67bb1d69a7ef5ad79bac02a36b5be31500ccf3a9aea0cf1f30561f6ec8310651

Sharing

Copy URL

Twitter E-mail

General

Target

67bb1d69a7ef5ad79bac02a36b5be31500ccf3a9aea0cf1f30561f6ec8310651
Size

564KB
MD5

4b852293aa592d446cc6af1ea769e11b
SHA1

524fee0d3c8e09ad879730bef270a8ff87d57426
SHA256

67bb1d69a7ef5ad79bac02a36b5be31500ccf3a9aea0cf1f30561f6ec8310651
SHA512

19266b286062b47c7d3669a081d4500239605650d8e8466599b710f99a159f17b421479f61026c2ae27af2d70b2854e2d17bc60a56d52abb703bea89e3d2f3ce
SSDEEP

12288:3FNEzdIM8H9Xi2StUEtKn1WmALT+67UC6IGzpPXdTsJWSfP+VAdQW+OQ7hQ:3FNfqUCl6jTaWS3ft+OQ7hQ

Score

N/A

Malware Config

Signatures

Files

67bb1d69a7ef5ad79bac02a36b5be31500ccf3a9aea0cf1f30561f6ec8310651
.exe windows x86

0246010b744ca5fb8ceeb17fc98c5888

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05-05-2015 00:00

Not After

31-12-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

55:52:97:5c:22:fd:2b:ca:ef:b8:f5:0b:28:06:ed:e2
Certificate

Issuer

CN=WoSign Class 2 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

01-07-2015 02:43

Not After

01-07-2016 02:43

Subject

CN=Yang Liwei,L=Shenyang,ST=Liaoning,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:e7:3b:77:32:8e:5c:a0:aa:57:f8:65:68:dc:f6:e8
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08-08-2009 01:00

Not After

08-08-2024 01:00

Subject

CN=WoSign Class 2 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:4f:b9:7f:ef:b6:e5:e7:8d:c3:7a:0d:63:3c:51:65:39:90:9a:1d
Signer

Actual PE Digest

21:4f:b9:7f:ef:b6:e5:e7:8d:c3:7a:0d:63:3c:51:65:39:90:9a:1d

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Yang Liwei,L=Shenyang,ST=Liaoning,C=CN

21-07-2015 09:45
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
ReadFile
CreateFileW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
OpenProcess
GetTickCount
WaitForSingleObject
CreateProcessW
GetProcAddress
LoadLibraryW
GetModuleHandleW
SetFileAttributesW
FindNextFileW
FindClose
lstrlenW
GetFileAttributesW
FindFirstFileW
GetVolumeInformationW
CloseHandle
DeviceIoControl
GetLastError
MultiByteToWideChar
GetVersionExW
GetCurrentProcess
SetPriorityClass
CreateFileA
GetTempPathW
LocalFree
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
GetStringTypeW
HeapFree
HeapReAlloc
GetSystemTimeAsFileTime
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineW
GetCPInfo
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
ExitProcess
GetModuleHandleExW
HeapSize
GetCurrentThreadId
GetStdHandle
GetModuleFileNameW
IsValidCodePage
GetACP
GetOEMCP
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
LoadLibraryExW
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW
FlushFileBuffers
SetEnvironmentVariableA
ReleaseMutex
SetFilePointer
CreateMutexW
OutputDebugStringA
ExpandEnvironmentStringsW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW

user32

MessageBoxW

advapi32

RegOpenCurrentUser
RegEnumKeyExW
RegQueryInfoKeyW
ConvertSidToStringSidW
RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation
GetUserNameW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

shlwapi

SHRegOpenUSKeyW
SHRegGetUSValueW
PathFindFileNameW
PathFileExistsW
PathAppendW
PathFindExtensionW
StrTrimW
SHRegCloseUSKey
SHRegSetUSValueW
StrChrW
StrRChrW
SHRegEnumUSKeyW

winmm

timeGetTime

Sections

.text
Size: 340KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0246010b744ca5fb8ceeb17fc98c5888

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

55:52:97:5c:22:fd:2b:ca:ef:b8:f5:0b:28:06:ed:e2Certificate

Extended Key Usages

Key Usages

25:e7:3b:77:32:8e:5c:a0:aa:57:f8:65:68:dc:f6:e8Certificate

Extended Key Usages

Key Usages

21:4f:b9:7f:ef:b6:e5:e7:8d:c3:7a:0d:63:3c:51:65:39:90:9a:1dSigner

Signature Validations

Verification

21-07-2015 09:45 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

winmm

Sections

.text Size: 340KB - Virtual size: 340KB

.rdata Size: 79KB - Virtual size: 79KB

.data Size: 10KB - Virtual size: 25KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 123KB - Virtual size: 123KB

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

55:52:97:5c:22:fd:2b:ca:ef:b8:f5:0b:28:06:ed:e2
Certificate

25:e7:3b:77:32:8e:5c:a0:aa:57:f8:65:68:dc:f6:e8
Certificate

21:4f:b9:7f:ef:b6:e5:e7:8d:c3:7a:0d:63:3c:51:65:39:90:9a:1d
Signer

21-07-2015 09:45
Valid: false

.text
Size: 340KB - Virtual size: 340KB

.rdata
Size: 79KB - Virtual size: 79KB

.data
Size: 10KB - Virtual size: 25KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 123KB - Virtual size: 123KB