50fedfc2c3fe9188168aac034e6e00829e5e48bd4eaf7ff338e7e9b848c6ac8e

Sharing

Copy URL Twitter E-mail

General

Target

50fedfc2c3fe9188168aac034e6e00829e5e48bd4eaf7ff338e7e9b848c6ac8e
Size

958KB
MD5

05e8683461a048da1c6112e437ef9d90
SHA1

af2a55616aee58053ee03693ca71768ce46e90d4
SHA256

50fedfc2c3fe9188168aac034e6e00829e5e48bd4eaf7ff338e7e9b848c6ac8e
SHA512

17316a5e5a915b0f0cc84b62d907f201e44aa1dba3ab6ecdd7fd4bc019ba9dda05441435c7c615e9161324d26d7b5351694b8b674ca55417c4b1bea88be29502
SSDEEP

24576:iSsOFQOLbSl9kT6gCjCb27P1tkBkBkBkS:cO3fSl9ACub27XEEEL

Score

N/A

Malware Config

Signatures

Files

50fedfc2c3fe9188168aac034e6e00829e5e48bd4eaf7ff338e7e9b848c6ac8e
.exe windows x86

ba36304fe482edb41b7ccbd5f36f8539

Code Sign

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

01/09/1998, 12:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:99:5f:f3:74:e7:ac:48:80:0b:98:e7:e0:7a:4a:03:c7
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

06/01/2015, 10:24

Not After

07/01/2016, 10:24

Subject

CN=北京悠然天地科技有限公司,O=北京悠然天地科技有限公司,L=北京,ST=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

df:f9:2f:07:b9:ac:48:5d:44:6e:ba:19:3d:1e:14:5f:4e:bb:65:c5
Signer

Actual PE Digest

df:f9:2f:07:b9:ac:48:5d:44:6e:ba:19:3d:1e:14:5f:4e:bb:65:c5

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=北京悠然天地科技有限公司,O=北京悠然天地科技有限公司,L=北京,ST=北京,C=CN

13/05/2015, 02:02
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
SetFileAttributesA
DeleteFileA
TerminateThread
LoadLibraryA
FreeLibrary
GetExitCodeProcess
Sleep
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
CreateEventA
LocalFree
CreateProcessA
WaitForSingleObject
CreateDirectoryA
GetModuleFileNameA
OpenProcess
TerminateProcess
GetLastError
CloseHandle
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetLocalTime
lstrlenA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetExitCodeThread
MulDiv
GetFileSize
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
HeapFree
RaiseException
RtlUnwind
HeapAlloc
GetSystemTimeAsFileTime
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
HeapSetInformation
GetStartupInfoW
LCMapStringW
GetCPInfo
IsProcessorFeaturePresent
HeapCreate
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
WriteFile
GetModuleFileNameW
HeapSize
GetLocaleInfoW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeW
HeapReAlloc
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
WriteConsoleW
SetStdHandle
CreateFileA
CreateFileW
SetEndOfFile
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
GetCurrentDirectoryA
LockResource
SizeofResource
FreeResource
LoadResource
FindResourceA
DuplicateHandle
SystemTimeToFileTime
DosDateTimeToFileTime
SetFileTime

user32

ReleaseCapture
GetCapture
UpdateLayeredWindow
GetWindowRect
IsRectEmpty
SetFocus
GetFocus
MapWindowPoints
EqualRect
GetUpdateRect
GetWindow
ScreenToClient
GetCursorPos
GetParent
OffsetRect
InflateRect
SetCursor
wvsprintfA
IsIconic
GetMonitorInfoA
MonitorFromWindow
IsZoomed
SetWindowRgn
MessageBoxA
EnableWindow
SetCapture
CallWindowProcA
GetPropA
SetPropA
IsWindowVisible
RegisterClassA
GetClassInfoExA
InvalidateRect
MoveWindow
IntersectRect
PtInRect
CharNextA
CreateCaret
HideCaret
ShowCaret
SetCaretPos
ClientToScreen
GetSysColor
CharPrevA
SetRect
RegisterWindowMessageA
GetWindowTextA
GetWindowTextLengthA
GetAsyncKeyState
SetWindowTextA
FillRect
InvalidateRgn
CreateAcceleratorTableA
SetWindowLongA
GetWindowLongA
SetWindowPos
GetClientRect
GetKeyState
IsWindow
GetDC
ReleaseDC
LoadAcceleratorsA
TranslateAcceleratorA
LoadIconA
LoadCursorA
RegisterClassExA
BeginPaint
EndPaint
PostMessageA
DefWindowProcA
DestroyWindow
DialogBoxParamA
SendMessageA
KillTimer
SetTimer
PostQuitMessage
MsgWaitForMultipleObjects
PeekMessageA
FindWindowA
GetWindowThreadProcessId
PostThreadMessageA
GetMessageA
TranslateMessage
DispatchMessageA
EndDialog
CreateWindowExA
ShowWindow
UpdateWindow

gdi32

GetStockObject
GetObjectA
CreateFontIndirectA
EnumFontFamiliesExA
Rectangle
DeleteObject
SelectObject
GetClipBox
CreateSolidBrush
SetBkMode
SetTextColor
SetBkColor
GetCharABCWidthsA
GetTextColor
CreateDCA
GetDIBits
GetDeviceCaps
CombineRgn
GetTextMetricsA
CreateRectRgnIndirect
ExtSelectClipRgn
SelectClipRgn
PtInRegion
ExcludeClipRect
CreateRoundRectRgn
SetWindowOrgEx
DeleteDC
CreatePen
CreateCompatibleDC
CreateDIBSection
SaveDC
RestoreDC
BitBlt

advapi32

ChangeServiceConfigA
QueryServiceStatus
OpenServiceA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorA
OpenSCManagerA
StartServiceA
CloseServiceHandle

shell32

SHChangeNotify
ShellExecuteExA
SHGetSpecialFolderLocation

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoCreateInstance

shlwapi

PathFileExistsA
PathRemoveFileSpecA

gdiplus

GdipCloneImage
GdipCloneBrush
GdipGetFontSize
GdipGetFamily
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdiplusStartup
GdiplusShutdown
GdipFree
GdipAlloc
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipDeleteBrush
GdipCreatePen1
GdipDeletePen
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCreatePath
GdipDeletePath
GdipDeleteGraphics
GdipDeleteRegion
GdipGetRegionBounds
GdipDeleteFontFamily
GdipDeleteFont
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateLineBrushI
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesColorKeys
GdipCreateSolidFill
GdipCreateLineBrushFromRectI
GdipSetPenDashStyle
GdipSetStringFormatFlags
GdipGetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatTrimming
GdipSetStringFormatMeasurableCharacterRanges
GdipGetStringFormatMeasurableCharacterRangeCount
GdipResetPath
GdipAddPathLineI
GdipAddPathArcI
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipDrawString
GdipMeasureString
GdipMeasureCharacterRanges
GdipDrawImageRectRectI
GdipSetClipRectI
GdipResetClip
GdipCreateRegion

oleaut32

VariantInit
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear

comctl32

_TrackMouseEvent
ord17

Sections

.text
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba36304fe482edb41b7ccbd5f36f8539

Code Sign

04:00:00:00:00:01:15:4b:5a:c3:94Certificate

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

11:21:99:5f:f3:74:e7:ac:48:80:0b:98:e7:e0:7a:4a:03:c7Certificate

Extended Key Usages

Key Usages

df:f9:2f:07:b9:ac:48:5d:44:6e:ba:19:3d:1e:14:5f:4e:bb:65:c5Signer

Signature Validations

Verification

13/05/2015, 02:02 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

gdiplus

oleaut32

comctl32

Sections

.text Size: 358KB - Virtual size: 358KB

.rdata Size: 79KB - Virtual size: 78KB

.data Size: 10KB - Virtual size: 19KB

.rsrc Size: 106KB - Virtual size: 106KB

.reloc Size: 31KB - Virtual size: 30KB

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

11:21:99:5f:f3:74:e7:ac:48:80:0b:98:e7:e0:7a:4a:03:c7
Certificate

df:f9:2f:07:b9:ac:48:5d:44:6e:ba:19:3d:1e:14:5f:4e:bb:65:c5
Signer

13/05/2015, 02:02
Valid: false

.text
Size: 358KB - Virtual size: 358KB

.rdata
Size: 79KB - Virtual size: 78KB

.data
Size: 10KB - Virtual size: 19KB

.rsrc
Size: 106KB - Virtual size: 106KB

.reloc
Size: 31KB - Virtual size: 30KB