1f5b5c85c716880bab154601acc38bdde49f515e6e150de2fa81938dae784dbc

Sharing

Copy URL Twitter E-mail

General

Target

1f5b5c85c716880bab154601acc38bdde49f515e6e150de2fa81938dae784dbc
Size

282KB
MD5

a24c55ef8474ab1c6597cd90e4105220
SHA1

f2fec9b902e8529c53e663ccad2838f98c6a9cd4
SHA256

1f5b5c85c716880bab154601acc38bdde49f515e6e150de2fa81938dae784dbc
SHA512

dfc37c3cc5b8ca3322f7ba0a9e8b620cdb7596237b0cf2154e978f040d8c1071f20550c5646a09f636d5ff3e391ee0253bfeef89b043abc1b678f88a634f847d
SSDEEP

6144:WXNjUyUzRdTaZZ2D6YmxXdL+SGgFq3bOsp5keLsiN+Jzc0:IaflAD2eYmxXs

Score

N/A

Malware Config

Signatures

Files

1f5b5c85c716880bab154601acc38bdde49f515e6e150de2fa81938dae784dbc
.exe windows x86

6798ec936a6e7b413fa8f3c6390cec82

Code Sign

02:3a:64
Certificate

Issuer

CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US

Not Before

18/10/2012, 14:38

Not After

20/05/2022, 14:38

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

19/05/2022, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

40:90:52:79:e0:05:2e:27:92:4a:79:bd:23:c0:0e:50
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

24/05/2012, 00:00

Not After

23/06/2015, 23:59

Subject

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operate,O=ShenZhen Thunder Networking Technologies Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:c0:0f:34:b2:1b:81:19:be:26:c4:12:b8:19:48:a7:97:1c:92:d8
Signer

Actual PE Digest

72:c0:0f:34:b2:1b:81:19:be:26:c4:12:b8:19:48:a7:97:1c:92:d8

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ShenZhen Thunder Networking Technologies Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operate,O=ShenZhen Thunder Networking Technologies Ltd.,L=Shenzhen,ST=Guangdong,C=CN

12/12/2012, 03:10
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

MiniDumpReadDumpStream

ws2_32

socket
WSACleanup
setsockopt
connect
htons
gethostbyname
inet_addr
closesocket
recv
WSAStartup
send

minizip

zipClose
zipOpen
zipCloseFileInZip
zipWriteInFileInZip
zipOpenNewFileInZip

kernel32

CloseHandle
MapViewOfFile
CreateFileMappingW
CreateFileW
InterlockedDecrement
lstrlenA
GetLastError
CopyFileW
FindClose
FindNextFileW
FindFirstFileW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
OutputDebugStringW
SetErrorMode
GlobalUnlock
GlobalLock
GlobalAlloc
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
FileTimeToLocalFileTime
ReadFile
FileTimeToDosDateTime
MultiByteToWideChar
RaiseException
WideCharToMultiByte
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
ExitProcess
GetModuleHandleA
GetStartupInfoW
QueryPerformanceCounter
GetTickCount
FlushInstructionCache
GetSystemTimeAsFileTime
GetCurrentProcessId

user32

LoadStringW
UnregisterClassA
wsprintfW
SetWindowLongW
GetWindowTextLengthW
GetWindowTextW
SetTimer
GetWindow
MessageBeep
GetSystemMetrics
LoadImageW
LoadBitmapW
GetDlgItem
SetWindowTextW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MessageBoxW
KillTimer
SetDlgItemTextW
EndDialog
GetActiveWindow
IsWindowEnabled
LoadCursorW
SetCursor
ShowCursor
GetParent
MapWindowPoints
SendMessageW
GetCursorPos
GetWindowRect
SystemParametersInfoW
SetWindowPos
ShowWindow
EndPaint
BeginPaint
GetDC
InflateRect
DrawTextW
ReleaseDC
GetClientRect
CallWindowProcW
GetWindowLongW
GetSysColor
DestroyWindow
DialogBoxParamW
DefWindowProcW
IsWindow
InvalidateRect

gdi32

CreateFontIndirectW
GetObjectW
ExtTextOutW
SetBkColor
SelectObject
GetStockObject
SetBkMode
CreateCompatibleDC
SetTextColor
SetWindowOrgEx
OffsetWindowOrgEx
GetWindowOrgEx
ExtSelectClipRgn
CreateRectRgnIndirect
BitBlt
Rectangle
DeleteObject

shell32

ShellExecuteW
SHCreateDirectoryExW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysAllocStringLen
VariantClear
SysFreeString
SysAllocString

atl71

ord23
ord65
ord61
ord43
ord64
ord44
ord66

comctl32

InitCommonControlsEx
_TrackMouseEvent

msvcp71

??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@D@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Nomemory@std@@YAXXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?clear@ios_base@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?is@?$ctype@G@std@@QBE_NFG@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z

msvcr71

_strupr
free
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??3@YAXPAX@Z
_snwprintf
wcslen
wcscpy
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
??_V@YAXPAX@Z
__CxxFrameHandler
strlen
tolower
wcsftime
localtime
fclose
_atoi64
fread
_wfopen
sprintf
atoi
strncmp
memcpy
_wstat
_except_handler3
_purecall
fwrite
swprintf
time
wcsrchr
memmove
realloc
malloc
_callnewh
__security_error_handler
??1type_info@@UAE@XZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
memset

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6798ec936a6e7b413fa8f3c6390cec82

Code Sign

02:3a:64Certificate

Extended Key Usages

Key Usages

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:baCertificate

Extended Key Usages

Key Usages

40:90:52:79:e0:05:2e:27:92:4a:79:bd:23:c0:0e:50Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

72:c0:0f:34:b2:1b:81:19:be:26:c4:12:b8:19:48:a7:97:1c:92:d8Signer

Signature Validations

Verification

12/12/2012, 03:10 Valid: false

Headers

File Characteristics

Imports

dbghelp

ws2_32

minizip

kernel32

user32

gdi32

shell32

ole32

oleaut32

atl71

comctl32

msvcp71

msvcr71

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 190KB - Virtual size: 190KB

02:3a:64
Certificate

7e:1f:df:72:99:e8:d2:45:a1:5d:0b:a8:e5:b1:59:ba
Certificate

40:90:52:79:e0:05:2e:27:92:4a:79:bd:23:c0:0e:50
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

72:c0:0f:34:b2:1b:81:19:be:26:c4:12:b8:19:48:a7:97:1c:92:d8
Signer

12/12/2012, 03:10
Valid: false

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 190KB - Virtual size: 190KB