74464e2dd021fbe7a5ac20835b04f82940ff4344977f035dffb74530f2b1d270

Sharing

Copy URL Twitter E-mail

General

Target

74464e2dd021fbe7a5ac20835b04f82940ff4344977f035dffb74530f2b1d270
Size

1.0MB
MD5

0f908d7621af4d6cbeb94dc186d95be0
SHA1

26902004950a6d99b1d0f127bf09c118417082f1
SHA256

74464e2dd021fbe7a5ac20835b04f82940ff4344977f035dffb74530f2b1d270
SHA512

c6aee8aace4d1327c81247e2a2ff991fb721a0019720faaa425850d88a38fee740e577142a903646f35ab8217c583cf648c646e7ac2f238cce13c1233cf3a899
SSDEEP

6144:i/+razlSnYTjhyj1LPHt1LuoqePMLHknNBWukYiVLukYiVS5HbJ:i/mFMhUjZqzHkNBWuRsLuRsS5HbJ

Score

N/A

Malware Config

Signatures

Files

74464e2dd021fbe7a5ac20835b04f82940ff4344977f035dffb74530f2b1d270
.exe windows x86

5963945e19b4f05ce6b093c2c3d79b33

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2008, 00:00

Not After

03/07/2009, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Research,O=Zhuhai Kingsoft Software Co.\,Ltd,L=ZHUHAI,ST=GUANGDONG,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1b:0f:e0:4b:94:dc:9f:99:04:e5:2c:c2:95:0b:50:69:b3:93:3e:05
Signer

Actual PE Digest

1b:0f:e0:4b:94:dc:9f:99:04:e5:2c:c2:95:0b:50:69:b3:93:3e:05

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Kingsoft Research,O=Zhuhai Kingsoft Software Co.\,Ltd,L=ZHUHAI,ST=GUANGDONG,C=CN

10/02/2009, 13:46
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
ReleaseMutex
GetModuleHandleA
ExpandEnvironmentStringsA
CreateMutexA
OpenProcess
Process32Next
CreateToolhelp32Snapshot
CloseHandle
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
SetUnhandledExceptionFilter
GetACP
HeapSize
GetCommandLineA
GetStartupInfoA
HeapReAlloc
LocalFree
WaitForSingleObject
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapAlloc
HeapFree
RaiseException
RtlUnwind
LocalAlloc
GetProcessHeap
SetEvent
CreateEventA
CreateFileW
MultiByteToWideChar
GetTickCount
ExitThread
CreateThread
GetCurrentProcess
GetVersionExA
lstrcatA
MoveFileA
WriteFile
SetFilePointer
ReadFile
CreateFileA
LocalReAlloc
FindNextFileA
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
lstrlenA
GetFileAttributesA
CreateDirectoryA
GetLastError
DeleteFileA
OutputDebugStringA
lstrcpyA
Sleep
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
ExitProcess
LocalSize
FlushFileBuffers
GetOEMCP
GetCPInfo
GlobalFlags
lstrcmpA
GetProcessVersion
FreeLibrary
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
TerminateProcess
GetCurrentThreadId
GetVersion
TlsGetValue
TlsSetValue
GetProcAddress
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalHandle
GlobalUnlock
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
SetLastError
lstrcpynA
InitializeCriticalSection
GetModuleFileNameA
TlsAlloc
GlobalFree

user32

GrayStringA
DrawTextA
TabbedTextOutA
PostQuitMessage
ClientToScreen
PtInRect
GetClassNameA
GetSysColorBrush
LoadCursorA
SetWindowTextA
LoadIconA
MapWindowPoints
GetSysColor
DestroyMenu
IsWindow
CloseWindow
CreateWindowExA
PostMessageA
GetThreadDesktop
GetUserObjectInformationA
SetThreadDesktop
CloseDesktop
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
GetInputState
PostThreadMessageA
GetMessageA
GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
GetCursorPos
ReleaseDC
GetDesktopWindow
GetDC
SetRect
GetSystemMetrics
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetCursorPos
WindowFromPoint
SetCapture
mouse_event
MapVirtualKeyA
keybd_event
SystemParametersInfoA
SendMessageA
BlockInput
DestroyCursor
GetKeyState
GetAsyncKeyState
GetForegroundWindow
GetWindowTextA
ExitWindowsEx
wsprintfA
CharNextA
LoadStringA
EnableWindow
MessageBoxA
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
UnhookWindowsHookEx
SetWindowsHookExA
PeekMessageA
CallNextHookEx
DispatchMessageA
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetWindowRect
GetWindowPlacement
IsIconic
RegisterWindowMessageA
SetWindowPos
SetWindowLongA
GetWindow
SetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
DestroyWindow
GetDlgCtrlID
GetDlgItem
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus

advapi32

InitializeSecurityDescriptor
RegCreateKeyExA
GetTokenInformation
LookupAccountSidA
GetUserNameA
RegOpenKeyA
RegSaveKeyA
RegRestoreKeyA
RegEnumValueA
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegEnumKeyExA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
RegSetValueExA
SetSecurityDescriptorDacl
RegSetKeySecurity
FreeSid
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyExA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCloseKey

shell32

SHGetFileInfoA

winmm

waveInGetNumDevs

comctl32

ord17

ws2_32

socket
htons
getsockname
bind
getpeername
accept
listen
WSAStartup
setsockopt
sendto
recvfrom
__WSAFDIsSet
select
htonl
WSASocketA
WSAGetLastError
gethostname
connect
closesocket
ntohs
inet_addr
inet_ntoa
gethostbyname
recv
send
WSACleanup

netapi32

NetUserAdd
NetLocalGroupAddMembers

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

msvfw32

ICClose
ICOpen
ICCompressorFree
ICSeqCompressFrame
ICSeqCompressFrameStart
ICSeqCompressFrameEnd
ICSendMessage

psapi

EnumProcessModules

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

Sections

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 229KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 775KB - Virtual size: 776KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5963945e19b4f05ce6b093c2c3d79b33

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6bCertificate

Extended Key Usages

Key Usages

1b:0f:e0:4b:94:dc:9f:99:04:e5:2c:c2:95:0b:50:69:b3:93:3e:05Signer

Signature Validations

Verification

10/02/2009, 13:46 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

winmm

comctl32

ws2_32

netapi32

wininet

avicap32

msvfw32

psapi

wtsapi32

winspool.drv

Sections

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 229KB - Virtual size: 249KB

.rsrc Size: 775KB - Virtual size: 776KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

cf:fe:97:77:b5:33:5c:fc:b6:0e:7b:37:ec:9f:6b
Certificate

1b:0f:e0:4b:94:dc:9f:99:04:e5:2c:c2:95:0b:50:69:b3:93:3e:05
Signer

10/02/2009, 13:46
Valid: false

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 229KB - Virtual size: 249KB

.rsrc
Size: 775KB - Virtual size: 776KB