:2f:8e:f3:92:e8
Signer

27/02/2015, 09:04
Valid: false

.text
Size: 316KB - Virtual size: 314KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 44KB - Virtual size: 128KB

.rsrc
Size: 15KB - Virtual size: 15KB