69668d2e4286cdbceb967a45975a77fa70dc08546bb239185054a335aff726d1

Sharing

Copy URL Twitter E-mail

General

Target

69668d2e4286cdbceb967a45975a77fa70dc08546bb239185054a335aff726d1
Size

189KB
MD5

109f9dd315c4af86a0f1a59c0f061990
SHA1

4da04fddfe2074d95cc7beca6273e9a033b99bb8
SHA256

69668d2e4286cdbceb967a45975a77fa70dc08546bb239185054a335aff726d1
SHA512

6328c761850282e6ae607a88ec5fd7e3a4e3e8fb4874c155e23aa8ddbb6109882b7c5b7d889082d97cf2222e50f5a1525f075b067add2dd0625d4099e677ff48
SSDEEP

3072:TcOp9fK56vNsnQJYUBpbeetx2tbjAlbxZf/GKtg1OLVdBzZ5yoCz3nYH+kV:AOp9yVnQJrBDqbjwbxZf/IOLxWouYek

Score

N/A

Malware Config

Signatures

Files

69668d2e4286cdbceb967a45975a77fa70dc08546bb239185054a335aff726d1
.exe windows x64

e303a4cbda391562f0a65a53c6062b75

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:14:1a:7d:92:3a:18:0c:e2:aa:d6:fc:f2:f8:27:c0:dd:59:00:c1
Signer

Actual PE Digest

39:14:1a:7d:92:3a:18:0c:e2:aa:d6:fc:f2:f8:27:c0:dd:59:00:c1

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

31/10/2012, 06:16
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW
ShellExecuteExW

kernel32

WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
OpenFileMappingW
MapViewOfFile
CreateFileW
UnmapViewOfFile
GetCommandLineW
OpenEventW
SetEvent
ProcessIdToSessionId
GetSystemDirectoryW
SetLastError
GetLastError
GetCurrentProcess
DeviceIoControl
GetCurrentProcessId
GetModuleFileNameW
VirtualAllocEx
TerminateProcess
Sleep
CreateProcessW
GetVersionExW
CloseHandle
OpenProcess
GetModuleHandleW
GetProcAddress
GetProcessId
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
FreeLibrary
LocalFree
GetSystemTime
FormatMessageW
LoadLibraryW
MultiByteToWideChar
GetCurrentThreadId
OutputDebugStringW
GetSystemTimeAsFileTime
CreateFileA
ReleaseMutex
TlsGetValue
TlsSetValue
HeapAlloc
GetProcessHeap
HeapFree
OpenThread
TlsAlloc
TlsFree
SetEnvironmentVariableW
GetEnvironmentVariableW
CreateMutexW
ReadFile
SetFilePointerEx
WriteFile
GetFileSizeEx
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFilePointer
GetFileType
GetStartupInfoW
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapReAlloc
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
LCMapStringW
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
HeapSize
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringA
WideCharToMultiByte

user32

FindWindowW
GetActiveWindow
MessageBoxW
WaitForInputIdle
GetWindowThreadProcessId

advapi32

RegQueryValueExA
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RevertToSelf
CreateProcessAsUserW
ImpersonateLoggedOnUser
DuplicateTokenEx
LookupAccountSidW
GetTokenInformation
OpenProcessToken
RegCloseKey

ole32

CoUninitialize
CoCreateInstance
CoInitialize

shlwapi

PathFileExistsW
PathFindFileNameW
PathAppendW

psapi

EnumProcesses
GetModuleFileNameExW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e303a4cbda391562f0a65a53c6062b75

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

39:14:1a:7d:92:3a:18:0c:e2:aa:d6:fc:f2:f8:27:c0:dd:59:00:c1Signer

Signature Validations

Verification

31/10/2012, 06:16 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

user32

advapi32

ole32

shlwapi

psapi

wtsapi32

userenv

Sections

.text Size: 113KB - Virtual size: 112KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 8KB - Virtual size: 16KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 20KB - Virtual size: 20KB

� Size: 1KB - Virtual size: 1KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

39:14:1a:7d:92:3a:18:0c:e2:aa:d6:fc:f2:f8:27:c0:dd:59:00:c1
Signer

31/10/2012, 06:16
Valid: false

.text
Size: 113KB - Virtual size: 112KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 16KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 20KB - Virtual size: 20KB

�
Size: 1KB - Virtual size: 1KB