d9cdac9d2efbdd9545dfba4da069ddaa001e23228ab97c6c736447e2a16f1d14

Sharing

Copy URL

Twitter E-mail

General

Target

d9cdac9d2efbdd9545dfba4da069ddaa001e23228ab97c6c736447e2a16f1d14
Size

152KB
MD5

99ca819c8034e548bb138b4e5314c232
SHA1

32370c1ddd4bfb74a1bf195022001e68ff698a92
SHA256

d9cdac9d2efbdd9545dfba4da069ddaa001e23228ab97c6c736447e2a16f1d14
SHA512

ea8a1493e7a5fe5ef7429413d2815bd02fc5762d5e8359922e7e60bb4d4f7f398dee3d7074d5d7307abcf74daf279bd30edadfed760b394024b1415f6489926f
SSDEEP

3072:EFe9ArAK3iYoKqdJd3IxL2DdKjbaOR5W9Inx2Kx:ZADwKFLFWSW5

Score

N/A

Malware Config

Signatures

Files

d9cdac9d2efbdd9545dfba4da069ddaa001e23228ab97c6c736447e2a16f1d14
.exe windows x86

f4159b107e95e855f26e38325543e3e2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22-06-2009 00:00

Not After

21-06-2012 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f4:ea:e1:cb:f6:47:24:ed:ae:1a:16:e6:e6:55:2e:f6:cf:c8:63:f3
Signer

Actual PE Digest

f4:ea:e1:cb:f6:47:24:ed:ae:1a:16:e6:e6:55:2e:f6:cf:c8:63:f3

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

18-08-2009 03:36
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shfolder

SHGetFolderPathA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

mfc42u

ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord4621
ord4419
ord3592
ord324
ord641
ord4229
ord1143
ord1165
ord2371
ord4219
ord6451
ord6193
ord4279
ord800
ord861
ord540
ord2858
ord4294
ord2859
ord6794
ord925
ord858
ord922
ord537
ord2813
ord3806
ord755
ord470
ord4803
ord6589
ord6791
ord6051
ord5286
ord6642
ord6583
ord6798
ord6848
ord6814
ord6846
ord6823
ord4435
ord6858
ord6838
ord6805
ord6837
ord6849
ord6807
ord6806
ord6803
ord6836
ord4583
ord4582
ord4893
ord4364
ord4886
ord6808
ord5070
ord4334
ord4341
ord4714
ord4883
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord6050
ord1768
ord3743
ord1718
ord5256
ord6606
ord6683
ord4426
ord6510
ord567
ord6475
ord818
ord3397
ord3716
ord6871
ord795
ord6237
ord6691
ord6796
ord5277
ord6826
ord6238
ord1941
ord4270
ord1634
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord4992
ord4847
ord4370
ord5261
ord4704
ord3087
ord6195
ord2444
ord2406
ord3621
ord3614
ord3658
ord2506
ord561
ord815
ord3733
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord823
ord4667
ord825
ord6850
ord1569

msvcrt

sprintf
_wtol
_wcsnicmp
_wcsicmp
free
malloc
_splitpath
_CxxThrowException
_snwprintf
strrchr
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
swprintf
_itow
wcscat
wcsrchr
_waccess
wcscmp
isalnum
isspace
wcslen
wcscpy
__CxxFrameHandler
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_controlfp

kernel32

FreeLibrary
CreateProcessW
CreateThread
WaitForSingleObject
TerminateThread
CreateMutexW
GetLastError
ReleaseMutex
CloseHandle
InterlockedDecrement
InterlockedIncrement
lstrlenW
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetACP
ReadFile
GetFileSize
lstrcmpiW
SetEvent
CreateEventW
GetCurrentProcessId
GetModuleFileNameW
SetThreadPriority
GetCurrentThread
GetVolumeInformationA
GetSystemDirectoryA
GetTickCount
GetModuleFileNameA
GetFileAttributesA
GetFileAttributesW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateProcessA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetLongPathNameW
GetFullPathNameW
LocalFree
GetProcAddress
lstrcmpW
LoadLibraryW
GetCommandLineW
Sleep
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateFileW
GetModuleHandleW

user32

DestroyWindow
DefWindowProcW
CreateWindowExW
RegisterClassExW
GetCursorPos
GetDesktopWindow
TranslateMessage
WindowFromPoint
ReleaseDC
GetParent
GetKeyState
GetWindowRect
GetClassNameW
FindWindowExW
EnumChildWindows
EndPaint
PostMessageW
IsIconic
GetSystemMetrics
DrawIcon
GetClientRect
SetPropW
GetSystemMenu
AppendMenuW
LoadIconW
SendMessageW
FindWindowW
ShowWindow
SetForegroundWindow
PostQuitMessage
wsprintfW
GetMessageW
BeginPaint
EnableWindow
DispatchMessageW
GetWindowDC

gdi32

CreateFontW
GetDeviceCaps

advapi32

ImpersonateLoggedOnUser
RevertToSelf
OpenProcessToken
DuplicateTokenEx
RegOpenKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CreateProcessAsUserA
CreateProcessAsUserW
RegCreateKeyW

shell32

SHAppBarMessage
ShellExecuteA
ShellExecuteExW
CommandLineToArgvW
ShellExecuteW

ole32

CoCreateInstance
CoInitialize
CoCreateGuid
CoUninitialize
OleRun
CoInitializeEx

oleaut32

VariantClear
SysAllocStringLen
SysAllocString
SysStringLen
SysFreeString
GetErrorInfo
SetErrorInfo
VariantChangeType
CreateErrorInfo
VariantInit

msvcp60

?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?_Xran@std@@YAXXZ
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z

wininet

InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetGetConnectedState
InternetOpenW

shlwapi

PathRemoveFileSpecW
PathAppendW

iphlpapi

GetAdaptersInfo

rasapi32

RasEnumEntriesW

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4159b107e95e855f26e38325543e3e2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1bCertificate

Extended Key Usages

Key Usages

f4:ea:e1:cb:f6:47:24:ed:ae:1a:16:e6:e6:55:2e:f6:cf:c8:63:f3Signer

Signature Validations

Verification

18-08-2009 03:36 Valid: false

Headers

File Characteristics

Imports

shfolder

version

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp60

wininet

shlwapi

iphlpapi

rasapi32

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 28KB - Virtual size: 27KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

f4:ea:e1:cb:f6:47:24:ed:ae:1a:16:e6:e6:55:2e:f6:cf:c8:63:f3
Signer

18-08-2009 03:36
Valid: false

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 28KB - Virtual size: 27KB