5b1df5267665ebbf186e0b3897d8df9fdd106ab7d03a110edb59dfacbd89c4cb

Sharing

Copy URL Twitter E-mail

General

Target

5b1df5267665ebbf186e0b3897d8df9fdd106ab7d03a110edb59dfacbd89c4cb
Size

1.0MB
MD5

3759486515294de69711f88eb148de25
SHA1

e64dddb4a3f85508f456d88048f0f1dd5007a267
SHA256

5b1df5267665ebbf186e0b3897d8df9fdd106ab7d03a110edb59dfacbd89c4cb
SHA512

96c897d4dc636fe5426510be08c0ad777b333eaf212fe229c92deae94d03b797184de973b43a240e3f4b29dda24a0686ddb47c4cb742e3e02dfa2809d64b91e1
SSDEEP

24576:ejxClTKPSKfb//bSWilVrnX2+SNd88GQLm5aTKsNuFTnb6BWK:6MlTK3b8lVrX2+kT0FTb6Bh

Score

N/A

Malware Config

Signatures

Files

5b1df5267665ebbf186e0b3897d8df9fdd106ab7d03a110edb59dfacbd89c4cb
.exe windows x86

e415ac39aa31eca094d069c40aa78754

Code Sign

3a:0e:9b:93:89:59:ea:17:13:aa:7c:57:39:7d:9d:55
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

22/08/2016, 07:10

Not After

22/09/2017, 07:10

Subject

CN=北京布丁跳跳科技有限公司,O=北京布丁跳跳科技有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c133138323031353038393036403136332e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

43:2f:54:71:90:c9:4d:9e:99:19:de:58:c1:ec:fd:01
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

22/08/2016, 06:57

Not After

22/09/2017, 06:57

Subject

CN=北京布丁跳跳科技有限公司,O=北京布丁跳跳科技有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c133138323031353038393036403136332e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:2a:db:45:f7:eb:fb:83:1d:be:3d:63:eb:b6:87:c6:f6:40:53:51:2c:0c:b7:e4:8d:bc:bc:95:2c:50:1f:f0
Signer

Actual PE Digest

45:2a:db:45:f7:eb:fb:83:1d:be:3d:63:eb:b6:87:c6:f6:40:53:51:2c:0c:b7:e4:8d:bc:bc:95:2c:50:1f:f0

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=北京布丁跳跳科技有限公司,O=北京布丁跳跳科技有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c133138323031353038393036403136332e636f6d

16/05/2017, 10:30
Valid: false

e4:55:ed:ab:fa:5a:41:65:e5:01:51:8c:a5:72:2e:67:0d:78:ec:55
Signer

Actual PE Digest

e4:55:ed:ab:fa:5a:41:65:e5:01:51:8c:a5:72:2e:67:0d:78:ec:55

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=北京布丁跳跳科技有限公司,O=北京布丁跳跳科技有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c133138323031353038393036403136332e636f6d

16/05/2017, 10:30
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipDrawImageRectI
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipFree
GdipLoadImageFromStream
GdipDeleteGraphics
GdipAlloc
GdipCreateFromHDC

shlwapi

PathFindFileNameW
PathFindExtensionW
PathIsUNCW
PathStripToRootW
PathAppendW
SHDeleteKeyW
PathFileExistsW
SHGetValueW

kernel32

GetThreadLocale
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetFullPathNameW
InterlockedExchange
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GlobalFlags
lstrlenA
SetErrorMode
GetStartupInfoW
GetConsoleCP
GetConsoleMode
DeleteFileA
TerminateProcess
UnhandledExceptionFilter
GlobalAddAtomW
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
HeapReAlloc
ExitThread
ExitProcess
VirtualQuery
HeapSize
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
SetEnvironmentVariableA
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
FreeResource
SetLastError
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetVersion
VirtualAllocEx
VirtualFreeEx
lstrcpynW
GetFileAttributesW
GetFileSizeEx
WaitForMultipleObjects
SleepEx
GetSystemDirectoryA
PeekNamedPipe
ExpandEnvironmentStringsW
FindFirstFileA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVolumeInformationW
MulDiv
ReleaseMutex
CreateMutexW
VerSetConditionMask
VerifyVersionInfoW
FormatMessageW
GetLogicalDriveStringsW
QueryDosDeviceW
lstrlenW
InterlockedDecrement
lstrcmpiW
SetFileAttributesW
GlobalFree
GetCommandLineW
ReadProcessMemory
GetExitCodeProcess
QueryPerformanceFrequency
GetEnvironmentVariableW
QueryPerformanceCounter
GlobalAlloc
GlobalLock
GlobalUnlock
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleFileNameA
FlushFileBuffers
WideCharToMultiByte
GetSystemInfo
OpenProcess
GetFileTime
DeviceIoControl
CreateProcessW
FindNextFileW
GetLocalTime
GetWindowsDirectoryW
CreateDirectoryW
CopyFileW
RemoveDirectoryW
WaitForSingleObject
GetCurrentThread
GetVersionExW
GetModuleHandleW
GetModuleHandleA
GetSystemWow64DirectoryW
MoveFileExW
HeapAlloc
GetProcessHeap
HeapFree
IsBadReadPtr
LoadLibraryA
VirtualFree
VirtualAlloc
GetSystemDirectoryW
LocalAlloc
LocalFree
MoveFileW
Sleep
SystemTimeToFileTime
FileTimeToSystemTime
GetLastError
GetPrivateProfileIntW
FindFirstFileW
FindClose
SetUnhandledExceptionFilter
GetCurrentThreadId
GetCurrentProcessId
FreeLibrary
LoadLibraryW
GetProcAddress
VirtualProtect
GetCurrentProcess
WriteProcessMemory
CreateThread
GetExitCodeThread
TerminateThread
GetTempPathW
WritePrivateProfileStringW
GetTickCount
GetPrivateProfileStringW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
MultiByteToWideChar
DeleteFileW
CreateFileW
GetFileSize
ReadFile
SetFilePointer
WriteFile
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
CreateFileA
GetFileInformationByHandle
CloseHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileAttributesA
IsDebuggerPresent

user32

LoadCursorW
GetSysColorBrush
DestroyMenu
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
DrawTextExW
DrawTextW
TabbedTextOutW
SetWindowContextHelpId
MapDialogRect
SetCursor
GetMessageW
TranslateMessage
ValidateRect
PostQuitMessage
CharUpperW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetFocus
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
IsWindowVisible
UpdateWindow
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
EqualRect
SetCapture
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuItemID
GetMenuItemCount
OffsetRect
GetActiveWindow
SetActiveWindow
GetShellWindow
PeekMessageW
PtInRect
EnumDisplayMonitors
SystemParametersInfoW
GetMonitorInfoW
GetFocus
GetClassNameW
FindWindowExW
GetWindowTextW
GetForegroundWindow
GetWindowThreadProcessId
ReleaseCapture
UnregisterClassW
CharNextW
CopyAcceleratorTableW
IsRectEmpty
SetRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
GetParent
FillRect
FrameRect
InvalidateRect
GetClientRect
GetWindowLongW
UnregisterClassA
SetWindowLongW
MessageBoxW
FindWindowW
RegisterWindowMessageW
LoadIconW
PostThreadMessageW
GetCursorPos
RegisterClipboardFormatW
SetForegroundWindow
IsWindow
GetDesktopWindow
ReleaseDC
GetDC
GetSubMenu
GetSystemMetrics
UnloadKeyboardLayout
PostMessageW
GetWindowRect
SetWindowPos
SendMessageW
EnableWindow
KillTimer
SetTimer
CopyRect
AdjustWindowRectEx
GrayStringW

gdi32

GetViewportExtEx
GetTextColor
GetBkColor
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
RectVisible
PtVisible
SetTextColor
SetBkMode
SelectObject
TextOutW
CreateFontW
CreateCompatibleDC
CreateCompatibleBitmap
CreateRectRgnIndirect
GetMapMode
GetRgnBox
CreateBitmap
SetMapMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
GetClipBox
GetDeviceCaps
BitBlt
DeleteObject
CreateSolidBrush
GetWindowExtEx

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegQueryValueW
RegCreateKeyExA
ChangeServiceConfig2W
RegEnumKeyW
ControlService
DeleteService
OpenServiceW
StartServiceW
OpenSCManagerW
CloseServiceHandle
CreateServiceW
RegCreateKeyW
RegSetValueW
RegCloseKey
LookupAccountNameW
GetFileSecurityW
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegOpenKeyW
RegEnumValueW
RegQueryValueExW

shell32

SHChangeNotify
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetFolderPathW
ord155
SHGetFileInfoW
SHGetFolderLocation
ShellExecuteW
SHGetDesktopFolder
SHGetDataFromIDListW

comctl32

ord17

oledlg

OleUIBusyW

ole32

CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
CoUninitialize
CoRegisterMessageFilter
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
GetErrorInfo
SafeArrayDestroy
OleCreateFontIndirect
SysAllocString
SysFreeString
VariantInit
VariantCopy
VariantChangeType
VariantClear
SysAllocStringLen
SysStringLen

urlmon

URLDownloadToFileW

cabinet

ord23
ord21
ord22
ord13
ord11
ord14
ord10
ord20

wininet

InternetSetFilePointer
HttpQueryInfoW
InternetOpenW
InternetCloseHandle
InternetOpenUrlW
InternetReadFile

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

EnumProcesses
GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

ws2_32

WSASetLastError
select
ioctlsocket
closesocket
recvfrom
recv
sendto
send
getsockopt
accept
gethostname
__WSAFDIsSet
getservbyport
gethostbyaddr
getservbyname
setsockopt
ntohs
htonl
getsockname
inet_ntoa
gethostbyname
htons
inet_addr
WSAGetLastError
WSACleanup
WSAStartup
socket
bind
connect
listen
getpeername

wldap32

ord79
ord147
ord142
ord167
ord133
ord26
ord208
ord216
ord145
ord14
ord118
ord127
ord27
ord41
ord46
ord301

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 776KB - Virtual size: 772KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e415ac39aa31eca094d069c40aa78754

Code Sign

3a:0e:9b:93:89:59:ea:17:13:aa:7c:57:39:7d:9d:55Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

43:2f:54:71:90:c9:4d:9e:99:19:de:58:c1:ec:fd:01Certificate

Extended Key Usages

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

45:2a:db:45:f7:eb:fb:83:1d:be:3d:63:eb:b6:87:c6:f6:40:53:51:2c:0c:b7:e4:8d:bc:bc:95:2c:50:1f:f0Signer

Signature Validations

Verification

16/05/2017, 10:30 Valid: false

e4:55:ed:ab:fa:5a:41:65:e5:01:51:8c:a5:72:2e:67:0d:78:ec:55Signer

Signature Validations

Verification

16/05/2017, 10:30 Valid: false

Headers

File Characteristics

Imports

gdiplus

shlwapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

urlmon

cabinet

wininet

version

psapi

iphlpapi

ws2_32

wldap32

Exports

Exports

Sections

.text Size: 776KB - Virtual size: 772KB

.rdata Size: 176KB - Virtual size: 175KB

.data Size: 20KB - Virtual size: 48KB

.rsrc Size: 48KB - Virtual size: 48KB

3a:0e:9b:93:89:59:ea:17:13:aa:7c:57:39:7d:9d:55
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

43:2f:54:71:90:c9:4d:9e:99:19:de:58:c1:ec:fd:01
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

45:2a:db:45:f7:eb:fb:83:1d:be:3d:63:eb:b6:87:c6:f6:40:53:51:2c:0c:b7:e4:8d:bc:bc:95:2c:50:1f:f0
Signer

16/05/2017, 10:30
Valid: false

e4:55:ed:ab:fa:5a:41:65:e5:01:51:8c:a5:72:2e:67:0d:78:ec:55
Signer

16/05/2017, 10:30
Valid: false

.text
Size: 776KB - Virtual size: 772KB

.rdata
Size: 176KB - Virtual size: 175KB

.data
Size: 20KB - Virtual size: 48KB

.rsrc
Size: 48KB - Virtual size: 48KB