737f76cef188d120d61bc7895dcc298273fc5263f72d92532ec2e750231b8bdb

Sharing

Copy URL

Twitter E-mail

General

Target

737f76cef188d120d61bc7895dcc298273fc5263f72d92532ec2e750231b8bdb
Size

345KB
MD5

907f64e761c14a8b46fb3ac648de98a0
SHA1

f2a687ed0b3a222c49e44065919fa69c0c72b1cb
SHA256

737f76cef188d120d61bc7895dcc298273fc5263f72d92532ec2e750231b8bdb
SHA512

852b5f44f150409bec95e7611501abfb54938ea993d85ec49a9c60f30121115ceaae68d264bacc3173e02eaf3e46486e59da90fc788035477359943ef899d3d5
SSDEEP

6144:mC1MOka6qkfIs5+kyz0+cRR/WQOda++OAexSz5:mC11WfjOZdaiAeIz

Score

N/A

Malware Config

Signatures

Files

737f76cef188d120d61bc7895dcc298273fc5263f72d92532ec2e750231b8bdb
.exe windows x64

9cb2af2716db50a4dbe0548f4ce9d1ef

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:ea:45:6d:d0:a9:c3:b3:a0:dd:7b:d8:60:de:0b:55
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

27-07-2009 00:00

Not After

29-07-2012 23:59

Subject

CN=HUAWEI Technologies Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=HUAWEI Technologies Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ae:80:84:1b:25:97:a3:53:12:b0:71:a6:66:df:6b:68:b9:61:39:a9
Signer

Actual PE Digest

ae:80:84:1b:25:97:a3:53:12:b0:71:a6:66:df:6b:68:b9:61:39:a9

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=HUAWEI Technologies Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=HUAWEI Technologies Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN

14-03-2011 15:27
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathFileExistsW
PathFileExistsA
PathAppendA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ws2_32

htonl
htons

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

setupapi

CM_Get_Parent
SetupDiCallClassInstaller
CM_Get_Device_IDA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
CM_Reenumerate_DevNode
CM_Locate_DevNodeA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstallParamsA

kernel32

GetProcessHeap
Sleep
CreateProcessA
CreateToolhelp32Snapshot
Process32First
ProcessIdToSessionId
Process32Next
OpenProcess
VerSetConditionMask
VerifyVersionInfoA
GetFileAttributesW
SetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
CreateDirectoryW
CopyFileW
FindClose
CreateDirectoryA
RemoveDirectoryW
GetDiskFreeSpaceA
GetLogicalDriveStringsA
GetDriveTypeA
Process32FirstW
Process32NextW
DeviceIoControl
GetCommandLineA
GetCommandLineW
LocalFree
lstrcmpiA
OutputDebugStringA
CreateSemaphoreA
SetEvent
LocalAlloc
SetConsoleCtrlHandler
GetExitCodeProcess
CreateEventA
CreateThread
GetTickCount
WaitForMultipleObjects
ResetEvent
FindFirstFileA
GetPrivateProfileStringA
TerminateProcess
GetLocalTime
GetTempPathA
GetFileSize
DeleteFileA
GetFileAttributesA
SetFileAttributesA
CopyFileA
Thread32First
Thread32Next
GetVolumeNameForVolumeMountPointA
lstrlenA
FindNextFileA
GetWindowsDirectoryA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ReadFile
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
DeleteCriticalSection
SetLastError
GetCurrentProcess
HeapFree
HeapAlloc
LoadLibraryA
CreateFileA
FreeLibrary
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
WaitForSingleObject
CloseHandle
GetLastError
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
SetEndOfFile
GetCurrentThreadId
GetFileType
SetHandleCount
LeaveCriticalSection
EnterCriticalSection
HeapSize
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapReAlloc
GetStartupInfoA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapSetInformation
HeapCreate
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
EncodePointer
DecodePointer

user32

CharNextA
GetMessageA
DispatchMessageA
UnregisterDeviceNotification
PostThreadMessageA
RegisterDeviceNotificationA
wsprintfA

advapi32

RegCreateKeyExA
GetUserNameA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
QueryServiceStatus
UnlockServiceDatabase
ChangeServiceConfigA
QueryServiceLockStatusA
LockServiceDatabase
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
SetServiceStatus
CloseServiceHandle
DeleteService
ControlService
StartServiceA
ChangeServiceConfig2A
CreateServiceA
QueryServiceConfigA
OpenServiceA
OpenSCManagerA
CreateProcessAsUserA
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueA
ConvertStringSecurityDescriptorToSecurityDescriptorA

shell32

ShellExecuteA
CommandLineToArgvW
SHCreateDirectoryExA
SHGetFolderPathA

Sections

.text
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cb2af2716db50a4dbe0548f4ce9d1ef

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

78:ea:45:6d:d0:a9:c3:b3:a0:dd:7b:d8:60:de:0b:55Certificate

Extended Key Usages

Key Usages

ae:80:84:1b:25:97:a3:53:12:b0:71:a6:66:df:6b:68:b9:61:39:a9Signer

Signature Validations

Verification

14-03-2011 15:27 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

version

ws2_32

userenv

setupapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 219KB - Virtual size: 219KB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 8KB - Virtual size: 16KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 2KB - Virtual size: 1KB

� Size: 2KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

78:ea:45:6d:d0:a9:c3:b3:a0:dd:7b:d8:60:de:0b:55
Certificate

ae:80:84:1b:25:97:a3:53:12:b0:71:a6:66:df:6b:68:b9:61:39:a9
Signer

14-03-2011 15:27
Valid: false

.text
Size: 219KB - Virtual size: 219KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 8KB - Virtual size: 16KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 2KB - Virtual size: 1KB

�
Size: 2KB - Virtual size: 1KB