bdaac9420a168f7668740312751cb05b4930aa51f382197252968443266f9802

Sharing

Copy URL Twitter E-mail

General

Target

bdaac9420a168f7668740312751cb05b4930aa51f382197252968443266f9802
Size

248KB
MD5

49aa344db21a12d48bb5dd046781bd50
SHA1

2f38aca00a5867275ca1abc615646b94cba22233
SHA256

bdaac9420a168f7668740312751cb05b4930aa51f382197252968443266f9802
SHA512

61351eeb783abd15d1cf4a0153a3baa8fd571b70a4d73bf698cefea61ac0173fe3e398cb93e1cafe1ed070dd91d593ec7a0264270392cde5dfce6761b64aec59
SSDEEP

6144:WTd5bUwDqZM0lxTfAqj4ROymqu2YZy6pAp+0dTmQl:WTXbUwDqm0DA/voymP4V

Score

N/A

Malware Config

Signatures

Files

bdaac9420a168f7668740312751cb05b4930aa51f382197252968443266f9802
.exe windows x86

b9708a17d598d47ba64a7e2ec45e2720

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

66:38:13:71:08:6f:a9:e4:4f:ce:46:bc:75:80:57:fb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

12/01/2010, 00:00

Not After

11/01/2013, 23:59

Subject

CN=Shanghai Giant Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanghai Giant Network Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
SetLastError
MultiByteToWideChar
LoadResource
SizeofResource
FindResourceW
lstrcmpiW
LoadLibraryExW
FreeLibrary
GetModuleHandleW
SetUnhandledExceptionFilter
LoadLibraryW
GetProcAddress
CreateFileW
GetCurrentProcessId
CloseHandle
GetSystemTimeAsFileTime
GetTickCount
FindClose
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
LocalFree
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
FindFirstFileW
GlobalUnlock
GlobalLock
MulDiv
lstrcmpW
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
GetModuleFileNameW
GlobalAlloc
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
lstrlenW
QueryPerformanceCounter

user32

SetWindowLongW
CharNextW
UnregisterClassA
GetWindowLongW
CreateWindowExW
DestroyWindow
SendMessageW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RedrawWindow
SetTimer
KillTimer
SetCapture
SetFocus
GetWindow
IsChild
GetParent
GetDlgItem
IsWindow
GetClassNameW
GetSysColor
DestroyAcceleratorTable
GetFocus
FillRect
GetDesktopWindow
CreateAcceleratorTableW
ReleaseCapture
DefWindowProcW
RegisterWindowMessageW
GetClassInfoExW
LoadIconW
TranslateAcceleratorW
SetLayeredWindowAttributes
LoadAcceleratorsW
UpdateWindow
TranslateMessage
DispatchMessageW
GetMessageW
LoadStringW
CallWindowProcW
PostQuitMessage
SetForegroundWindow
DestroyMenu
TrackPopupMenu
GetSubMenu
LoadMenuW
GetCursorPos
RegisterClassExW
LoadCursorW
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
EndPaint
BeginPaint
ScreenToClient
ClientToScreen
GetClientRect
GetWindowRect
SetWindowPos
MoveWindow

gdi32

GetStockObject
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
SelectObject
GetObjectW
GetDeviceCaps

advapi32

RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW

ole32

CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CLSIDFromString
CreateStreamOnHGlobal
CLSIDFromProgID
CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
OleUninitialize
OleInitialize
OleLockRunning
CoGetClassObject

oleaut32

SysFreeString
GetErrorInfo
VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysAllocStringLen
SysAllocString
SysStringLen
SysStringByteLen
VariantInit
VariantClear

msvcr80

??_U@YAPAXI@Z
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
?terminate@@YAXXZ
_CxxThrowException
wcscpy_s
wcsrchr
_wcsdup
_wtoi64
wcsncpy_s
_purecall
exit
swprintf_s
_recalloc
memcmp
memcpy_s
free
malloc
memset
??_V@YAXPAX@Z
__CxxFrameHandler3
??2@YAPAXI@Z
??3@YAXPAX@Z

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b9708a17d598d47ba64a7e2ec45e2720

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

66:38:13:71:08:6f:a9:e4:4f:ce:46:bc:75:80:57:fbCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcr80

Sections

.text Size: 76KB - Virtual size: 72KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 52KB - Virtual size: 49KB

 Size: 88KB - Virtual size: 88KB

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

66:38:13:71:08:6f:a9:e4:4f:ce:46:bc:75:80:57:fb
Certificate

.text
Size: 76KB - Virtual size: 72KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 52KB - Virtual size: 49KB

Size: 88KB - Virtual size: 88KB