370c60cd5b03bc2b6c4600e6cc21e59d74f1a3e69422daf71a616224ee3b8288

Sharing

Copy URL Twitter E-mail

General

Target

370c60cd5b03bc2b6c4600e6cc21e59d74f1a3e69422daf71a616224ee3b8288
Size

957KB
MD5

938b4122ec00773b2b3b2fb9ee28b530
SHA1

65cc2ccb4de5e52dcb2807452c5972d01ce224d9
SHA256

370c60cd5b03bc2b6c4600e6cc21e59d74f1a3e69422daf71a616224ee3b8288
SHA512

ecbb40761e567668658c65f64d0dc36de0c35a18be21c23924c6228c4bf0d739f1c67aa3248d1aff1a54bee5f7c94d149b7355cef9dc481ebffef1da7e8c117d
SSDEEP

24576:wqe5ikbYEns3eFm5nETLuvyhaLAYs7eoqPH18QOZaZglNO2zTj3KzeK0Fd:w9pIzC/huHs7eoqPH18QOZaZglNO2zTx

Score

N/A

Malware Config

Signatures

Files

370c60cd5b03bc2b6c4600e6cc21e59d74f1a3e69422daf71a616224ee3b8288
.exe windows x86

49fef21c7b2965ef5571962fa8e196ef

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23/07/2012, 00:00

Not After

02/08/2014, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

99:99:00:64:af:6e:3f:f5:2a:ad:ea:e1:ec:da:6d:e8:25:15:e5:ef
Signer

Actual PE Digest

99:99:00:64:af:6e:3f:f5:2a:ad:ea:e1:ec:da:6d:e8:25:15:e5:ef

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

08/08/2012, 06:25
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ord200
ord33
ord301
ord27
ord41
ord46
ord79
ord35
ord32
ord26
ord50
ord60
ord143
ord211
ord22
ord30

ws2_32

WSASetLastError
sendto
gethostbyaddr
getservbyname
htonl
inet_ntoa
gethostbyname
inet_addr
socket
connect
setsockopt
getsockopt
htons
bind
ntohs
getsockname
send
recv
WSAGetLastError
closesocket
WSAStartup
WSACleanup
recvfrom
accept
listen
__WSAFDIsSet
select
ioctlsocket
getservbyport

dbghelp

MakeSureDirectoryPathExists

wininet

InternetCloseHandle
InternetGetConnectedState
InternetOpenA
InternetSetStatusCallbackW
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFileExA
HttpQueryInfoW
InternetSetOptionA

kernel32

VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetLocaleInfoA
DeleteFileW
WideCharToMultiByte
FindResourceW
SizeofResource
CreateEventW
LockResource
LoadResource
SetEvent
FindResourceExW
RaiseException
InitializeCriticalSection
CloseHandle
EnterCriticalSection
LeaveCriticalSection
GetLastError
WaitForSingleObject
WriteFile
SetLastError
GetCurrentThreadId
lstrlenW
lstrcpynW
GetModuleFileNameW
GetCurrentProcess
FlushInstructionCache
GetThreadLocale
lstrcmpiW
lstrcpyW
CompareStringW
LoadLibraryW
GetProcAddress
FreeLibrary
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
TerminateProcess
Process32NextW
CreateFileW
GetSystemInfo
GetVersionExW
GetPrivateProfileIntW
SetThreadLocale
WritePrivateProfileStringW
MultiByteToWideChar
GetModuleHandleW
GetModuleFileNameA
CreateFileA
SetFilePointer
GetPrivateProfileIntA
GetPrivateProfileStringW
LoadLibraryExW
InterlockedIncrement
DeleteCriticalSection
InterlockedDecrement
HeapFree
GetProcessHeap
GetTickCount
VirtualAlloc
HeapAlloc
CreateEventA
Sleep
ReleaseMutex
TlsAlloc
TlsFree
TlsGetValue
CreateMutexA
GetCurrentProcessId
ResetEvent
TlsSetValue
ResumeThread
SystemTimeToFileTime
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
LocalFree
FormatMessageA
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileAttributesExA
GetCurrentDirectoryA
SetCurrentDirectoryA
FindClose
GetFileTime
SetFileTime
GetDiskFreeSpaceExW
GetFullPathNameW
RemoveDirectoryW
CreateDirectoryW
CreateHardLinkW
GetDiskFreeSpaceExA
GetFullPathNameA
RemoveDirectoryA
DeleteFileA
CreateDirectoryA
CreateHardLinkA
MoveFileW
CopyFileW
MoveFileA
CopyFileA
GetFileInformationByHandle
GetShortPathNameW
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
SleepEx
LoadLibraryA
GetSystemDirectoryA
DuplicateHandle
GetExitCodeThread
TerminateThread
ReadFile
PeekNamedPipe
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetStartupInfoW
RtlUnwind
InterlockedExchange
GetACP
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetModuleHandleA
ExitProcess
GetDriveTypeA
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
GetCurrentThread
FatalAppExitA
HeapCreate
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetTimeZoneInformation
SetConsoleCtrlHandler
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
SetEnvironmentVariableA
SetEndOfFile
GetSystemTimeAsFileTime

user32

InflateRect
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
MessageBoxA
MapWindowPoints
SystemParametersInfoW
SetRect
ScreenToClient
GetCursorPos
OffsetRect
SetFocus
CharNextW
GetSysColor
SetWindowTextW
UpdateWindow
GetClassNameW
SetCursor
PtInRect
GetWindowTextW
LoadCursorW
ReleaseCapture
GetCapture
EnableWindow
SetLayeredWindowAttributes
GetClassInfoExW
SetCapture
KillTimer
RegisterClassExW
SetRectEmpty
InvalidateRect
GetSysColorBrush
CopyRect
LoadBitmapW
ReleaseDC
IsWindowEnabled
CreateWindowExW
GetDC
IsWindow
SendMessageW
LoadImageW
SetWindowPos
UnregisterClassA
GetWindowTextLengthW
SetWindowLongW
GetClientRect
DefWindowProcW
GetWindowLongW
EndPaint
FindWindowW
SetTimer
wsprintfW
DestroyWindow
CallWindowProcW
FillRect
ShowWindow
GetActiveWindow
GetSystemMetrics
BeginPaint
EndDialog
LoadIconW
GetDlgItem
DialogBoxParamW
BringWindowToTop
DrawIcon
GetParent
GetWindow
PostMessageW
GetWindowRect
MoveWindow
SetWindowRgn
DrawTextW
GetDlgCtrlID

gdi32

DPtoLP
GetObjectW
TextOutW
CreateSolidBrush
GetDeviceCaps
CreateCompatibleBitmap
GetPixel
CreateCompatibleDC
Arc
GetTextExtentPoint32W
CreatePen
CreateBitmap
BitBlt
CreateDIBSection
DeleteDC
CreatePatternBrush
SetBrushOrgEx
CreateFontIndirectW
ExtTextOutW
SetBkColor
RoundRect
LineTo
MoveToEx
SetBkMode
GetStockObject
DeleteObject
SetTextColor
CreateRoundRectRgn
StretchBlt
SelectObject

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
IsTextUnicode
RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree
CoInitialize
CoTaskMemRealloc

oleaut32

VarUI4FromStr
SysFreeString

shlwapi

PathFileExistsA
PathFileExistsW
PathRemoveFileSpecA

comctl32

InitCommonControlsEx
ImageList_Create
ImageList_AddMasked
ImageList_GetImageCount
_TrackMouseEvent
ImageList_Draw
ImageList_GetImageInfo

msimg32

TransparentBlt
GradientFill

Sections

.text
Size: 668KB - Virtual size: 665KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

49fef21c7b2965ef5571962fa8e196ef

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8dCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

99:99:00:64:af:6e:3f:f5:2a:ad:ea:e1:ec:da:6d:e8:25:15:e5:efSigner

Signature Validations

Verification

08/08/2012, 06:25 Valid: false

Headers

File Characteristics

Imports

wldap32

ws2_32

dbghelp

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

Sections

.text Size: 668KB - Virtual size: 665KB

.rdata Size: 116KB - Virtual size: 112KB

.data Size: 16KB - Virtual size: 25KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 149KB - Virtual size: 149KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

99:99:00:64:af:6e:3f:f5:2a:ad:ea:e1:ec:da:6d:e8:25:15:e5:ef
Signer

08/08/2012, 06:25
Valid: false

.text
Size: 668KB - Virtual size: 665KB

.rdata
Size: 116KB - Virtual size: 112KB

.data
Size: 16KB - Virtual size: 25KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 149KB - Virtual size: 149KB