b3d8b6d3804804aab2484bd160ccb9a55603ef598ca66c5bc36003f237512894

Sharing

Copy URL Twitter E-mail

General

Target

b3d8b6d3804804aab2484bd160ccb9a55603ef598ca66c5bc36003f237512894
Size

221KB
MD5

80f4dc8436c59fc40bef83d90b6d8e50
SHA1

8012e030a761d1a22a18712318975c37943fca32
SHA256

b3d8b6d3804804aab2484bd160ccb9a55603ef598ca66c5bc36003f237512894
SHA512

d3e3d5eb10b80cb9d892fcf30e4719f2aae838c6cc2dcddb8ad199c40610b7269feee9d37427ed79839d2ba65c9bfb32f95d7267de32295bd16a4f4045bcc28f
SSDEEP

3072:72H52JhFIsDHpD+juZ1AUbRtX0ojlSTBfhCHit3to58Jz9m7M:k2xbiUFbRe2lSTBpDtiBM

Score

N/A

Malware Config

Signatures

Files

b3d8b6d3804804aab2484bd160ccb9a55603ef598ca66c5bc36003f237512894
.exe windows x86

544598288a7ca2b4da96495e091cd014

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/07/2009, 00:00

Not After

30/07/2012, 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExW

dbghelp

SymGetOptions
SymSetOptions
StackWalk
SymGetModuleInfo
SymFunctionTableAccess
SymInitialize
SymLoadModule

wininet

InternetCrackUrlW
InternetCloseHandle
InternetOpenA
InternetSetOptionA
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA

kernel32

GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LocalFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
CloseHandle
WaitForSingleObject
WideCharToMultiByte
lstrlenW
RaiseException
GetLastError
InterlockedDecrement
lstrcmpiW
SetEvent
CreateThread
CreateEventW
GetModuleFileNameW
InterlockedIncrement
lstrlenA
DebugBreak
OutputDebugStringW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
Sleep
GetCurrentThreadId
GetCommandLineW
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetModuleFileNameA
VirtualQueryEx
UnmapViewOfFile
FlushInstructionCache
GetCurrentProcess
MapViewOfFile
CreateFileMappingW
OpenThread
CreateFileW
DeleteFileW
GetTempPathW
InterlockedExchange
WriteFile
ReadFile
GetFileSize
GlobalFree
GlobalAlloc
GetCurrentProcessId
GetVersionExW
SetFilePointer
GetShortPathNameW
FindClose
FindFirstFileW
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetStartupInfoW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
SetStdHandle
GetTimeZoneInformation
CreateFileA
WriteConsoleA
HeapDestroy
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapCreate
SetLastError
GetFullPathNameW
GetCurrentDirectoryA
LCMapStringA

user32

CharLowerBuffW
LoadImageW
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
SendMessageW
GetDlgItem
ShowWindow
GetWindowLongW
GetActiveWindow
DestroyWindow
EndDialog
DialogBoxParamW
LoadStringW
SetWindowLongW
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
PostThreadMessageW
GetSystemMetrics
UnregisterClassA

advapi32

RegOpenKeyW
RegQueryValueExW
RegCreateKeyW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHGetFolderPathW
ShellExecuteExW

ole32

CoInitialize
CoUninitialize
StringFromGUID2
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
VarUI4FromStr

shlwapi

PathFileExistsW
StrCmpNIW

Sections

.text
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

544598288a7ca2b4da96495e091cd014

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8dCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

psapi

dbghelp

wininet

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 140KB - Virtual size: 138KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 24KB - Virtual size: 20KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

.text
Size: 140KB - Virtual size: 138KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 24KB - Virtual size: 20KB