6aaa48466cc8b208a9db3816237e16116a0e7bfda405175017adedb8d899d86b

Sharing

Copy URL Twitter E-mail

General

Target

6aaa48466cc8b208a9db3816237e16116a0e7bfda405175017adedb8d899d86b
Size

125KB
MD5

03afa415d27747014bb68a681567d4c0
SHA1

9dd2becc52582927626d4508467c9543800a403c
SHA256

6aaa48466cc8b208a9db3816237e16116a0e7bfda405175017adedb8d899d86b
SHA512

ccde13317540216cc9c3cef3b3207d9967e66dcc72a23649f90e3758cfeaaf10aa33fca7533aa9a56f51c7902285d14160e2048db3156c0f5ecb4b842dafe994
SSDEEP

3072:onBGSEIQhVHJpkwuVwqEfwM7TOzajnN9zS+xKpy9Un:oqbJqlVAf7TOINw+u

Score

N/A

Malware Config

Signatures

Files

6aaa48466cc8b208a9db3816237e16116a0e7bfda405175017adedb8d899d86b
.exe windows x86

f2bef9e2607f42565ec2c1ada7c202e9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:bc:3a:51:b5:89:e5:af:43:29:1d:f8:4e:a4:c5:71
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/12/2011, 00:00

Not After

25/12/2014, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Kingsoft Security software Co.\,Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:ca:6a:25:ed:22:91:1b:d1:97:90:d9:bc:b6:3e:45:81:0d:cb:da
Signer

Actual PE Digest

47:ca:6a:25:ed:22:91:1b:d1:97:90:d9:bc:b6:3e:45:81:0d:cb:da

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Kingsoft Security software Co.\,Ltd,L=beijing,ST=beijing,C=CN

25/03/2014, 09:51
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
lstrlenA
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
LocalAlloc
LocalFree
HeapDestroy
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
GetFileAttributesW
GetCommandLineW
MultiByteToWideChar
InitializeCriticalSection
WaitForMultipleObjects
GetModuleHandleW
GetCurrentThreadId
SetEvent
InterlockedDecrement
EnterCriticalSection
DeleteCriticalSection
lstrcmpiW
RaiseException
InterlockedIncrement
LeaveCriticalSection
LoadLibraryExW
WideCharToMultiByte
GetModuleFileNameW
Sleep
GetTickCount
GetSystemDirectoryW
CopyFileW
GetVersionExW
FindResourceExW
ReleaseMutex
GetLastError
LoadResource
CreateMutexW
LockResource
SizeofResource
CloseHandle
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryW
FindResourceW
GetLocalTime
Process32NextW
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc

user32

MessageBoxW
PostThreadMessageW
CharNextW
UnregisterClassA
LoadStringW

advapi32

ChangeServiceConfig2W
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
DuplicateTokenEx
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
SetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCreateKeyW
RegEnumKeyW
RegOpenKeyW
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
CreateServiceW
ChangeServiceConfigW
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
DeregisterEventSource
DeleteService
ReportEventW
OpenServiceW
RegisterEventSourceW
RegisterServiceCtrlHandlerW
ControlService
QueryServiceStatus
RegQueryValueExW
CreateProcessAsUserW
OpenSCManagerW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegOpenKeyExW
RegCloseKey
CloseServiceHandle

ole32

StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

LoadTypeLi
SysAllocString
UnRegisterTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
RegisterTypeLi

shlwapi

PathFileExistsW
PathAddBackslashW

msvcp80

?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

msvcr80

_encode_pointer
__set_app_type
_unlock
__dllonexit
_CxxThrowException
_lock
_onexit
_decode_pointer
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__CxxFrameHandler3
??3@YAXPAX@Z
??_V@YAXPAX@Z
wcslen
memcpy_s
_vscwprintf
memmove_s
vswprintf_s
malloc
strlen
wcsncpy_s
_wcsicmp
memset
??0exception@std@@QAE@ABQBD@Z
_vsnwprintf_s
??1exception@std@@UAE@XZ
wcschr
_putws
wcscmp
??0exception@std@@QAE@XZ
?what@exception@std@@UBEPBDXZ
_invalid_parameter_noinfo
free
??2@YAPAXI@Z
atoi
wcscpy_s
??0exception@std@@QAE@ABV01@@Z
_recalloc
calloc
wcscat_s
wcscat
wcsrchr
wcspbrk
_wcslwr_s
_waccess
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f2bef9e2607f42565ec2c1ada7c202e9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

07:bc:3a:51:b5:89:e5:af:43:29:1d:f8:4e:a4:c5:71Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

47:ca:6a:25:ed:22:91:1b:d1:97:90:d9:bc:b6:3e:45:81:0d:cb:daSigner

Signature Validations

Verification

25/03/2014, 09:51 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

msvcp80

msvcr80

version

wtsapi32

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 45KB - Virtual size: 45KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

07:bc:3a:51:b5:89:e5:af:43:29:1d:f8:4e:a4:c5:71
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

47:ca:6a:25:ed:22:91:1b:d1:97:90:d9:bc:b6:3e:45:81:0d:cb:da
Signer

25/03/2014, 09:51
Valid: false

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 45KB - Virtual size: 45KB