fb4c3a586906133de8f64970f2403ab344890be8e545887448e5bb8baca11f39

Sharing

Copy URL Twitter E-mail

General

Target

fb4c3a586906133de8f64970f2403ab344890be8e545887448e5bb8baca11f39
Size

359KB
MD5

a39af863587127263d20ab5b278e8150
SHA1

6132a592c31fe81e84b86348ac51bab884bfd8e2
SHA256

fb4c3a586906133de8f64970f2403ab344890be8e545887448e5bb8baca11f39
SHA512

8bc527d39e3ce9a55562d9fd3adb805bddeccbb762e5d827766198045a47be6b3ab105faf4f4a8f8523d44c15a94df7940679ff12cb92c9d1c0daa9cefd4fd5f
SSDEEP

6144:gZZleeuE1r1BW1RL/wgWvresuqhAIEbECbTBqaP1zkKGH4wGZeH:gZHF6RLDWzLuOAIEtTsaPe

Score

N/A

Malware Config

Signatures

Files

fb4c3a586906133de8f64970f2403ab344890be8e545887448e5bb8baca11f39
.exe windows x86

cf95fcd3ae644e0c2516c3598ba59d2f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3c:36:98:0e:a5:fe:ee:28:c0:f9:fe:f4:60:ad:7c:82:34:a8:e5:a8
Signer

Actual PE Digest

3c:36:98:0e:a5:fe:ee:28:c0:f9:fe:f4:60:ad:7c:82:34:a8:e5:a8

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

23/04/2010, 03:06
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringW
ResetEvent
CreateEventW
GlobalFree
ResumeThread
SetEvent
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
GetPrivateProfileSectionNamesW
FormatMessageW
SetFilePointer
RaiseException
lstrlenW
LeaveCriticalSection
MultiByteToWideChar
GetCurrentThreadId
InterlockedIncrement
CreateMutexW
lstrcmpiW
ReadFile
GetFileSize
GlobalLock
GlobalAlloc
GetDiskFreeSpaceExW
GlobalUnlock
IsBadWritePtr
GetFileAttributesW
GetSystemTimeAdjustment
lstrcmpW
MoveFileW
GetLocalTime
RemoveDirectoryW
SetFileAttributesW
FindClose
FindFirstFileW
CreateDirectoryW
GetVersionExW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
HeapDestroy
HeapSize
GetModuleFileNameA
GetStdHandle
SetLastError
MulDiv
GetTickCount
WritePrivateProfileStringW
DeleteFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
FlushInstructionCache
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
InterlockedDecrement
LoadLibraryExW
GetModuleFileNameW
EnterCriticalSection
GetModuleHandleW
CloseHandle
WriteFile
GetLastError
CreateFileW
FreeResource
SizeofResource
LockResource
LoadResource
Sleep
FindResourceW
ExitProcess
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetCPInfo
RtlUnwind
GetStartupInfoW
GetSystemTimeAsFileTime
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WideCharToMultiByte
CopyFileW
GetTempPathW
WaitForSingleObject
CreateProcessW
CreateFileA
GetVersionExA

user32

LoadStringW
CharNextW
GetActiveWindow
DestroyWindow
DefWindowProcW
MessageBoxW
CreateWindowExW
SendMessageW
GetClientRect
UpdateWindow
ExitWindowsEx
PeekMessageW
DispatchMessageW
DrawTextW
TranslateMessage
SetRect
GetUpdateRect
PtInRect
SetCursor
OffsetRect
GetCapture
GetDlgCtrlID
IsWindowEnabled
GetCursorPos
SetRectEmpty
DrawFocusRect
ClientToScreen
KillTimer
GetClassInfoExW
ScreenToClient
RegisterWindowMessageW
GetWindowTextLengthW
DestroyAcceleratorTable
GetSysColor
SetTimer
RegisterClassExW
InvalidateRect
LoadCursorW
EnableMenuItem
SetCapture
GetSystemMenu
GetWindowTextW
IsChild
GetClassNameW
ReleaseCapture
GetFocus
SetFocus
BeginPaint
InvalidateRgn
FillRect
EndPaint
CreateAcceleratorTableW
GetDesktopWindow
RedrawWindow
GetDC
PostQuitMessage
ReleaseDC
PostMessageW
EnableWindow
GetDlgItemTextW
IsWindow
SetDlgItemTextW
SystemParametersInfoW
GetWindowRect
MapWindowPoints
MoveWindow
GetWindowLongW
GetWindow
CallWindowProcW
SetWindowLongW
GetParent
SetWindowTextW
GetDlgItem
LoadImageW
SetWindowPos
GetSystemMetrics
ShowWindow
UnregisterClassA

gdi32

CreateFontW
GetDeviceCaps
CreateCompatibleBitmap
SetViewportOrgEx
DeleteObject
CreateFontIndirectW
GetObjectW
SelectObject
SetTextColor
CreateSolidBrush
SetBkMode
CreateCompatibleDC
BitBlt
DeleteDC
GetStockObject

advapi32

RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
OpenProcessToken

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW

ole32

CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoGetClassObject
StringFromGUID2
CoUninitialize
CLSIDFromString
OleLockRunning
OleInitialize
OleUninitialize
CoCreateInstance
CoTaskMemAlloc
CLSIDFromProgID
CreateStreamOnHGlobal

oleaut32

OleCreateFontIndirect
SysStringLen
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringByteLen
SysAllocStringLen
SysAllocString
VariantInit
OleLoadPicture
VariantClear
SysFreeString

shlwapi

PathFileExistsW
PathIsRootW

comctl32

InitCommonControlsEx
DestroyPropertySheetPage
CreatePropertySheetPageW
_TrackMouseEvent
PropertySheetW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cf95fcd3ae644e0c2516c3598ba59d2f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1bCertificate

Extended Key Usages

Key Usages

3c:36:98:0e:a5:fe:ee:28:c0:f9:fe:f4:60:ad:7c:82:34:a8:e5:a8Signer

Signature Validations

Verification

23/04/2010, 03:06 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

Sections

.text Size: 204KB - Virtual size: 203KB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 81KB - Virtual size: 84KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

3c:36:98:0e:a5:fe:ee:28:c0:f9:fe:f4:60:ad:7c:82:34:a8:e5:a8
Signer

23/04/2010, 03:06
Valid: false

.text
Size: 204KB - Virtual size: 203KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 81KB - Virtual size: 84KB