0bb7edd5fac63460a11744f6a9ba120281dc32abcd5dc9d1e2b26ac86e141bb8

Sharing

Copy URL

Twitter E-mail

General

Target

0bb7edd5fac63460a11744f6a9ba120281dc32abcd5dc9d1e2b26ac86e141bb8
Size

147KB
MD5

8d19b4bcfeb94735ec6801f20730bf9e
SHA1

77281e734eba979f580cf710cb9b3181cc7874b2
SHA256

0bb7edd5fac63460a11744f6a9ba120281dc32abcd5dc9d1e2b26ac86e141bb8
SHA512

26bc770cf44fe06a615b77f1edf847df610ae26945f6a3a002c8716c6f954a83a2320d147ed394d54f2f4af2f13e4532a52af8f480f2c3db1508e165f3dfe8d2
SSDEEP

3072:FJNwZHcKLl6uJe4AbNNKvlNNtoRDOelm+xvYg+Jzx7tI5pGzDA:yL64AbNNclNzODTm+SggBtI5pGz0

Score

N/A

Malware Config

Signatures

Files

0bb7edd5fac63460a11744f6a9ba120281dc32abcd5dc9d1e2b26ac86e141bb8
.exe windows x86

b1d4e017f45a6d31f7fcf7cafb40df63

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:c6:dd:c6:c5:57:cb:4e:4a:33:6c:8c:05:6f:ba:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/08/2013, 00:00

Not After

08/08/2015, 23:59

Subject

CN=Beijing Sogou Information Service Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Search business Division,O=Beijing Sogou Information Service Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:4b:64:15:af:46:f6:93:8a:ad:3a:60:dd:7e:42:42:4a:84:9c:4b
Signer

Actual PE Digest

65:4b:64:15:af:46:f6:93:8a:ad:3a:60:dd:7e:42:42:4a:84:9c:4b

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Beijing Sogou Information Service Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Search business Division,O=Beijing Sogou Information Service Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

17/04/2015, 10:06
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSpecialFolderPathA
SHCreateDirectoryExA

kernel32

MapViewOfFile
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
GetEnvironmentVariableA
lstrcpyA
CreateFileW
SetEvent
CreateEventA
WaitForSingleObject
MoveFileExA
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateProcessA
OutputDebugStringA
CreateMutexA
GetFileAttributesExA
lstrcmpiA
OpenMutexA
ReadFile
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileSectionA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetCurrentProcessId
Process32FirstW
ProcessIdToSessionId
Process32NextW
OpenProcess
lstrlenW
CreateFileA
GetPrivateProfileStringA
lstrcmpA
GetModuleHandleA
LoadLibraryExA
ReadProcessMemory
LocalFree
lstrlenA
LoadLibraryA
lstrcpynW
GetACP
WideCharToMultiByte
LoadLibraryW
GetProcAddress
FreeLibrary
GetProcessHeap
HeapAlloc
WritePrivateProfileStructA
HeapFree
GetCurrentProcess
GetVersionExA
GetVersion
FindFirstFileA
FindNextFileA
FindClose
RemoveDirectoryA
GetTempPathA
GetTempFileNameA
CreateDirectoryA
MultiByteToWideChar
GetLongPathNameA
DeleteFileA
GetWindowsDirectoryA
GetShortPathNameA
GetSystemDirectoryA
GetPrivateProfileStructA
GetStartupInfoA
CloseHandle
lstrcpynA
lstrcatA
GetModuleFileNameA
CopyFileA
GetTickCount
Sleep
GetLastError
WriteFile
GetFileSize
SetLastError

advapi32

AllocateAndInitializeSid
FreeSid
RegSetKeySecurity
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
RegCreateKeyA
RegCreateKeyExA
RegDeleteValueA
SetNamedSecurityInfoA
SetEntriesInAclA
GetNamedSecurityInfoA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
ChangeServiceConfig2A
OpenServiceA
DeleteService
QueryServiceStatus
StartServiceA
ControlService
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CreateProcessAsUserW
DuplicateTokenEx
LookupPrivilegeValueW
GetTokenInformation
SetTokenInformation
EqualSid
GetSidSubAuthority
GetSidSubAuthorityCount

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

PathFileExistsA
PathAppendA
wnsprintfA
PathStripToRootA
StrStrIA
PathRemoveFileSpecA
PathRemoveBackslashA
PathRemoveBlanksA
PathIsDirectoryA
PathFindFileNameA
SHDeleteKeyA
SHGetValueA
SHDeleteValueA
PathAddExtensionA
PathRemoveExtensionA
SHSetValueA
PathFindExtensionA

ws2_32

WSAStartup
WSACleanup
gethostbyname
gethostname

msvcrt

_controlfp
__set_app_type
??1type_info@@UAE@XZ
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_except_handler3
strncat
_stricmp
_strnicmp
_tempnam
srand
rename
_ltoa
_mbschr
atol
strncpy
_mbstok
atoi
memmove
localtime
time
_snwprintf
printf
sscanf
_mbscmp
malloc
_ismbcupper
tolower
ftell
fread
strchr
strrchr
fwrite
wcslen
fopen
rewind
fgets
strstr
fputs
fclose
fseek
_mbsnbcpy
rand
free
_snprintf
_mbsicmp
__CxxFrameHandler
??2@YAPAXI@Z
_strlwr
_wcsicmp
_wcsnicmp
??0exception@@QAE@ABV0@@Z
strlen
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
memcpy
sprintf
__p__fmode

user32

IsWindow
SendMessageA
FindWindowA
GetParent
FindWindowExA
GetClassNameA

ole32

StringFromCLSID
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateGuid

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b1d4e017f45a6d31f7fcf7cafb40df63

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

4c:c6:dd:c6:c5:57:cb:4e:4a:33:6c:8c:05:6f:ba:83Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

65:4b:64:15:af:46:f6:93:8a:ad:3a:60:dd:7e:42:42:4a:84:9c:4bSigner

Signature Validations

Verification

17/04/2015, 10:06 Valid: false

Headers

File Characteristics

Imports

shell32

kernel32

advapi32

version

shlwapi

ws2_32

msvcrt

user32

ole32

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 11KB - Virtual size: 12KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

4c:c6:dd:c6:c5:57:cb:4e:4a:33:6c:8c:05:6f:ba:83
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

65:4b:64:15:af:46:f6:93:8a:ad:3a:60:dd:7e:42:42:4a:84:9c:4b
Signer

17/04/2015, 10:06
Valid: false

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 11KB - Virtual size: 12KB